| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20201116134959.GA27303@xsang-OptiPlex-9020>
Date: Mon, 16 Nov 2020 21:49:59 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Simon Ser <contact@...rsion.fr>
Cc: Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
Maxime Ripard <mripard@...nel.org>,
Thomas Zimmermann <tzimmermann@...e.de>,
Ville Syrjala <ville.syrjala@...ux.intel.com>,
Sam Ravnborg <sam@...nborg.org>,
Daniel Vetter <daniel.vetter@...ll.ch>,
LKML <linux-kernel@...r.kernel.org>,
Linux Memory Management List <linux-mm@...ck.org>,
lkp@...ts.01.org, lkp@...el.com
Subject: [drm] e3aae683e8: BUG:kernel_NULL_pointer_dereference,address
Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: e3aae683e861a987d3d7dca593aaff93ac001bcb ("drm: convert drm_atomic_uapi.c to new debug helpers")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
in testcase: trinity
version: trinity-static-i386-x86_64-f93256fb_2019-08-28
with following parameters:
runtime: 300s
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 8G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+-------------------------------------------------------------------------------+------------+------------+
| | e3e043992c | e3aae683e8 |
+-------------------------------------------------------------------------------+------------+------------+
| BUG:kernel_NULL_pointer_dereference,address | 0 | 10 |
| Oops:#[##] | 0 | 10 |
| EIP:drm_atomic_set_crtc_for_connector | 0 | 10 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 10 |
+-------------------------------------------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 3.153512] WARNING: suspicious RCU usage
[ 3.154529] 5.10.0-rc3-00986-ge3aae683e861 #1 Not tainted
[ 3.155851] -----------------------------
[ 3.156866] drivers/char/ipmi/ipmi_msghandler.c:750 RCU-list traversed in non-reader section!!
[ 3.158780]
[ 3.158780] other info that might help us debug this:
[ 3.158780]
[ 3.160673]
[ 3.160673] rcu_scheduler_active = 2, debug_locks = 1
[ 3.162206] 2 locks held by swapper/0/1:
[ 3.163240] #0: c4316760 (smi_watchers_mutex){+.+.}-{3:3}, at: ipmi_smi_watcher_register+0x2c/0x140
[ 3.165278] #1: c52f187c (&ipmi_interfaces_srcu){....}-{0:0}, at: ipmi_smi_watcher_register+0x56/0x140
[ 3.167462]
[ 3.167462] stack backtrace:
[ 3.168641] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.10.0-rc3-00986-ge3aae683e861 #1
[ 3.170450] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3.170754] Call Trace:
[ 3.170754] dump_stack+0x6d/0x8b
[ 3.170754] lockdep_rcu_suspicious+0xbb/0xc4
[ 3.170754] ipmi_smi_watcher_register+0x124/0x140
[ 3.170754] ? ipmi_init_msghandler_mod+0x44/0x44
[ 3.170754] init_ipmi_devintf+0xae/0xe7
[ 3.170754] do_one_initcall+0x57/0x2d0
[ 3.170754] ? rcu_read_lock_sched_held+0x3f/0x70
[ 3.170754] ? trace_initcall_level+0x79/0xa8
[ 3.170754] do_initcalls+0xa9/0xcc
[ 3.170754] kernel_init_freeable+0x8f/0xb4
[ 3.170754] ? rest_init+0x20d/0x20d
[ 3.170754] kernel_init+0x8/0xe3
[ 3.170754] ret_from_fork+0x1c/0x28
[ 3.185835] ipmi_si: IPMI System Interface driver
[ 3.187283] ipmi_si: Unable to find any System Interface(s)
[ 3.188485] ipmi_ssif: IPMI SSIF Interface driver
[ 3.189560] IPMI Watchdog: driver initialized
[ 3.190648] IPMI poweroff: Copyright (C) 2004 MontaVista Software - IPMI Powerdown via sys_reboot
[ 3.193388] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
[ 3.203738] ACPI: Power Button [PWRF]
[ 3.204786] Warning: Processor Platform Limit event detected, but not handled.
[ 3.205801] Consider compiling CPUfreq support into your kernel.
