Bug 108374 - [CI][DRMTIP] igt@kms_atomic_transition@plane-all-modeset-transition-fencing - dmesg-warn - BUG kmalloc-32: Padding overwritten
Summary: [CI][DRMTIP] igt@kms_atomic_transition@plane-all-modeset-transition-fencing -...
Status: CLOSED WORKSFORME
Alias: None
Product: DRI
Classification: Unclassified
Component: DRM/Intel (show other bugs)
Version: XOrg git
Hardware: Other All
: high normal
Assignee: Intel GFX Bugs mailing list
QA Contact: Intel GFX Bugs mailing list
URL:
Whiteboard: ReadyForDev
Keywords:
Depends on:
Blocks:
 
Reported: 2018-10-15 14:14 UTC by Martin Peres
Modified: 2019-02-14 16:22 UTC (History)
1 user (show)

See Also:
i915 platform: CFL
i915 features: display/atomic


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Peres 2018-10-15 14:14:24 UTC
https://intel-gfx-ci.01.org/tree/drm-tip/drmtip_126/fi-cfl-8109u/igt@kms_atomic_transition@plane-all-modeset-transition-fencing.html

<3> [162.602334] =============================================================================
<3> [162.602416] BUG kmalloc-32 (Tainted: G     U           ): Padding overwritten. 0x000000008f9ea00a-0x000000006fb3e264
<3> [162.602419] -----------------------------------------------------------------------------\x0a
<4> [162.602422] Disabling lock debugging due to kernel taint
<3> [162.602423] INFO: Slab 0x0000000054bd7562 objects=22 used=22 fp=0x          (null) flags=0x8000000000008100
<4> [162.602427] CPU: 3 PID: 1275 Comm: kms_atomic_tran Tainted: G    BU            4.19.0-rc7-gdec9886eff39-drmtip_126+ #1
<4> [162.602428] Hardware name: Intel Corporation NUC8i3BEH/NUC8BEB, BIOS BECFL357.86A.0037.2018.0614.2204 06/14/2018
<4> [162.602429] Call Trace:
<4> [162.602434]  dump_stack+0x67/0x9b
<4> [162.602437]  slab_err+0xa8/0xd0
<4> [162.602440]  ? _raw_spin_unlock+0x29/0x40
<4> [162.602442]  ? get_partial_node.isra.29+0x1f6/0x460
<4> [162.602445]  slab_pad_check.part.11+0xd5/0x150
<4> [162.602448]  ? drm_mode_atomic_ioctl+0x31e/0x930
<4> [162.602449]  check_slab+0x59/0xb0
<4> [162.602451]  alloc_debug_processing+0x97/0x190
<4> [162.602453]  ___slab_alloc.constprop.34+0x35a/0x390
<4> [162.602455]  ? drm_mode_atomic_ioctl+0x31e/0x930
<4> [162.602458]  ? __lock_is_held+0x6b/0xb0
<4> [162.602460]  ? drm_mode_atomic_ioctl+0x31e/0x930
<4> [162.602462]  ? __slab_alloc.isra.27.constprop.33+0x3d/0x70
<4> [162.602463]  __slab_alloc.isra.27.constprop.33+0x3d/0x70
<4> [162.602465]  ? drm_mode_atomic_ioctl+0x31e/0x930
<4> [162.602466]  __kmalloc_track_caller+0x29c/0x2e0
<4> [162.602469]  krealloc+0x4b/0xc0
<4> [162.602471]  drm_mode_atomic_ioctl+0x31e/0x930
<4> [162.602476]  ? drm_atomic_set_property+0x880/0x880
<4> [162.602478]  drm_ioctl_kernel+0x81/0xf0
<4> [162.602480]  drm_ioctl+0x2e6/0x3a0
<4> [162.602482]  ? drm_atomic_set_property+0x880/0x880
<4> [162.602485]  ? lock_acquire+0xa6/0x1c0
<4> [162.602488]  do_vfs_ioctl+0xa0/0x6d0
<4> [162.602490]  ? __fget+0xfc/0x1e0
<4> [162.602492]  ksys_ioctl+0x35/0x60
<4> [162.602494]  __x64_sys_ioctl+0x11/0x20
<4> [162.602496]  do_syscall_64+0x55/0x190
<4> [162.602498]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
<4> [162.602500] RIP: 0033:0x7f927cd795d7
<4> [162.602501] Code: b3 66 90 48 8b 05 b1 48 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 48 2d 00 f7 d8 64 89 01 48
<4> [162.602502] RSP: 002b:00007ffc3d5aae88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
<4> [162.602504] RAX: ffffffffffffffda RBX: 0000563eaf5267e0 RCX: 00007f927cd795d7
<4> [162.602505] RDX: 00007ffc3d5aaee0 RSI: 00000000c03864bc RDI: 0000000000000005
<4> [162.602506] RBP: 00007ffc3d5aaee0 R08: 0000563eaf552c30 R09: 000000000000002d
<4> [162.602507] R10: 0000000000000003 R11: 0000000000000246 R12: 00000000c03864bc
<4> [162.602507] R13: 0000000000000005 R14: 0000000000000001 R15: 0000000000000400
<3> [162.602511] Padding 000000008f9ea00a: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
<3> [162.602513] Padding 000000001ff4d10b: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
<3> [162.602514] Padding 00000000edf03905: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
<3> [162.602516] Padding 000000003542217c: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
<3> [162.602517] Padding 0000000007fddfb2: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
<3> [162.602519] Padding 00000000e3bf9aab: ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00  ................
<3> [162.602520] FIX kmalloc-32: Restoring 0x000000008f9ea00a-0x000000006fb3e264=0x5a\x0a
Comment 1 Chris Wilson 2018-10-15 19:39:59 UTC
Fwiw, kasan-62 caught

