Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752557AbbKVUSL (ORCPT ); Sun, 22 Nov 2015 15:18:11 -0500 Received: from mail-vk0-f50.google.com ([209.85.213.50]:35494 "EHLO mail-vk0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752041AbbKVUSI (ORCPT ); Sun, 22 Nov 2015 15:18:08 -0500 MIME-Version: 1.0 Date: Sun, 22 Nov 2015 22:18:07 +0200 Message-ID: Subject: nouveau: BUG: KASAN: slab-out-of-bounds in memcpy+0x1d/0x40 From: Tommi Rantala To: nouveau@lists.freedesktop.org Cc: DRI Development , LKML Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 6121 Lines: 129 Hello, I'm seeing this kasan report after booting with linus v4.4-rc1-290-g3ad5d7e. BUG: KASAN: slab-out-of-bounds in memcpy+0x1d/0x40 at addr ffff880169e21fd0 Read of size 64 by task kworker/1:0/14 ============================================================================= BUG kmalloc-8192 (Not tainted): kasan: bad access detected ----------------------------------------------------------------------------- Disabling lock debugging due to kernel taint INFO: Allocated in register_framebuffer+0x466/0x550 age=30792 cpu=1 pid=1 ___slab_alloc+0x53b/0x560 __slab_alloc+0x3e/0x70 kmem_cache_alloc_trace+0x20f/0x290 register_framebuffer+0x466/0x550 drm_fb_helper_initial_config+0x5a1/0x800 nouveau_fbcon_init+0x148/0x180 nouveau_drm_load+0x583/0xf30 drm_dev_register+0xb9/0xd0 drm_get_pci_dev+0x176/0x370 nouveau_drm_probe+0x2f2/0x3c0 local_pci_probe+0x75/0xd0 pci_device_probe+0x19f/0x1f0 driver_probe_device+0x208/0x6c0 __driver_attach+0xb8/0xc0 bus_for_each_dev+0xe6/0x150 driver_attach+0x26/0x30 INFO: Slab 0xffffea0005a78800 objects=3 used=3 fp=0x (null) flags=0x200000000004080 INFO: Object 0xffff880169e20000 @offset=0 fp=0x (null) Object ffff880169e20000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff880169e20010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ ... Object ffff880169e20fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ................ Object ffff880169e20fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff880169e20fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ................ Object ffff880169e20ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ CPU: 1 PID: 14 Comm: kworker/1:0 Tainted: G B 4.4.0-rc1+ #1 Hardware name: Dell Inc. OptiPlex 990/0D6H9T, BIOS A06 07/25/2011 Workqueue: events_power_efficient fb_flashcursor ffffea0005a78800 ffff8801740ef7f0 ffffffff818a802e ffff880174c04e00 ffff8801740ef820 ffffffff813030e4 ffff880174c04e00 ffffea0005a78800 ffff880169e20000 ffff880169e21fd0 ffff8801740ef848 ffffffff813063ef Call Trace: [] dump_stack+0x4b/0x6d [] print_trailer+0xf4/0x150 [] object_err+0x2f/0x40 [] kasan_report_error+0x20d/0x510 [] ? native_sched_clock+0x67/0x140 [] kasan_report+0x34/0x40 [] ? memcpy+0x1d/0x40 [] __asan_loadN+0x12a/0x180 [] memcpy+0x1d/0x40 [] OUT_RINGp+0x75/0x90 [] nvc0_fbcon_imageblit+0x462/0x6c0 [] nouveau_fbcon_imageblit+0xfd/0x110 [] soft_cursor+0x2f6/0x400 [] bit_cursor+0xb14/0xb60 [] ? update_attr.isra.0+0xc0/0xc0 [] ? fb_flashcursor+0x33/0x1b0 [] ? fb_get_color_depth+0x7f/0xb0 [] ? get_color+0xd6/0x1d0 [] ? update_attr.isra.0+0xc0/0xc0 [] fb_flashcursor+0x19f/0x1b0 [] process_one_work+0x3fe/0xae0 [] ? process_one_work+0x32e/0xae0 [] ? try_to_grab_pending+0x200/0x200 [] ? debug_lockdep_rcu_enabled+0x35/0x40 [] worker_thread+0x8a/0x7f0 [] ? process_one_work+0xae0/0xae0 [] kthread+0x185/0x1b0 [] ? __kthread_parkme+0xe0/0xe0 [] ? acpi_ps_parse_loop+0x41c/0xab8 [] ? trace_hardirqs_on_caller+0x186/0x280 [] ? ddebug_add_module+0x38/0x130 [] ? __kthread_parkme+0xe0/0xe0 [] ret_from_fork+0x3f/0x70 [] ? __kthread_parkme+0xe0/0xe0 Memory state around the buggy address: ffff880169e21f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff880169e21f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff880169e22000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff880169e22080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880169e22100: fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00 ================================================================== Some nouveau messages from the boot, if this helps: nouveau 0000:01:00.0: NVIDIA GF119 (0d90a0a1) nouveau 0000:01:00.0: bios: version 75.19.55.00.02 nouveau 0000:01:00.0: fb: 1024 MiB DDR3 [TTM] Zone kernel: Available graphics memory: 2590256 kiB [TTM] Zone dma32: Available graphics memory: 2097152 kiB [TTM] Initializing pool allocator [TTM] Initializing DMA pool allocator nouveau 0000:01:00.0: DRM: VRAM: 1024 MiB nouveau 0000:01:00.0: DRM: GART: 1048576 MiB nouveau 0000:01:00.0: DRM: TMDS table version 2.0 nouveau 0000:01:00.0: DRM: DCB version 4.0 nouveau 0000:01:00.0: DRM: DCB outp 00: 02000300 00000000 nouveau 0000:01:00.0: DRM: DCB outp 01: 01000302 00020030 nouveau 0000:01:00.0: DRM: DCB outp 02: 02011362 00020010 nouveau 0000:01:00.0: DRM: DCB outp 03: 04022310 00000000 nouveau 0000:01:00.0: DRM: DCB conn 00: 00001030 nouveau 0000:01:00.0: DRM: DCB conn 01: 00002161 nouveau 0000:01:00.0: DRM: DCB conn 02: 00000200 [drm] Supports vblank timestamp caching Rev 2 (21.10.2013). [drm] Driver supports precise vblank timestamp query. nouveau 0000:01:00.0: DRM: MM: using COPY0 for buffer copies nouveau 0000:01:00.0: No connectors reported connected with modes [drm] Cannot find any crtc or sizes - going 1024x768 nouveau 0000:01:00.0: DRM: allocated 1024x768 fb: 0x60000, bo ffff880169d36e40 fbcon: nouveaufb (fb0) is primary device Console: switching to colour frame buffer device 128x48 nouveau 0000:01:00.0: fb0: nouveaufb frame buffer device [drm] Initialized nouveau 1.3.1 20120801 for 0000:01:00.0 on minor 0 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/