lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Mon, 16 Nov 2020 21:49:59 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     Simon Ser <contact@...rsion.fr>
Cc:     Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
        Maxime Ripard <mripard@...nel.org>,
        Thomas Zimmermann <tzimmermann@...e.de>,
        Ville Syrjala <ville.syrjala@...ux.intel.com>,
        Sam Ravnborg <sam@...nborg.org>,
        Daniel Vetter <daniel.vetter@...ll.ch>,
        LKML <linux-kernel@...r.kernel.org>,
        Linux Memory Management List <linux-mm@...ck.org>,
        lkp@...ts.01.org, lkp@...el.com
Subject: [drm]  e3aae683e8: BUG:kernel_NULL_pointer_dereference,address


Greeting,

FYI, we noticed the following commit (built with gcc-9):

commit: e3aae683e861a987d3d7dca593aaff93ac001bcb ("drm: convert drm_atomic_uapi.c to new debug helpers")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master


in testcase: trinity
version: trinity-static-i386-x86_64-f93256fb_2019-08-28
with following parameters:

	runtime: 300s

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 8G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+-------------------------------------------------------------------------------+------------+------------+
|                                                                               | e3e043992c | e3aae683e8 |
+-------------------------------------------------------------------------------+------------+------------+
| BUG:kernel_NULL_pointer_dereference,address                                   | 0          | 10         |
| Oops:#[##]                                                                    | 0          | 10         |
| EIP:drm_atomic_set_crtc_for_connector                                         | 0          | 10         |
| Kernel_panic-not_syncing:Fatal_exception                                      | 0          | 10         |
+-------------------------------------------------------------------------------+------------+------------+


