** Changed in: linux (Ubuntu Trusty)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1797546
Title:
dev test in ubuntu_stress_smoke_test cause kernel oops on T-3.13
Status in ubuntu-kernel-tests:
In Progress
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Trusty:
Fix Committed
Bug description:
SRU Request [Trusty]
== Justification ==
It is possible to cause an oops in drm with an unimplemented ioctl call
with the following reproducer run as root:
#include <sys/ioctl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
int main(void)
{
int ptnum, fd;
fd = open("/dev/dri/card0", O_RDWR);
return ioctl(fd, TIOCGPTN, &ptnum);
}
== Fix ==
A backport (minor wiggle) of upstream commit 1539fb9bd405
("drm: fix NULL pointer access by wrong ioctl").
== Testing ==
Run the reproducer above as root, it will trip the oops. With the fix
this oops won't occur.
== Regression Potential ==
Minimal, this is an upstream fix to this exact issue and has been in
the kernel since 3.16
--------------------
This is a bare-metal node running with 3.13.0-160 amd64 kernel.
The dev test will cause kernel oops:
dev STARTING
dev RETURNED 0
dev FAILED (kernel oopsed)
[ 222.555784] BUG: unable to handle kernel NULL pointer dereference at
(null)
[ 222.564547] IP: [<ffffffff81381a69>] memset+0x9/0xb0
[ 222.570101] PGD 80000004586b1067 PUD 45784a067 PMD 0
[ 222.575767] Oops: 0002 [#1] SMP
[ 222.579385] Modules linked in: macvlan(+) dccp_ipv4 dccp ghash_generic
salsa20_generic salsa20_x86_64 camellia_generic camellia_aesni_avx2
camellia_aesni_avx_x86_64 camellia_x86_64 cast6_avx_x86_64 cast6_generic
cast_common serpent_avx2 serpent_avx_x86_64 serpent_sse2_x86_64 serpent_generic
twofish_generic twofish_avx_x86_64 twofish_x86_64_3way twofish_x86_64
twofish_common xts algif_skcipher tgr192 wp512 rmd320 rmd256 rmd160 rmd128 md4
algif_hash af_alg ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr
iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi dm_crypt
x86_pkg_temp_thermal coretemp kvm_intel kvm joydev lpc_ich shpchp mac_hid
hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel igb
aesni_intel aes_x86_64 i915_bdw dca lrw gf128mul ahci intel_ips glue_helper ptp
ablk_helper drm_kms_helper cryptd pps_core libahci i2c_algo_bit drm video
[ 222.647301] CPU: 0 PID: 23159 Comm: stress-ng-dev Not tainted
3.13.0-160-generic #210-Ubuntu
[ 222.647301] Hardware name: Intel Corporation S1200RP/S1200RP, BIOS
S1200RP.86B.03.02.0003.070120151022 07/01/2015
[ 222.647302] task: ffff880035bf1800 ti: ffff880453b60000 task.ti:
ffff880453b60000
[ 222.647303] RIP: 0010:[<ffffffff81381a69>] [<ffffffff81381a69>]
memset+0x9/0xb0
[ 222.647306] RSP: 0018:ffff880453b61db8 EFLAGS: 00010246
[ 222.647306] RAX: ffff88045af55d00 RBX: ffff880455538000 RCX:
0000000000000004
[ 222.647307] RDX: 0000000000000004 RSI: 0000000000000000 RDI:
0000000000000000
[ 222.647307] RBP: ffff880453b61ec0 R08: ffffffff81c43740 R09:
0000000000000000
[ 222.647308] R10: ffffffffa002f260 R11: ffff880453b61e10 R12:
ffff880455f07a00
[ 222.647309] R13: 0000000000000004 R14: 0000000000000000 R15:
0000000000000030
[ 222.647310] FS: 00007f64909ef700(0000) GS:ffff880470400000(0000)
knlGS:0000000000000000
[ 222.647310] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 222.647311] CR2: 0000000000000000 CR3: 0000000458904000 CR4:
0000000000360770
[ 222.647312] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 222.647312] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 222.647313] Stack:
[ 222.647314] ffffffffa0010c05 ffff880400000001 ffffffffa003ace4
0000004100000086
[ 222.647316] ffff880453b61e10 ffff880453b61e10 ffffffffa00185d0
0000643054506240
[ 222.647317] 00007f64909ebce0 ffff880400000004 ffffffffa002f260
0000000000000000
[ 222.647317] Call Trace:
[ 222.647329] [<ffffffffa0010c05>] ? drm_ioctl+0x4d5/0x630 [drm]
