lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 29 Mar 2017 12:23:43 +0800
From:   Fengguang Wu <fengguang.wu@...el.com>
To:     Chris Wilson <chris@...is-wilson.co.uk>
Cc:     Daniel Vetter <daniel.vetter@...ll.ch>,
        Joonas Lahtinen <joonas.lahtinen@...ux.intel.com>,
        Alex Deucher <alexander.deucher@....com>,
        Sinclair Yeh <syeh@...are.com>, #vmwgfx@...-t540p.sh.intel.com,
        Lucas Stach <l.stach@...gutronix.de>,
        #etnaviv@...-t540p.sh.intel.com, dri-devel@...ts.freedesktop.org,
        linux-kernel@...r.kernel.org, LKP <lkp@...org>
Subject: [drm] 4e64e5539d [  195.349293] BUG: unable to handle kernel NULL
 pointer dereference at 0000000000000620

Greetings,

0day kernel testing robot got the below dmesg and the first bad commit is

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

commit 4e64e5539d152e202ad6eea2b6f65f3ab58d9428
Author:     Chris Wilson <chris@...is-wilson.co.uk>
AuthorDate: Thu Feb 2 21:04:38 2017 +0000
Commit:     Daniel Vetter <daniel.vetter@...ll.ch>
CommitDate: Fri Feb 3 11:10:32 2017 +0100

     drm: Improve drm_mm search (and fix topdown allocation) with rbtrees
     
     The drm_mm range manager claimed to support top-down insertion, but it
     was neither searching for the top-most hole that could fit the
     allocation request nor fitting the request to the hole correctly.
     
     In order to search the range efficiently, we create a secondary index
     for the holes using either their size or their address. This index
     allows us to find the smallest hole or the hole at the bottom or top of
     the range efficiently, whilst keeping the hole stack to rapidly service
     evictions.
     
     v2: Search for holes both high and low. Rename flags to mode.
     v3: Discover rb_entry_safe() and use it!
     v4: Kerneldoc for enum drm_mm_insert_mode.
     
     Signed-off-by: Chris Wilson <chris@...is-wilson.co.uk>
     Reviewed-by: Joonas Lahtinen <joonas.lahtinen@...ux.intel.com>
     Cc: Alex Deucher <alexander.deucher@....com>
     Cc: "Christian König" <christian.koenig@....com>
     Cc: David Airlie <airlied@...ux.ie>
     Cc: Russell King <rmk+kernel@...linux.org.uk>
     Cc: Daniel Vetter <daniel.vetter@...el.com>
     Cc: Jani Nikula <jani.nikula@...ux.intel.com>
     Cc: Sean Paul <seanpaul@...omium.org>
     Cc: Lucas Stach <l.stach@...gutronix.de>
     Cc: Christian Gmeiner <christian.gmeiner@...il.com>
     Cc: Rob Clark <robdclark@...il.com>
     Cc: Thierry Reding <thierry.reding@...il.com>
     Cc: Stephen Warren <swarren@...dotorg.org>
     Cc: Alexandre Courbot <gnurou@...il.com>
     Cc: Eric Anholt <eric@...olt.net>
     Cc: Sinclair Yeh <syeh@...are.com>
     Cc: Thomas Hellstrom <thellstrom@...are.com>
     Reviewed-by: Alex Deucher <alexander.deucher@....com>
     Reviewed-by: Sinclair Yeh <syeh@...are.com> # vmwgfx
     Reviewed-by: Lucas Stach <l.stach@...gutronix.de> #etnaviv
     Signed-off-by: Daniel Vetter <daniel.vetter@...ll.ch>
     Link: http://patchwork.freedesktop.org/patch/msgid/20170202210438.28702-1-chris@chris-wilson.co.uk

