| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210527050758.GA5047@xsang-OptiPlex-9020>
Date: Thu, 27 May 2021 13:07:59 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Thomas Hellström
<thomas.hellstrom@...ux.intel.com>
Cc: 0day robot <lkp@...el.com>,
Christian König <christian.koenig@....com>,
LKML <linux-kernel@...r.kernel.org>, lkp@...ts.01.org,
intel-gfx@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org,
Thomas Hellström
<thomas.hellstrom@...ux.intel.com>
Subject: [drm/ttm] 0c13ca6d7f:
WARNING:at_drivers/gpu/drm/drm_fb_helper.c:#drm_fb_helper_damage_work
Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: 0c13ca6d7fbaaf4cc0cfccd94f0ab8ca9af9e81a ("[Intel-gfx] [RFC PATCH 1/5] drm/ttm: Add a generic TTM memcpy move for page-based iomem")
url: https://github.com/0day-ci/linux/commits/Thomas-Hellstr-m/Core-TTM-changes-for-i915-TTM-enabling/20210522-205103
in testcase: trinity
version: trinity-i386-4d2343bd-1_20200320
with following parameters:
number: 99999
group: group-03
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+-----------------------------------------------------------------------+---------------+------------+
| | next-20210521 | 0c13ca6d7f |
+-----------------------------------------------------------------------+---------------+------------+
| WARNING:at_drivers/gpu/drm/drm_fb_helper.c:#drm_fb_helper_damage_work | 0 | 8 |
| RIP:drm_fb_helper_damage_work | 0 | 8 |
+-----------------------------------------------------------------------+---------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 23.128870] WARNING: CPU: 1 PID: 20 at drivers/gpu/drm/drm_fb_helper.c:451 drm_fb_helper_damage_work (kbuild/src/consumer/drivers/gpu/drm/drm_fb_helper.c:451)
[ 23.128883] Modules linked in: intel_rapl_common crct10dif_pclmul ata_piix bochs_drm(+) crc32_pclmul crc32c_intel libata ghash_clmulni_intel rapl drm_vram_helper drm_ttm_helper joydev ttm i2c_piix4 serio_raw parport_pc parport ip_tables
[ 23.128925] CPU: 1 PID: 20 Comm: kworker/1:0 Not tainted 5.13.0-rc2-next-20210521-00001-g0c13ca6d7fba #1
[ 23.128931] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 23.128934] Workqueue: events drm_fb_helper_damage_work
[ 23.128941] RIP: 0010:drm_fb_helper_damage_work (kbuild/src/consumer/drivers/gpu/drm/drm_fb_helper.c:451)
[ 23.128946] Code: 48 8b 78 08 4c 8b 6f 50 4d 85 ed 75 03 4c 8b 2f e8 70 6e 04 00 44 89 e1 4c 89 ea 48 c7 c7 48 f8 c5 8c 48 89 c6 e8 cb 63 60 00 <0f> 0b e9 02 fe ff ff e8 8f a5 66 00 66 66 2e 0f 1f 84 00 00 00 00
All code
========
0: 48 8b 78 08 mov 0x8(%rax),%rdi
4: 4c 8b 6f 50 mov 0x50(%rdi),%r13
8: 4d 85 ed test %r13,%r13
b: 75 03 jne 0x10
d: 4c 8b 2f mov (%rdi),%r13
10: e8 70 6e 04 00 callq 0x46e85
15: 44 89 e1 mov %r12d,%ecx
18: 4c 89 ea mov %r13,%rdx
1b: 48 c7 c7 48 f8 c5 8c mov $0xffffffff8cc5f848,%rdi
22: 48 89 c6 mov %rax,%rsi
25: e8 cb 63 60 00 callq 0x6063f5
2a:* 0f 0b ud2 <-- trapping instruction
2c: e9 02 fe ff ff jmpq 0xfffffffffffffe33
31: e8 8f a5 66 00 callq 0x66a5c5
36: 66 data16
37: 66 data16
38: 2e cs
39: 0f .byte 0xf
3a: 1f (bad)
3b: 84 00 test %al,(%rax)
3d: 00 00 add %al,(%rax)
...
