107302 – UBSAN: member access within null pointer of type 'struct radeon_fpriv'

Bug 107302 - UBSAN: member access within null pointer of type 'struct radeon_fpriv'

Summary: UBSAN: member access within null pointer of type 'struct radeon_fpriv'

Status:	RESOLVED MOVED

Alias:	None

Product:	DRI
Classification:	Unclassified
Component:	DRM/Radeon (show other bugs)
Version:	DRI git
Hardware:	Other All

Importance:	medium normal
Assignee:	Default DRI bug account
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2018-07-20 07:35 UTC by Paul Menzel
Modified:	2019-11-19 09:33 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Paul Menzel 2018-07-20 07:35:52 UTC

Enabling the undefined behavior sanitizer and building GNU/Linux 4.18-rc5+ (with some unrelated commits) with GCC 8.1.0 from Debian Sid/unstable, the three warnings below are shown.

[   20.554998] ================================================================================
[   20.555019] UBSAN: Undefined behaviour in drivers/gpu/drm/radeon/radeon_gem.c:148:20
[   20.555024] member access within null pointer of type 'struct radeon_fpriv'
[   20.555035] CPU: 1 PID: 284 Comm: Xorg Not tainted 4.18.0-rc5-00316-g4864b68cedf2 #104
[   20.555038] Hardware name: ASROCK E350M1/E350M1, BIOS TIMELESS 01/01/1970
[   20.555040] Call Trace:
[   20.555055]  dump_stack+0x55/0x89
[   20.555063]  ubsan_epilogue+0xb/0x33
[   20.555068]  handle_null_ptr_deref+0x7f/0x90
[   20.555075]  __ubsan_handle_type_mismatch_v1+0x55/0x60
[   20.555145]  radeon_gem_object_open+0x211/0x2f0 [radeon]
[   20.555172]  ? drm_vma_node_allow+0xcd/0x140 [drm]
[   20.555232]  ? radeon_gem_fini+0x10/0x10 [radeon]
[   20.555252]  drm_gem_handle_create_tail+0xff/0x230 [drm]
[   20.555274]  drm_gem_handle_create+0x3d/0x80 [drm]
[   20.555332]  radeon_gem_create_ioctl+0x99/0x120 [radeon]
[   20.555390]  ? radeon_gem_pwrite_ioctl+0x30/0x30 [radeon]
[   20.555410]  drm_ioctl_kernel+0xb8/0x150 [drm]
[   20.555431]  drm_ioctl+0x299/0x640 [drm]
[   20.555490]  ? radeon_gem_pwrite_ioctl+0x30/0x30 [radeon]
[   20.555498]  ? __pagevec_lru_add_fn+0x15d/0x5d0
[   20.555503]  ? __lru_cache_add+0x100/0x100
[   20.555510]  ? __pm_runtime_resume+0x7d/0xe0
[   20.555560]  radeon_drm_ioctl+0x73/0x160 [radeon]
[   20.555612]  ? radeon_pci_shutdown+0x60/0x60 [radeon]
[   20.555617]  do_vfs_ioctl+0xaf/0x9f0
[   20.555625]  ? __fget_light+0x99/0x110
[   20.555629]  ksys_ioctl+0x60/0x90
[   20.555633]  sys_ioctl+0x16/0x18
[   20.555639]  do_fast_syscall_32+0xce/0x3e0
[   20.555645]  entry_SYSENTER_32+0x4e/0x7c
[   20.555650] EIP: 0xb7fb4bb5
[   20.555651] Code: 89 e5 8b 55 08 85 d2 8b 80 5c cd ff ff 74 02 89 02 5d c3 8b 04 24 c3 8b 1c 24 c3 8b 3c 24 c3 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 
[   20.555722] EAX: ffffffda EBX: 0000000d ECX: c01c645d EDX: bfe8d850
[   20.555726] ESI: 00000004 EDI: c01c645d EBP: 0000000d ESP: bfe8d798
[   20.555729] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00200292
[   20.555734] ================================================================================
[   20.559092] ================================================================================
[   20.559112] UBSAN: Undefined behaviour in drivers/gpu/drm/radeon/radeon_cs.c:540:20
[   20.559117] member access within null pointer of type 'struct radeon_fpriv'
[   20.559127] CPU: 1 PID: 285 Comm: radeon_cs:0 Not tainted 4.18.0-rc5-00316-g4864b68cedf2 #104
[   20.559129] Hardware name: ASROCK E350M1/E350M1, BIOS TIMELESS 01/01/1970
[   20.559132] Call Trace:
[   20.559145]  dump_stack+0x55/0x89
[   20.559152]  ubsan_epilogue+0xb/0x33
[   20.559157]  handle_null_ptr_deref+0x7f/0x90
[   20.559163]  __ubsan_handle_type_mismatch_v1+0x55/0x60
[   20.559236]  radeon_cs_ioctl+0xb97/0xbe0 [radeon]