[ 222.647337] [<ffffffffa00185d0>] ? drm_agp_info_ioctl+0x10/0x10 [drm]
[ 222.647341] [<ffffffff811dc5e3>] do_vfs_ioctl+0x2e3/0x4d0
[ 222.647343] [<ffffffff811ce205>] ? SYSC_newfstat+0x25/0x30
[ 222.647344] [<ffffffff811dc851>] SyS_ioctl+0x81/0xa0
[ 222.647347] [<ffffffff8174d03c>] system_call_fastpath+0x26/0x2b
[ 222.647359] Code: 16 fe 66 44 89 1f 66 44 89 54 17 fe eb 0c 48 83 fa 01
72 06 44 8a 1e 44 88 1f c3 90 90 90 90 90 90 90 49 89 f9 40 88 f0 48 89 d1 <f3>
aa 4c 89 c8 c3 0f 1f 84 00 00 00 00 00 0f 1f 84 00 00 00 00
[ 222.647360] RIP [<ffffffff81381a69>] memset+0x9/0xb0
[ 222.647361] RSP <ffff880453b61db8>
[ 222.647361] CR2: 0000000000000000
[ 222.647363] ---[ end trace f74524d41bff5843 ]---
[ 222.678166] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 222.678173] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 222.679128] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 222.680191] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 222.681243] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 222.682289] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 222.683344] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 222.683377] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 222.683402] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 222.857058] xor: automatically using best checksumming function:
[ 222.893969] avx : 31405.000 MB/sec
[ 223.016605] video LNXVIDEO:00: Restoring backlight state
[ 223.033952] video LNXVIDEO:00: Restoring backlight state
[ 223.051296] video LNXVIDEO:00: Restoring backlight state
[ 223.057454] PM: Marking nosave pages: [mem 0x0009b000-0x000fffff]
[ 223.062045] raid6: sse2x1 9148 MB/s
[ 223.068444] PM: Marking nosave pages: [mem 0x4b195000-0x4dfeefff]
[ 223.075355] PM: Marking nosave pages: [mem 0x4e000000-0xffffffff]
[ 223.083105] PM: Basic memory bitmaps created
[ 223.122177] PM: Basic memory bitmaps freed
[ 223.126750] video LNXVIDEO:00: Restoring backlight state
[ 223.130057] raid6: sse2x2 13391 MB/s
[ 223.145066] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.156618] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.168161] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.185492] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.198086] raid6: sse2x4 15645 MB/s
[ 223.203078] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.217990] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.230537] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.243082] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.265636] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.266402] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.266413] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.266599] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.266771] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.266942] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.267076] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.267325] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.267578] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.267734] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.267886] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.268076] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.268272] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.268423] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.274116] raid6: avx2x1 20403 MB/s
[ 223.342144] raid6: avx2x2 24500 MB/s
[ 223.410172] raid6: avx2x4 28088 MB/s
[ 223.414348] raid6: using algorithm avx2x4 (28088 MB/s)
[ 223.420086] raid6: using avx2x2 recovery algorithm