17aad8a340  Merge remote-tracking branch 'airlied/drm-next' into drm-misc-next
4e64e5539d  drm: Improve drm_mm search (and fix topdown allocation) with rbtrees
97da3854c5  Linux 4.11-rc3
f921b263d9  Add linux-next specific files for 20170320
+------------------------------------------+------------+------------+-----------+---------------+
|                                          | 17aad8a340 | 4e64e5539d | v4.11-rc3 | next-20170320 |
+------------------------------------------+------------+------------+-----------+---------------+
| boot_successes                           | 0          | 0          | 0         | 0             |
| boot_failures                            | 1220       | 312        | 324       | 63            |
| BUG:unable_to_handle_kernel              | 1220       | 312        | 324       | 63            |
| Oops:#[##]                               | 1220       | 312        | 324       | 63            |
| Kernel_panic-not_syncing:Fatal_exception | 1220       | 312        | 324       | 63            |
+------------------------------------------+------------+------------+-----------+---------------+

[  195.344608] [TTM] Zone  kernel: Available graphics memory: 200980 kiB
[  195.345639] [TTM] Initializing pool allocator
[  195.346363] [TTM] Initializing DMA pool allocator
[  195.347754] [drm] Initialized bochs-drm 1.0.0 20130925 for 0000:00:02.0 on minor 0
[  195.349292] irq event stamp: 5513
[  195.349293] BUG: unable to handle kernel NULL pointer dereference at 0000000000000620
[  195.349309] IP: __lock_acquire+0xc8/0xfe6
[  195.349311] PGD 0 
[  195.349312] 
[  195.349317] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
[  195.349324] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.10.0-rc5-01060-g4e64e55 #1
[  195.349327] task: ffff88000001a000 task.stack: ffff88000015c000
[  195.349333] RIP: 0010:__lock_acquire+0xc8/0xfe6
[  195.349337] RSP: 0000:ffff88000015f9f0 EFLAGS: 00010002
[  195.349341] RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000000
[  195.349345] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000620
[  195.349348] RBP: ffff88000015fab0 R08: 0000000000000001 R09: 0000000000000001
[  195.349352] R10: ffff88000015fad0 R11: ffff88000001aba0 R12: 0000000000000620
[  195.349356] R13: 0000000000000000 R14: ffff88000001a000 R15: 0000000000000001
[  195.349361] FS:  0000000000000000(0000) GS:ffff88001e500000(0000) knlGS:0000000000000000
[  195.349365] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  195.349368] CR2: 0000000000000620 CR3: 000000000381e000 CR4: 00000000000006e0
[  195.349373] Call Trace:
[  195.349381]  ? drm_mode_object_unregister+0x27/0x62
[  195.349387]  ? lock_release+0x1c8/0x3d2
[  195.349392]  ? lock_acquire+0x126/0x1be
[  195.349398]  ? irq_trace+0x32/0x37
[  195.349404]  ? __lock_is_held+0x47/0x7a
[  195.349409]  lock_acquire+0x126/0x1be
[  195.349414]  ? lock_acquire+0x126/0x1be
[  195.349421]  ? drm_mode_object_unregister+0x27/0x62
[  195.349429]  mutex_lock_nested+0x74/0x504
[  195.349435]  ? drm_mode_object_unregister+0x27/0x62
[  195.349447]  ? drm_mode_object_unregister+0x27/0x62
[  195.349453]  ? drm_printk+0xb4/0xc3
[  195.349459]  drm_mode_object_unregister+0x27/0x62
[  195.349465]  ? drm_mode_object_unregister+0x27/0x62
[  195.349473]  ? qxl_gem_prime_mmap+0x42/0x42
[  195.349482]  drm_framebuffer_unregister_private+0x23/0x2b
[  195.349487]  bochs_fbdev_fini+0x6d/0x86
[  195.349494]  bochs_unload+0x1c/0x4a
[  195.349501]  ? bochs_pci_remove+0x1c/0x1c
[  195.349507]  drm_dev_unregister+0x52/0xfb
[  195.349514]  ? qxl_gem_prime_mmap+0x42/0x42
[  195.349520]  drm_put_dev+0x53/0x63
[  195.349527]  bochs_pci_remove+0x19/0x1c
[  195.349534]  pci_device_remove+0x3a/0x7c
[  195.349540]  ? pci_dev_put+0x2b/0x2b
[  195.349548]  driver_probe_device+0x1be/0x396
[  195.349555]  __driver_attach+0xa3/0xd9
[  195.349562]  ? driver_probe_device+0x396/0x396
[  195.349569]  bus_for_each_dev+0xa1/0xc7
[  195.349576]  driver_attach+0x22/0x25
[  195.349582]  bus_add_driver+0x115/0x239
[  195.349589]  driver_register+0xc7/0x112
[  195.349596]  __pci_register_driver+0x6a/0x71
[  195.349602]  ? qxl_init+0x94/0x94
[  195.349608]  drm_pci_init+0x52/0x100
[  195.349614]  ? qxl_init+0x94/0x94
[  195.349619]  bochs_init+0x5b/0x88
[  195.349625]  do_one_initcall+0xe0/0x284
[  195.349631]  kernel_init_freeable+0x1ab/0x2e2
[  195.349638]  ? rest_init+0x168/0x168
[  195.349645]  kernel_init+0xf/0x142
[  195.349651]  ? rest_init+0x168/0x168
[  195.349657]  ret_from_fork+0x31/0x40
[  195.349658] Code: 03 45 85 e4 0f 85 b2 00 00 00 48 c7 c1 c7 1d 3f 83 48 c7 c2 bc 2c 3e 83 be 95 0c 00 00 eb 73 44 8b 0d c7 8b 75 02 45 85 c9 74 12 <49> 81 3c 24 a0 58 07 84 41 b9 00 00 00 00 45 0f 45 cf 83 fb 01 
[  195.349755] RIP: __lock_acquire+0xc8/0xfe6 RSP: ffff88000015f9f0
[  195.349756] CR2: 0000000000000620
[  195.349762] ---[ end trace 25bb4610fd631924 ]---
[  195.349764] Kernel panic - not syncing: Fatal exception

                                                           # HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start 4495c08e84729385774601b5146d51d9e5849f81 v4.10 --
git bisect  bad 5d8a00eee2ed2e548a5d21b0edf495f3f7bf8bb4  # 22:18  B     32     1   32  32  Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux
git bisect good 4a0853bf88c8f56e1c01eda02e6625aed09d55d9  # 23:40  G    300     0  300 302  Merge tag 'usercopy-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
git bisect good 15192b029509316af4977d2cd389c1eb11183d13  # 00:39  G    301     0  301 303  Merge tag 'gfs2-4.11.addendum' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2
git bisect good b2e3c4319d40c9055c3c587cdb82ba69b50e919d  # 02:27  G    300     0  300 302  Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
git bisect  bad 9e314890292c0dd357eadef6a043704fa0b4c157  # 02:57  B     13     1   13  13  Merge tag 'openrisc-for-linus' of git://github.com/openrisc/linux
git bisect  bad f1ef09fde17f9b77ca1435a5b53a28b203afb81c  # 03:32  B     55     1   55  55  Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
git bisect good d5500a074741b78b7f778b4ab3415d5ecdcda0a7  # 04:48  G    301     0  301 303  Merge tag 'usercopy-v4.11-rc1.fix' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
git bisect  bad ef96152e6a36e0510387cb174178b7982c1ae879  # 05:11  B     19     1   19  19  Merge tag 'drm-for-v4.11-less-shouty' of git://people.freedesktop.org/~airlied/linux
git bisect good a7e2641aafe261bf70de01ff5fc68dea50468237  # 07:23  G    302     0  302 304  Merge tag 'drm-intel-next-2017-01-23' of git://anongit.freedesktop.org/git/drm-intel into drm-next
git bisect good 45d0ea86d235251305a0e2e63485b08b5caa79e7  # 08:26  G    300     0  300 302  drm/bridge/sii8620: enable interlace modes
git bisect  bad 1e2115d8c0c0da62405400316f5499d909e479bc  # 09:51  B    117     1  117 121  drm/nouveau/pmu: instanciate the falcon in PMU device
git bisect  bad f864b00e03a0308beae7c88e2e145a429d5872dd  # 10:43  B     77     1   77  79  Merge branch 'exynos-drm-next' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos into drm-next
git bisect good dceac340155b66b6c97cb802b03d4778dd82e9be  # 11:27  G    310     0  310 312  drm/msm/dsi: Return more timings from PHY to host
git bisect  bad 538f1dcdc5e20adb2488fa0932d56906de166405  # 11:58  B    111     2  111 113  Merge branch 'drm-rockchip-next-2017-02-05' of https://github.com/markyzq/kernel-drm-rockchip into drm-next
git bisect good ef1844b7ed847430955a95d20242f0d1b9f5fa64  # 12:36  G    304     0  304 306  drm/rockchip: cdn-dp: don't configure hardware in mode_set
git bisect good 7e6328fd1f84f366b4cc17dc757025f485139f1a  # 13:16  G    310     0  310 314  drm: Fix build when FBDEV_EMULATION is disabled
git bisect  bad 4e64e5539d152e202ad6eea2b6f65f3ab58d9428  # 13:50  B     37     1   37  37  drm: Improve drm_mm search (and fix topdown allocation) with rbtrees
git bisect good 17aad8a340e6f98b62c2482d02bc3814eebde9a5  # 14:28  G    310     0  310 310  Merge remote-tracking branch 'airlied/drm-next' into drm-misc-next
# first bad commit: [4e64e5539d152e202ad6eea2b6f65f3ab58d9428] drm: Improve drm_mm search (and fix topdown allocation) with rbtrees
git bisect good 17aad8a340e6f98b62c2482d02bc3814eebde9a5  # 14:55  G    905     0  905 1215  Merge remote-tracking branch 'airlied/drm-next' into drm-misc-next
# extra tests with CONFIG_DEBUG_INFO_REDUCED
git bisect  bad 4e64e5539d152e202ad6eea2b6f65f3ab58d9428  # 15:38  B    113     1  113 113  drm: Improve drm_mm search (and fix topdown allocation) with rbtrees
# extra tests on HEAD of linux-next/master
git bisect  bad f921b263d9602fb7873710c2df70671f2ffcf658  # 15:44  B      0     2   76  61  Add linux-next specific files for 20170320
# extra tests on tree/branch linus/master
git bisect  bad 97da3854c526d3a6ee05c849c96e48d21527606c  # 16:06  B    123     1  123 137  Linux 4.11-rc3
# extra tests with first bad commit reverted
# extra tests on tree/branch linux-next/master
git bisect  bad f921b263d9602fb7873710c2df70671f2ffcf658  # 16:25  B      0     2   76  61  Add linux-next specific files for 20170320

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/lkp                          Intel Corporation

Download attachment "dmesg-quantal-ivb41-17:20170321141731:x86_64-randconfig-ne0-03201724:4.10.0-rc5-01060-g4e64e55:1.gz" of type "application/gzip" (22573 bytes)

Download attachment "dmesg-quantal-ivb41-100:20170321142353:x86_64-randconfig-ne0-03201724:4.10.0-rc5-01059-g17aad8a:1.gz" of type "application/gzip" (22613 bytes)

View attachment "reproduce-quantal-ivb41-17:20170321141731:x86_64-randconfig-ne0-03201724:4.10.0-rc5-01060-g4e64e55:1" of type "text/plain" (888 bytes)

View attachment "config-4.10.0-rc5-01060-g4e64e55" of type "text/plain" (118300 bytes)

Powered by blists - more mailing lists