[   20.559244]  ? __cgroup_account_cputime+0x47/0x90
[   20.559311]  ? radeon_cs_parser_init+0x7f0/0x7f0 [radeon]
[   20.559334]  drm_ioctl_kernel+0xb8/0x150 [drm]
[   20.559355]  drm_ioctl+0x299/0x640 [drm]
[   20.559414]  ? radeon_cs_parser_init+0x7f0/0x7f0 [radeon]
[   20.559426]  ? __pm_runtime_resume+0x7d/0xe0
[   20.559475]  radeon_drm_ioctl+0x73/0x160 [radeon]
[   20.559526]  ? radeon_pci_shutdown+0x60/0x60 [radeon]
[   20.559531]  do_vfs_ioctl+0xaf/0x9f0
[   20.559538]  ? strlcpy+0x1d/0xc0
[   20.559544]  ? __fget_light+0x99/0x110
[   20.559547]  ksys_ioctl+0x60/0x90
[   20.559552]  sys_ioctl+0x16/0x18
[   20.559557]  do_fast_syscall_32+0xce/0x3e0
[   20.559563]  entry_SYSENTER_32+0x4e/0x7c
[   20.559568] EIP: 0xb7fb4bb5
[   20.559569] Code: 89 e5 8b 55 08 85 d2 8b 80 5c cd ff ff 74 02 89 02 5d c3 8b 04 24 c3 8b 1c 24 c3 8b 3c 24 c3 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 
[   20.559641] EAX: ffffffda EBX: 0000000d ECX: c0206466 EDX: b174a044
[   20.559644] ESI: b173a040 EDI: c0206466 EBP: 0000000d ESP: b1fd3008
[   20.559648] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00200292
[   20.559652] ================================================================================
[   21.842145] ================================================================================
[   21.842171] UBSAN: Undefined behaviour in drivers/gpu/drm/radeon/radeon_gem.c:179:20
[   21.842179] member access within null pointer of type 'struct radeon_fpriv'
[   21.842196] CPU: 1 PID: 284 Comm: Xorg Not tainted 4.18.0-rc5-00316-g4864b68cedf2 #104
[   21.842200] Hardware name: ASROCK E350M1/E350M1, BIOS TIMELESS 01/01/1970
[   21.842204] Call Trace:
[   21.842231]  dump_stack+0x55/0x89
[   21.842242]  ubsan_epilogue+0xb/0x33
[   21.842250]  handle_null_ptr_deref+0x7f/0x90
[   21.842262]  __ubsan_handle_type_mismatch_v1+0x55/0x60
[   21.842367]  radeon_gem_object_close+0x232/0x310 [radeon]
[   21.842406]  drm_gem_object_release_handle+0x48/0x110 [drm]
[   21.842439]  drm_gem_handle_delete+0x5f/0xc0 [drm]
[   21.842472]  ? drm_gem_handle_create+0x80/0x80 [drm]
[   21.842503]  drm_gem_close_ioctl+0x36/0x90 [drm]
[   21.842536]  drm_ioctl_kernel+0xb8/0x150 [drm]
[   21.842570]  drm_ioctl+0x299/0x640 [drm]
[   21.842604]  ? drm_gem_handle_create+0x80/0x80 [drm]
[   21.842615]  ? __switch_to_asm+0x33/0x4c
[   21.842620]  ? __switch_to_asm+0x27/0x4c
[   21.842625]  ? __switch_to_asm+0x33/0x4c
[   21.842630]  ? __switch_to_asm+0x27/0x4c
[   21.842635]  ? __switch_to_asm+0x33/0x4c
[   21.842640]  ? __switch_to_asm+0x27/0x4c
[   21.842652]  ? __pm_runtime_resume+0x7d/0xe0
[   21.842733]  radeon_drm_ioctl+0x73/0x160 [radeon]
[   21.842815]  ? radeon_pci_shutdown+0x60/0x60 [radeon]
[   21.842823]  do_vfs_ioctl+0xaf/0x9f0
[   21.842831]  ? remove_vma+0x45/0x60
[   21.842836]  ? remove_vma+0x45/0x60
[   21.842844]  ? do_munmap+0x18b/0x4d0
[   21.842852]  ? __fget_light+0x99/0x110
[   21.842859]  ksys_ioctl+0x60/0x90
[   21.842866]  sys_ioctl+0x16/0x18
[   21.842874]  do_fast_syscall_32+0xce/0x3e0
[   21.842881]  entry_SYSENTER_32+0x4e/0x7c
[   21.842888] EIP: 0xb7fb4bb5
[   21.842891] Code: 89 e5 8b 55 08 85 d2 8b 80 5c cd ff ff 74 02 89 02 5d c3 8b 04 24 c3 8b 1c 24 c3 8b 3c 24 c3 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 
[   21.843006] EAX: ffffffda EBX: 0000000d ECX: 40086409 EDX: bfe8dfbc
[   21.843011] ESI: 01004300 EDI: 40086409 EBP: 0000000d ESP: bfe8df28
[   21.843017] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000292
[   21.843024] ================================================================================

Comment 1 Martin Peres 2019-11-19 09:33:47 UTC

-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/drm/amd/issues/853.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.