<html> <head> <base href="https://bugs.freedesktop.org/"> </head> <body><table border="1" cellspacing="0" cellpadding="8"> <tr> <th>Bug ID</th> <td><a class="bz_bug_link bz_status_NEW " title="NEW - [EXTENDED][BXT,KBL] KASAN: stack-out-of-bounds in string+0x1af/0x1f0" href="https://bugs.freedesktop.org/show_bug.cgi?id=101660">101660</a> </td> </tr> <tr> <th>Summary</th> <td>[EXTENDED][BXT,KBL] KASAN: stack-out-of-bounds in string+0x1af/0x1f0 </td> </tr> <tr> <th>Product</th> <td>DRI </td> </tr> <tr> <th>Version</th> <td>DRI git </td> </tr> <tr> <th>Hardware</th> <td>Other </td> </tr> <tr> <th>OS</th> <td>All </td> </tr> <tr> <th>Status</th> <td>NEW </td> </tr> <tr> <th>Severity</th> <td>normal </td> </tr> <tr> <th>Priority</th> <td>medium </td> </tr> <tr> <th>Component</th> <td>DRM/Intel </td> </tr> <tr> <th>Assignee</th> <td>intel-gfx-bugs@lists.freedesktop.org </td> </tr> <tr> <th>Reporter</th> <td>martin.peres@free.fr </td> </tr> <tr> <th>QA Contact</th> <td>intel-gfx-bugs@lists.freedesktop.org </td> </tr> <tr> <th>CC</th> <td>intel-gfx-bugs@lists.freedesktop.org </td> </tr></table> <p> <div> <pre>This bug is triggered by IGT's igt@debugfs_test@read_all_entries on bxt-j3405 and kbl-7260u when running a couple of days old drm-tip. [ 3580.104980] ================================================================== [ 3580.105148] BUG: KASAN: stack-out-of-bounds in string+0x1af/0x1f0 [ 3580.105223] Read of size 1 at addr ffff88022878f8e6 by task debugfs_test/29219 [ 3580.105337] CPU: 1 PID: 29219 Comm: debugfs_test Tainted: G U 4.12.0-rc7-CI-CI_DRM_450+ #1 [ 3580.105345] Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./J3455-ITX, BIOS P1.10 09/29/2016 [ 3580.105353] Call Trace: [ 3580.105366] dump_stack+0x67/0x99 [ 3580.105380] print_address_description+0x77/0x290 [ 3580.105392] ? string+0x1af/0x1f0 [ 3580.105403] kasan_report+0x269/0x350 [ 3580.105418] __asan_report_load1_noabort+0x14/0x20 [ 3580.105429] string+0x1af/0x1f0 [ 3580.105446] vsnprintf+0x374/0x1c20 [ 3580.105464] ? pointer+0xa80/0xa80 [ 3580.105489] seq_vprintf+0xbf/0x1a0 [ 3580.105502] ? drm_dp_dpcd_access+0x177/0x1c0 [ 3580.105515] seq_printf+0x8b/0xb0 [ 3580.105526] ? seq_vprintf+0x1a0/0x1a0 [ 3580.105538] ? memcpy+0x45/0x50 [ 3580.105558] drm_dp_downstream_debug+0x1b5/0x450 [ 3580.105573] ? drm_dp_downstream_id+0x20/0x20 [ 3580.105582] ? seq_printf+0x8b/0xb0 [ 3580.105593] ? seq_vprintf+0x1a0/0x1a0 [ 3580.105604] ? drm_mode_object_put+0xc2/0x120 [ 3580.105617] ? drm_connector_list_iter_next+0x124/0x1c0 [ 3580.105734] i915_display_info+0x1308/0x1fc0 [i915] [ 3580.105844] ? intel_seq_print_mode.constprop.14+0x400/0x400 [i915] [ 3580.105873] seq_read+0x322/0x11f0 [ 3580.105897] ? seq_lseek+0x380/0x380 [ 3580.105910] ? lock_acquire+0x143/0x390 [ 3580.105921] ? debugfs_atomic_t_get+0x80/0x80 [ 3580.105945] full_proxy_read+0x102/0x180 [ 3580.105958] ? full_proxy_write+0x180/0x180 [ 3580.105972] ? debug_check_no_obj_freed+0x495/0x760 [ 3580.105983] ? lock_acquire+0x390/0x390 [ 3580.105993] ? debug_check_no_obj_freed+0x15f/0x760 [ 3580.106010] __vfs_read+0xdb/0x600 [ 3580.106026] ? clone_verify_area+0x1c0/0x1c0 [ 3580.106037] ? debug_check_no_obj_freed+0x495/0x760 [ 3580.106063] ? putname+0xbc/0xf0 [ 3580.106076] ? rcu_lockdep_current_cpu_online+0xdc/0x130 [ 3580.106086] ? putname+0xbc/0xf0 [ 3580.106096] ? rcu_read_lock_sched_held+0xa3/0x130 [ 3580.106113] vfs_read+0xfc/0x300 [ 3580.106127] SyS_read+0xcb/0x1b0 [ 3580.106141] ? vfs_copy_file_range+0x960/0x960 [ 3580.106151] ? trace_hardirqs_on_caller+0x287/0x590 [ 3580.106165] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3580.106183] entry_SYSCALL_64_fastpath+0x1c/0xb1 [ 3580.106193] RIP: 0033:0x7f32163a4500 [ 3580.106201] RSP: 002b:00007ffc29dfe058 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 3580.106217] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f32163a4500 [ 3580.106225] RDX: 000000000000003f RSI: 000000000075c170 RDI: 0000000000000006 [ 3580.106233] RBP: ffffffff81209956 R08: 00007f321638ec38 R09: 0000000000000000 [ 3580.106241] R10: 0000000000000000 R11: 0000000000000246 R12: ffff88022878ff98 [ 3580.106249] R13: ffffffff81cb7c63 R14: ffff88022878ff70 R15: 000000000075c170 [ 3580.106261] ? __this_cpu_preempt_check+0x13/0x20 [ 3580.106272] ? trace_hardirqs_off_caller+0x1d6/0x2c0 [ 3580.106320] The buggy address belongs to the page: [ 3580.106381] page:ffffea0008a1e3c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 3580.106478] flags: 0x8000000000000000() [ 3580.106532] raw: 8000000000000000 0000000000000000 0000000000000000 00000000ffffffff [ 3580.106621] raw: 0000000000000000 dead000000000200 0000000000000000 0000000000000000 [ 3580.106709] page dumped because: kasan: bad access detected [ 3580.106810] Memory state around the buggy address: [ 3580.106882] ffff88022878f780: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 f4 f3 f3 [ 3580.106987] ffff88022878f800: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3580.107093] >ffff88022878f880: f1 f1 f1 f1 02 f4 f4 f4 f2 f2 f2 f2 06 f4 f4 f4 [ 3580.107198] ^ [ 3580.107283] ffff88022878f900: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 3580.107388] ffff88022878f980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 3580.107491] ================================================================== [ 3580.107596] Disabling lock debugging due to kernel taint</pre> </div> </p> <hr> <span>You are receiving this mail because:</span> <ul> <li>You are the QA Contact for the bug.</li> <li>You are the assignee for the bug.</li> <li>You are on the CC list for the bug.</li> </ul> </body> </html>