<3>[   41.934500] BUG: KASAN: use-after-free in do_raw_spin_lock+0x1a3/0x1d0
<3>[   41.934527] Read of size 4 at addr ffff88026a960804 by task cpuhp/1/16

<4>[   41.934566] CPU: 1 PID: 16 Comm: cpuhp/1 Tainted: G     UD W         4.19.0-rc7-g2c411746783a-kasan_62+ #1
<4>[   41.934600] Hardware name: Intel Corporation Kabylake Client platform/Kabylake R DDR4 RVP, BIOS KBLSE2R1.R00.X078.P02.1703030515 03/03/2017
<4>[   41.934640] Call Trace:
<4>[   41.934659]  dump_stack+0x7c/0xbb
<4>[   41.934680]  print_address_description+0x65/0x270
<4>[   41.934704]  kasan_report+0x25b/0x380
<4>[   41.934724]  ? do_raw_spin_lock+0x1a3/0x1d0
<4>[   41.934748]  do_raw_spin_lock+0x1a3/0x1d0
<4>[   41.934770]  _raw_spin_lock_irqsave+0x3b/0x50
<4>[   41.934791]  ? task_rq_lock+0x63/0x320
<4>[   41.934811]  task_rq_lock+0x63/0x320
<4>[   41.934836]  __set_cpus_allowed_ptr+0x89/0x5e0
<4>[   41.934859]  ? move_queued_task+0x840/0x840
<4>[   41.934881]  ? idr_get_next_ul+0x1a0/0x1a0
<4>[   41.934911]  workqueue_online_cpu+0x1c5/0x7a0
<4>[   41.934935]  ? workqueue_prepare_cpu+0xd0/0xd0
<4>[   41.934962]  ? workqueue_prepare_cpu+0xd0/0xd0
<4>[   41.934985]  cpuhp_invoke_callback+0x15e/0x1350
<4>[   41.935008]  ? cpuhp_thread_fun+0xa9/0x680
<4>[   41.935034]  cpuhp_thread_fun+0x33f/0x680
<4>[   41.935056]  ? cpuhp_complete_idle_dead+0x10/0x10
<4>[   41.935081]  smpboot_thread_fn+0x51d/0x800
<4>[   41.935103]  ? sort_range+0x20/0x20
<4>[   41.935142]  ? _raw_spin_unlock_irqrestore+0x39/0x60
<4>[   41.935168]  ? __kthread_parkme+0xb1/0x180
<4>[   41.935192]  ? sort_range+0x20/0x20
<4>[   41.935213]  kthread+0x31a/0x3e0
<4>[   41.935233]  ? kthread_park+0x120/0x120
<4>[   41.935257]  ret_from_fork+0x3a/0x50

<3>[   41.935298] Allocated by task 810:
<4>[   41.935320]  kmem_cache_alloc+0xd7/0x280
<4>[   41.935341]  copy_process.part.7+0x1942/0x6a40
<4>[   41.935363]  _do_fork+0x177/0xb60
<4>[   41.935382]  do_syscall_64+0x97/0x400
<4>[   41.935403]  entry_SYSCALL_64_after_hwframe+0x49/0xbe

<3>[   41.935435] Freed by task 0:
<4>[   41.935453]  kmem_cache_free+0xb7/0x2f0
<4>[   41.935474]  rcu_process_callbacks+0x402/0x1790
<4>[   41.935497]  __do_softirq+0x221/0x8b9

<3>[   41.935527] The buggy address belongs to the object at ffff88026a960040
                   which belongs to the cache task_struct of size 9792
<3>[   41.935575] The buggy address is located 1988 bytes inside of
                   9792-byte region [ffff88026a960040, ffff88026a962680)
<3>[   41.935617] The buggy address belongs to the page:
<0>[   41.935641] page:ffffea0009aa5800 count:1 mapcount:0 mapping:ffff8802759af200 index:0x0 compound_mapcount: 0
<0>[   41.935685] flags: 0x8000000000008100(slab|head)
<1>[   41.935711] raw: 8000000000008100 ffffea0009931808 ffffea000918aa08 ffff8802759af200
<1>[   41.935745] raw: 0000000000000000 0000000000030003 00000001ffffffff 0000000000000000
<1>[   41.935775] page dumped because: kasan: bad access detected

