Following kunit tests started failing on Linux mainline.
- drm_format_helper_test — FAIL
- drm_test_fb_xrgb8888_to_xrgb2101010 — FAIL
- single_pixel_source_buffer — FAIL
Good: v6.0-3015-g2bca25eaeba6
Bad: v6.0-5118-g833477fce7a1
Reported-by: Linux Kernel Functional Testing <[email protected]>
[ 50.320990] # Subtest: drm_test_fb_xrgb8888_to_xrgb2101010
[ 50.322059] ==================================================================
[ 50.326436] BUG: KASAN: slab-out-of-bounds in
drm_test_fb_xrgb8888_to_xrgb2101010+0x2dd/0x520
[ 50.329249] Read of size 4 at addr ffff888104d7a5cc by task
kunit_try_catch/619
[ 50.331596]
[ 50.332135] CPU: 1 PID: 619 Comm: kunit_try_catch Tainted: G B
N 6.0.0 #1
[ 50.333876] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.12.0-1 04/01/2014
[ 50.335138] Call Trace:
[ 50.335531] <TASK>
[ 50.335879] dump_stack_lvl+0x49/0x62
[ 50.336462] print_report.cold+0x5e/0x5d9
[ 50.337069] ? _raw_spin_unlock_irqrestore+0x33/0x60
[ 50.337820] ? update_kunit_status+0xee/0x160
[ 50.338494] ? drm_test_fb_xrgb8888_to_xrgb2101010+0x2dd/0x520
[ 50.339354] kasan_report+0xaa/0x130
[ 50.339905] ? drm_fb_xrgb8888_to_xrgb2101010+0xa0/0xd0
[ 50.340680] ? drm_test_fb_xrgb8888_to_xrgb2101010+0x2dd/0x520
[ 50.341576] __asan_load4+0x80/0xa0
[ 50.342112] drm_test_fb_xrgb8888_to_xrgb2101010+0x2dd/0x520
[ 50.342958] ? drm_test_fb_xrgb8888_to_gray8+0x470/0x470
[ 50.343778] ? update_load_avg+0x80/0xb80
[ 50.344407] ? update_cfs_group+0x22/0x160
[ 50.345036] ? load_balance+0x14d0/0x14d0
[ 50.345652] ? dequeue_entity+0x1f2/0x6a0
[ 50.346263] ? rcu_qs+0x1c/0x120
[ 50.346773] ? finish_task_switch.isra.0+0xe0/0x410
[ 50.347532] ? __kasan_check_write+0x14/0x20
[ 50.348192] ? _raw_spin_lock_irqsave+0x9e/0x100
[ 50.348891] ? _raw_spin_unlock_irqrestore+0x28/0x60
[ 50.349625] ? trace_preempt_on+0x2a/0xf0
[ 50.350242] ? __kthread_parkme+0x4f/0xd0
[ 50.350857] kunit_try_run_case+0x91/0xd0
[ 50.351479] ? kunit_catch_run_case+0x80/0x80
[ 50.352151] ? kunit_try_catch_throw+0x40/0x40
[ 50.352897] kunit_generic_run_threadfn_adapter+0x2f/0x50
[ 50.353890] kthread+0x179/0x1b0
[ 50.354410] ? kthread_complete_and_exit+0x30/0x30
[ 50.355126] ret_from_fork+0x22/0x30
[ 50.355708] </TASK>
[ 50.356047]
[ 50.356284] Allocated by task 619:
[ 50.356817] kasan_save_stack+0x26/0x50
[ 50.357410] __kasan_kmalloc+0xae/0xe0
[ 50.357980] __kmalloc+0x1cf/0x390
[ 50.358501] kunit_kmalloc_array_init+0x4b/0x80
[ 50.359189] __kunit_add_resource+0x67/0x100
[ 50.359859] kunit_kmalloc_array+0xf8/0x170
[ 50.360490] drm_test_fb_xrgb8888_to_xrgb2101010+0x19f/0x520
[ 50.361341] kunit_try_run_case+0x91/0xd0
[ 50.361948] kunit_generic_run_threadfn_adapter+0x2f/0x50
[ 50.362747] kthread+0x179/0x1b0
[ 50.363230] ret_from_fork+0x22/0x30
[ 50.363779]
[ 50.364015] The buggy address belongs to the object at ffff888104d7a5c8
[ 50.364015] which belongs to the cache kmalloc-8 of size 8
