Bug 109458

Summary: [CI][DRMTIP]igt@kms_cursor_legacy@2x-long-flip-vs-cursor-legacy - dmesg-fail - BUG kmalloc-512 (Tainted:*): Poison overwritten
Product: DRI Reporter: Lakshmi <lakshminarayana.vudum>
Component: DRM/IntelAssignee: Intel GFX Bugs mailing list <intel-gfx-bugs>
Status: CLOSED WORKSFORME QA Contact: Intel GFX Bugs mailing list <intel-gfx-bugs>
Severity: normal    
Priority: medium CC: intel-gfx-bugs
Version: XOrg git   
Hardware: Other   
OS: All   
Whiteboard: Triaged, ReadyForDev
i915 platform: ICL i915 features: display/Other

Description Lakshmi 2019-01-25 12:58:07 UTC 
=============================================================================
<3> [456.905647] BUG kmalloc-512 (Tainted: G     U           ): Poison overwritten
<3> [456.905648] -----------------------------------------------------------------------------

<4> [456.905649] Disabling lock debugging due to kernel taint
<3> [456.905652] INFO: 0x00000000a1117304-0x00000000a1117304. First byte 0x6c instead of 0x6b
<3> [456.905699] INFO: Allocated in intel_plane_duplicate_state+0x1b/0x50 [i915] age=29 cpu=2 pid=1434
<3> [456.905702] 	__kmalloc_track_caller+0x29c/0x2e0
<3> [456.905705] 	kmemdup+0x17/0x40
<3> [456.905742] 	intel_plane_duplicate_state+0x1b/0x50 [i915]
<3> [456.905780] 	intel_legacy_cursor_update+0x18e/0x5a0 [i915]
<3> [456.905783] 	drm_mode_cursor_universal+0x128/0x240
<3> [456.905785] 	drm_mode_cursor_common+0x1a3/0x220
<3> [456.905786] 	drm_mode_cursor_ioctl+0x48/0x70
<3> [456.905789] 	drm_ioctl_kernel+0x81/0xf0
<3> [456.905790] 	drm_ioctl+0x2f3/0x3b0
<3> [456.905793] 	do_vfs_ioctl+0xa0/0x6e0
<3> [456.905794] 	ksys_ioctl+0x35/0x60
<3> [456.905796] 	__x64_sys_ioctl+0x11/0x20
<3> [456.905798] 	do_syscall_64+0x55/0x190
<3> [456.905800] 	entry_SYSCALL_64_after_hwframe+0x49/0xbe
<3> [456.905838] INFO: Freed in intel_legacy_cursor_update+0x37a/0x5a0 [i915] age=29 cpu=2 pid=1434
<3> [456.905840] 	drm_mode_cursor_universal+0x128/0x240
<3> [456.905841] 	drm_mode_cursor_common+0x1a3/0x220
<3> [456.905843] 	drm_mode_cursor_ioctl+0x48/0x70
<3> [456.905844] 	drm_ioctl_kernel+0x81/0xf0
<3> [456.905846] 	drm_ioctl+0x2f3/0x3b0
<3> [456.905847] 	do_vfs_ioctl+0xa0/0x6e0
<3> [456.905849] 	ksys_ioctl+0x35/0x60
<3> [456.905850] 	__x64_sys_ioctl+0x11/0x20
<3> [456.905851] 	do_syscall_64+0x55/0x190
<3> [456.905853] 	entry_SYSCALL_64_after_hwframe+0x49/0xbe
<3> [456.905855] INFO: Slab 0x000000001bfc12ef objects=19 used=19 fp=0x          (null) flags=0x8000000000010200
<3> [456.905856] INFO: Object 0x00000000e4361e8a @offset=2552 fp=0x          (null)