[ 3.269667] N_HDLC line discipline registered with maxframe=4096
[ 3.271334] Serial: 8250/16550 driver, 4 ports, IRQ sharing disabled
[ 3.272972] serial 00:05: GPIO lookup for consumer rs485-term
[ 3.274396] serial 00:05: using ACPI for GPIO lookup
[ 3.275642] acpi PNP0501:00: GPIO: looking up rs485-term-gpios
[ 3.277068] acpi PNP0501:00: GPIO: looking up rs485-term-gpio
[ 3.278462] serial 00:05: using lookup tables for GPIO lookup
[ 3.279911] serial 00:05: No GPIO consumer rs485-term found
[ 3.281532] 00:05: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
[ 3.283961] serial 00:06: GPIO lookup for consumer rs485-term
[ 3.285361] serial 00:06: using ACPI for GPIO lookup
[ 3.286564] acpi PNP0501:01: GPIO: looking up rs485-term-gpios
[ 3.287995] acpi PNP0501:01: GPIO: looking up rs485-term-gpio
[ 3.289330] serial 00:06: using lookup tables for GPIO lookup
[ 3.290708] serial 00:06: No GPIO consumer rs485-term found
[ 3.292231] 00:06: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A
[ 3.296418] Cyclades driver 2.6
[ 3.317776] MOXA Smartio/Industio family driver version 2.0.5
[ 3.319547] SyncLink serial driver $Revision: 4.38 $
[ 3.336922] SyncLink serial driver $Revision: 4.38 $, tty major#504
[ 3.338871] DoubleTalk PC - not found
[ 3.339910] sonypi: Sony Programmable I/O Controller Driver v1.26.
[ 3.341620] Non-volatile memory driver v1.3
[ 3.343293] platform pc8736x_gpio.0: NatSemi pc8736x GPIO Driver Initializing
[ 3.344993] platform pc8736x_gpio.0: no device found
[ 3.346326] nsc_gpio initializing
[ 3.347266] telclk_interrupt = 0xf non-mcpbl0010 hw.
[ 3.348495] Linux agpgart interface v0.103
[ 3.350345] Hangcheck: starting hangcheck timer 0.9.1 (tick is 180 seconds, margin is 60 seconds).
[ 3.353699] [drm] radeon kernel modesetting enabled.
[ 3.355035] [drm] amdgpu kernel modesetting enabled.
[ 3.356856] usbcore: registered new interface driver udl
[ 3.358470] bochs-drm 0000:00:02.0: vgaarb: deactivate vga console
[ 3.364081] Console: switching to colour dummy device 80x25
[ 3.365822] [drm] Found bochs VGA, ID 0xb0c0.
[ 3.366620] [drm] Framebuffer size 16384 kB @ 0xfd000000, mmio @ 0xfebf0000.
[ 3.368376] [TTM] Zone kernel: Available graphics memory: 396140 KiB
[ 3.369520] [TTM] Zone highmem: Available graphics memory: 1522480 KiB
[ 3.371790] [drm] Initialized bochs-drm 1.0.0 20130925 for 0000:00:02.0 on minor 0
[ 3.375126] fbcon: bochs-drmdrmfb (fb0) is primary device
[ 3.379617] BUG: kernel NULL pointer dereference, address: 00000000
[ 3.379619] #PF: supervisor read access in kernel mode
[ 3.379620] #PF: error_code(0x0000) - not-present page
[ 3.379622] *pde = 00000000
[ 3.379625] Oops: 0000 [#1] PREEMPT SMP
[ 3.379628] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.10.0-rc3-00986-ge3aae683e861 #1
[ 3.379629] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3.379636] EIP: drm_atomic_set_crtc_for_connector+0xbe/0xf0
