| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Dec 2016 11:38:26 +0800
From: Fengguang Wu <fengguang.wu@...el.com>
To: Rob Herring <robh@...nel.org>, dri-devel@...ts.freedesktop.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-kernel@...r.kernel.org, LKP <lkp@...org>
Subject: [drm] bea5b158ff BUG: unable to handle kernel NULL pointer
dereference at 00000000000003a8
Greetings,
This test patch seems to expose a DRM bug which is still not fixed in
linux-next.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit bea5b158ff0da9c7246ff391f754f5f38e34577a
Author: Rob Herring <robh@...nel.org>
AuthorDate: Thu Aug 11 10:20:58 2016 -0500
Commit: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
CommitDate: Wed Aug 31 15:13:55 2016 +0200
driver core: add test of driver remove calls during probe
In recent discussions on ksummit-discuss[1], it was suggested to do a
sequence of probe, remove, probe for testing driver remove paths. This
adds a kconfig option for said test.
[1] https://lists.linuxfoundation.org/pipermail/ksummit-discuss/2016-August/003459.html
Suggested-by: Arnd Bergmann <arnd@...db.de>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Signed-off-by: Rob Herring <robh@...nel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
+-------------------------------------------------+------------+------------+------------+
| | cebf8fd169 | bea5b158ff | 7dd914d7b0 |
+-------------------------------------------------+------------+------------+------------+
| boot_successes | 63 | 0 | 0 |
| boot_failures | 25 | 22 | 17 |
| BUG:kernel_reboot-without-warning_in_test_stage | 25 | | |
| BUG:unable_to_handle_kernel | 0 | 22 | 17 |
| Oops | 0 | 22 | 17 |
| RIP:__mutex_lock_slowpath | 0 | 22 | 17 |
| calltrace:bochs_init | 0 | 22 | 17 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 22 | 17 |
+-------------------------------------------------+------------+------------+------------+
[ 7.133544] [TTM] Initializing pool allocator
[ 7.134199] [TTM] Initializing DMA pool allocator
[ 7.135176] [drm] Initialized bochs-drm 1.0.0 20130925 for 0000:00:02.0 on minor 1
[ 7.136329] BUG: unable to handle kernel NULL pointer dereference at 00000000000003a8
[ 7.137506] IP: [<ffffffff82056cf7>] __mutex_lock_slowpath+0x83/0x2ad
[ 7.138461] PGD 1ddaa067 PUD 1ddab067 PMD 0
[ 7.139144] Oops: 0002 [#1] DEBUG_PAGEALLOC
[ 7.139750] CPU: 0 PID: 1 Comm: swapper Not tainted 4.8.0-rc4-00003-gbea5b15 #1
[ 7.140807] task: ffff8800001dc000 task.stack: ffff8800001e0000
[ 7.141657] RIP: 0010:[<ffffffff82056cf7>] [<ffffffff82056cf7>] __mutex_lock_slowpath+0x83/0x2ad
[ 7.142951] RSP: 0018:ffff8800001e3a98 EFLAGS: 00010046
[ 7.143713] RAX: 0000000000000246 RBX: 00000000000003a0 RCX: ffffffff82a54320
[ 7.157782] RDX: 0000000080000000 RSI: 0000000000000061 RDI: 00000000000003a0
[ 7.158815] RBP: ffff8800001e3b48 R08: ffff8800001e3b08 R09: ffff8800001e3b38
[ 7.159840] R10: 0000000000000001 R11: ffff88001d5be2d0 R12: ffff8800001dc000
[ 7.160868] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8800001e7e01
[ 7.161897] FS: 0000000000000000(0000) GS:ffffffff82a24000(0000) knlGS:0000000000000000