<3> [456.905858] Redzone 00000000d66e229a: bb bb bb bb bb bb bb bb                          ........
<3> [456.905859] Object 00000000e4361e8a: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905860] Object 00000000b36e0549: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905860] Object 0000000070f032b6: 6b 6b 6b 6b 6b 6b 6b 6b 6c 6b 6b 6b 6b 6b 6b 6b  kkkkkkkklkkkkkkk
<3> [456.905861] Object 000000001b589927: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905862] Object 000000000bd11f66: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905863] Object 00000000db18076e: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905864] Object 000000006e441b7f: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905865] Object 000000004b05ee07: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905866] Object 000000009c4f157d: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905866] Object 00000000350ee686: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905867] Object 000000008971c950: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905868] Object 000000001535ac44: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905869] Object 00000000bb3cb77b: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905870] Object 0000000033f3a953: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905871] Object 0000000070ca431d: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905872] Object 0000000046866e00: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905872] Object 00000000d3de8c26: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905873] Object 00000000a1810836: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905874] Object 000000008ca27ca7: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905875] Object 000000006999175c: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905876] Object 00000000ca56d2f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905877] Object 000000004a0e2bd2: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905878] Object 000000000788e354: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905879] Object 00000000bcb029b8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905879] Object 00000000d11d694d: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905880] Object 00000000516598f2: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905881] Object 00000000801f5872: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905882] Object 00000000bd8c3b45: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905883] Object 0000000014529b79: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905884] Object 00000000de26dd98: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905885] Object 00000000670d32ad: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
<3> [456.905885] Object 00000000cfcf9bbd: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5  kkkkkkkkkkkkkkk.
<3> [456.905886] Redzone 0000000098e13d6f: bb bb bb bb bb bb bb bb                          ........
<3> [456.905887] Padding 0000000063abe87a: 5a 5a 5a 5a 5a 5a 5a 5a                          ZZZZZZZZ
<4> [456.905890] CPU: 1 PID: 1433 Comm: kms_cursor_lega Tainted: G    BU            5.0.0-rc1-gc51dc608699b-drmtip_191+ #1
<4> [456.905891] Hardware name: Intel Corporation Ice Lake Client Platform/IceLake U DDR4 SODIMM PD RVP TLC, BIOS ICLSFWR1.R00.2402.AD3.1810170014 10/17/2018
<4> [456.905891] Call Trace:
<4> [456.905895]  dump_stack+0x67/0x9b
<4> [456.905898]  check_bytes_and_report+0xbd/0x100
<4> [456.905901]  check_object+0x22a/0x270
<4> [456.905938]  ? intel_plane_duplicate_state+0x1b/0x50 [i915]
<4> [456.905941]  alloc_debug_processing+0x17a/0x190
<4> [456.905943]  ___slab_alloc.constprop.34+0x355/0x380
<4> [456.905977]  ? intel_plane_duplicate_state+0x1b/0x50 [i915]
<4> [456.905981]  ? __lock_is_held+0x6b/0xb0
<4> [456.906015]  ? intel_plane_duplicate_state+0x1b/0x50 [i915]
<4> [456.906017]  ? __slab_alloc.isra.27.constprop.33+0x3d/0x70
<4> [456.906019]  __slab_alloc.isra.27.constprop.33+0x3d/0x70
<4> [456.906051]  ? intel_plane_duplicate_state+0x1b/0x50 [i915]
<4> [456.906053]  __kmalloc_track_caller+0x29c/0x2e0
<4> [456.906056]  kmemdup+0x17/0x40
<4> [456.906088]  intel_plane_duplicate_state+0x1b/0x50 [i915]
<4> [456.906090]  drm_atomic_get_plane_state+0x8e/0x160
<4> [456.906093]  restore_fbdev_mode_atomic+0xaa/0x1f0
<4> [456.906098]  drm_fb_helper_restore_fbdev_mode_unlocked+0x42/0x90
<4> [456.906100]  drm_fb_helper_set_par+0x24/0x50
<4> [456.906134]  intel_fbdev_set_par+0x11/0x40 [i915]
<4> [456.906137]  fbcon_init+0x439/0x610
<4> [456.906140]  visual_init+0xc9/0x120
<4> [456.906142]  do_bind_con_driver+0x1f2/0x410
<4> [456.906146]  store_bind+0x133/0x1a0
<4> [456.906149]  kernfs_fop_write+0x104/0x190
<4> [456.906152]  __vfs_write+0x31/0x190
<4> [456.906155]  ? rcu_read_lock_sched_held+0x6f/0x80
<4> [456.906156]  ? rcu_sync_lockdep_assert+0x29/0x50
<4> [456.906158]  ? __sb_start_write+0x152/0x1f0
<4> [456.906159]  ? __sb_start_write+0x163/0x1f0
<4> [456.906162]  vfs_write+0xbd/0x1b0
<4> [456.906164]  ksys_write+0x50/0xc0
<4> [456.906167]  do_syscall_64+0x55/0x190
<4> [456.906169]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
<4> [456.906171] RIP: 0033:0x7f7b54d82281
<4> [456.906173] Code: c3 0f 1f 84 00 00 00 00 00 48 8b 05 59 8d 20 00 c3 0f 1f 84 00 00 00 00 00 8b 05 8a d1 20 00 85 c0 75 16 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 57 f3 c3 0f 1f 44 00 00 41 54 55 49 89 d4 53
<4> [456.906174] RSP: 002b:00007ffef874d0e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
<4> [456.906176] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f7b54d82281
<4> [456.906176] RDX: 0000000000000002 RSI: 00007f7b551fe181 RDI: 0000000000000007
<4> [456.906177] RBP: 00007ffef874e130 R08: 00005606d712cc83 R09: 0000000000000006
<4> [456.906178] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b54d6b718
<4> [456.906179] R13: 0000000000000003 R14: 00007f7b54d70628 R15: 00007f7b54d6cd80
<3> [456.906184] FIX kmalloc-512: Restoring 0x00000000a1117304-0x00000000a1117304=0x6b
Comment 2 Chris Wilson 2019-01-25 15:05:15 UTC 
Just one bit... Could be a stray set_bit(), or neutrino.
Comment 3 Martin Peres 2019-04-23 11:48:48 UTC 
(In reply to Chris Wilson from comment #2)
> Just one bit... Could be a stray set_bit(), or neutrino.

Could be! Not seen again after more than 3 weeks. Closing!
Comment 4 Lakshmi 2019-07-31 12:14:02 UTC 
Occurred only once drmtip_191 (6 months, 2 weeks old).

Closing this bug.
Comment 5 CI Bug Log 2019-07-31 12:14:05 UTC 
The CI Bug Log issue associated to this bug has been archived.

New failures matching the above filters will not be associated to this bug anymore.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.