lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Fri, 10 Feb 2017 10:29:15 +0800
From:   kernel test robot <xiaolong.ye@...el.com>
To:     Christian König <christian.koenig@....com>
Cc:     Alex Deucher <alexander.deucher@....com>,
        Sinclair Yeh <syeh@...are.com>, "Roger.He" <Hongbo.He@....com>,
        LKML <linux-kernel@...r.kernel.org>,
        Stephen Rothwell <sfr@...b.auug.org.au>, lkp@...org
Subject: [lkp-robot] [drm/ttm]  cf6c467d67: kernel_BUG_at_mm/slub.c


FYI, we noticed the following commit:

commit: cf6c467d67d319e239aec57d7ba31cb9946f29bf ("drm/ttm: add BO priorities for the LRUs")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master

in testcase: trinity
with following parameters:

	runtime: 300s

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-x86_64 -enable-kvm -m 320M

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+-----------------------------------------------------------------------+------------+------------+
|                                                                       | 2ee7fc92cf | cf6c467d67 |
+-----------------------------------------------------------------------+------------+------------+
| boot_successes                                                        | 0          | 0          |
| boot_failures                                                         | 10         | 10         |
| WARNING:at_drivers/gpu/drm/drm_mode_config.c:#drm_mode_config_cleanup | 10         | 10         |
| BUG_kmalloc-#(Tainted:G_W):Invalid_object_pointer                     | 10         |            |
| INFO:Slab#objects=#used=#fp=#flags=                                   | 10         |            |
| kernel_BUG_at_mm/slub.c                                               | 0          | 10         |
| invalid_opcode:#[##]SMP                                               | 0          | 10         |
| Kernel_panic-not_syncing:Fatal_exception                              | 0          | 10         |
+-----------------------------------------------------------------------+------------+------------+



[   33.346631] kernel BUG at mm/slub.c:3869!
[   33.347547] invalid opcode: 0000 [#1] SMP
[   33.348361] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G        W       4.10.0-rc5-00883-gcf6c467 #2
[   33.350733] task: ffff880012aa0040 task.stack: ffffc900000d0000
[   33.353164] RIP: 0010:kfree+0x2ac/0x530
[   33.353749] RSP: 0000:ffffc900000d3c20 EFLAGS: 00010202
[   33.356415] RAX: 0000000000000002 RBX: ffff88000e20c000 RCX: 0000000000000002
[   33.357578] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffffff82bfcd20
[   33.358856] RBP: ffffc900000d3c60 R08: 0000000000000005 R09: 0000000000000000
[   33.361864] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88001320a300
[   33.362978] R13: 0000000000000003 R14: 0000000000000000 R15: ffff8800121dddc8
[   33.364153] FS:  0000000000000000(0000) GS:ffff880013a00000(0000) knlGS:0000000000000000
[   33.365684] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   33.366635] CR2: 0000000000000000 CR3: 0000000002a11000 CR4: 00000000000006f0
[   33.367718] Call Trace:
[   33.368270]  bochs_unload+0x3b/0x50
[   33.368817]  drm_dev_unregister+0x10d/0x120
[   33.369475]  drm_put_dev+0x47/0x70
[   33.370484]  bochs_pci_remove+0x15/0x20
[   33.372124]  pci_device_remove+0x98/0xa0
[   33.372723]  driver_probe_device+0x2a0/0x560
[   33.373957]  ? driver_probe_device+0x560/0x560
[   33.374820]  __driver_attach+0x138/0x150
[   33.375476]  bus_for_each_dev+0x8e/0xf0
[   33.376107]  driver_attach+0x1e/0x20
[   33.376662]  bus_add_driver+0x207/0x2f0
[   33.377266]  driver_register+0xbd/0x1b0
[   33.377816]  ? psb_init+0x43/0x43
[   33.378492]  __pci_register_driver+0x60/0x70
[   33.379156]  drm_pci_init+0x109/0x120
[   33.379757]  ? psb_init+0x43/0x43
[   33.380302]  bochs_init+0x1f/0x43
[   33.380839]  do_one_initcall+0xe9/0x2dc
[   33.381637]  ? parse_args+0x360/0x4f0
[   33.382224]  kernel_init_freeable+0x2ad/0x3f3
[   33.382893]  ? rest_init+0x170/0x170
[   33.383482]  kernel_init+0xe/0x180
[   33.383969]  ret_from_fork+0x31/0x40
[   33.384704] Code: 04 24 f6 c4 80 75 26 49 8b 44 24 20 a8 01 75 1d 31 d2 be 01 00 00 00 48 c7 c7 20 cd bf 82 e8 1c 02 f2 ff 48 83 05 9c c3 ac 01 01 <0f> 0b 31 d2 31 f6 48 c7 c7 20 cd bf 82 e8 02 02 f2 ff 49 8b 14 
[   33.387784] RIP: kfree+0x2ac/0x530 RSP: ffffc900000d3c20
[   33.388858] ---[ end trace c26940c3a44e011b ]---


To reproduce:

        git clone git://git.kernel.org/pub/scm/linux/kernel/git/wfg/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script  # job-script is attached in this email



Thanks,
Xiaolong

View attachment "config-4.10.0-rc5-00883-gcf6c467" of type "text/plain" (99086 bytes)

View attachment "job-script" of type "text/plain" (3532 bytes)

Download attachment "dmesg.xz" of type "application/octet-stream" (10952 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