If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>


[    3.153512] WARNING: suspicious RCU usage
[    3.154529] 5.10.0-rc3-00986-ge3aae683e861 #1 Not tainted
[    3.155851] -----------------------------
[    3.156866] drivers/char/ipmi/ipmi_msghandler.c:750 RCU-list traversed in non-reader section!!
[    3.158780] 
[    3.158780] other info that might help us debug this:
[    3.158780] 
[    3.160673] 
[    3.160673] rcu_scheduler_active = 2, debug_locks = 1
[    3.162206] 2 locks held by swapper/0/1:
[    3.163240]  #0: c4316760 (smi_watchers_mutex){+.+.}-{3:3}, at: ipmi_smi_watcher_register+0x2c/0x140
[    3.165278]  #1: c52f187c (&ipmi_interfaces_srcu){....}-{0:0}, at: ipmi_smi_watcher_register+0x56/0x140
[    3.167462] 
[    3.167462] stack backtrace:
[    3.168641] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.10.0-rc3-00986-ge3aae683e861 #1
[    3.170450] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[    3.170754] Call Trace:
[    3.170754]  dump_stack+0x6d/0x8b
[    3.170754]  lockdep_rcu_suspicious+0xbb/0xc4
[    3.170754]  ipmi_smi_watcher_register+0x124/0x140
[    3.170754]  ? ipmi_init_msghandler_mod+0x44/0x44
[    3.170754]  init_ipmi_devintf+0xae/0xe7
[    3.170754]  do_one_initcall+0x57/0x2d0
[    3.170754]  ? rcu_read_lock_sched_held+0x3f/0x70
[    3.170754]  ? trace_initcall_level+0x79/0xa8
[    3.170754]  do_initcalls+0xa9/0xcc
[    3.170754]  kernel_init_freeable+0x8f/0xb4
[    3.170754]  ? rest_init+0x20d/0x20d
[    3.170754]  kernel_init+0x8/0xe3
[    3.170754]  ret_from_fork+0x1c/0x28
[    3.185835] ipmi_si: IPMI System Interface driver
[    3.187283] ipmi_si: Unable to find any System Interface(s)
[    3.188485] ipmi_ssif: IPMI SSIF Interface driver
[    3.189560] IPMI Watchdog: driver initialized
[    3.190648] IPMI poweroff: Copyright (C) 2004 MontaVista Software - IPMI Powerdown via sys_reboot
[    3.193388] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
[    3.203738] ACPI: Power Button [PWRF]
[    3.204786] Warning: Processor Platform Limit event detected, but not handled.
[    3.205801] Consider compiling CPUfreq support into your kernel.
[    3.269667] N_HDLC line discipline registered with maxframe=4096
[    3.271334] Serial: 8250/16550 driver, 4 ports, IRQ sharing disabled
[    3.272972] serial 00:05: GPIO lookup for consumer rs485-term
[    3.274396] serial 00:05: using ACPI for GPIO lookup
[    3.275642] acpi PNP0501:00: GPIO: looking up rs485-term-gpios
[    3.277068] acpi PNP0501:00: GPIO: looking up rs485-term-gpio
[    3.278462] serial 00:05: using lookup tables for GPIO lookup
[    3.279911] serial 00:05: No GPIO consumer rs485-term found
[    3.281532] 00:05: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
[    3.283961] serial 00:06: GPIO lookup for consumer rs485-term
[    3.285361] serial 00:06: using ACPI for GPIO lookup
[    3.286564] acpi PNP0501:01: GPIO: looking up rs485-term-gpios
[    3.287995] acpi PNP0501:01: GPIO: looking up rs485-term-gpio
[    3.289330] serial 00:06: using lookup tables for GPIO lookup
[    3.290708] serial 00:06: No GPIO consumer rs485-term found
[    3.292231] 00:06: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A
[    3.296418] Cyclades driver 2.6
[    3.317776] MOXA Smartio/Industio family driver version 2.0.5
[    3.319547] SyncLink serial driver $Revision: 4.38 $
[    3.336922] SyncLink serial driver $Revision: 4.38 $, tty major#504
[    3.338871] DoubleTalk PC - not found
[    3.339910] sonypi: Sony Programmable I/O Controller Driver v1.26.
[    3.341620] Non-volatile memory driver v1.3
[    3.343293] platform pc8736x_gpio.0: NatSemi pc8736x GPIO Driver Initializing
[    3.344993] platform pc8736x_gpio.0: no device found
[    3.346326] nsc_gpio initializing
[    3.347266] telclk_interrupt = 0xf non-mcpbl0010 hw.
[    3.348495] Linux agpgart interface v0.103
[    3.350345] Hangcheck: starting hangcheck timer 0.9.1 (tick is 180 seconds, margin is 60 seconds).
[    3.353699] [drm] radeon kernel modesetting enabled.
[    3.355035] [drm] amdgpu kernel modesetting enabled.
[    3.356856] usbcore: registered new interface driver udl
[    3.358470] bochs-drm 0000:00:02.0: vgaarb: deactivate vga console
[    3.364081] Console: switching to colour dummy device 80x25
[    3.365822] [drm] Found bochs VGA, ID 0xb0c0.
[    3.366620] [drm] Framebuffer size 16384 kB @ 0xfd000000, mmio @ 0xfebf0000.
[    3.368376] [TTM] Zone  kernel: Available graphics memory: 396140 KiB
[    3.369520] [TTM] Zone highmem: Available graphics memory: 1522480 KiB
[    3.371790] [drm] Initialized bochs-drm 1.0.0 20130925 for 0000:00:02.0 on minor 0
[    3.375126] fbcon: bochs-drmdrmfb (fb0) is primary device
[    3.379617] BUG: kernel NULL pointer dereference, address: 00000000
[    3.379619] #PF: supervisor read access in kernel mode
[    3.379620] #PF: error_code(0x0000) - not-present page
[    3.379622] *pde = 00000000 
[    3.379625] Oops: 0000 [#1] PREEMPT SMP
[    3.379628] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.10.0-rc3-00986-ge3aae683e861 #1
[    3.379629] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[    3.379636] EIP: drm_atomic_set_crtc_for_connector+0xbe/0xf0
[    3.379638] Code: ba c3 c3 6a 10 8b 06 ff 70 10 e8 bd 4b ff ff 31 c0 83 c4 20 8d 65 f4 5b 5e 5f 5d c3 53 ff 77 28 ff 77 14 68 88 ba c3 c3 6a 10 <a1> 00 00 00 00 ff 70 10 e8 95 4b ff ff 31 c0 83 c4 18 8d 65 f4 5b
[    3.379640] EAX: 00000005 EBX: c56df480 ECX: c67d8698 EDX: c19e8750
[    3.379641] ESI: 00000000 EDI: c67d8678 EBP: c54f5a8c ESP: c54f5a6c
[    3.379643] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010246
[    3.379649] CR0: 80050033 CR2: 00000000 CR3: 04765000 CR4: 00040690
[    3.379650] Call Trace:
[    3.379655]  __drm_atomic_helper_set_config+0x17e/0x310
[    3.379658]  drm_client_modeset_commit_atomic+0x154/0x220
[    3.379661]  drm_client_modeset_commit_locked+0x45/0x170
[    3.379665]  ? pan_set+0x4f/0x80
[    3.379668]  drm_fb_helper_pan_display+0x84/0x1e0
[    3.379670]  ? drm_fb_helper_sys_imageblit+0x24/0x30
[    3.379672]  ? drm_fb_helper_set_suspend_unlocked+0xa0/0xa0
[    3.379676]  fb_pan_display+0xa2/0x140
[    3.379678]  bit_update_start+0x15/0x40
[    3.379681]  fbcon_switch+0x377/0x540
[    3.379686]  redraw_screen+0xca/0x230
[    3.379688]  fbcon_prepare_logo+0x2f2/0x3c0
[    3.379691]  fbcon_init+0x475/0x540
[    3.379694]  visual_init+0x8e/0xe0
[    3.379696]  do_bind_con_driver+0x145/0x220
[    3.379699]  do_take_over_console+0xf0/0x150
[    3.379701]  do_fbcon_takeover+0x57/0xc0
[    3.379704]  fbcon_fb_registered+0xfd/0x110
[    3.379706]  register_framebuffer+0x1bb/0x2f0
[    3.379709]  __drm_fb_helper_initial_config_and_unlock+0x91/0xc0
[    3.379711]  drm_fbdev_client_hotplug+0xc5/0x180
[    3.379714]  drm_fbdev_generic_setup+0x9f/0x150
[    3.379717]  bochs_pci_probe+0x10d/0x140
[    3.379721]  pci_device_probe+0x9c/0x110
[    3.379724]  really_probe+0x19d/0x2e0
[    3.379726]  driver_probe_device+0x44/0xa0
[    3.379728]  device_driver_attach+0x49/0x50
[    3.379730]  __driver_attach+0x41/0xb0
[    3.379732]  ? device_driver_attach+0x50/0x50
[    3.379734]  bus_for_each_dev+0x58/0x90
[    3.379736]  driver_attach+0x14/0x20
[    3.379737]  ? device_driver_attach+0x50/0x50
[    3.379739]  bus_add_driver+0x17f/0x1a0
[    3.379741]  ? pci_pm_prepare+0x60/0x60
[    3.379743]  driver_register+0x61/0xb0
[    3.379747]  ? qxl_init+0x45/0x45
[    3.379749]  __pci_register_driver+0x4d/0x60
[    3.379751]  bochs_init+0x39/0x3b
[    3.379754]  do_one_initcall+0x57/0x2d0
[    3.379757]  ? rcu_read_lock_sched_held+0x3f/0x70
[    3.379761]  ? trace_initcall_level+0x79/0xa8
[    3.379764]  do_initcalls+0xa9/0xcc
[    3.379766]  kernel_init_freeable+0x8f/0xb4
[    3.379771]  ? rest_init+0x20d/0x20d
[    3.379773]  kernel_init+0x8/0xe3
[    3.379775]  ret_from_fork+0x1c/0x28
[    3.379776] Modules linked in:
[    3.379785] CR2: 0000000000000000
[    3.379789] ---[ end trace 4c6ced249000b5d5 ]---


To reproduce:

        # build kernel
	cd linux
	cp config-5.10.0-rc3-00986-ge3aae683e861 .config
	make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 olddefconfig prepare modules_prepare bzImage

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email



Thanks,
Oliver Sang


View attachment "config-5.10.0-rc3-00986-ge3aae683e861" of type "text/plain" (158261 bytes)

View attachment "job-script" of type "text/plain" (4276 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (12812 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