mirror of
https://github.com/hardkernel/linux.git
synced 2026-06-06 02:50:49 +09:00
9fc0dafbd0
The write back related regs locate at offset 0x280, which is large
than origin reg size 0x200. Access these reg will cause reg bak
out of bounds.
[ 1011.665341] ==================================================================
[ 1011.665361] BUG: KASAN: slab-out-of-bounds in vop_mask_write+0xa1/0xd6
[ 1011.665389] Read of size 4 at addr b22e2ac0 by task vo_render_0/2007
[ 1011.665407]
[ 1011.665421] CPU: 1 PID: 2007 Comm: vo_render_0 Tainted: G B O 6.1.118 #2
[ 1011.665442] Hardware name: Generic DT based system
[ 1011.665462] unwind_backtrace from show_stack+0xb/0xc
[ 1011.665495] show_stack from dump_stack_lvl+0x2b/0x34
[ 1011.665531] dump_stack_lvl from print_report+0x4b/0x304
[ 1011.665562] print_report from kasan_report+0x71/0x80
[ 1011.665589] kasan_report from vop_mask_write+0xa1/0xd6
[ 1011.665615] vop_mask_write from vop_initial+0xbff/0x1bd0
[ 1011.665641] vop_initial from vop_crtc_atomic_enable+0x519/0x6fbc
[ 1011.665669] vop_crtc_atomic_enable from drm_atomic_helper_commit_modeset_enables+0x253/0x634
[ 1011.665705] drm_atomic_helper_commit_modeset_enables from rockchip_drm_atomic_helper_commit_tail_rpm+0xa7/0x7c8
[ 1011.665744] rockchip_drm_atomic_helper_commit_tail_rpm from commit_tail+0xe7/0x200
[ 1011.665780] commit_tail from drm_atomic_helper_commit+0x159/0x164
[ 1011.665811] drm_atomic_helper_commit from drm_atomic_commit+0x181/0x1b0
[ 1011.665851] drm_atomic_commit from drm_mode_atomic_ioctl+0xbb5/0xe28
[ 1011.665888] drm_mode_atomic_ioctl from drm_ioctl+0x4af/0x528
[ 1011.665925] drm_ioctl from vfs_ioctl+0x57/0x64
[ 1011.665956] vfs_ioctl from sys_ioctl+0x29f/0xc1c
[ 1011.665983] sys_ioctl from ret_fast_syscall+0x1/0x54
[ 1011.666009] Exception stack(0xf1233fa8 to 0xf1233ff0)
[ 1011.666033] 3fa0: 8b201608 8bbfe308 00000031 c03864bc 8bbfe308 8bbfe2d8
[ 1011.666056] 3fc0: 8b201608 8bbfe308 c03864bc 00000036 8b202630 8b202640 8b202650 8b202638
[ 1011.666079] 3fe0: 9c302ee4 8bbfe2c8 9c2e6f90 9c78bd18
[ 1011.666094]
[ 1011.666104] Allocated by task 61:
[ 1011.666117] kasan_set_track+0x17/0x1a
[ 1011.666144] ____kasan_kmalloc+0x4b/0x4e
[ 1011.666168] devm_kmalloc+0x1f/0xe8
[ 1011.666191] vop_bind+0xe81/0x2840
[ 1011.666212] component_bind_all+0x211/0x518
[ 1011.666237] rockchip_drm_bind+0x5c5/0x1030
[ 1011.666260] try_to_bring_up_aggregate_device+0x33d/0x3d4
[ 1011.666285] component_master_add_with_match+0x179/0x1b0
[ 1011.666310] rockchip_drm_platform_probe+0x241/0x28c
[ 1011.666334] platform_probe+0xa3/0xf4
[ 1011.666352] really_probe+0x267/0x478
[ 1011.666376] __driver_probe_device+0x225/0x240
[ 1011.666399] driver_probe_device+0x41/0xb4
[ 1011.666423] __device_attach_driver+0x99/0x130
[ 1011.666446] bus_for_each_drv+0xe5/0x100
[ 1011.666467] __device_attach+0x14f/0x1e0
[ 1011.666491] bus_probe_device+0x7b/0x158
[ 1011.666513] deferred_probe_work_func+0x177/0x18c
[ 1011.666537] process_one_work+0x387/0x544
[ 1011.666561] process_scheduled_works+0x37/0x38
[ 1011.666583] worker_thread+0x43d/0x52c
[ 1011.666603] kthread+0x179/0x18c
[ 1011.666623] ret_from_fork+0x11/0x2c
[ 1011.666642]
[ 1011.666653] The buggy address belongs to the object at b22e2800
[ 1011.666653] which belongs to the cache kmalloc-1k of size 1024
[ 1011.666672] The buggy address is located 704 bytes inside of
[ 1011.666672] 1024-byte region [b22e2800, b22e2c00)
[ 1011.666693]
[ 1011.666713] The buggy address belongs to the physical page:
[ 1011.666730] page:8dc7e73e refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x424e0
[ 1011.666756] head:8dc7e73e order:3 compound_mapcount:0 compound_pincount:0
[ 1011.666774] flags: 0x10200(slab|head|zone=0)
[ 1011.666805] raw: 00010200 ef0a2b00 00000002 b1201700 00000000 00100010 ffffffff 00000001
[ 1011.666823] page dumped because: kasan: bad access detected
[ 1011.666835]
[ 1011.666845] Memory state around the buggy address:
[ 1011.666861] b22e2980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1011.666877] b22e2a00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 1011.666895] >b22e2a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1011.666908] ^
[ 1011.666922] b22e2b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1011.666938] b22e2b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1011.666953] ==================================================================
Fixes: 83aabef608 ("arm64: dts: rockchip: Add vop support for RV1126B")
Change-Id: I36cf27060350c32d6630be80a5e169cdafdfb26f
Signed-off-by: Chaoyi Chen <chaoyi.chen@rock-chips.com>
Linux kernel
============
There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.
In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``. The formatted documentation can also be read online at:
https://www.kernel.org/doc/html/latest/
There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.