[ 7.163051] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 7.163877] CR2: 00000000000003a8 CR3: 000000001dda8000 CR4: 00000000000406f0
[ 7.164905] Stack:
[ 7.165209] 0000000000000001 0000000000000246 ffffffff82a54300 ffff88001d5be328
[ 7.166349] ffff8800001e3b28 ffffffff810e7379 0000000000000000 ffffffff810e6c20
[ 7.167488] ffff880000000000 dead4ead00000001 ffffffffffffffff ffffffffffffffff
[ 7.168626] Call Trace:
[ 7.168999] [<ffffffff810e7379>] ? __synchronize_srcu+0xcf/0xff
[ 7.182902] [<ffffffff810e6c20>] ? rcu_barrier_tasks+0xb/0xb
[ 7.183737] [<ffffffff82056f4d>] mutex_lock+0x2c/0x3f
[ 7.184489] [<ffffffff815a627a>] drm_mode_object_unregister+0x22/0x4e
[ 7.185439] [<ffffffff815a630e>] drm_framebuffer_unregister_private+0x15/0x17
[ 7.186486] [<ffffffff8172b1c5>] bochs_fbdev_fini+0x5c/0x70
[ 7.187311] [<ffffffff8172a297>] bochs_unload+0x16/0x46
[ 7.188091] [<ffffffff815a21a3>] drm_dev_unregister+0x3c/0xad
[ 7.188942] [<ffffffff815a2cc5>] drm_put_dev+0x47/0x54
[ 7.189698] [<ffffffff8172a1e7>] bochs_pci_remove+0x10/0x12
[ 7.190524] [<ffffffff81446382>] pci_device_remove+0x38/0x9b
[ 7.191364] [<ffffffff82058aa9>] ? _raw_spin_unlock+0x9/0x11
[ 7.192203] [<ffffffff8173e64d>] driver_probe_device+0x1f9/0x435
[ 7.193093] [<ffffffff8173e943>] __driver_attach+0xba/0xe2
[ 7.193905] [<ffffffff8173e889>] ? driver_probe_device+0x435/0x435
[ 7.194815] [<ffffffff8173c91f>] bus_for_each_dev+0x53/0x91
[ 7.195638] [<ffffffff8173e092>] driver_attach+0x19/0x1b
[ 7.209453] [<ffffffff8173d201>] bus_add_driver+0x138/0x225
[ 7.210277] [<ffffffff8173efbb>] driver_register+0x89/0xc1
[ 7.211091] [<ffffffff8144656c>] __pci_register_driver+0x63/0x6a
[ 7.211974] [<ffffffff815a27c1>] ? drm_minor_register+0xc9/0xfe
[ 7.212844] [<ffffffff82c6bc94>] ? ast_init+0x27/0x27
[ 7.213582] [<ffffffff815a3ea6>] drm_pci_init+0x51/0xda
[ 7.214354] [<ffffffff815a28b0>] ? drm_dev_register+0xba/0xc6
[ 7.215201] [<ffffffff82c6bc94>] ? ast_init+0x27/0x27
[ 7.215948] [<ffffffff82c6bcab>] bochs_init+0x17/0x19
[ 7.216685] [<ffffffff82c328df>] do_one_initcall+0x95/0x13d
[ 7.217515] [<ffffffff810ca754>] ? parse_args+0x24e/0x340
[ 7.218308] [<ffffffff82c32b2c>] kernel_init_freeable+0x171/0x205
[ 7.219206] [<ffffffff82c32bc0>] ? kernel_init_freeable+0x205/0x205
[ 7.220124] [<ffffffff8204ccc7>] kernel_init+0x9/0xee
[ 7.220870] [<ffffffff82058dff>] ret_from_fork+0x1f/0x40
[ 7.221648] [<ffffffff8204ccbe>] ? rest_init+0x75/0x75
[ 7.235432] Code: a2 7b 82 be 11 02 00 00 48 c7 c7 4e 74 7c 82 31 c0 e8 a2 d8 05 ff 9c 58 0f 1f 44 00 00 48 89 85 58 ff ff ff fa 66 0f 1f 44 00 00 <c7> 43 08 00 00 00 00 83 3d 5b 89 cf 00 00 75 39 48 39 5b 38 74
[ 7.239364] RIP [<ffffffff82056cf7>] __mutex_lock_slowpath+0x83/0x2ad
[ 7.240326] RSP <ffff8800001e3a98>
[ 7.240840] CR2: 00000000000003a8
[ 7.241328] ---[ end trace cf2bb98ef20d084e ]---
[ 7.242002] Kernel panic - not syncing: Fatal exception
git bisect start v4.9 v4.8 --
git bisect bad 9fe68cad6e74967b88d0c6aeca7d9cd6b6e91942 # 13:05 0- 22 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
