Bug 111710

Summary: [CI][SHARDS] igt@kms_dp_tiled_display@basic-test-pattern - fail - malloc_consolidate(): invalid chunk size
Product: DRI Reporter: Martin Peres <martin.peres>
Component: DRM/IntelAssignee: Intel GFX Bugs mailing list <intel-gfx-bugs>
Status: RESOLVED FIXED QA Contact: Intel GFX Bugs mailing list <intel-gfx-bugs>
Severity: not set    
Priority: high CC: intel-gfx-bugs, lakshminarayana.vudum, manasi.d.navare
Version: XOrg git   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: ALL i915 features: display/DP

Description Martin Peres 2019-09-17 07:26:49 UTC
https://intel-gfx-ci.01.org/tree/drm-tip/IGT_5186/shard-glk8/igt@kms_dp_tiled_display@basic-test-pattern.html

Received signal SIGABRT.
Stack trace: 
 #0 [fatal_sig_handler+0xd6]
 #1 [killpg+0x40]
 #2 [gsignal+0xc7]
 #3 [abort+0x141]
 #4 [__fsetlocking+0x427]
 #5 [_IO_str_seekoff+0x4da]
 #6 [cfree+0x6b4]
 #7 [drmModeFreeConnector+0x1b]
 #8 [__real_main368+0x369]
 #9 [main+0x27]
 #10 [__libc_start_main+0xe7]
 #11 [_start+0x2a]
malloc_consolidate(): invalid chunk size
Comment 1 Martin Peres 2019-09-17 07:28:20 UTC
Assigning the author of the new test directly :)
Comment 2 CI Bug Log 2019-09-17 07:28:35 UTC
The CI Bug Log issue associated to this bug has been updated.

### New filters associated

* All machines: igt@kms_dp_tiled_display@basic-test-pattern - fail - malloc_consolidate(): invalid chunk size
  - https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6905/shard-glk5/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6905/shard-hsw1/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_3444/shard-glk6/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_3444/shard-hsw6/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_3444/shard-iclb6/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_3444/shard-snb5/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6905/shard-kbl6/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6905/shard-skl9/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_14423/shard-glk5/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_14423/shard-hsw5/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6905/shard-snb1/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_14423/shard-kbl1/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_14423/shard-skl5/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_14423/shard-snb5/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_3451/shard-glk2/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_3451/shard-hsw5/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_3451/shard-snb4/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_14421/shard-glk8/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_14421/shard-hsw5/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_14421/shard-kbl7/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_14421/shard-skl1/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_14421/shard-snb7/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_3465/shard-glk7/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_3465/shard-hsw4/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_3461/shard-glk4/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_3461/shard-hsw8/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_3461/shard-kbl2/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_3461/shard-snb5/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_3465/shard-kbl7/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_3465/shard-snb4/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/IGT_5186/shard-glk8/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/IGT_5186/shard-hsw4/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/IGT_5186/shard-kbl1/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/IGT_5186/shard-skl1/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/IGT_5186/shard-snb6/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6904/shard-glk2/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6904/shard-hsw7/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6904/shard-kbl3/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6904/shard-skl6/igt@kms_dp_tiled_display@basic-test-pattern.html
  - https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6904/shard-snb7/igt@kms_dp_tiled_display@basic-test-pattern.html
Comment 3 Lakshmi 2019-09-18 10:23:39 UTC
(In reply to Martin Peres from comment #0)
> https://intel-gfx-ci.01.org/tree/drm-tip/IGT_5186/shard-glk8/
> igt@kms_dp_tiled_display@basic-test-pattern.html
> 
> Received signal SIGABRT.
> Stack trace: 
>  #0 [fatal_sig_handler+0xd6]
>  #1 [killpg+0x40]
>  #2 [gsignal+0xc7]
>  #3 [abort+0x141]
>  #4 [__fsetlocking+0x427]
>  #5 [_IO_str_seekoff+0x4da]
>  #6 [cfree+0x6b4]
>  #7 [drmModeFreeConnector+0x1b]
>  #8 [__real_main368+0x369]
>  #9 [main+0x27]
>  #10 [__libc_start_main+0xe7]
>  #11 [_start+0x2a]
> malloc_consolidate(): invalid chunk size

(In reply to Martin Peres from comment #1)
> Assigning the author of the new test directly :)

Madhumitha's Internship is ended in August.
Comment 4 Manasi 2019-09-18 15:05:07 UTC
Looking at the logs, it seems like here the igt_require(data.num_h_tiles) is not so we do not malloc the array of connectors but we still free the malloc pointer and thats when we hit this.

How can I test the fix?

Manasi
Comment 5 Manasi 2019-09-18 17:23:52 UTC
Here's the bug assessment:

This bug impacts all the use cases where its either no connector connected or no DP connected or no DP connector with tiles. This happens because of double freeing of the drmConnector pointer, once when the condition is not met and at the end of the function.

The following patch from Chris Wilson fixes it:
https://patchwork.freedesktop.org/series/66869/

Manasi
Comment 6 Chris Wilson 2019-09-19 07:17:53 UTC
commit 77c53210779c30cfb8a4ca2312675fe5be94f4d5 (HEAD, upstream/master)
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date:   Wed Sep 18 16:14:15 2019 +0100

    kms_dp_tiled_display: Fix the double free of drmConnector
    
    drmModeFreeConnector is called inside the loop and after. Not
    unsurprisingly this leads to a use-after-free and memcorruption.
    
    Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=111710
    Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
    Cc: Manasi Navare <manasi.d.navare@intel.com>
    Reviewed-by: Manasi Navare <manasi.d.navare@intel.com>
Comment 7 Chris Wilson 2019-09-19 09:00:51 UTC
*** Bug 111741 has been marked as a duplicate of this bug. ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.