Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp962868ybl; Thu, 12 Dec 2019 07:37:22 -0800 (PST) X-Google-Smtp-Source: APXvYqw2hJgPc+tnHRaEjZl0i1PKQnXcBIMcNwZu7BFGOZWIyuzmM0F6OS3SAONEoin/13qSoQN6 X-Received: by 2002:a05:6830:1251:: with SMTP id s17mr8542103otp.108.1576165042783; Thu, 12 Dec 2019 07:37:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576165042; cv=none; d=google.com; s=arc-20160816; b=gCaw+Tw0hIhQII/9pd2QBCyrrigJ+RKBWMkBSfpkqRwPtnNmEU7iBCnVqIIeKVKCpa 8FrtWceUxU3sKyMJuB7nF0IFYTgTrIBXYvyQgCNf2ZZwUhbZldQA8ifPU4EGsojZIoN6 Zvo+cQnDe/UseYwaR4H063X79kZiYTeS7IPv63f3SRPlm00sjqHLSLmCcRJ4f7CetzKl RlmfifTqEq6T9JeBDVI1dKIIIwPAp36VfgKJrplF5uckJo62FSibAZAY3j1CcQUTk0H7 YYeMx2i4L4MPptrMtglOsABEjTiGyabiheUHtZBUH+SqOrq0E3nPqwi7W+elBjmgg0Ue 6g0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:message-id :subject:cc:to:date:from:dkim-signature; bh=gIwYLUzszV3geI4ukrW8B4lSOTUNSeedDso0EaQItzE=; b=ByjeVJYtaXsO7+D+zIgSYh7jBe2CoiQ1U0PJ9n3UOHiUImrzWtyrqVqYqaMMDyKEAZ Zt/JX88C9oV9XdG+t4UHGDh0nz5q/v6t+mwPFMCkDnNjb5DbXHW3OwrIcazv4PY15aTy g8zdFDCQzz4iLSj7vribZI4qR5UTGA4iu3JRzhee2Rd2B+uOUVfX4iS9fBfgG7n5ZO3k e2TnjLXTSkF8AyTtt4EtFPVskPEHynm9eX4rd/QLj9mxNLUu1iqR15ngBbMyaVYJnV1z dNpR+eVNRlEMdlHelhJYZG7+RZpVyX9GYgyMMQ04fYyE2O4jgzMWTSJUrT/1H7tpGmTa yesw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@maine.edu header.s=google header.b=dDSjpfir; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k130si3034197oih.135.2019.12.12.07.37.10; Thu, 12 Dec 2019 07:37:22 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@maine.edu header.s=google header.b=dDSjpfir; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729446AbfLLPgl (ORCPT + 99 others); Thu, 12 Dec 2019 10:36:41 -0500 Received: from mail-qk1-f194.google.com ([209.85.222.194]:33327 "EHLO mail-qk1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729013AbfLLPgk (ORCPT ); Thu, 12 Dec 2019 10:36:40 -0500 Received: by mail-qk1-f194.google.com with SMTP id d71so1956895qkc.0 for ; Thu, 12 Dec 2019 07:36:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=maine.edu; s=google; h=from:date:to:cc:subject:message-id:user-agent:mime-version; bh=gIwYLUzszV3geI4ukrW8B4lSOTUNSeedDso0EaQItzE=; b=dDSjpfirLbv7d6k2mTPxpsic2/rDOJrgY3n6PKek0w973z4YU8jBremPRplGOTZUsG Sfiou7mzQeGnyb40XHMzCvxfh+jVmJP/Xtxdba47b/ZPPhIBERWQ3HbAwLnT3E8HKYiL lwes7qeikAyzF4NOet2Zppz1Yw7H1wyP4Qh6Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:date:to:cc:subject:message-id:user-agent :mime-version; bh=gIwYLUzszV3geI4ukrW8B4lSOTUNSeedDso0EaQItzE=; b=BbjcNUqPmSu462uFchIcpjW6FXwG2jSinwpKVkKwsqdHmclurXSogxfiilDupi/AS9 uguTWBkRhhsrTaxxZp177OSW6Q1e4fTLfDaZ3grBIi5hr03NsQiHjGn1PKDnXfGyTXQH DpuUVCeRk9f/sd70da6FlhBEAAyr3IPyCJimc3yH5Tt6yVnVTvq8D2ybLdSWOlj09lYe //NctvIY2Ltj5Woql4YwGkml+W+A9VpVYtwvnLTObLjKUiEDrlNvt/i/CLDXGSqmDea3 VUUKEVgaMoCG2urbO3Q02utSWkhBcpIFEtoXfzhcIBOp1jQs4EmuaHAZQJgZl0alNeB1 ydLg== X-Gm-Message-State: APjAAAWFFWdyHW6cWgwffJAbuVnohJ0AMNemA3FElNXdV2tdy0Vbb77v SVT1CxOFRBjVaRROz1OlbbpHVez+WiK6zA== X-Received: by 2002:ae9:c318:: with SMTP id n24mr8801192qkg.38.1576164999343; Thu, 12 Dec 2019 07:36:39 -0800 (PST) Received: from macbook-air (weaver.eece.maine.edu. [130.111.218.23]) by smtp.gmail.com with ESMTPSA id p14sm2267925qtq.97.2019.12.12.07.36.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Dec 2019 07:36:38 -0800 (PST) From: Vince Weaver X-Google-Original-From: Vince Weaver Date: Thu, 12 Dec 2019 10:36:37 -0500 (EST) X-X-Sender: vince@macbook-air To: linux-kernel@vger.kernel.org cc: Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Mark Rutland , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Jani Nikula , Joonas Lahtinen , Rodrigo Vivi Subject: [perf] perf_fuzzer triggers NULL pointer derefernce in i915 driver Message-ID: User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello with current git the perf_fuzzer was able to trigger this NULL pointer de-reference in the i915 driver. Vince [40119.349172] BUG: kernel NULL pointer dereference, address: 0000000000000000 [40119.356626] #PF: supervisor read access in kernel mode [40119.362121] #PF: error_code(0x0000) - not-present page [40119.367606] PGD 0 P4D 0 [40119.370320] Oops: 0000 [#1] SMP PTI [40119.374035] CPU: 0 PID: 654 Comm: Xorg Tainted: G W 5.5.0-rc1+ #138 [40119.382149] Hardware name: LENOVO 10AM000AUS/SHARKBAY, BIOS FBKT72AUS 01/26/2014 [40119.390053] RIP: 0010:get_timeline_name+0x13/0x20 [i915] [40119.395747] Code: 0f 1f 80 00 00 00 00 0f 1f 44 00 00 48 c7 c0 12 56 4e a0 c3 0f 1f 00 0f 1f 44 00 00 48 8b 87 d0 00 00 00 48 c7 c2 1c 56 4e a0 <48> 8b 00 48 85 c0 48 0f 44 c2 c3 66 90 0f 1f 44 00 00 55 48 8b 87 [40119.415853] RSP: 0018:ffffc90000903938 EFLAGS: 00010206 [40119.421479] RAX: 0000000000000000 RBX: ffff88811093af00 RCX: 0000000000000000 [40119.429148] RDX: ffffffffa04e561c RSI: ffff88811093af00 RDI: ffff88811093af00 [40119.436782] RBP: ffffc90000903990 R08: 0000000000000000 R09: ffff88811093af00 [40119.444420] R10: ffff88811371d208 R11: 0000000000000005 R12: 000000000000000a [40119.452063] R13: 0000000000000881 R14: ffffffff822f1840 R15: 00000000000a0018 [40119.459671] FS: 00007f61e3f0ff00(0000) GS:ffff88811ac00000(0000) knlGS:0000000000000000 [40119.468347] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [40119.474482] CR2: 0000000000000000 CR3: 0000000111f76003 CR4: 00000000001606f0 [40119.482134] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000009000000 [40119.489841] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [40119.497477] Call Trace: [40119.500099] perf_trace_dma_fence+0x80/0x230 [40119.504687] dma_fence_init+0x9a/0xb0 [40119.508657] dma_fence_work_init+0x40/0xa0 [i915] [40119.513726] i915_vma_work+0x34/0x50 [i915] [40119.518256] i915_vma_pin+0x2a4/0x6d0 [i915] [40119.522884] eb_lookup_vmas+0x205/0xb80 [i915] [40119.527667] i915_gem_do_execbuffer+0x676/0x19c0 [i915] [40119.533290] ? __alloc_pages_nodemask+0x16f/0x300 [40119.538331] ? xas_store+0x56/0x5e0 [40119.542051] ? mem_cgroup_charge_statistics+0x4c/0xd0 [40119.547436] i915_gem_execbuffer2_ioctl+0x1df/0x3d0 [i915] [40119.553348] ? i915_gem_execbuffer_ioctl+0x2e0/0x2e0 [i915] [40119.559359] drm_ioctl_kernel+0xaa/0xf0 [drm] [40119.564034] drm_ioctl+0x1f7/0x390 [drm] [40119.568271] ? i915_gem_execbuffer_ioctl+0x2e0/0x2e0 [i915] [40119.574280] ? _raw_spin_unlock+0xa/0x10 [40119.578475] ? __handle_mm_fault+0x8ca/0x15f0 [40119.583163] do_vfs_ioctl+0x45f/0x6e0 [40119.587075] ksys_ioctl+0x5e/0x90 [40119.590653] __x64_sys_ioctl+0x16/0x20 [40119.594665] do_syscall_64+0x52/0x1a0 [40119.598592] entry_SYSCALL_64_after_hwframe+0x44/0xa9