[ 3.379638] Code: ba c3 c3 6a 10 8b 06 ff 70 10 e8 bd 4b ff ff 31 c0 83 c4 20 8d 65 f4 5b 5e 5f 5d c3 53 ff 77 28 ff 77 14 68 88 ba c3 c3 6a 10 <a1> 00 00 00 00 ff 70 10 e8 95 4b ff ff 31 c0 83 c4 18 8d 65 f4 5b
[ 3.379640] EAX: 00000005 EBX: c56df480 ECX: c67d8698 EDX: c19e8750
[ 3.379641] ESI: 00000000 EDI: c67d8678 EBP: c54f5a8c ESP: c54f5a6c
[ 3.379643] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010246
[ 3.379649] CR0: 80050033 CR2: 00000000 CR3: 04765000 CR4: 00040690
[ 3.379650] Call Trace:
[ 3.379655] __drm_atomic_helper_set_config+0x17e/0x310
[ 3.379658] drm_client_modeset_commit_atomic+0x154/0x220
[ 3.379661] drm_client_modeset_commit_locked+0x45/0x170
[ 3.379665] ? pan_set+0x4f/0x80
[ 3.379668] drm_fb_helper_pan_display+0x84/0x1e0
[ 3.379670] ? drm_fb_helper_sys_imageblit+0x24/0x30
[ 3.379672] ? drm_fb_helper_set_suspend_unlocked+0xa0/0xa0
[ 3.379676] fb_pan_display+0xa2/0x140
[ 3.379678] bit_update_start+0x15/0x40
[ 3.379681] fbcon_switch+0x377/0x540
[ 3.379686] redraw_screen+0xca/0x230
[ 3.379688] fbcon_prepare_logo+0x2f2/0x3c0
[ 3.379691] fbcon_init+0x475/0x540
[ 3.379694] visual_init+0x8e/0xe0
[ 3.379696] do_bind_con_driver+0x145/0x220
[ 3.379699] do_take_over_console+0xf0/0x150
[ 3.379701] do_fbcon_takeover+0x57/0xc0
[ 3.379704] fbcon_fb_registered+0xfd/0x110
[ 3.379706] register_framebuffer+0x1bb/0x2f0
[ 3.379709] __drm_fb_helper_initial_config_and_unlock+0x91/0xc0
[ 3.379711] drm_fbdev_client_hotplug+0xc5/0x180
[ 3.379714] drm_fbdev_generic_setup+0x9f/0x150
[ 3.379717] bochs_pci_probe+0x10d/0x140
[ 3.379721] pci_device_probe+0x9c/0x110
[ 3.379724] really_probe+0x19d/0x2e0
[ 3.379726] driver_probe_device+0x44/0xa0
[ 3.379728] device_driver_attach+0x49/0x50
[ 3.379730] __driver_attach+0x41/0xb0
[ 3.379732] ? device_driver_attach+0x50/0x50
[ 3.379734] bus_for_each_dev+0x58/0x90
[ 3.379736] driver_attach+0x14/0x20
[ 3.379737] ? device_driver_attach+0x50/0x50
[ 3.379739] bus_add_driver+0x17f/0x1a0
[ 3.379741] ? pci_pm_prepare+0x60/0x60
[ 3.379743] driver_register+0x61/0xb0
[ 3.379747] ? qxl_init+0x45/0x45
[ 3.379749] __pci_register_driver+0x4d/0x60
[ 3.379751] bochs_init+0x39/0x3b
[ 3.379754] do_one_initcall+0x57/0x2d0
[ 3.379757] ? rcu_read_lock_sched_held+0x3f/0x70
[ 3.379761] ? trace_initcall_level+0x79/0xa8
[ 3.379764] do_initcalls+0xa9/0xcc
[ 3.379766] kernel_init_freeable+0x8f/0xb4
[ 3.379771] ? rest_init+0x20d/0x20d
[ 3.379773] kernel_init+0x8/0xe3
[ 3.379775] ret_from_fork+0x1c/0x28
[ 3.379776] Modules linked in:
[ 3.379785] CR2: 0000000000000000
[ 3.379789] ---[ end trace 4c6ced249000b5d5 ]---
To reproduce:
# build kernel
cd linux
cp config-5.10.0-rc3-00986-ge3aae683e861 .config
make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 olddefconfig prepare modules_prepare bzImage
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Oliver Sang
View attachment "config-5.10.0-rc3-00986-ge3aae683e861" of type "text/plain" (158261 bytes)
View attachment "job-script" of type "text/plain" (4276 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (12812 bytes)
Powered by blists - more mailing lists