https://bugs.freedesktop.org/show_bug.cgi?id=107302
Bug ID: 107302 Summary: UBSAN: member access within null pointer of type 'struct radeon_fpriv' Product: DRI Version: DRI git Hardware: Other OS: All Status: NEW Severity: normal Priority: medium Component: DRM/Radeon Assignee: dri-devel@lists.freedesktop.org Reporter: pmenzel+bugs.freedesktop@molgen.mpg.de
Enabling the undefined behavior sanitizer and building GNU/Linux 4.18-rc5+ (with some unrelated commits) with GCC 8.1.0 from Debian Sid/unstable, the three warnings below are shown.
[ 20.554998] ================================================================================ [ 20.555019] UBSAN: Undefined behaviour in drivers/gpu/drm/radeon/radeon_gem.c:148:20 [ 20.555024] member access within null pointer of type 'struct radeon_fpriv' [ 20.555035] CPU: 1 PID: 284 Comm: Xorg Not tainted 4.18.0-rc5-00316-g4864b68cedf2 #104 [ 20.555038] Hardware name: ASROCK E350M1/E350M1, BIOS TIMELESS 01/01/1970 [ 20.555040] Call Trace: [ 20.555055] dump_stack+0x55/0x89 [ 20.555063] ubsan_epilogue+0xb/0x33 [ 20.555068] handle_null_ptr_deref+0x7f/0x90 [ 20.555075] __ubsan_handle_type_mismatch_v1+0x55/0x60 [ 20.555145] radeon_gem_object_open+0x211/0x2f0 [radeon] [ 20.555172] ? drm_vma_node_allow+0xcd/0x140 [drm] [ 20.555232] ? radeon_gem_fini+0x10/0x10 [radeon] [ 20.555252] drm_gem_handle_create_tail+0xff/0x230 [drm] [ 20.555274] drm_gem_handle_create+0x3d/0x80 [drm] [ 20.555332] radeon_gem_create_ioctl+0x99/0x120 [radeon] [ 20.555390] ? radeon_gem_pwrite_ioctl+0x30/0x30 [radeon] [ 20.555410] drm_ioctl_kernel+0xb8/0x150 [drm] [ 20.555431] drm_ioctl+0x299/0x640 [drm] [ 20.555490] ? radeon_gem_pwrite_ioctl+0x30/0x30 [radeon] [ 20.555498] ? __pagevec_lru_add_fn+0x15d/0x5d0 [ 20.555503] ? __lru_cache_add+0x100/0x100 [ 20.555510] ? __pm_runtime_resume+0x7d/0xe0 [ 20.555560] radeon_drm_ioctl+0x73/0x160 [radeon] [ 20.555612] ? radeon_pci_shutdown+0x60/0x60 [radeon] [ 20.555617] do_vfs_ioctl+0xaf/0x9f0 [ 20.555625] ? __fget_light+0x99/0x110 [ 20.555629] ksys_ioctl+0x60/0x90 [ 20.555633] sys_ioctl+0x16/0x18 [ 20.555639] do_fast_syscall_32+0xce/0x3e0 [ 20.555645] entry_SYSENTER_32+0x4e/0x7c [ 20.555650] EIP: 0xb7fb4bb5 [ 20.555651] Code: 89 e5 8b 55 08 85 d2 8b 80 5c cd ff ff 74 02 89 02 5d c3 8b 04 24 c3 8b 1c 24 c3 8b 3c 24 c3 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 [ 20.555722] EAX: ffffffda EBX: 0000000d ECX: c01c645d EDX: bfe8d850 [ 20.555726] ESI: 00000004 EDI: c01c645d EBP: 0000000d ESP: bfe8d798 [ 20.555729] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00200292 [ 20.555734] ================================================================================ [ 20.559092] ================================================================================ [ 20.559112] UBSAN: Undefined behaviour in drivers/gpu/drm/radeon/radeon_cs.c:540:20 [ 20.559117] member access within null pointer of type 'struct radeon_fpriv' [ 20.559127] CPU: 1 PID: 285 Comm: radeon_cs:0 Not tainted 4.18.0-rc5-00316-g4864b68cedf2 #104 [ 20.559129] Hardware name: ASROCK E350M1/E350M1, BIOS TIMELESS 01/01/1970 [ 20.559132] Call Trace: [ 20.559145] dump_stack+0x55/0x89 [ 20.559152] ubsan_epilogue+0xb/0x33 [ 20.559157] handle_null_ptr_deref+0x7f/0x90 [ 20.559163] __ubsan_handle_type_mismatch_v1+0x55/0x60 [ 20.559236] radeon_cs_ioctl+0xb97/0xbe0 [radeon] [ 20.559244] ? __cgroup_account_cputime+0x47/0x90 [ 20.559311] ? radeon_cs_parser_init+0x7f0/0x7f0 [radeon] [ 20.559334] drm_ioctl_kernel+0xb8/0x150 [drm] [ 20.559355] drm_ioctl+0x299/0x640 [drm] [ 20.559414] ? radeon_cs_parser_init+0x7f0/0x7f0 [radeon] [ 20.559426] ? __pm_runtime_resume+0x7d/0xe0 [ 20.559475] radeon_drm_ioctl+0x73/0x160 [radeon] [ 20.559526] ? radeon_pci_shutdown+0x60/0x60 [radeon] [ 20.559531] do_vfs_ioctl+0xaf/0x9f0 [ 20.559538] ? strlcpy+0x1d/0xc0 [ 20.559544] ? __fget_light+0x99/0x110 [ 20.559547] ksys_ioctl+0x60/0x90 [ 20.559552] sys_ioctl+0x16/0x18 [ 20.559557] do_fast_syscall_32+0xce/0x3e0 [ 20.559563] entry_SYSENTER_32+0x4e/0x7c [ 20.559568] EIP: 0xb7fb4bb5 [ 20.559569] Code: 89 e5 8b 55 08 85 d2 8b 80 5c cd ff ff 74 02 89 02 5d c3 8b 04 24 c3 8b 1c 24 c3 8b 3c 24 c3 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 [ 20.559641] EAX: ffffffda EBX: 0000000d ECX: c0206466 EDX: b174a044 [ 20.559644] ESI: b173a040 EDI: c0206466 EBP: 0000000d ESP: b1fd3008 [ 20.559648] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00200292 [ 20.559652] ================================================================================ [ 21.842145] ================================================================================ [ 21.842171] UBSAN: Undefined behaviour in drivers/gpu/drm/radeon/radeon_gem.c:179:20 [ 21.842179] member access within null pointer of type 'struct radeon_fpriv' [ 21.842196] CPU: 1 PID: 284 Comm: Xorg Not tainted 4.18.0-rc5-00316-g4864b68cedf2 #104 [ 21.842200] Hardware name: ASROCK E350M1/E350M1, BIOS TIMELESS 01/01/1970 [ 21.842204] Call Trace: [ 21.842231] dump_stack+0x55/0x89 [ 21.842242] ubsan_epilogue+0xb/0x33 [ 21.842250] handle_null_ptr_deref+0x7f/0x90 [ 21.842262] __ubsan_handle_type_mismatch_v1+0x55/0x60 [ 21.842367] radeon_gem_object_close+0x232/0x310 [radeon] [ 21.842406] drm_gem_object_release_handle+0x48/0x110 [drm] [ 21.842439] drm_gem_handle_delete+0x5f/0xc0 [drm] [ 21.842472] ? drm_gem_handle_create+0x80/0x80 [drm] [ 21.842503] drm_gem_close_ioctl+0x36/0x90 [drm] [ 21.842536] drm_ioctl_kernel+0xb8/0x150 [drm] [ 21.842570] drm_ioctl+0x299/0x640 [drm] [ 21.842604] ? drm_gem_handle_create+0x80/0x80 [drm] [ 21.842615] ? __switch_to_asm+0x33/0x4c [ 21.842620] ? __switch_to_asm+0x27/0x4c [ 21.842625] ? __switch_to_asm+0x33/0x4c [ 21.842630] ? __switch_to_asm+0x27/0x4c [ 21.842635] ? __switch_to_asm+0x33/0x4c [ 21.842640] ? __switch_to_asm+0x27/0x4c [ 21.842652] ? __pm_runtime_resume+0x7d/0xe0 [ 21.842733] radeon_drm_ioctl+0x73/0x160 [radeon] [ 21.842815] ? radeon_pci_shutdown+0x60/0x60 [radeon] [ 21.842823] do_vfs_ioctl+0xaf/0x9f0 [ 21.842831] ? remove_vma+0x45/0x60 [ 21.842836] ? remove_vma+0x45/0x60 [ 21.842844] ? do_munmap+0x18b/0x4d0 [ 21.842852] ? __fget_light+0x99/0x110 [ 21.842859] ksys_ioctl+0x60/0x90 [ 21.842866] sys_ioctl+0x16/0x18 [ 21.842874] do_fast_syscall_32+0xce/0x3e0 [ 21.842881] entry_SYSENTER_32+0x4e/0x7c [ 21.842888] EIP: 0xb7fb4bb5 [ 21.842891] Code: 89 e5 8b 55 08 85 d2 8b 80 5c cd ff ff 74 02 89 02 5d c3 8b 04 24 c3 8b 1c 24 c3 8b 3c 24 c3 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 [ 21.843006] EAX: ffffffda EBX: 0000000d ECX: 40086409 EDX: bfe8dfbc [ 21.843011] ESI: 01004300 EDI: 40086409 EBP: 0000000d ESP: bfe8df28 [ 21.843017] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000292 [ 21.843024] ================================================================================
https://bugs.freedesktop.org/show_bug.cgi?id=107302
Martin Peres martin.peres@free.fr changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |MOVED Status|NEW |RESOLVED
--- Comment #1 from Martin Peres martin.peres@free.fr --- -- GitLab Migration Automatic Message --
This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.
You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/drm/amd/issues/853.
dri-devel@lists.freedesktop.org
-
bugzilla-daemon@freedesktop.org