[KASAN] DRM-Tip 5.14 stack-out-of-bounds in unwind_next_frame
Recent DRM-Tip 5.14-rc7 KASAN run on CI had hit on SKL RKL and BWR platforms.
Short log on SKL:
<3> [649.943340] ==================================================================
<3> [649.944993] BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x1372/0x17a0
<3> [649.945003] Read of size 8 at addr ffffffff83c07ea0 by task swapper/0/0
<3> [649.945011]
<3> [649.945014] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.14.0-rc7-g329f62b04cd6-kasan_277+ #1
<3> [649.945023] Hardware name: System manufacturer System Product Name/Z170 PRO GAMING, BIOS 0802 09/02/2015
<3> [649.945032] Call Trace:
<3> [649.945036] <IRQ>
<3> [649.945039] dump_stack_lvl+0x56/0x7b
<3> [649.945045] print_address_description.constprop.10.cold.14+0xe/0x2e2
<3> [649.945054] ? unwind_next_frame+0x1372/0x17a0
<3> [649.945061] ? unwind_next_frame+0x1372/0x17a0
<3> [649.945068] kasan_report.cold.15+0x83/0xdf
<3> [649.945075] ? unwind_next_frame+0x1372/0x17a0
<3> [649.945082] unwind_next_frame+0x1372/0x17a0
<3> [649.945089] ? arch_cpu_idle_exit+0x30/0x30
<3> [649.945096] ? deref_stack_reg+0x70/0x70
<3> [649.945102] ? __module_address+0x3a/0x370
<3> [649.945108] ? execlists_submission_tasklet+0x334/0x6360 [i915]
<3> [649.945219] ? execlists_submission_tasklet+0x334/0x6360 [i915]
<3> [649.945328] ? execlists_submission_tasklet+0x271/0x6360 [i915]
<3> [649.945437] ? is_module_text_address+0x26/0x40
<3> [649.945444] ? execlists_submission_tasklet+0x334/0x6360 [i915]
<3> [649.945559] ? kernel_text_address+0x69/0x120
<3> [649.945566] ? __thaw_task+0x70/0x70
<3> [649.945573] arch_stack_walk+0x86/0xf0
<3> [649.945581] ? arch_cpu_idle_exit+0x30/0x30
<3> [649.945588] stack_trace_save+0x85/0xb0
<3> [649.945595] ? stack_trace_consume_entry+0x160/0x160
<3> [649.945603] kasan_save_stack+0x19/0x40
<3> [649.945609] ? kasan_save_stack+0x19/0x40
<3> [649.945615] ? kasan_record_aux_stack+0xb0/0xc0
<3> [649.945621] ? insert_work+0x43/0x330
<3> [649.945627] ? __queue_work+0x39c/0xd40
<3> [649.945633] ? queue_work_on+0x78/0x90
<3> [649.945639] ? intel_engine_add_retire+0x1fd/0x280 [i915]
<3> [649.945750] ? __execlists_schedule_out+0xa55/0xe30 [i915]
<3> [649.945854] ? execlists_submission_tasklet+0x334/0x6360 [i915]
<3> [649.945962] ? tasklet_action_common.isra.18+0x202/0x2e0
<3> [649.945970] ? __do_softirq+0x1cb/0x84a
<3> [649.945976] ? irq_exit_rcu+0x13b/0x150
<3> [649.945981] ? common_interrupt+0x9b/0xc0
<3> [649.945988] ? asm_common_interrupt+0x1e/0x40
<3> [649.945994] ? arch_cpu_idle_exit+0x30/0x30
<3> [649.946001] ? debug_object_activate+0x327/0x4a0
<3> [649.946008] ? lock_downgrade+0x6e0/0x6e0
<3> [649.946015] ? do_raw_spin_lock+0x121/0x290
<3> [649.946022] ? rwlock_bug.part.2+0x90/0x90
<3> [649.946029] ? rcu_read_lock_bh_held+0xb0/0xb0
<3> [649.946036] ? do_raw_spin_unlock+0x4f/0x250
<3> [649.946043] ? _raw_spin_unlock_irqrestore+0x3d/0x60