[ 223.439261] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.439262] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.439263] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.458682] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.477796] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.487545] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.488716] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.488723] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.488729] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.488784] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.488784] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.489039] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.489060] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 223.564764] bio: create slab <bio-1> at 1
[ 223.569431] Btrfs loaded
[ 223.575372] seq unknown ioctl() 0x1263 (type='\x12', number=0x63)
[ 223.575538] seq unknown ioctl() 0x1263 (type='\x12', number=0x63)
[ 223.575540] seq unknown ioctl() 0x125e (type='\x12', number=0x5e)
[ 223.575541] seq unknown ioctl() 0x80081270 (type='\x12', number=0x70)
[ 223.575542] seq unknown ioctl() 0x127b (type='\x12', number=0x7b)
[ 223.575543] seq unknown ioctl() 0x1278 (type='\x12', number=0x78)
[ 223.575543] seq unknown ioctl() 0x1279 (type='\x12', number=0x79)
[ 223.575544] seq unknown ioctl() 0x127a (type='\x12', number=0x7a)
[ 223.575545] seq unknown ioctl() 0x127e (type='\x12', number=0x7e)
[ 223.575546] seq unknown ioctl() 0x1267 (type='\x12', number=0x67)
[ 223.575547] seq unknown ioctl() 0x1260 (type='\x12', number=0x60)
[ 223.575548] seq unknown ioctl() 0x80081272 (type='\x12', number=0x72)
[ 223.575549] seq unknown ioctl() 0x1 (type='
[ 223.575550] seq unknown ioctl() 0x2282 (type='"', number=0x82)
[ 223.575551] seq unknown ioctl() 0x5382 (type='S', number=0x82)
[ 223.575563] seq unknown ioctl() 0x5386 (type='S', number=0x86)
[ 223.575564] seq unknown ioctl() 0x5401 (type='T', number=0x01)
[ 223.575677] seq unknown ioctl() 0x1263 (type='\x12', number=0x63)
[ 223.575678] seq unknown ioctl() 0x1263 (type='\x12', number=0x63)
[ 223.575679] seq unknown ioctl() 0x125e (type='\x12', number=0x5e)
[ 223.575679] seq unknown ioctl() 0x125e (type='\x12', number=0x5e)
[ 223.575680] seq unknown ioctl() 0x80081270 (type='\x12', number=0x70)
[ 223.575681] seq unknown ioctl() 0x80081270 (type='\x12', number=0x70)
[ 223.575681] seq unknown ioctl() 0x127b (type='\x12', number=0x7b)
[ 223.575682] seq unknown ioctl() 0x127b (type='\x12', number=0x7b)
[ 223.575682] seq unknown ioctl() 0x1278 (type='\x12', number=0x78)
[ 223.575683] seq unknown ioctl() 0x1278 (type='\x12', number=0x78)
[ 223.575684] seq unknown ioctl() 0x1279 (type='\x12', number=0x79)
[ 223.575684] seq unknown ioctl() 0x1279 (type='\x12', number=0x79)
....
[ 224.964466] seq unknown ioctl() 0x1260 (type='\x12', number=0x60)
[ 224.964467] seq unknown ioctl() 0x80081272 (type='\x12', number=0x72)
[ 224.964468] seq unknown ioctl() 0x1 (type='
[ 224.964468] seq unknown ioctl() 0x2282 (type='"', number=0x82)
[ 224.964469] seq unknown ioctl() 0x5382 (type='S', number=0x82)
[ 224.964470] seq unknown ioctl() 0x5386 (type='S', number=0x86)
[ 224.964471] seq unknown ioctl() 0x5401 (type='T', number=0x01)
[ 225.068352] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 225.068911] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 225.069402] program stress-ng-dev is using a deprecated SCSI ioctl,
please convert it to SG_IO
[ 227.530769] video LNXVIDEO:00: Restoring backlight state
[ 227.536884] PM: Marking nosave pages: [mem 0x0009b000-0x000fffff]
[ 227.543685] PM: Marking nosave pages: [mem 0x4b195000-0x4dfeefff]
[ 227.550591] PM: Marking nosave pages: [mem 0x4e000000-0xffffffff]
[ 227.558322] PM: Basic memory bitmaps created
[ 227.597601] PM: Basic memory bitmaps freed
[ 227.602178] video LNXVIDEO:00: Restoring backlight state
Complete error log: https://pastebin.ubuntu.com/p/CkgHXbYsy4/
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1797546/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
