[Bug 108374] [CI][DRMTIP] igt at kms_atomic_transition@plane-all-modeset-transition-fencing - dmesg-warn - BUG kmalloc-32: Padding overwritten

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Mon Oct 15 19:39:59 UTC 2018 

https://bugs.freedesktop.org/show_bug.cgi?id=108374

--- Comment #1 from Chris Wilson <chris at chris-wilson.co.uk> ---
Fwiw, kasan-62 caught

<3>[   41.934500] BUG: KASAN: use-after-free in do_raw_spin_lock+0x1a3/0x1d0
<3>[   41.934527] Read of size 4 at addr ffff88026a960804 by task cpuhp/1/16

<4>[   41.934566] CPU: 1 PID: 16 Comm: cpuhp/1 Tainted: G     UD W        
4.19.0-rc7-g2c411746783a-kasan_62+ #1
<4>[   41.934600] Hardware name: Intel Corporation Kabylake Client
platform/Kabylake R DDR4 RVP, BIOS KBLSE2R1.R00.X078.P02.1703030515 03/03/2017
<4>[   41.934640] Call Trace:
<4>[   41.934659]  dump_stack+0x7c/0xbb
<4>[   41.934680]  print_address_description+0x65/0x270
<4>[   41.934704]  kasan_report+0x25b/0x380
<4>[   41.934724]  ? do_raw_spin_lock+0x1a3/0x1d0
<4>[   41.934748]  do_raw_spin_lock+0x1a3/0x1d0
<4>[   41.934770]  _raw_spin_lock_irqsave+0x3b/0x50
<4>[   41.934791]  ? task_rq_lock+0x63/0x320
<4>[   41.934811]  task_rq_lock+0x63/0x320
<4>[   41.934836]  __set_cpus_allowed_ptr+0x89/0x5e0
<4>[   41.934859]  ? move_queued_task+0x840/0x840
<4>[   41.934881]  ? idr_get_next_ul+0x1a0/0x1a0
<4>[   41.934911]  workqueue_online_cpu+0x1c5/0x7a0
<4>[   41.934935]  ? workqueue_prepare_cpu+0xd0/0xd0
<4>[   41.934962]  ? workqueue_prepare_cpu+0xd0/0xd0
<4>[   41.934985]  cpuhp_invoke_callback+0x15e/0x1350
<4>[   41.935008]  ? cpuhp_thread_fun+0xa9/0x680
<4>[   41.935034]  cpuhp_thread_fun+0x33f/0x680
<4>[   41.935056]  ? cpuhp_complete_idle_dead+0x10/0x10
<4>[   41.935081]  smpboot_thread_fn+0x51d/0x800
<4>[   41.935103]  ? sort_range+0x20/0x20
<4>[   41.935142]  ? _raw_spin_unlock_irqrestore+0x39/0x60
<4>[   41.935168]  ? __kthread_parkme+0xb1/0x180
<4>[   41.935192]  ? sort_range+0x20/0x20
<4>[   41.935213]  kthread+0x31a/0x3e0
<4>[   41.935233]  ? kthread_park+0x120/0x120
<4>[   41.935257]  ret_from_fork+0x3a/0x50

<3>[   41.935298] Allocated by task 810:
<4>[   41.935320]  kmem_cache_alloc+0xd7/0x280
<4>[   41.935341]  copy_process.part.7+0x1942/0x6a40
<4>[   41.935363]  _do_fork+0x177/0xb60
<4>[   41.935382]  do_syscall_64+0x97/0x400
<4>[   41.935403]  entry_SYSCALL_64_after_hwframe+0x49/0xbe

<3>[   41.935435] Freed by task 0:
<4>[   41.935453]  kmem_cache_free+0xb7/0x2f0
<4>[   41.935474]  rcu_process_callbacks+0x402/0x1790
<4>[   41.935497]  __do_softirq+0x221/0x8b9

<3>[   41.935527] The buggy address belongs to the object at ffff88026a960040
                   which belongs to the cache task_struct of size 9792
<3>[   41.935575] The buggy address is located 1988 bytes inside of
                   9792-byte region [ffff88026a960040, ffff88026a962680)
<3>[   41.935617] The buggy address belongs to the page:
<0>[   41.935641] page:ffffea0009aa5800 count:1 mapcount:0
mapping:ffff8802759af200 index:0x0 compound_mapcount: 0
<0>[   41.935685] flags: 0x8000000000008100(slab|head)
<1>[   41.935711] raw: 8000000000008100 ffffea0009931808 ffffea000918aa08
ffff8802759af200
<1>[   41.935745] raw: 0000000000000000 0000000000030003 00000001ffffffff
0000000000000000
<1>[   41.935775] page dumped because: kasan: bad access detected