<3>[   41.935808] Memory state around the buggy address:
<3>[   41.935831]  ffff88026a960700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<3>[   41.935867]  ffff88026a960780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<3>[   41.935916] >ffff88026a960800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<3>[   41.935964]                    ^
<3>[   41.935995]  ffff88026a960880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<3>[   41.936047]  ffff88026a960900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<3>[   41.936094] ==================================================================
<4>[   41.936200] WARNING: CPU: 1 PID: 16 at kernel/workqueue.c:4735 workqueue_online_cpu+0x5fa/0x7a0
<4>[   41.936235] Modules linked in: snd_hda_codec_hdmi snd_hda_codec_realtek(+) snd_hda_codec_generic i915 asix btusb btrtl usbnet btbcm mii btintel snd_hda_intel snd_hda_codec bluetooth x86_pkg_temp_thermal coretemp crct10dif_pclmul snd_hwdep crc32_pclmul ghash_clmulni_intel snd_hda_core ecdh_generic snd_pcm e1000e mei_me mei prime_numbers pinctrl_sunrisepoint pinctrl_intel
<4>[   41.936339] CPU: 1 PID: 16 Comm: cpuhp/1 Tainted: G    BUD W         4.19.0-rc7-g2c411746783a-kasan_62+ #1
<4>[   41.936358] Hardware name: Intel Corporation Kabylake Client platform/Kabylake R DDR4 RVP, BIOS KBLSE2R1.R00.X078.P02.1703030515 03/03/2017
<4>[   41.936383] RIP: 0010:workqueue_online_cpu+0x5fa/0x7a0
<4>[   41.936396] Code: 0f 85 06 fb ff ff 48 c7 c2 a0 36 25 9b be dc 12 00 00 48 c7 c7 e0 30 25 9b c6 05 74 be d5 02 01 e8 eb 81 0b 00 e9 e2 fa ff ff <0f> 0b e9 cc fb ff ff be ff ff ff ff 48 c7 c7 20 73 aa 9b e8 4e 36
<4>[   41.936429] RSP: 0000:ffff88027539fcd0 EFLAGS: 00010282
<4>[   41.936443] RAX: 00000000ffffffea RBX: dffffc0000000000 RCX: 0000000000000000
<4>[   41.936458] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffffffff9d4e72c0
<4>[   41.936473] RBP: ffff88027686a740 R08: ffffed004d52c100 R09: ffffed004d52c100
<4>[   41.936488] R10: 0000000000000001 R11: ffffed004d52c100 R12: ffff88027686aa50
<4>[   41.936503] R13: fffffbfff37851a4 R14: 0000000000000001 R15: ffff88026c62d548
<4>[   41.936519] FS:  0000000000000000(0000) GS:ffff880276840000(0000) knlGS:0000000000000000
<4>[   41.936536] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[   41.936549] CR2: 0000000000000000 CR3: 000000015da14001 CR4: 00000000003606e0
<4>[   41.936564] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
<4>[   41.936579] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
<4>[   41.936593] Call Trace:
<4>[   41.936604]  ? workqueue_prepare_cpu+0xd0/0xd0
<4>[   41.936619]  ? workqueue_prepare_cpu+0xd0/0xd0
<4>[   41.936632]  cpuhp_invoke_callback+0x15e/0x1350
<4>[   41.936645]  ? cpuhp_thread_fun+0xa9/0x680
<4>[   41.936660]  cpuhp_thread_fun+0x33f/0x680
<4>[   41.936672]  ? cpuhp_complete_idle_dead+0x10/0x10
<4>[   41.936686]  smpboot_thread_fn+0x51d/0x800
<4>[   41.936698]  ? sort_range+0x20/0x20
<4>[   41.936710]  ? _raw_spin_unlock_irqrestore+0x39/0x60
<4>[   41.936723]  ? __kthread_parkme+0xb1/0x180
<4>[   41.936736]  ? sort_range+0x20/0x20
<4>[   41.936746]  kthread+0x31a/0x3e0
<4>[   41.936756]  ? kthread_park+0x120/0x120
<4>[   41.936769]  ret_from_fork+0x3a/0x50
<4>[   41.936784] irq event stamp: 1310
<4>[   41.936794] hardirqs last  enabled at (1309): [<ffffffff9ac5676c>] _raw_spin_unlock_irqrestore+0x4c/0x60
<4>[   41.936815] hardirqs last disabled at (1310): [<ffffffff9ac454c7>] __schedule+0x127/0x1d90
<4>[   41.936833] softirqs last  enabled at (1082): [<ffffffff9b0004ff>] __do_softirq+0x4ff/0x8b9
<4>[   41.936852] softirqs last disabled at (1075): [<ffffffff99145c36>] irq_exit+0x136/0x170
<4>[   41.936870] WARNING: CPU: 1 PID: 16 at kernel/workqueue.c:4735 workqueue_online_cpu+0x5fa/0x7a0

which I think indicates scary problem in the core.
Comment 2 Lakshmi 2019-02-14 09:52:03 UTC
> 
> which I think indicates scary problem in the core.

This issue occurred only once on drmtip_126 (4 months / 2347 runs ago). Closing this bug.
Comment 3 CI Bug Log 2019-02-14 16:22:43 UTC
The CI Bug Log issue associated to this bug has been archived.

New failures matching the above filters will not be associated to this bug anymore.


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.