git bisect bad 5fa0eb0b4d4780fbd6d8a09850cc4fd539e9fe65 # 13:13 0- 22 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect bad 19fe416532f798e199f04d25816b1bd36e48d6fe # 13:36 0- 22 Merge tag 'edac_for_4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp
git bisect good 6aebe7f9e8697531a11b007d1e8126ba1b6e0a53 # 13:47 22+ 6 Merge branch 'x86-timers-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect bad e6dce825fba05f447bd22c865e27233182ab3d79 # 14:00 0- 19 Merge tag 'tty-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
git bisect good 5e1b834b27fb2c27cde33a0752425f11d10c0b2d # 14:16 20+ 3 Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good 597f03f9d133e9837d00965016170271d4f87dcf # 14:26 22+ 5 Merge branch 'smp-hotplug-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good 7a53eea1f7b527fd3b6d7ca992914840981afe99 # 14:40 22+ 9 Merge tag 'char-misc-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
git bisect bad 9929780e86854833e649b39b290b5fe921eb1701 # 14:53 0- 13 Merge tag 'driver-core-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
git bisect bad 775115c06091fcfa1189a50aca488fa596839617 # 15:18 0- 22 drivers/base dmam_declare_coherent_memory leaks
git bisect bad 426bc8e789f8ac84270b196191904d347586032f # 15:27 0- 22 base: soc: make it explicitly non-modular
git bisect bad bea5b158ff0da9c7246ff391f754f5f38e34577a # 15:35 0- 5 driver core: add test of driver remove calls during probe
git bisect good cebf8fd16900fdfd58c0028617944f808f97fe50 # 15:44 20+ 4 driver core: fix race between creating/querying glue dir and its cleanup
# first bad commit: [bea5b158ff0da9c7246ff391f754f5f38e34577a] driver core: add test of driver remove calls during probe
git bisect good cebf8fd16900fdfd58c0028617944f808f97fe50 # 15:47 66+ 25 driver core: fix race between creating/querying glue dir and its cleanup
# extra tests with CONFIG_DEBUG_INFO_REDUCED
git bisect bad bea5b158ff0da9c7246ff391f754f5f38e34577a # 15:56 0- 4 driver core: add test of driver remove calls during probe
# extra tests on HEAD of linux-devel/devel-spot-201612150830
git bisect bad 7dd914d7b013cff6114525070607f79b369b11d0 # 15:56 0- 17 0day head guard for 'devel-spot-201612150830'
# extra tests on tree/branch linus/master
git bisect bad 5cc60aeedf315a7513f92e98314e86d515b986d1 # 16:05 0- 41 Merge tag 'xfs-for-linus-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs
# extra tests on tree/branch linus/master
git bisect bad 5cc60aeedf315a7513f92e98314e86d515b986d1 # 16:05 0- 58 Merge tag 'xfs-for-linus-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs
# extra tests on tree/branch linux-next/master
git bisect bad df5462d601bec886f6c56b2a4f4e54d92761c2d5 # 16:14 0- 37 Add linux-next specific files for 20161215
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
Download attachment "dmesg-yocto-vp-2:20161215153506:x86_64-randconfig-s0-12151053:4.8.0-rc4-00003-gbea5b15:1.gz" of type "application/gzip" (12216 bytes)
Download attachment "dmesg-quantal-ivb41-105:20161215154603:x86_64-randconfig-s0-12151053:4.8.0-rc4-00002-gcebf8fd:1.gz" of type "application/gzip" (23212 bytes)
View attachment "config-4.8.0-rc4-00003-gbea5b15" of type "text/plain" (128916 bytes)
Powered by blists - more mailing lists