[ 9.055546] ================================================================== [ 9.055917] BUG: KASAN: use-after-free in guc_interrupts_release+0x57/0xe0 [i915] at addr ffff880235652120 [ 9.056030] Read of size 4 by task systemd-udevd/208 [ 9.056109] CPU: 0 PID: 208 Comm: systemd-udevd Not tainted 4.10.0+ #437 [ 9.056190] Hardware name: / , BIOS PYBSWCEL.86A.0027.2015.0507.1758 05/07/2015 [ 9.056299] Call Trace: [ 9.056380] dump_stack+0x4d/0x63 [ 9.056461] kasan_object_err+0x1c/0x70 [ 9.056552] kasan_report_error+0x1f1/0x4f0 [ 9.056859] ? gen6_write32+0x170/0x170 [i915] [ 9.056938] kasan_report+0x34/0x40 [ 9.057242] ? __intel_uncore_forcewake_put+0x10/0xd0 [i915] [ 9.057548] ? guc_interrupts_release+0x57/0xe0 [i915] [ 9.057636] __asan_load4+0x61/0x80 [ 9.057946] guc_interrupts_release+0x57/0xe0 [i915] [ 9.058252] intel_guc_fini+0x1e/0xb0 [i915] [ 9.058537] i915_driver_load+0xf5b/0x1cb0 [i915] [ 9.058625] ? ida_simple_get+0xf6/0x170 [ 9.058910] ? __i915_printk+0x1d0/0x1d0 [i915] [ 9.058997] ? rpm_resume+0x170/0xa70 [ 9.059086] ? rpm_callback+0xe0/0xe0 [ 9.059173] ? pci_match_id+0x118/0x180 [ 9.059261] ? pci_match_device+0x1f8/0x220 [ 9.059549] i915_pci_probe+0x65/0xe0 [i915] [ 9.059637] pci_device_probe+0xda/0x140 [ 9.059726] driver_probe_device+0x400/0x660 [ 9.059818] ? driver_probe_device+0x660/0x660 [ 9.059906] __driver_attach+0x115/0x120 [ 9.059993] bus_for_each_dev+0xe3/0x140 [ 9.060080] ? subsys_dev_iter_exit+0x10/0x10 [ 9.060167] ? klist_node_init+0x57/0x80 [ 9.060254] driver_attach+0x26/0x30 [ 9.060343] bus_add_driver+0x268/0x3b0 [ 9.060432] driver_register+0xce/0x190 [ 9.060520] __pci_register_driver+0xab/0xc0 [ 9.060604] ? 0xffffffffa02b0000 [ 9.060916] i915_init+0x63/0x6a [i915] [ 9.061005] do_one_initcall+0x8b/0x1e0 [ 9.061096] ? kasan_slab_free+0x89/0xc0 [ 9.061184] ? initcall_blacklisted+0x130/0x130 [ 9.061271] ? kasan_kmalloc+0xad/0xe0 [ 9.061357] ? kasan_unpoison_shadow+0x35/0x50 [ 9.061444] ? __asan_register_globals+0x7c/0xa0 [ 9.061534] do_init_module+0x102/0x2ec [ 9.061625] load_module+0x39a4/0x4430 [ 9.061711] ? __symbol_put+0x90/0x90 [ 9.061802] ? module_frob_arch_sections+0x20/0x20 [ 9.061889] ? kernel_read_file+0x2c0/0x340 [ 9.061977] ? __fsnotify_parent+0x2b/0x130 [ 9.063868] ? vfs_read+0x13f/0x1a0 [ 9.063969] ? kernel_read_file+0x121/0x340 [ 9.064065] ? __register_binfmt+0xe0/0xe0 [ 9.064162] ? kernel_read_file_from_fd+0x44/0x70 [ 9.064258] SYSC_finit_module+0x169/0x1a0 [ 9.064354] ? SYSC_init_module+0x1d0/0x1d0 [ 9.064448] ? up_write+0x11/0x30 [ 9.064547] ? vm_mmap_pgoff+0x120/0x150 [ 9.064645] ? SyS_mmap_pgoff+0xa0/0xd0 [ 9.064740] SyS_finit_module+0x9/0x10 [ 9.064836] entry_SYSCALL_64_fastpath+0x17/0x98 [ 9.064928] RIP: 0033:0x7ff70e67c0f9 [ 9.065008] RSP: 002b:00007ffcf8bf9bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 9.065137] RAX: ffffffffffffffda RBX: 00007ff70f8082d1 RCX: 00007ff70e67c0f9 [ 9.065223] RDX: 0000000000000000 RSI: 00007ff70ef94265 RDI: 0000000000000011 [ 9.065308] RBP: 0000000000020000 R08: 0000000000000000 R09: 00007ffcf8bfa150 [ 9.065393] R10: 0000000000000011 R11: 0000000000000246 R12: 0000556d4a74a4d0 [ 9.065478] R13: 0000556d4a74dde0 R14: 0000000000000000 R15: 0000556d49baacb8 [ 9.065565] Object at ffff880235652100, in cache kmalloc-8192 size: 8192 [ 9.065648] Allocated: [ 9.065723] PID = 208 [ 9.065807] save_stack_trace+0x16/0x20 [ 9.065891] save_stack+0x46/0xd0 [ 9.065984] kasan_kmalloc+0xad/0xe0 [ 9.066320] intel_engines_init_early+0xea/0x2f0 [i915] [ 9.066639] i915_driver_load+0x455/0x1cb0 [i915] [ 9.066955] i915_pci_probe+0x65/0xe0 [i915] [ 9.067050] pci_device_probe+0xda/0x140 [ 9.067145] driver_probe_device+0x400/0x660 [ 9.067240] __driver_attach+0x115/0x120 [ 9.067334] bus_for_each_dev+0xe3/0x140 [ 9.067431] driver_attach+0x26/0x30 [ 9.067525] bus_add_driver+0x268/0x3b0 [ 9.067620] driver_register+0xce/0x190 [ 9.067714] __pci_register_driver+0xab/0xc0 [ 9.068057] i915_init+0x63/0x6a [i915] [ 9.068152] do_one_initcall+0x8b/0x1e0 [ 9.068251] do_init_module+0x102/0x2ec [ 9.068345] load_module+0x39a4/0x4430 [ 9.068439] SYSC_finit_module+0x169/0x1a0 [ 9.068533] SyS_finit_module+0x9/0x10 [ 9.068625] entry_SYSCALL_64_fastpath+0x17/0x98 [ 9.068712] Freed: [ 9.068791] PID = 208 [ 9.068873] save_stack_trace+0x16/0x20 [ 9.068957] save_stack+0x46/0xd0 [ 9.069051] kasan_slab_free+0x73/0xc0 [ 9.070889] kfree+0x7e/0x130 [ 9.071222] intel_engines_init+0x138/0x1c0 [i915] [ 9.071557] i915_gem_init+0xf6/0x140 [i915] [ 9.071870] i915_driver_load+0xf48/0x1cb0 [i915] [ 9.072190] i915_pci_probe+0x65/0xe0 [i915] [ 9.072285] pci_device_probe+0xda/0x140 [ 9.072381] driver_probe_device+0x400/0x660 [ 9.072475] __driver_attach+0x115/0x120 [ 9.072578] bus_for_each_dev+0xe3/0x140 [ 9.072671] driver_attach+0x26/0x30 [ 9.072765] bus_add_driver+0x268/0x3b0 [ 9.072859] driver_register+0xce/0x190 [ 9.072953] __pci_register_driver+0xab/0xc0 [ 9.073300] i915_init+0x63/0x6a [i915] [ 9.073406] do_one_initcall+0x8b/0x1e0 [ 9.073501] do_init_module+0x102/0x2ec [ 9.073594] load_module+0x39a4/0x4430 [ 9.073687] SYSC_finit_module+0x169/0x1a0 [ 9.073783] SyS_finit_module+0x9/0x10 [ 9.073875] entry_SYSCALL_64_fastpath+0x17/0x98 [ 9.073970] Memory state around the buggy address: [ 9.074059] ffff880235652000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 9.074189] ffff880235652080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 9.074318] >ffff880235652100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 9.074437] ^ [ 9.074524] ffff880235652180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 9.074659] ffff880235652200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 9.074783] ==================================================================
After reviewing the KASAN dump, my first thought is that this failure is an i915 driver issue since it involves a use-after-free. However, I do not have sufficient information to confirm or proceed any further. - What platform exhibited this issue? - What FW versions were used? - Does the most recent GuC FW still exhibit the failure? - Is there a dmesg dump I can review? Thanks.
The error is obvious from the code. It is not platform dependent (other than the need to have partially setup the guc therefore requiring the guc). It is not firmware dependent. It is simply a bug in the "huc/guc unwind order use-after-free(engine) in i915_load_modeset_init error path". Whilst the error was obvious, fixing the lack of onion unwind was not.
(In reply to Chris Wilson from comment #2) > The error is obvious from the code. It is not platform dependent (other than > the need to have partially setup the guc therefore requiring the guc). It is > not firmware dependent. It is simply a bug in the "huc/guc unwind order > use-after-free(engine) in i915_load_modeset_init error path". > > Whilst the error was obvious, fixing the lack of onion unwind was not. Hello, Has these problem been fixed yet? Is there any information to share? Thank you.
I believe some changes were submitted in March, but it's not clear to me whether these changes fixed the problem. Details on those changes are here: https://patchwork.freedesktop.org/series/21726/.
No, this hasn't been fixed. Just look at the code.
(In reply to Chris Wilson from comment #5) > No, this hasn't been fixed. Just look at the code. Hello, Then I'm changing to REOPEN for continuation. Thank you.
First of all. Sorry about spam. This is mass update for our bugs. Sorry if you feel this annoying but with this trying to understand if bug still valid or not. If bug investigation still in progress, please ignore this and I apologize! If you think this is not anymore valid, please comment to the bug that can be closed. If you haven't tested with our latest pre-upstream tree(drm-tip), can you do that also to see if issue is valid there still and if you cannot see issue there, please comment to the bug.
Chris, not looking at code, is this now fixed?
drv_module_reload/basic-reload-inject updated and debugged. For now.
Closing this bug as resolved/fixed.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.