<3> [649.946050] ? debug_object_activate+0x327/0x4a0
<3> [649.946057] ? debug_object_assert_init+0x380/0x380
<3> [649.946064] kasan_record_aux_stack+0xb0/0xc0
<3> [649.946071] insert_work+0x43/0x330
<3> [649.946077] __queue_work+0x39c/0xd40
<3> [649.946085] queue_work_on+0x78/0x90
<3> [649.946091] intel_engine_add_retire+0x1fd/0x280 [i915]
<3> [649.946203] ? engine_retire+0xc0/0xc0 [i915]
<3> [649.946313] ? lrc_check_regs+0x11a/0x570 [i915]
<3> [649.946423] __execlists_schedule_out+0xa55/0xe30 [i915]
<3> [649.946529] execlists_submission_tasklet+0x334/0x6360 [i915]
<3> [649.946647] ? execlists_reset_cancel+0xc40/0xc40 [i915]
<3> [649.946754] ? rcu_read_lock_sched_held+0x9c/0xd0
<3> [649.946762] ? rcu_read_lock_bh_held+0xb0/0xb0
<3> [649.946769] ? find_held_lock+0x33/0x1c0
<3> [649.946775] ? wake_bit_function+0x180/0x180
<3> [649.946784] tasklet_action_common.isra.18+0x202/0x2e0
<3> [649.946792] __do_softirq+0x1cb/0x84a
<3> [649.946799] irq_exit_rcu+0x13b/0x150
<3> [649.946805] common_interrupt+0x9b/0xc0
<3> [649.946812] </IRQ>
<3> [649.946816] asm_common_interrupt+0x1e/0x40
<3> [649.946822] RIP: 0010:do_idle+0x0/0x520
<3> [649.946828] Code: 66 2e 0f 1f 84 00 00 00 00 00 c3 0f 1f 44 00 00 66 2e 0f 1f 84 00 00 00 00 00 c7 05 9e 5d 10 03 01 00 00 00 fb c3 0f 1f 40 00 <41> 57 41 56 41 55 41 54 55 53 48 bb 00 00 00 00 00 fc ff df 65 4c
<3> [649.946845] RSP: 0018:ffffffff83c07ec0 EFLAGS: 00000296
<3> [649.946852] RAX: 0000000000000000 RBX: 0000000000000093 RCX: ffffffff82fdde5a
<3> [649.946860] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff83c21500
<3> [649.946867] RBP: 1ffffffff0780fdb R08: fffffbfff07842a1 R09: fffffbfff07842a1
<3> [649.946875] R10: ffffffff83c21507 R11: fffffbfff07842a0 R12: 00000000003d08f0
<3> [649.946882] R13: ffffffff83c21500 R14: 1ffffffff0780fd1 R15: 0000000092f3bc93
<3> [649.946891] ? schedule_idle+0x5a/0x90
<3> [649.946898] cpu_startup_entry+0x14/0x20
<3> [649.946904] start_secondary+0x22e/0x2c0
<3> [649.946911] ? set_cpu_sibling_map+0x1340/0x1340
<3> [649.946917] ? cpu_startup_entry+0x14/0x20
<3> [649.946924] ? start_kernel+0x376/0x394
<3> [649.946931] secondary_startup_64_no_verify+0xb0/0xbb
<3> [649.946941]
<3> [649.946944] KASAN internal error: frame info validation failed; invalid marker: 16
<3> [649.946951]
<3> [649.946954] Memory state around the buggy address:
<3> [649.946960] ffffffff83c07d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3> [649.946968] ffffffff83c07e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3> [649.946975] >ffffffff83c07e80: 00 00 00 00 f1 01 f2 f2 f2 00 00 f1 f1 f1 f1 04
<3> [649.946983] ^
<3> [649.946988] ffffffff83c07f00: f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00
<3> [649.946996] ffffffff83c07f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3> [649.947003] ==================================================================
Full log on SKL RKL and BWR: