lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20200809043359.GA30891@shao2-debian>
Date:   Sun, 9 Aug 2020 12:34:00 +0800
From:   kernel test robot <lkp@...el.com>
To:     Dave Airlie <airlied@...il.com>
Cc:     dri-devel@...ts.freedesktop.org, bskeggs@...hat.com,
        christian.koenig@....com, 0day robot <lkp@...el.com>,
        LKML <linux-kernel@...r.kernel.org>, lkp@...ts.01.org
Subject: [drm/ttm/nouveau] c36a1cfe1b:
 BUG:kernel_NULL_pointer_dereference,address

Greeting,

FYI, we noticed the following commit (built with gcc-9):

commit: c36a1cfe1ba8e83698acdf04ba59cf08370698ed ("[PATCH 4/4] drm/ttm/nouveau: move io_lru storage into driver.")
url: https://github.com/0day-ci/linux/commits/Dave-Airlie/drm-amdgpu-ttm-move-vram-gtt-mgr-allocations-to-mman/20200807-083526
base: git://anongit.freedesktop.org/drm/drm-tip drm-tip

in testcase: kernel-selftests
with following parameters:

	group: kselftests-rseq

test-description: The kernel contains a set of "self tests" under the tools/testing/selftests/ directory. These are intended to be small unit tests to exercise individual code paths in the kernel.
test-url: https://www.kernel.org/doc/Documentation/kselftest.txt


on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+---------------------------------------------+------------+------------+
|                                             | 89e1ba9e49 | c36a1cfe1b |
+---------------------------------------------+------------+------------+
| boot_successes                              | 12         | 0          |
| boot_failures                               | 0          | 14         |
| BUG:kernel_NULL_pointer_dereference,address | 0          | 14         |
| Oops:#[##]                                  | 0          | 14         |
| RIP:ttm_mem_io_lock[ttm]                    | 0          | 14         |
| Kernel_panic-not_syncing:Fatal_exception    | 0          | 14         |
+---------------------------------------------+------------+------------+


If you fix the issue, kindly add following tag
Reported-by: kernel test robot <lkp@...el.com>


[   35.936268] BUG: kernel NULL pointer dereference, address: 0000000000000018
[   35.936271] #PF: supervisor read access in kernel mode
[   35.936273] #PF: error_code(0x0000) - not-present page
[   35.936274] PGD 0 P4D 0 
[   35.936278] Oops: 0000 [#1] PREEMPT SMP PTI
[   35.936282] CPU: 0 PID: 157 Comm: systemd-udevd Not tainted 5.8.0-02580-gc36a1cfe1ba8e #15
[   35.936283] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[   35.936293] RIP: 0010:ttm_mem_io_lock+0x33/0x40 [ttm]
[   35.936295] Code: 10 89 f3 48 85 c0 74 22 48 8b 40 18 e8 76 ba e8 fa 31 f6 48 8d 78 10 84 db 75 09 e8 27 4a ba fa 31 c0 5b c3 5b e9 7d 4a ba fa <48> 83 3c 25 18 00 00 00 00 75 d3 eb e9 66 66 66 66 90 48 8b 47 10
[   35.936297] RSP: 0018:ffffbbcb4074f5d0 EFLAGS: 00010246
[   35.936299] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffbbcb4074f6c8
[   35.936300] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffa046f877c628
[   35.936302] RBP: ffffbbcb4074f640 R08: 0000000000000001 R09: ffffffffbd994fd0
[   35.936303] R10: ffffffffbc55eb24 R11: 00000000000054ad R12: ffffa046f8725348
[   35.936305] R13: ffffbbcb4074f6c8 R14: ffffa046f877c628 R15: ffffa046f8725000
[   35.936307] FS:  00007f79fae57d40(0000) GS:ffffa047afc00000(0000) knlGS:0000000000000000
[   35.936309] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   35.936310] CR2: 0000000000000018 CR3: 00000003797ce000 CR4: 00000000000406f0
[   35.936316] Call Trace:
[   35.936325]  ttm_bo_handle_move_mem+0x53/0x4f0 [ttm]
[   35.936335]  ttm_bo_validate+0x169/0x1b0 [ttm]
[   35.936340]  ? mark_held_locks+0x2d/0x80
[   35.936350]  drm_gem_vram_pin_locked+0x84/0x1d0 [drm_vram_helper]
[   35.936356]  drm_gem_vram_pin+0x40/0xf0 [drm_vram_helper]
[   35.936361]  drm_gem_vram_plane_helper_prepare_fb+0x2e/0x80 [drm_vram_helper]
[   35.936367]  drm_atomic_helper_prepare_planes+0x8a/0x110
[   35.936371]  drm_atomic_helper_commit+0x91/0x160
[   35.936376]  drm_client_modeset_commit_atomic+0x231/0x270
[   35.936388]  drm_client_modeset_commit_locked+0x57/0x190
[   35.936391]  drm_client_modeset_commit+0x24/0x40
[   35.936396]  __drm_fb_helper_restore_fbdev_mode_unlocked+0x96/0xc0
[   35.936400]  drm_fb_helper_set_par+0x3c/0x50
[   35.936404]  fbcon_init+0x2b2/0x5f0
[   35.936412]  visual_init+0xce/0x130
[   35.936416]  do_bind_con_driver+0x1bc/0x2b0
[   35.936422]  do_take_over_console+0x115/0x180
[   35.936428]  do_fbcon_takeover+0x58/0xb0
[   35.936430]  register_framebuffer+0x1ee/0x300
[   35.936442]  __drm_fb_helper_initial_config_and_unlock+0x94/0xc0
[   35.936446]  drm_fbdev_client_hotplug+0xde/0x190
[   35.936450]  drm_fbdev_generic_setup+0xad/0x170
[   35.936456]  bochs_pci_probe+0x133/0x160 [bochs_drm]
[   35.936460]  local_pci_probe+0x42/0x80
[   35.936464]  pci_device_probe+0x107/0x1a0
[   35.936471]  really_probe+0x147/0x3c0
[   35.936475]  driver_probe_device+0xe1/0x150
[   35.936479]  device_driver_attach+0x53/0x60
[   35.936482]  __driver_attach+0x8c/0x150
[   35.936484]  ? device_driver_attach+0x60/0x60
[   35.936487]  ? device_driver_attach+0x60/0x60
[   35.936489]  bus_for_each_dev+0x7b/0xc0
[   35.936494]  bus_add_driver+0x150/0x1f0
[   35.936498]  driver_register+0x6c/0xc0
[   35.936501]  ? 0xffffffffc0537000
[   35.936504]  do_one_initcall+0x5d/0x330
[   35.936508]  ? do_init_module+0x23/0x230
[   35.936512]  ? rcu_read_lock_sched_held+0x52/0x90
[   35.936516]  ? kmem_cache_alloc_trace+0x2aa/0x2e0
[   35.936521]  do_init_module+0x5c/0x230
[   35.936523]  load_module+0x1430/0x1660
[   35.936539]  ? __do_sys_finit_module+0xaa/0x110
[   35.936541]  __do_sys_finit_module+0xaa/0x110
[   35.936554]  do_syscall_64+0x57/0xb0
[   35.936559]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   35.936561] RIP: 0033:0x7f79fb641f59
[   35.936564] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 07 6f 0c 00 f7 d8 64 89 01 48
[   35.936566] RSP: 002b:00007fff46de1208 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[   35.936568] RAX: ffffffffffffffda RBX: 000055fb6b100da0 RCX: 00007f79fb641f59
[   35.936569] RDX: 0000000000000000 RSI: 00007f79fb546cad RDI: 0000000000000011
[   35.936571] RBP: 00007f79fb546cad R08: 0000000000000000 R09: 0000000000000000
[   35.936572] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[   35.936574] R13: 000055fb6b0f72b0 R14: 0000000000020000 R15: 000055fb6b100da0
[   35.936582] Modules linked in: bochs_drm(+) drm_vram_helper drm_ttm_helper ttm crypto_simd snd_timer snd cryptd parport_pc glue_helper ata_piix joydev parport soundcore libata serio_raw pcspkr floppy i2c_piix4 ipmi_devintf ipmi_msghandler ip_tables
[   35.936597] CR2: 0000000000000018
[   35.936628] ---[ end trace 0eac1a886c6bb87d ]---


To reproduce:

        # build kernel
	cd linux
	cp config-5.8.0-02580-gc36a1cfe1ba8e .config
	make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email



Thanks,
lkp


View attachment "config-5.8.0-02580-gc36a1cfe1ba8e" of type "text/plain" (209195 bytes)

View attachment "job-script" of type "text/plain" (6040 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (16068 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