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: e9 02 fe ff ff jmpq 0xfffffffffffffe09
7: e8 8f a5 66 00 callq 0x66a59b
c: 66 data16
d: 66 data16
e: 2e cs
f: 0f .byte 0xf
10: 1f (bad)
11: 84 00 test %al,(%rax)
13: 00 00 add %al,(%rax)
...
[ 23.128950] RSP: 0018:ffffb685800b3dd0 EFLAGS: 00010286
[ 23.128956] RAX: 0000000000000000 RBX: ffff98e43286bb40 RCX: 0000000000000000
[ 23.128959] RDX: 0000000000000001 RSI: ffffffff8b6349cf RDI: ffffffff8b6349cf
[ 23.128962] RBP: ffff98e46c59a940 R08: 0000000000000001 R09: 0000000000000001
[ 23.128965] R10: ffff98e3c0368000 R11: 0000000000000000 R12: 00000000ffffffea
[ 23.128968] R13: ffff98e5057936b0 R14: 0000000000000000 R15: ffff98e46c59a980
[ 23.128972] FS: 0000000000000000(0000) GS:ffff98e6efd00000(0000) knlGS:0000000000000000
[ 23.128976] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 23.128979] CR2: 0000000057d64c80 CR3: 00000002444e4000 CR4: 00000000000406e0
[ 23.128986] Call Trace:
[ 23.128990] ? lock_acquire (kbuild/src/consumer/kernel/locking/lockdep.c:438 kbuild/src/consumer/kernel/locking/lockdep.c:5514 kbuild/src/consumer/kernel/locking/lockdep.c:5477)
[ 23.129014] process_one_work (kbuild/src/consumer/arch/x86/include/asm/jump_label.h:27 kbuild/src/consumer/include/linux/jump_label.h:212 kbuild/src/consumer/include/trace/events/workqueue.h:108 kbuild/src/consumer/kernel/workqueue.c:2281)
[ 23.129035] worker_thread (kbuild/src/consumer/include/linux/list.h:282 kbuild/src/consumer/kernel/workqueue.c:2423)
[ 23.129043] ? process_one_work (kbuild/src/consumer/kernel/workqueue.c:2365)
[ 23.129053] kthread (kbuild/src/consumer/kernel/kthread.c:319)
[ 23.129057] ? set_kthread_struct (kbuild/src/consumer/kernel/kthread.c:272)
[ 23.129067] ret_from_fork (kbuild/src/consumer/arch/x86/entry/entry_64.S:300)
[ 23.129097] irq event stamp: 4449
[ 23.129099] hardirqs last enabled at (4455): vprintk_emit (kbuild/src/consumer/arch/x86/include/asm/irqflags.h:45 kbuild/src/consumer/arch/x86/include/asm/irqflags.h:80 kbuild/src/consumer/arch/x86/include/asm/irqflags.h:140 kbuild/src/consumer/kernel/printk/printk.c:1877 kbuild/src/consumer/kernel/printk/printk.c:2174)
[ 23.129104] hardirqs last disabled at (4460): vprintk_emit (kbuild/src/consumer/kernel/printk/printk.c:1856 kbuild/src/consumer/kernel/printk/printk.c:2174)
[ 23.129108] softirqs last enabled at (4080): __do_softirq (kbuild/src/consumer/arch/x86/include/asm/preempt.h:27 kbuild/src/consumer/kernel/softirq.c:403 kbuild/src/consumer/kernel/softirq.c:588)
[ 23.129115] softirqs last disabled at (4069): do_softirq (kbuild/src/consumer/kernel/softirq.c:460 kbuild/src/consumer/kernel/softirq.c:447)
[ 23.129121] ---[ end trace 8fffdf7b74be67dd ]---
[ 23.169660] Console: switching to colour frame buffer device 128x48
[ 23.204582] ata2.01: NODEV after polling detection
[ 23.205027] ata2.00: ATAPI: QEMU DVD-ROM, 2.5+, max UDMA/100
[ 23.209001] scsi 1:0:0:0: CD-ROM QEMU QEMU DVD-ROM 2.5+ PQ: 0 ANSI: 5
[ 23.454548] bochs-drm 0000:00:02.0: [drm] fb0: bochs-drmdrmfb frame buffer device
[ 23.558522] ppdev: user-space parallel port driver
[ 23.639513] scsi 1:0:0:0: Attached scsi generic sg0 type 5
[ 23.711615] sr 1:0:0:0: [sr0] scsi3-mmc drive: 4x/4x cd/rw xa/form2 tray
[ 23.721907] cdrom: Uniform CD-ROM driver Revision: 3.20
[ 23.760668] sr 1:0:0:0: Attached scsi CD-ROM sr0
[ 32.345935] Kernel tests: Boot OK!
[ 32.345967]
[ 33.553631] sctp: Hash tables configured (bind 32/56)
[ 33.640389] NET: Registered protocol family 8
[ 33.642951] NET: Registered protocol family 20
[ 33.701683] Loading iSCSI transport class v2.0-870.
[ 33.907649] can: controller area network core
[ 33.910036] NET: Registered protocol family 29
[ 33.927145] can: raw protocol
[ 33.945312] can: broadcast manager protocol
[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[ 34.146981] Bluetooth: Core ver 2.22
[ 34.149139] NET: Registered protocol family 31
[ 34.151387] Bluetooth: HCI device and connection manager initialized
[ 34.154110] Bluetooth: HCI socket layer initialized
[ 34.157426] Bluetooth: L2CAP socket layer initialized
[ 34.160803] Bluetooth: SCO socket layer initialized
[ 34.197826] Bluetooth: RFCOMM TTY layer initialized
[ 34.200118] Bluetooth: RFCOMM socket layer initialized
[ 34.204803] Bluetooth: RFCOMM ver 1.11
[ 34.229098] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[ 34.231559] Bluetooth: BNEP filters: protocol multicast
[ 34.236340] Bluetooth: BNEP socket layer initialized
[ 34.262539] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
[ 34.265008] Bluetooth: HIDP socket layer initialized
[ 34.417337] VFS: Warning: trinity-c4 using old stat() call. Recompile your binary.
[ 34.423816] VFS: Warning: trinity-c4 using old stat() call. Recompile your binary.
[ 34.491288] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[ 34.495709] audit: type=1326 audit(1622057165.671:2): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=1418 comm="trinity-c0" exe="/bin/trinity" sig=9 arch=40000003 syscall=19 compat=1 ip=0xf7f9a549 code=0x0
[ 34.510047] mmap: trinity-c7 (1425) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[ 34.516796] VFS: Warning: trinity-c7 using old stat() call. Recompile your binary.
[ 34.516841] ptrace attach of "trinity -q -q -l off -s 364045467 -N 99999"[1424] was attempted by "trinity -q -q -l off -s 364045467 -N 99999"[1426]
[ 34.544419] VFS: Warning: trinity-c7 using old stat() call. Recompile your binary.
[ 34.554532] audit: type=1326 audit(1622057165.731:3): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=1426 comm="trinity-c0" exe="/bin/trinity" sig=9 arch=40000003 syscall=19 compat=1 ip=0xf7f9a549 code=0x0
[ 34.594140] VFS: Warning: trinity-c0 using old stat() call. Recompile your binary.
[ 34.661794] NET: Registered protocol family 36
[ 34.687566] ptrace attach of "trinity -q -q -l off -s 364045467 -N 99999"[1419] was attempted by "trinity -q -q -l off -s 364045467 -N 99999"[1428]
[ 35.512829] audit: type=1326 audit(1622057166.690:4): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=1422 comm="trinity-c4" exe="/bin/trinity" sig=9 arch=40000003 syscall=19 compat=1 ip=0xf7f9a549 code=0x0
[ 35.553632] audit: type=1326 audit(1622057166.725:5): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=1420 comm="trinity-c2" exe="/bin/trinity" sig=9 arch=40000003 syscall=19 compat=1 ip=0xf7f9a549 code=0x0
[ 35.937104] random: crng init done
[ 35.939376] random: 7 urandom warning(s) missed due to ratelimiting
[ 35.997121] scsi_nl_rcv_msg: discarding partial skb
[ 36.025621] trinity-c5 (1423): attempted to duplicate a private mapping with mremap. This is not supported.
[ 36.116632] Guest personality initialized and is inactive
[ 36.124783] VMCI host device registered (name=vmci, major=10, minor=125)
[ 36.128992] Initialized host personality
[ 36.158378] NET: Registered protocol family 40
[ 36.331855] NET: Registered protocol family 15
[ 36.509084] audit: type=1326 audit(1622057167.686:6): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=1423 comm="trinity-c5" exe="/bin/trinity" sig=9 arch=40000003 syscall=19 compat=1 ip=0xf7f9a549 code=0x0
[ 36.536011] audit: type=1326 audit(1622057167.713:7): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=1482 comm="trinity-c5" exe="/bin/trinity" sig=9 arch=40000003 syscall=19 compat=1 ip=0xf7f9a549 code=0x0
[ 36.776774] audit: type=1326 audit(1622057167.954:8): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=1483 comm="trinity-c5" exe="/bin/trinity" sig=9 arch=40000003 syscall=19 compat=1 ip=0xf7f9a549 code=0x0
[ 37.204551] audit: type=1326 audit(1622057168.382:9): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=1447 comm="trinity-c2" exe="/bin/trinity" sig=9 arch=40000003 syscall=19 compat=1 ip=0xf7f9a549 code=0x0
[ 37.870830] audit: type=1326 audit(1622057169.048:10): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=1495 comm="trinity-c5" exe="/bin/trinity" sig=9 arch=40000003 syscall=19 compat=1 ip=0xf7f9a549 code=0x0
[ 37.933295] audit: type=1326 audit(1622057169.110:11): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=1516 comm="trinity-c5" exe="/bin/trinity" sig=9 arch=40000003 syscall=19 compat=1 ip=0xf7f9a549 code=0x0
[ 39.032389] install debs round one: dpkg -i --force-confdef --force-depends /opt/deb/gawk_1%3a4.1.4+dfsg-1_i386.deb
[ 39.032434]
[ 39.046183] Selecting previously unselected package gawk.
[ 39.046203]
[ 39.056645] (Reading database ... 16210 files and directories currently installed.)
[ 39.056658]
[ 39.067990] Preparing to unpack .../gawk_1%3a4.1.4+dfsg-1_i386.deb ...
[ 39.068002]
[ 39.077038] Unpacking gawk (1:4.1.4+dfsg-1) ...
[ 39.077050]
[ 39.085224] Setting up gawk (1:4.1.4+dfsg-1) ...
[ 39.085237]
[ 39.092668] /lkp/lkp/src/bin/run-lkp
[ 39.092678]
[ 39.650207] kauditd_printk_skb: 1 callbacks suppressed
[ 39.650213] audit: type=1326 audit(1622057170.827:13): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=1502 comm="trinity-c2" exe="/bin/trinity" sig=9 arch=40000003 syscall=19 compat=1 ip=0xf7f9a549 code=0x0
[ 41.150540] audit: type=1326 audit(1622057172.327:14): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=1424 comm="trinity-c6" exe="/bin/trinity" sig=9 arch=40000003 syscall=19 compat=1 ip=0xf7f9a549 code=0x0
[ 41.262543] audit: type=1326 audit(1622057172.439:15): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=1545 comm="trinity-c6" exe="/bin/trinity" sig=9 arch=40000003 syscall=19 compat=1 ip=0xf7f9a549 code=0x0
[ 41.925799] RESULT_ROOT=/result/trinity/group-03-99999/vm-snb/debian-i386-20191205.cgz/x86_64-rhel-8.3-kselftests/gcc-9/0c13ca6d7fbaaf4cc0cfccd94f0ab8ca9af9e81a/3
[ 41.925827]
To reproduce:
# build kernel
cd linux
cp config-5.13.0-rc2-next-20210521-00001-g0c13ca6d7fba .config
make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
---
0DAY/LKP+ Test Infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation
Thanks,
Oliver Sang
View attachment "config-5.13.0-rc2-next-20210521-00001-g0c13ca6d7fba" of type "text/plain" (175556 bytes)
View attachment "job-script" of type "text/plain" (4331 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (19216 bytes)
View attachment "trinity" of type "text/plain" (1983 bytes)
Powered by blists - more mailing lists