[ 50.365824] The buggy address is located 4 bytes inside of
[ 50.365824] 8-byte region [ffff888104d7a5c8, ffff888104d7a5d0)
[ 50.367485]
[ 50.367736] The buggy address belongs to the physical page:
[ 50.368579] page:000000003c09c153 refcount:1 mapcount:0
mapping:0000000000000000 index:0x0 pfn:0x104d7a
[ 50.369991] flags: 0x200000000000200(slab|node=0|zone=2)
[ 50.370804] raw: 0200000000000200 0000000000000000 dead000000000122
ffff888100042280
[ 50.371933] raw: 0000000000000000 0000000080660066 00000001ffffffff
0000000000000000
[ 50.373021] page dumped because: kasan: bad access detected
[ 50.373958]
[ 50.374202] Memory state around the buggy address:
[ 50.374935] ffff888104d7a480: fc fb fc fc fc fc fb fc fc fc fc fb
fc fc fc fc
[ 50.376019] ffff888104d7a500: fb fc fc fc fc fb fc fc fc fc fb fc
fc fc fc fb
[ 50.377098] >ffff888104d7a580: fc fc fc fc fa fc fc fc fc 04 fc fc
fc fc fa fc
[ 50.378174] ^
[ 50.379025] ffff888104d7a600: fc fc fc fa fc fc fc fc fa fc fc fc
fc fa fc fc
[ 50.380123] ffff888104d7a680: fc fc 00 fc fc fc fc fa fc fc fc fc
fa fc fc fc
[ 50.381191] ==================================================================
[ 50.382461] not ok 1 - single_pixel_source_buffer
[ 50.382909] ok 2 - single_pixel_clip_rectangle
[ 50.384319] ok 3 - well_known_colors
[ 50.385393] ok 4 - destination_pitch
[ 50.386029] # drm_test_fb_xrgb8888_to_xrgb2101010: pass:3
fail:1 skip:0 total:4
[ 50.386657] not ok 5 - drm_test_fb_xrgb8888_to_xrgb2101010
[ 50.387762] # drm_format_helper_test: pass:4 fail:1 skip:0 total:5
[ 50.388598] # Totals: pass:19 fail:1 skip:0 total:20
[ 50.389467] not ok 33 - drm_format_helper_test
Test log link,
https://lkft.validation.linaro.org/scheduler/job/5633513#L7056
https://qa-reports.linaro.org/lkft/linux-mainline-master/build/v6.0-5118-g833477fce7a1/testrun/12273332/suite/kunit/tests/
Test results comparison:
https://qa-reports.linaro.org/lkft/linux-mainline-master/build/v6.1-rc1/testrun/12468488/suite/kunit/test/drm_format_helper_test/history/?page=2
For your reference:
https://qa-reports.linaro.org/lkft/linux-mainline-master/build/v6.0-3015-g2bca25eaeba6/testrun/12237941/suite/kunit/tests/
metadata:
git_ref: master
git_repo: https://gitlab.com/Linaro/lkft/mirrors/torvalds/linux-mainline
git_sha: 833477fce7a14d43ae4c07f8ddc32fa5119471a2
git_describe: v6.0-5118-g833477fce7a1
kernel_version: 6.0.0
kernel-config: https://builds.tuxbuild.com/2FjJ6bdUwO43y6QWMJyjklBN9Ji/config
build-url: https://gitlab.com/Linaro/lkft/mirrors/torvalds/linux-mainline/-/pipelines/659360852
artifact-location: https://builds.tuxbuild.com/2FjJ6bdUwO43y6QWMJyjklBN9Ji
toolchain: gcc-11
--
Linaro LKFT
https://lkft.linaro.org
On Tue, Oct 18, 2022 at 3:54 PM Javier Martinez Canillas
<[email protected]> wrote:
>
> [adding a few folks to Cc list that might help with this issue]
>
> Hello Naresh,
>
> Thanks a lot for your report.
>
> On 10/18/22 08:40, Naresh Kamboju wrote:
> > Following kunit tests started failing on Linux mainline.
> > - drm_format_helper_test — FAIL
> > - drm_test_fb_xrgb8888_to_xrgb2101010 — FAIL
> > - single_pixel_source_buffer — FAIL
> >
> > Good: v6.0-3015-g2bca25eaeba6
> > Bad: v6.0-5118-g833477fce7a1
> >
>
> Could you please let me know how you are running this? I tried to reproduce it
> on v6.1-rc1 with the following command but all tests passed:
>
> ./tools/testing/kunit/kunit.py run --kunitconfig=drivers/gpu/drm/tests/.kunitconfig --arch=x86_64
> [09:41:53] Configuring KUnit Kernel ...
> [09:41:53] Building KUnit Kernel ...
> Populating config with:
> $ make ARCH=x86_64 O=.kunit olddefconfig
> Building with:
> $ make ARCH=x86_64 O=.kunit --jobs=8
> [09:45:51] Starting KUnit Kernel (1/1)...
> [09:45:51] ============================================================
> Running tests with:
> $ qemu-system-x86_64 -nodefaults -m 1024 -kernel .kunit/arch/x86/boot/bzImage -append 'kunit.enable=1 console=ttyS0 kunit_shutdown=reboot' -no-reboot -nographic -serial stdio
> ...
> [09:47:40] Testing complete. Ran 195 tests: passed: 195
> [09:47:40] Elapsed time: 347.817s total, 0.003s configuring, 238.009s building, 109.771s running
I can reproduce this with:
./tools/testing/kunit/kunit.py run --kunitconfig drivers/gpu/drm/tests
--kconfig_add CONFIG_KASAN=y --kconfig_add CONFIG_KASAN_VMALLOC=y
--kconfig_add CONFIG_KASAN_KUNIT_TEST=y
drm_format_helper_test.*xrgb2101010
(The issue shows up only with KASAN enabled, and it looks like there's
a bug whereby KASAN failures don't trigger test failures unless
CONFIG_KASAN_KUNIT_TEST=y)
It looks like the issue is probably with the conversion back to le32 here:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/gpu/drm/tests/drm_format_helper_test.c#n441
That second call to le32buf_to_cpu() should probably take dst_size (or
rather, dst_size / sizeof(u32)) rather than using TEST_BUF_SIZE, which
is the maximum possible size of the buffer, not the actual size. That
fixes it here for me, though a proper fix would avoid the division.
Cheers,
-- David
[adding a few folks to Cc list that might help with this issue]
Hello Naresh,
Thanks a lot for your report.
On 10/18/22 08:40, Naresh Kamboju wrote:
> Following kunit tests started failing on Linux mainline.
> - drm_format_helper_test — FAIL
> - drm_test_fb_xrgb8888_to_xrgb2101010 — FAIL
> - single_pixel_source_buffer — FAIL
>
> Good: v6.0-3015-g2bca25eaeba6
> Bad: v6.0-5118-g833477fce7a1
>
Could you please let me know how you are running this? I tried to reproduce it
on v6.1-rc1 with the following command but all tests passed:
./tools/testing/kunit/kunit.py run --kunitconfig=drivers/gpu/drm/tests/.kunitconfig --arch=x86_64
[09:41:53] Configuring KUnit Kernel ...
[09:41:53] Building KUnit Kernel ...
Populating config with:
$ make ARCH=x86_64 O=.kunit olddefconfig
Building with:
$ make ARCH=x86_64 O=.kunit --jobs=8
[09:45:51] Starting KUnit Kernel (1/1)...
[09:45:51] ============================================================
Running tests with:
$ qemu-system-x86_64 -nodefaults -m 1024 -kernel .kunit/arch/x86/boot/bzImage -append 'kunit.enable=1 console=ttyS0 kunit_shutdown=reboot' -no-reboot -nographic -serial stdio
...
[09:47:40] Testing complete. Ran 195 tests: passed: 195
[09:47:40] Elapsed time: 347.817s total, 0.003s configuring, 238.009s building, 109.771s running
> Reported-by: Linux Kernel Functional Testing <[email protected]>
>
> [ 50.320990] # Subtest: drm_test_fb_xrgb8888_to_xrgb2101010
> [ 50.322059] ==================================================================
> [ 50.326436] BUG: KASAN: slab-out-of-bounds in
> drm_test_fb_xrgb8888_to_xrgb2101010+0x2dd/0x520
> [ 50.329249] Read of size 4 at addr ffff888104d7a5cc by task
> kunit_try_catch/619
> [ 50.331596]
> [ 50.332135] CPU: 1 PID: 619 Comm: kunit_try_catch Tainted: G B
> N 6.0.0 #1
> [ 50.333876] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> BIOS 1.12.0-1 04/01/2014
> [ 50.335138] Call Trace:
> [ 50.335531] <TASK>
> [ 50.335879] dump_stack_lvl+0x49/0x62
> [ 50.336462] print_report.cold+0x5e/0x5d9
> [ 50.337069] ? _raw_spin_unlock_irqrestore+0x33/0x60
> [ 50.337820] ? update_kunit_status+0xee/0x160
> [ 50.338494] ? drm_test_fb_xrgb8888_to_xrgb2101010+0x2dd/0x520
> [ 50.339354] kasan_report+0xaa/0x130
> [ 50.339905] ? drm_fb_xrgb8888_to_xrgb2101010+0xa0/0xd0
> [ 50.340680] ? drm_test_fb_xrgb8888_to_xrgb2101010+0x2dd/0x520
> [ 50.341576] __asan_load4+0x80/0xa0
> [ 50.342112] drm_test_fb_xrgb8888_to_xrgb2101010+0x2dd/0x520
> [ 50.342958] ? drm_test_fb_xrgb8888_to_gray8+0x470/0x470
> [ 50.343778] ? update_load_avg+0x80/0xb80
> [ 50.344407] ? update_cfs_group+0x22/0x160
> [ 50.345036] ? load_balance+0x14d0/0x14d0
> [ 50.345652] ? dequeue_entity+0x1f2/0x6a0
> [ 50.346263] ? rcu_qs+0x1c/0x120
> [ 50.346773] ? finish_task_switch.isra.0+0xe0/0x410
> [ 50.347532] ? __kasan_check_write+0x14/0x20
> [ 50.348192] ? _raw_spin_lock_irqsave+0x9e/0x100
> [ 50.348891] ? _raw_spin_unlock_irqrestore+0x28/0x60
> [ 50.349625] ? trace_preempt_on+0x2a/0xf0
> [ 50.350242] ? __kthread_parkme+0x4f/0xd0
> [ 50.350857] kunit_try_run_case+0x91/0xd0
> [ 50.351479] ? kunit_catch_run_case+0x80/0x80
> [ 50.352151] ? kunit_try_catch_throw+0x40/0x40
> [ 50.352897] kunit_generic_run_threadfn_adapter+0x2f/0x50
> [ 50.353890] kthread+0x179/0x1b0
> [ 50.354410] ? kthread_complete_and_exit+0x30/0x30
> [ 50.355126] ret_from_fork+0x22/0x30
> [ 50.355708] </TASK>
> [ 50.356047]
> [ 50.356284] Allocated by task 619:
> [ 50.356817] kasan_save_stack+0x26/0x50
> [ 50.357410] __kasan_kmalloc+0xae/0xe0
> [ 50.357980] __kmalloc+0x1cf/0x390
> [ 50.358501] kunit_kmalloc_array_init+0x4b/0x80
> [ 50.359189] __kunit_add_resource+0x67/0x100
> [ 50.359859] kunit_kmalloc_array+0xf8/0x170
> [ 50.360490] drm_test_fb_xrgb8888_to_xrgb2101010+0x19f/0x520
> [ 50.361341] kunit_try_run_case+0x91/0xd0
> [ 50.361948] kunit_generic_run_threadfn_adapter+0x2f/0x50
> [ 50.362747] kthread+0x179/0x1b0
> [ 50.363230] ret_from_fork+0x22/0x30
> [ 50.363779]
> [ 50.364015] The buggy address belongs to the object at ffff888104d7a5c8
> [ 50.364015] which belongs to the cache kmalloc-8 of size 8
> [ 50.365824] The buggy address is located 4 bytes inside of
> [ 50.365824] 8-byte region [ffff888104d7a5c8, ffff888104d7a5d0)
> [ 50.367485]
> [ 50.367736] The buggy address belongs to the physical page:
> [ 50.368579] page:000000003c09c153 refcount:1 mapcount:0
> mapping:0000000000000000 index:0x0 pfn:0x104d7a
> [ 50.369991] flags: 0x200000000000200(slab|node=0|zone=2)
> [ 50.370804] raw: 0200000000000200 0000000000000000 dead000000000122
> ffff888100042280
> [ 50.371933] raw: 0000000000000000 0000000080660066 00000001ffffffff
> 0000000000000000
> [ 50.373021] page dumped because: kasan: bad access detected
> [ 50.373958]
> [ 50.374202] Memory state around the buggy address:
> [ 50.374935] ffff888104d7a480: fc fb fc fc fc fc fb fc fc fc fc fb
> fc fc fc fc
> [ 50.376019] ffff888104d7a500: fb fc fc fc fc fb fc fc fc fc fb fc
> fc fc fc fb
> [ 50.377098] >ffff888104d7a580: fc fc fc fc fa fc fc fc fc 04 fc fc
> fc fc fa fc
> [ 50.378174] ^
> [ 50.379025] ffff888104d7a600: fc fc fc fa fc fc fc fc fa fc fc fc
> fc fa fc fc
> [ 50.380123] ffff888104d7a680: fc fc 00 fc fc fc fc fa fc fc fc fc
> fa fc fc fc
> [ 50.381191] ==================================================================
> [ 50.382461] not ok 1 - single_pixel_source_buffer
> [ 50.382909] ok 2 - single_pixel_clip_rectangle
> [ 50.384319] ok 3 - well_known_colors
> [ 50.385393] ok 4 - destination_pitch
> [ 50.386029] # drm_test_fb_xrgb8888_to_xrgb2101010: pass:3
> fail:1 skip:0 total:4
> [ 50.386657] not ok 5 - drm_test_fb_xrgb8888_to_xrgb2101010
> [ 50.387762] # drm_format_helper_test: pass:4 fail:1 skip:0 total:5
> [ 50.388598] # Totals: pass:19 fail:1 skip:0 total:20
> [ 50.389467] not ok 33 - drm_format_helper_test
>
> Test log link,
> https://lkft.validation.linaro.org/scheduler/job/5633513#L7056
> https://qa-reports.linaro.org/lkft/linux-mainline-master/build/v6.0-5118-g833477fce7a1/testrun/12273332/suite/kunit/tests/
>
> Test results comparison:
> https://qa-reports.linaro.org/lkft/linux-mainline-master/build/v6.1-rc1/testrun/12468488/suite/kunit/test/drm_format_helper_test/history/?page=2
>
> For your reference:
> https://qa-reports.linaro.org/lkft/linux-mainline-master/build/v6.0-3015-g2bca25eaeba6/testrun/12237941/suite/kunit/tests/
>
> metadata:
> git_ref: master
> git_repo: https://gitlab.com/Linaro/lkft/mirrors/torvalds/linux-mainline
> git_sha: 833477fce7a14d43ae4c07f8ddc32fa5119471a2
> git_describe: v6.0-5118-g833477fce7a1
> kernel_version: 6.0.0
> kernel-config: https://builds.tuxbuild.com/2FjJ6bdUwO43y6QWMJyjklBN9Ji/config
> build-url: https://gitlab.com/Linaro/lkft/mirrors/torvalds/linux-mainline/-/pipelines/659360852
> artifact-location: https://builds.tuxbuild.com/2FjJ6bdUwO43y6QWMJyjklBN9Ji
> toolchain: gcc-11
>
> --
> Linaro LKFT
> https://lkft.linaro.org
>
--
Best regards,
Javier Martinez Canillas
Core Platforms
Red Hat