[Bug 107302] UBSAN: member access within null pointer of type 'struct radeon_fpriv'

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Fri Jul 20 07:35:52 UTC 2018 

https://bugs.freedesktop.org/show_bug.cgi?id=107302

            Bug ID: 107302
           Summary: UBSAN: member access within null pointer of type
                    'struct radeon_fpriv'
           Product: DRI
           Version: DRI git
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: DRM/Radeon
          Assignee: dri-devel at lists.freedesktop.org
          Reporter: pmenzel+bugs.freedesktop at molgen.mpg.de

Enabling the undefined behavior sanitizer and building GNU/Linux 4.18-rc5+
(with some unrelated commits) with GCC 8.1.0 from Debian Sid/unstable, the
three warnings below are shown.

[   20.554998]
================================================================================
[   20.555019] UBSAN: Undefined behaviour in
drivers/gpu/drm/radeon/radeon_gem.c:148:20
[   20.555024] member access within null pointer of type 'struct radeon_fpriv'
[   20.555035] CPU: 1 PID: 284 Comm: Xorg Not tainted
4.18.0-rc5-00316-g4864b68cedf2 #104
[   20.555038] Hardware name: ASROCK E350M1/E350M1, BIOS TIMELESS 01/01/1970
[   20.555040] Call Trace:
[   20.555055]  dump_stack+0x55/0x89
[   20.555063]  ubsan_epilogue+0xb/0x33
[   20.555068]  handle_null_ptr_deref+0x7f/0x90
[   20.555075]  __ubsan_handle_type_mismatch_v1+0x55/0x60
[   20.555145]  radeon_gem_object_open+0x211/0x2f0 [radeon]
[   20.555172]  ? drm_vma_node_allow+0xcd/0x140 [drm]
[   20.555232]  ? radeon_gem_fini+0x10/0x10 [radeon]
[   20.555252]  drm_gem_handle_create_tail+0xff/0x230 [drm]
[   20.555274]  drm_gem_handle_create+0x3d/0x80 [drm]
[   20.555332]  radeon_gem_create_ioctl+0x99/0x120 [radeon]
[   20.555390]  ? radeon_gem_pwrite_ioctl+0x30/0x30 [radeon]
[   20.555410]  drm_ioctl_kernel+0xb8/0x150 [drm]
[   20.555431]  drm_ioctl+0x299/0x640 [drm]
[   20.555490]  ? radeon_gem_pwrite_ioctl+0x30/0x30 [radeon]
[   20.555498]  ? __pagevec_lru_add_fn+0x15d/0x5d0
[   20.555503]  ? __lru_cache_add+0x100/0x100
[   20.555510]  ? __pm_runtime_resume+0x7d/0xe0
[   20.555560]  radeon_drm_ioctl+0x73/0x160 [radeon]
[   20.555612]  ? radeon_pci_shutdown+0x60/0x60 [radeon]
[   20.555617]  do_vfs_ioctl+0xaf/0x9f0
[   20.555625]  ? __fget_light+0x99/0x110
[   20.555629]  ksys_ioctl+0x60/0x90
[   20.555633]  sys_ioctl+0x16/0x18
[   20.555639]  do_fast_syscall_32+0xce/0x3e0
[   20.555645]  entry_SYSENTER_32+0x4e/0x7c
[   20.555650] EIP: 0xb7fb4bb5
[   20.555651] Code: 89 e5 8b 55 08 85 d2 8b 80 5c cd ff ff 74 02 89 02 5d c3
8b 04 24 c3 8b 1c 24 c3 8b 3c 24 c3 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59
c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 
[   20.555722] EAX: ffffffda EBX: 0000000d ECX: c01c645d EDX: bfe8d850
[   20.555726] ESI: 00000004 EDI: c01c645d EBP: 0000000d ESP: bfe8d798
[   20.555729] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00200292
[   20.555734]
================================================================================
[   20.559092]
================================================================================
[   20.559112] UBSAN: Undefined behaviour in
drivers/gpu/drm/radeon/radeon_cs.c:540:20
[   20.559117] member access within null pointer of type 'struct radeon_fpriv'
[   20.559127] CPU: 1 PID: 285 Comm: radeon_cs:0 Not tainted
4.18.0-rc5-00316-g4864b68cedf2 #104
[   20.559129] Hardware name: ASROCK E350M1/E350M1, BIOS TIMELESS 01/01/1970
[   20.559132] Call Trace:
[   20.559145]  dump_stack+0x55/0x89
[   20.559152]  ubsan_epilogue+0xb/0x33
[   20.559157]  handle_null_ptr_deref+0x7f/0x90
[   20.559163]  __ubsan_handle_type_mismatch_v1+0x55/0x60
[   20.559236]  radeon_cs_ioctl+0xb97/0xbe0 [radeon]
[   20.559244]  ? __cgroup_account_cputime+0x47/0x90
[   20.559311]  ? radeon_cs_parser_init+0x7f0/0x7f0 [radeon]
[   20.559334]  drm_ioctl_kernel+0xb8/0x150 [drm]
[   20.559355]  drm_ioctl+0x299/0x640 [drm]
[   20.559414]  ? radeon_cs_parser_init+0x7f0/0x7f0 [radeon]
[   20.559426]  ? __pm_runtime_resume+0x7d/0xe0
[   20.559475]  radeon_drm_ioctl+0x73/0x160 [radeon]
[   20.559526]  ? radeon_pci_shutdown+0x60/0x60 [radeon]
[   20.559531]  do_vfs_ioctl+0xaf/0x9f0
[   20.559538]  ? strlcpy+0x1d/0xc0
[   20.559544]  ? __fget_light+0x99/0x110
[   20.559547]  ksys_ioctl+0x60/0x90
[   20.559552]  sys_ioctl+0x16/0x18
[   20.559557]  do_fast_syscall_32+0xce/0x3e0
[   20.559563]  entry_SYSENTER_32+0x4e/0x7c
[   20.559568] EIP: 0xb7fb4bb5
[   20.559569] Code: 89 e5 8b 55 08 85 d2 8b 80 5c cd ff ff 74 02 89 02 5d c3
8b 04 24 c3 8b 1c 24 c3 8b 3c 24 c3 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59
c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 
[   20.559641] EAX: ffffffda EBX: 0000000d ECX: c0206466 EDX: b174a044
[   20.559644] ESI: b173a040 EDI: c0206466 EBP: 0000000d ESP: b1fd3008
[   20.559648] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00200292
[   20.559652]
================================================================================
[   21.842145]
================================================================================
[   21.842171] UBSAN: Undefined behaviour in
drivers/gpu/drm/radeon/radeon_gem.c:179:20
[   21.842179] member access within null pointer of type 'struct radeon_fpriv'
[   21.842196] CPU: 1 PID: 284 Comm: Xorg Not tainted
4.18.0-rc5-00316-g4864b68cedf2 #104
[   21.842200] Hardware name: ASROCK E350M1/E350M1, BIOS TIMELESS 01/01/1970
[   21.842204] Call Trace:
[   21.842231]  dump_stack+0x55/0x89
[   21.842242]  ubsan_epilogue+0xb/0x33
[   21.842250]  handle_null_ptr_deref+0x7f/0x90
[   21.842262]  __ubsan_handle_type_mismatch_v1+0x55/0x60
[   21.842367]  radeon_gem_object_close+0x232/0x310 [radeon]
[   21.842406]  drm_gem_object_release_handle+0x48/0x110 [drm]
[   21.842439]  drm_gem_handle_delete+0x5f/0xc0 [drm]
[   21.842472]  ? drm_gem_handle_create+0x80/0x80 [drm]
[   21.842503]  drm_gem_close_ioctl+0x36/0x90 [drm]
[   21.842536]  drm_ioctl_kernel+0xb8/0x150 [drm]
[   21.842570]  drm_ioctl+0x299/0x640 [drm]
[   21.842604]  ? drm_gem_handle_create+0x80/0x80 [drm]
[   21.842615]  ? __switch_to_asm+0x33/0x4c
[   21.842620]  ? __switch_to_asm+0x27/0x4c
[   21.842625]  ? __switch_to_asm+0x33/0x4c
[   21.842630]  ? __switch_to_asm+0x27/0x4c
[   21.842635]  ? __switch_to_asm+0x33/0x4c
[   21.842640]  ? __switch_to_asm+0x27/0x4c
[   21.842652]  ? __pm_runtime_resume+0x7d/0xe0
[   21.842733]  radeon_drm_ioctl+0x73/0x160 [radeon]
[   21.842815]  ? radeon_pci_shutdown+0x60/0x60 [radeon]
[   21.842823]  do_vfs_ioctl+0xaf/0x9f0
[   21.842831]  ? remove_vma+0x45/0x60
[   21.842836]  ? remove_vma+0x45/0x60
[   21.842844]  ? do_munmap+0x18b/0x4d0
[   21.842852]  ? __fget_light+0x99/0x110
[   21.842859]  ksys_ioctl+0x60/0x90
[   21.842866]  sys_ioctl+0x16/0x18
[   21.842874]  do_fast_syscall_32+0xce/0x3e0
[   21.842881]  entry_SYSENTER_32+0x4e/0x7c
[   21.842888] EIP: 0xb7fb4bb5
[   21.842891] Code: 89 e5 8b 55 08 85 d2 8b 80 5c cd ff ff 74 02 89 02 5d c3
8b 04 24 c3 8b 1c 24 c3 8b 3c 24 c3 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59
c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 
[   21.843006] EAX: ffffffda EBX: 0000000d ECX: 40086409 EDX: bfe8dfbc
[   21.843011] ESI: 01004300 EDI: 40086409 EBP: 0000000d ESP: bfe8df28
[   21.843017] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000292
[   21.843024]
================================================================================

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/dri-devel/attachments/20180720/c0fa6ab1/attachment-0001.html>

More information about the dri-devel mailing list