<3>[   41.935808] Memory state around the buggy address:
<3>[   41.935831]  ffff88026a960700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb
fb fb
<3>[   41.935867]  ffff88026a960780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb
fb fb
<3>[   41.935916] >ffff88026a960800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb
fb fb
<3>[   41.935964]                    ^
<3>[   41.935995]  ffff88026a960880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb
fb fb
<3>[   41.936047]  ffff88026a960900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb
fb fb
<3>[   41.936094]
==================================================================
<4>[   41.936200] WARNING: CPU: 1 PID: 16 at kernel/workqueue.c:4735
workqueue_online_cpu+0x5fa/0x7a0
<4>[   41.936235] Modules linked in: snd_hda_codec_hdmi
snd_hda_codec_realtek(+) snd_hda_codec_generic i915 asix btusb btrtl usbnet
btbcm mii btintel snd_hda_intel snd_hda_codec bluetooth x86_pkg_temp_thermal
coretemp crct10dif_pclmul snd_hwdep crc32_pclmul ghash_clmulni_intel
snd_hda_core ecdh_generic snd_pcm e1000e mei_me mei prime_numbers
pinctrl_sunrisepoint pinctrl_intel
<4>[   41.936339] CPU: 1 PID: 16 Comm: cpuhp/1 Tainted: G    BUD W        
4.19.0-rc7-g2c411746783a-kasan_62+ #1
<4>[   41.936358] Hardware name: Intel Corporation Kabylake Client
platform/Kabylake R DDR4 RVP, BIOS KBLSE2R1.R00.X078.P02.1703030515 03/03/2017
<4>[   41.936383] RIP: 0010:workqueue_online_cpu+0x5fa/0x7a0
<4>[   41.936396] Code: 0f 85 06 fb ff ff 48 c7 c2 a0 36 25 9b be dc 12 00 00
48 c7 c7 e0 30 25 9b c6 05 74 be d5 02 01 e8 eb 81 0b 00 e9 e2 fa ff ff <0f> 0b
e9 cc fb ff ff be ff ff ff ff 48 c7 c7 20 73 aa 9b e8 4e 36
<4>[   41.936429] RSP: 0000:ffff88027539fcd0 EFLAGS: 00010282
<4>[   41.936443] RAX: 00000000ffffffea RBX: dffffc0000000000 RCX:
0000000000000000
<4>[   41.936458] RDX: 0000000000000001 RSI: 0000000000000001 RDI:
ffffffff9d4e72c0
<4>[   41.936473] RBP: ffff88027686a740 R08: ffffed004d52c100 R09:
ffffed004d52c100
<4>[   41.936488] R10: 0000000000000001 R11: ffffed004d52c100 R12:
ffff88027686aa50
<4>[   41.936503] R13: fffffbfff37851a4 R14: 0000000000000001 R15:
ffff88026c62d548
<4>[   41.936519] FS:  0000000000000000(0000) GS:ffff880276840000(0000)
knlGS:0000000000000000
<4>[   41.936536] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[   41.936549] CR2: 0000000000000000 CR3: 000000015da14001 CR4:
00000000003606e0
<4>[   41.936564] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
<4>[   41.936579] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
<4>[   41.936593] Call Trace:
<4>[   41.936604]  ? workqueue_prepare_cpu+0xd0/0xd0
<4>[   41.936619]  ? workqueue_prepare_cpu+0xd0/0xd0
<4>[   41.936632]  cpuhp_invoke_callback+0x15e/0x1350
<4>[   41.936645]  ? cpuhp_thread_fun+0xa9/0x680
<4>[   41.936660]  cpuhp_thread_fun+0x33f/0x680
<4>[   41.936672]  ? cpuhp_complete_idle_dead+0x10/0x10
<4>[   41.936686]  smpboot_thread_fn+0x51d/0x800
<4>[   41.936698]  ? sort_range+0x20/0x20
<4>[   41.936710]  ? _raw_spin_unlock_irqrestore+0x39/0x60
<4>[   41.936723]  ? __kthread_parkme+0xb1/0x180
<4>[   41.936736]  ? sort_range+0x20/0x20
<4>[   41.936746]  kthread+0x31a/0x3e0
<4>[   41.936756]  ? kthread_park+0x120/0x120
<4>[   41.936769]  ret_from_fork+0x3a/0x50
<4>[   41.936784] irq event stamp: 1310
<4>[   41.936794] hardirqs last  enabled at (1309): [<ffffffff9ac5676c>]
_raw_spin_unlock_irqrestore+0x4c/0x60
<4>[   41.936815] hardirqs last disabled at (1310): [<ffffffff9ac454c7>]
__schedule+0x127/0x1d90
<4>[   41.936833] softirqs last  enabled at (1082): [<ffffffff9b0004ff>]
__do_softirq+0x4ff/0x8b9
<4>[   41.936852] softirqs last disabled at (1075): [<ffffffff99145c36>]
irq_exit+0x136/0x170
<4>[   41.936870] WARNING: CPU: 1 PID: 16 at kernel/workqueue.c:4735
workqueue_online_cpu+0x5fa/0x7a0

which I think indicates scary problem in the core.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/intel-gfx-bugs/attachments/20181015/a3ef3468/attachment-0001.html>

More information about the intel-gfx-bugs mailing list