From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752993AbcIIPi5 (ORCPT ); Fri, 9 Sep 2016 11:38:57 -0400 Received: from mx1.redhat.com ([209.132.183.28]:45106 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750882AbcIIPiy (ORCPT ); Fri, 9 Sep 2016 11:38:54 -0400 Date: Fri, 9 Sep 2016 17:38:52 +0200 From: Jiri Olsa To: "Theodore Ts'o" Cc: "H. Peter Anvin" , lkml Subject: [BUG] random: crash via credit_entropy_bits Message-ID: <20160909153852.GA7110@krava> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.7.0 (2016-08-17) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Fri, 09 Sep 2016 15:38:54 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org hi, when printing out some early acpi messages I hit bug in work queue code.. the system_wq is not initialized at the time acpi_early_init is called and causes irq storm (I assume) that makes credit_entropy_bits call schedule_work and crash: [ 286.521659] BUG: unable to handle kernel NULL pointer dereference at 0000000000000102^M [ 286.521660] IP: [] __queue_work+0x32/0x450^M [ 286.521664] PGD 0 ^M [ 286.521666] Oops: 0000 [#1] SMP^M [ 286.521666] Modules linked in:^M [ 286.521669] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.8.0-rc5tip+ #263^M [ 286.521669] Hardware name: IBM System x3650 M4 : -[7915E2G]-/00Y7683, BIOS -[VVE124AUS-1.30]- 11/21/2012^M [ 286.521670] task: ffffffff81c0d4c0 task.stack: ffffffff81c00000^M [ 286.521671] RIP: 0010:[] [] __queue_work+0x32/0x450^M [ 286.521673] RSP: 0000:ffff880277a03e38 EFLAGS: 00010046^M [ 286.521674] RAX: 0000000000000092 RBX: 0000000000000087 RCX: 0000000000000000^M [ 286.521675] RDX: ffffffff81cd3460 RSI: 0000000000000000 RDI: 0000000000000040^M [ 286.521675] RBP: ffff880277a03e78 R08: 0000000000000000 R09: 0000000000007ffe^M [ 286.521676] R10: 0000000006bf0603 R11: 0000000000000068 R12: 0000000000000040^M [ 286.521677] R13: 0000000000000000 R14: ffffffff81cd3460 R15: ffffffff81cd3510^M [ 286.521678] FS: 0000000000000000(0000) GS:ffff880277a00000(0000) knlGS:0000000000000000^M [ 286.521679] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033^M [ 286.521679] CR2: 0000000000000102 CR3: 0000000001c06000 CR4: 00000000000406b0^M [ 286.521680] Stack:^M [ 286.521681] ffff880277a03e48 ffffffff817b5dc6 0000004077a03e58 0000000000000087^M [ 286.521682] ffffffff81cd34c0 ffffffff814f0f82 0000000000008000 ffffffff81cd3510^M [ 286.521684] ffff880277a03e90 ffffffff810bcc47 0000000000000381 ffff880277a03ed8^M [ 286.521686] Call Trace:^M [ 286.521686] [ 286.521689] [] ? _raw_write_unlock_irqrestore+0x16/0x20^M [ 286.521692] [] ? add_interrupt_randomness+0x1c2/0x200^M [ 286.521694] [] queue_work_on+0x27/0x40^M [ 286.521695] [] credit_entropy_bits+0x219/0x280^M [ 286.521697] [] ? __mix_pool_bytes+0x36/0x90^M [ 286.521699] [] add_interrupt_randomness+0x1c2/0x200^M [ 286.521702] [] handle_irq_event_percpu+0x40/0x80^M [ 286.521704] [] handle_irq_event+0x2c/0x50^M [ 286.521705] [] handle_level_irq+0x83/0x100^M [ 286.521707] [] handle_irq+0x73/0x120^M [ 286.521709] [] ? _local_bh_enable+0x21/0x50^M [ 286.521710] [] do_IRQ+0x4b/0xd0^M [ 286.521712] [] common_interrupt+0x8c/0x8c^M [ 286.521712] [ 286.521717] [] ? native_restore_fl+0x6/0x10^M [ 286.521719] [] console_unlock+0x3ef/0x5d0^M [ 286.521721] [] ? update_sample+0x6e/0xe0^M [ 286.521723] [] vprintk_emit+0x2aa/0x520^M [ 286.521725] [] vprintk_default+0x1f/0x30^M [ 286.521726] [] printk+0x57/0x73^M [ 286.521730] [] acpi_os_vprintf+0x3f/0x41^M [ 286.521732] [] acpi_os_printf+0x52/0x6e^M [ 286.521735] [] acpi_debug_print+0xae/0x118^M [ 286.521737] [] ? acpi_ut_value_exit+0x44/0x5c^M [ 286.521739] [] acpi_ut_ptr_exit+0x3f/0x55^M [ 286.521741] [] acpi_ns_get_normalized_pathname+0x111/0x11d^M [ 286.521742] [] acpi_ns_search_one_scope+0x52/0x207^M [ 286.521743] [] acpi_ns_search_and_enter+0xe0/0x4d9^M [ 286.521747] [] acpi_ns_lookup+0x5cc/0x7d6^M [ 286.521750] [] acpi_ds_init_field_objects+0x1a3/0x232^M [ 286.521752] [] acpi_ds_load1_end_op+0xe7/0x355^M [ 286.521754] [] acpi_ps_parse_loop+0x7fc/0x8ac^M [ 286.521755] [] acpi_ps_parse_aml+0x1b0/0x493^M [ 286.521757] [] acpi_ns_one_complete_parse+0x22e/0x27f^M [ 286.521758] [] acpi_ns_parse_table+0x7b/0x148^M [ 286.521759] [] acpi_ns_load_table+0xc6/0x213^M [ 286.521761] [] acpi_tb_load_namespace+0xd3/0x28d^M [ 286.521764] [] acpi_load_tables+0x6c/0xf4^M [ 286.521767] [] acpi_early_init+0x7a/0xf0^M [ 286.521771] [] start_kernel+0x3be/0x472^M patch below prevents that.. however I'm not sure this is the correct fix, just allows me to continue the acpi debug ;-) thanks, jirka --- diff --git a/drivers/char/random.c b/drivers/char/random.c index 3efb3bf0ab83..f4dec86c2e25 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -725,7 +725,8 @@ retry: /* If the input pool is getting full, send some * entropy to the blocking pool until it is 75% full. */ - if (entropy_bits > random_write_wakeup_bits && + if (keventd_up() && + entropy_bits > random_write_wakeup_bits && r->initialized && r->entropy_total >= 2*random_read_wakeup_bits) { struct entropy_store *other = &blocking_pool;