RHEL6: divide by zero in proc_sched_show_task
Environment
- Red Hat Enterprise Linux 6 on x86-64 architecture
Issue
- RHEL6 kernel panics in proc_sched_show_task function with divide by zero
Resolution
- RHEL 6: Upgrade to
kernel-2.6.32-504.el6from RHSA-2014-1392 or later - RHEL 6.5 EUS: Upgrade to
kernel-2.6.32-431.37.1.el6from RHSA-2014:1668 or later
Root Cause
After making sure a 64-bit variable is non-zero the kernel proceeded to use it as a 32-bit divisor, which means only lower 32 bits are used. If they happen to be 0, the kernel crashes.
Diagnostic Steps
crash> bt
[..]
#6 [ffff883f96c43d40] divide_error at ffffffff8100bdfb
[exception RIP: proc_sched_show_task+0x717]
RIP: ffffffff8105c057 RSP: ffff883f96c43df8 RFLAGS: 00010246
RAX: 0000637f795eb61a RBX: ffff885cf9614080 RCX: ffffffffffffffff
RDX: 0000000000000000 RSI: 0000637f795eb61a RDI: 0000000000000000
RBP: ffff883f96c43e48 R8: 00000000fffffffd R9: 0000000000000014
R10: 0000000000000000 R11: 0000000000000013 R12: ffff8802568ef640
R13: 431bde82d7b634db R14: 00000000fb2220d9 R15: 0000000100000000
#7 [ffff883f96c43e50] sched_show at ffffffff811ed900
#8 [ffff883f96c43e70] seq_read at ffffffff811a5352
#9 [ffff883f96c43ef0] vfs_read at ffffffff81181ac5
#10 [ffff883f96c43f30] sys_read at ffffffff81181c01
[..]
crash> dis -r proc_sched_show_task+0x717 | tail -4
0xffffffff8105c04f <proc_sched_show_task+0x70f>: mov %r15d,%edi
0xffffffff8105c052 <proc_sched_show_task+0x712>: mov %rsi,%rax
0xffffffff8105c055 <proc_sched_show_task+0x715>: xor %edx,%edx
0xffffffff8105c057 <proc_sched_show_task+0x717>: div %rdi
Note that r15 is 0000000100000000
crash> eval 0x100000000 & 0xffffffff
hexadecimal: 0
Thus no bits set amongst first 32.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments