dev test in ubuntu_stress_smoke_test cause kernel oops on T-3.13
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-kernel-tests |
Fix Released
|
Undecided
|
Unassigned | ||
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Trusty |
Fix Released
|
Medium
|
Colin Ian King |
Bug Description
SRU Request [Trusty]
== Justification ==
It is possible to cause an oops in drm with an unimplemented ioctl call
with the following reproducer run as root:
#include <sys/ioctl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
int main(void)
{
int ptnum, fd;
fd = open("/
return ioctl(fd, TIOCGPTN, &ptnum);
}
== Fix ==
A backport (minor wiggle) of upstream commit 1539fb9bd405
("drm: fix NULL pointer access by wrong ioctl").
== Testing ==
Run the reproducer above as root, it will trip the oops. With the fix
this oops won't occur.
== Regression Potential ==
Minimal, this is an upstream fix to this exact issue and has been in
the kernel since 3.16
-------
This is a bare-metal node running with 3.13.0-160 amd64 kernel.
The dev test will cause kernel oops:
dev STARTING
dev RETURNED 0
dev FAILED (kernel oopsed)
[ 222.555784] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 222.564547] IP: [<ffffffff81381
[ 222.570101] PGD 80000004586b1067 PUD 45784a067 PMD 0
[ 222.575767] Oops: 0002 [#1] SMP
[ 222.579385] Modules linked in: macvlan(+) dccp_ipv4 dccp ghash_generic salsa20_generic salsa20_x86_64 camellia_generic camellia_aesni_avx2 camellia_
[ 222.647301] CPU: 0 PID: 23159 Comm: stress-ng-dev Not tainted 3.13.0-160-generic #210-Ubuntu
[ 222.647301] Hardware name: Intel Corporation S1200RP/S1200RP, BIOS S1200RP.
[ 222.647302] task: ffff880035bf1800 ti: ffff880453b60000 task.ti: ffff880453b60000
[ 222.647303] RIP: 0010:[<
[ 222.647306] RSP: 0018:ffff880453
[ 222.647306] RAX: ffff88045af55d00 RBX: ffff880455538000 RCX: 0000000000000004
[ 222.647307] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000
[ 222.647307] RBP: ffff880453b61ec0 R08: ffffffff81c43740 R09: 0000000000000000
[ 222.647308] R10: ffffffffa002f260 R11: ffff880453b61e10 R12: ffff880455f07a00
[ 222.647309] R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000030
[ 222.647310] FS: 00007f64909ef70
[ 222.647310] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 222.647311] CR2: 0000000000000000 CR3: 0000000458904000 CR4: 0000000000360770
[ 222.647312] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 222.647312] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 222.647313] Stack:
[ 222.647314] ffffffffa0010c05 ffff880400000001 ffffffffa003ace4 0000004100000086
[ 222.647316] ffff880453b61e10 ffff880453b61e10 ffffffffa00185d0 0000643054506240
[ 222.647317] 00007f64909ebce0 ffff880400000004 ffffffffa002f260 0000000000000000
[ 222.647317] Call Trace:
[ 222.647329] [<ffffffffa0010
[ 222.647337] [<ffffffffa0018
[ 222.647341] [<ffffffff811dc
[ 222.647343] [<ffffffff811ce
[ 222.647344] [<ffffffff811dc
[ 222.647347] [<ffffffff8174d
[ 222.647359] Code: 16 fe 66 44 89 1f 66 44 89 54 17 fe eb 0c 48 83 fa 01 72 06 44 8a 1e 44 88 1f c3 90 90 90 90 90 90 90 49 89 f9 40 88 f0 48 89 d1 <f3> aa 4c 89 c8 c3 0f 1f 84 00 00 00 00 00 0f 1f 84 00 00 00 00
[ 222.647360] RIP [<ffffffff81381
[ 222.647361] RSP <ffff880453b61db8>
[ 222.647361] CR2: 0000000000000000
[ 222.647363] ---[ end trace f74524d41bff5843 ]---
[ 222.678166] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 222.678173] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 222.679128] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 222.680191] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 222.681243] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 222.682289] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 222.683344] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 222.683377] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 222.683402] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 222.857058] xor: automatically using best checksumming function:
[ 222.893969] avx : 31405.000 MB/sec
[ 223.016605] video LNXVIDEO:00: Restoring backlight state
[ 223.033952] video LNXVIDEO:00: Restoring backlight state
[ 223.051296] video LNXVIDEO:00: Restoring backlight state
[ 223.057454] PM: Marking nosave pages: [mem 0x0009b000-
[ 223.062045] raid6: sse2x1 9148 MB/s
[ 223.068444] PM: Marking nosave pages: [mem 0x4b195000-
[ 223.075355] PM: Marking nosave pages: [mem 0x4e000000-
[ 223.083105] PM: Basic memory bitmaps created
[ 223.122177] PM: Basic memory bitmaps freed
[ 223.126750] video LNXVIDEO:00: Restoring backlight state
[ 223.130057] raid6: sse2x2 13391 MB/s
[ 223.145066] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.156618] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.168161] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.185492] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.198086] raid6: sse2x4 15645 MB/s
[ 223.203078] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.217990] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.230537] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.243082] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.265636] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.266402] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.266413] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.266599] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.266771] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.266942] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.267076] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.267325] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.267578] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.267734] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.267886] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.268076] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.268272] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.268423] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.274116] raid6: avx2x1 20403 MB/s
[ 223.342144] raid6: avx2x2 24500 MB/s
[ 223.410172] raid6: avx2x4 28088 MB/s
[ 223.414348] raid6: using algorithm avx2x4 (28088 MB/s)
[ 223.420086] raid6: using avx2x2 recovery algorithm
[ 223.439261] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.439262] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.439263] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.458682] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.477796] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.487545] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.488716] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.488723] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.488729] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.488784] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.488784] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.489039] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.489060] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 223.564764] bio: create slab <bio-1> at 1
[ 223.569431] Btrfs loaded
[ 223.575372] seq unknown ioctl() 0x1263 (type='\x12', number=0x63)
[ 223.575538] seq unknown ioctl() 0x1263 (type='\x12', number=0x63)
[ 223.575540] seq unknown ioctl() 0x125e (type='\x12', number=0x5e)
[ 223.575541] seq unknown ioctl() 0x80081270 (type='\x12', number=0x70)
[ 223.575542] seq unknown ioctl() 0x127b (type='\x12', number=0x7b)
[ 223.575543] seq unknown ioctl() 0x1278 (type='\x12', number=0x78)
[ 223.575543] seq unknown ioctl() 0x1279 (type='\x12', number=0x79)
[ 223.575544] seq unknown ioctl() 0x127a (type='\x12', number=0x7a)
[ 223.575545] seq unknown ioctl() 0x127e (type='\x12', number=0x7e)
[ 223.575546] seq unknown ioctl() 0x1267 (type='\x12', number=0x67)
[ 223.575547] seq unknown ioctl() 0x1260 (type='\x12', number=0x60)
[ 223.575548] seq unknown ioctl() 0x80081272 (type='\x12', number=0x72)
[ 223.575549] seq unknown ioctl() 0x1 (type='
[ 223.575550] seq unknown ioctl() 0x2282 (type='"', number=0x82)
[ 223.575551] seq unknown ioctl() 0x5382 (type='S', number=0x82)
[ 223.575563] seq unknown ioctl() 0x5386 (type='S', number=0x86)
[ 223.575564] seq unknown ioctl() 0x5401 (type='T', number=0x01)
[ 223.575677] seq unknown ioctl() 0x1263 (type='\x12', number=0x63)
[ 223.575678] seq unknown ioctl() 0x1263 (type='\x12', number=0x63)
[ 223.575679] seq unknown ioctl() 0x125e (type='\x12', number=0x5e)
[ 223.575679] seq unknown ioctl() 0x125e (type='\x12', number=0x5e)
[ 223.575680] seq unknown ioctl() 0x80081270 (type='\x12', number=0x70)
[ 223.575681] seq unknown ioctl() 0x80081270 (type='\x12', number=0x70)
[ 223.575681] seq unknown ioctl() 0x127b (type='\x12', number=0x7b)
[ 223.575682] seq unknown ioctl() 0x127b (type='\x12', number=0x7b)
[ 223.575682] seq unknown ioctl() 0x1278 (type='\x12', number=0x78)
[ 223.575683] seq unknown ioctl() 0x1278 (type='\x12', number=0x78)
[ 223.575684] seq unknown ioctl() 0x1279 (type='\x12', number=0x79)
[ 223.575684] seq unknown ioctl() 0x1279 (type='\x12', number=0x79)
....
[ 224.964466] seq unknown ioctl() 0x1260 (type='\x12', number=0x60)
[ 224.964467] seq unknown ioctl() 0x80081272 (type='\x12', number=0x72)
[ 224.964468] seq unknown ioctl() 0x1 (type='
[ 224.964468] seq unknown ioctl() 0x2282 (type='"', number=0x82)
[ 224.964469] seq unknown ioctl() 0x5382 (type='S', number=0x82)
[ 224.964470] seq unknown ioctl() 0x5386 (type='S', number=0x86)
[ 224.964471] seq unknown ioctl() 0x5401 (type='T', number=0x01)
[ 225.068352] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 225.068911] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 225.069402] program stress-ng-dev is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 227.530769] video LNXVIDEO:00: Restoring backlight state
[ 227.536884] PM: Marking nosave pages: [mem 0x0009b000-
[ 227.543685] PM: Marking nosave pages: [mem 0x4b195000-
[ 227.550591] PM: Marking nosave pages: [mem 0x4e000000-
[ 227.558322] PM: Basic memory bitmaps created
[ 227.597601] PM: Basic memory bitmaps freed
[ 227.602178] video LNXVIDEO:00: Restoring backlight state
Complete error log: https:/
Changed in stress-ng: | |
importance: | Undecided → Medium |
assignee: | nobody → Colin Ian King (colin-king) |
status: | New → In Progress |
Changed in linux (Ubuntu): | |
status: | New → Invalid |
Changed in linux (Ubuntu Trusty): | |
status: | New → Fix Committed |
Changed in linux (Ubuntu Trusty): | |
assignee: | nobody → Colin Ian King (colin-king) |
importance: | Undecided → Medium |
Changed in ubuntu-kernel-tests: | |
importance: | Medium → Undecided |
assignee: | Colin Ian King (colin-king) → nobody |
tags: | added: cscc |
Those bare-metals have passed with this test in this cycle (3.13.0- 162-generic) , but a KVM node "chico" does not, fail rate 2/2:
11:26:48 DEBUG| [stdout] dev STARTING 0x000fffff] 0x000fffff] 0x000fffff] 0x000fffff] 0x000fffff] 0x000fffff]
11:26:53 DEBUG| [stdout] dev RETURNED 0
11:26:53 DEBUG| [stdout] dev FAILED (kernel oopsed)
11:26:53 DEBUG| [stdout] [ 404.777336] xor: measuring software checksum speed
11:26:53 DEBUG| [stdout] [ 404.813839] hidraw: raw HID events driver (C) Jiri Kosina
11:26:53 DEBUG| [stdout] [ 404.816009] prefetch64-sse: 17927.000 MB/sec
11:26:53 DEBUG| [stdout] [ 404.856007] generic_sse: 16435.000 MB/sec
11:26:53 DEBUG| [stdout] [ 404.856009] xor: using function: prefetch64-sse (17927.000 MB/sec)
11:26:53 DEBUG| [stdout] [ 404.882264] Bluetooth: Core ver 2.17
11:26:53 DEBUG| [stdout] [ 404.882287] NET: Registered protocol family 31
11:26:53 DEBUG| [stdout] [ 404.882289] Bluetooth: HCI device and connection manager initialized
11:26:53 DEBUG| [stdout] [ 404.882917] Bluetooth: HCI socket layer initialized
11:26:53 DEBUG| [stdout] [ 404.882921] Bluetooth: L2CAP socket layer initialized
11:26:53 DEBUG| [stdout] [ 404.882926] Bluetooth: SCO socket layer initialized
11:26:53 DEBUG| [stdout] [ 404.886727] Bluetooth: Virtual HCI driver ver 1.4
11:26:53 DEBUG| [stdout] [ 404.924015] raid6: sse2x1 9398 MB/s
11:26:53 DEBUG| [stdout] [ 404.992008] raid6: sse2x2 11504 MB/s
11:26:53 DEBUG| [stdout] [ 405.060011] raid6: sse2x4 13522 MB/s
11:26:53 DEBUG| [stdout] [ 405.060012] raid6: using algorithm sse2x4 (13522 MB/s)
11:26:53 DEBUG| [stdout] [ 405.060014] raid6: using intx1 recovery algorithm
11:26:53 DEBUG| [stdout] [ 405.073998] bio: create slab <bio-1> at 1
11:26:53 DEBUG| [stdout] [ 405.087864] Btrfs loaded
11:26:53 DEBUG| [stdout] [ 405.249402] PM: Marking nosave pages: [mem 0x0009f000-
11:26:53 DEBUG| [stdout] [ 405.249408] PM: Basic memory bitmaps created
11:26:53 DEBUG| [stdout] [ 405.258537] PM: Basic memory bitmaps freed
11:26:53 DEBUG| [stdout] [ 405.261420] PM: Marking nosave pages: [mem 0x0009f000-
11:26:53 DEBUG| [stdout] [ 405.261423] PM: Basic memory bitmaps created
11:26:53 DEBUG| [stdout] [ 405.266600] PM: Basic memory bitmaps freed
11:26:53 DEBUG| [stdout] [ 405.273506] PM: Marking nosave pages: [mem 0x0009f000-
11:26:53 DEBUG| [stdout] [ 405.273512] PM: Basic memory bitmaps created
11:26:53 DEBUG| [stdout] [ 405.282591] PM: Basic memory bitmaps freed
11:26:53 DEBUG| [stdout] [ 405.282728] PM: Marking nosave pages: [mem 0x0009f000-
11:26:53 DEBUG| [stdout] [ 405.282730] PM: Basic memory bitmaps created
11:26:53 DEBUG| [stdout] [ 405.287533] PM: Basic memory bitmaps freed
11:26:53 DEBUG| [stdout] [ 405.289459] PM: Marking nosave pages: [mem 0x0009f000-
11:26:53 DEBUG| [stdout] [ 405.289461] PM: Basic memory bitmaps created
11:26:53 DEBUG| [stdout] [ 405.294379] PM: Basic memory bitmaps freed
11:26:53 DEBUG| [stdout] [ 405.310325] PM: Marking nosave pages: [mem 0x0009f000-
11:26:53 DEBUG| [stdout] [ 405.310330] PM: Basic memory bitmaps created
11:26:53 DEBUG| [stdout] [ 405.318409] PM: Basic memory bitmaps freed
11:26:53 DEBUG| [stdout] [ 405.387522] PM: Marking nosave pa...