From nobody Thu Dec 18 01:05:19 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6D1C4C77B7F for ; Wed, 26 Apr 2023 02:00:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239301AbjDZCAX (ORCPT ); Tue, 25 Apr 2023 22:00:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55382 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233421AbjDZCAU (ORCPT ); Tue, 25 Apr 2023 22:00:20 -0400 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2077.outbound.protection.outlook.com [40.107.94.77]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 587C613E for ; Tue, 25 Apr 2023 19:00:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gWwV8+W12IzjMfq/BfL2jGMtEMu3xzOcra0TvjDT5qfQ9cbSo7SdLdrheQNErFLV9FrQD9HA5dNTJT531geSbDQRYK8+g3UZJjnvBsEdwBmwPqKAE4tAk2qzWu7GUJZsE0qEOfz6DTKKjpO7ACGP6wHAqGdx0R+hgRnSM2xO3A1ZyYauBZk6ywr4IV8EV4sm3I5BKfZNAG6nGnHdydWPjDHcGG36SIzuAFePO+wttiybr4b8drymDf7g1/jPSa+n3cR0ANiPUNdp8qKUTjJRwjQw64y/EZp8CWXSNPlnO/CzTras7bJ5Q308cuiJ3i7AVhqc7mSjM3R+42w9UejtCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HNKeOM1PyklrzgzH2f6XfZFAu7VOvFJbe1zCTb4cY68=; b=cIxA+AJN2qblb5K8uAglmxTc2ogZVKwx76xzgRCUT7P4ekN4FawncAnbWDhz6j16uxsJfr/4eeXigsGKNbhumnhBR7WRHotFNPQMzgKm9Cb6nQpnv39WuQFmtpWM9HCOiBILerwuBUGjngwVCiUq9iGfLUvLT32N8epk4oaTR5eFqtRIhXsCqyFGRo6Tn5oQp3DTTbrYaIiFaWdxT8bfEQnGzqtO7wxx1ZvLQ44rKIbSa3Ju6cFLPjQTUHvzjzHsITuhCdYlA8wHSl3djRpsoejFh4F23EvC+t+7/BWW7sVEzwF7kHzHVmBhnEeqfKxdFM2HHZLDiE6FOwO+w5kd0w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HNKeOM1PyklrzgzH2f6XfZFAu7VOvFJbe1zCTb4cY68=; b=2jcTrOrGgbUiYfM4qhpPYHd4yjuu/L/fLC84WgESPewsA/Da6ALY1TvkzxJGuaTekZTg0zgLbUDpUmsyMAplRc4de69NDSuEsmhMwzqYbrtZE3+NohKcU/sPXnaQecZmjZv9c8dwfRnusBRSUgFkRDSUGpv2QkvtSj29rn5TnH0= Received: from BL0PR12MB2465.namprd12.prod.outlook.com (2603:10b6:207:45::18) by PH7PR12MB7116.namprd12.prod.outlook.com (2603:10b6:510:1ef::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.28; Wed, 26 Apr 2023 02:00:14 +0000 Received: from BL0PR12MB2465.namprd12.prod.outlook.com ([fe80::de6e:6dca:30d6:3fe9]) by BL0PR12MB2465.namprd12.prod.outlook.com ([fe80::de6e:6dca:30d6:3fe9%7]) with mapi id 15.20.6319.034; Wed, 26 Apr 2023 02:00:14 +0000 From: "Chen, Guchun" To: Mikhail Gavrilov , "Koenig, Christian" CC: Daniel Vetter , dri-devel , amd-gfx list , Linux List Kernel Mailing Subject: RE: BUG: KASAN: null-ptr-deref in drm_sched_job_cleanup+0x96/0x290 [gpu_sched] Thread-Topic: BUG: KASAN: null-ptr-deref in drm_sched_job_cleanup+0x96/0x290 [gpu_sched] Thread-Index: AQHZcoynb8yUAKWHQEyDBs7o0ZqjPK8ySD4AgABULACAAABvgIAAZSYAgAD2cYCAAAlqgIAICkqAgADT/3A= Date: Wed, 26 Apr 2023 02:00:13 +0000 Message-ID: References: <10b2570f-a297-d236-fa7b-2e001a4dff12@gmail.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: BL0PR12MB2465:EE_|PH7PR12MB7116:EE_ x-ms-office365-filtering-correlation-id: 5dde8213-6abf-4e28-6a96-08db45f9f99d x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Q5ZvXlY/jLJou1dlXzpY6tvai54PANxpTGgfpECpfmz8xpVtgCSXxXOvUhL2ZHrZNm1VFBDOXM1Q+VbrabCYInnbtHfKiH9OZ7IhE88mpfrooz+681yPxa5RqH1tF4R+0mnKt5sqM2Vp/ekYI9+hfFhhEdxfeRPiDigqK72C4UgfOtFc40dkuHNoKPmeKR3xIhTnsJAVoy5+kYsUUHB7x2S6s9jAx6yPzQTtD32imSfebTnB5l9IAhOqjlEo8PDZmvnOgev+6cAFtuHSWUgI1ZGtUEuIRTv7ePBC2Ibo+Xms8DrlLicorg71ZIIaoofHuxhzUebXDZsa8opsz4q5DVuja+X031eVIQN6aeqrEMkd17ISHu9uGtxUMB8HmZ4mywkIyx44LB5AY4uBe/ieyjgZ+5Fe68+egjJlO5KTwWx9GqWwCbxT1mbJxUHtJIUJVlglo5bxxoHFb9b91N6quAEfC9FtJPaCX7aibUXpF5A3t4nl31dyY2duJDEs4H4yMQWkkpH+CpmdxPI8+LYn9zB/Zk2R8gYNOPwwir7z/+TxRyPVY7V9xm7YbmXb5i0ox3KszSt8GvKDQYtxyfiboI3tX0AHtHe0wXQv8nN10J1tHUhA3wCFkKq/FIJrIYC8SML8MYcEN3tokQVC9HsDfQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BL0PR12MB2465.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(4636009)(39860400002)(376002)(396003)(346002)(366004)(136003)(451199021)(83380400001)(41300700001)(316002)(966005)(26005)(53546011)(6506007)(186003)(9686003)(99936003)(54906003)(122000001)(110136005)(7696005)(71200400001)(38100700002)(66556008)(76116006)(4326008)(55016003)(66476007)(6636002)(66946007)(66446008)(5660300002)(478600001)(38070700005)(64756008)(8936002)(8676002)(52536014)(2906002)(33656002)(86362001);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?B?ZlE3aElub1hBTmIvZlk2LzJwNWV5N1lhcHo3OHNSc3NjMkZQMS8wZitqYU96?= =?utf-8?B?OUhVT0E3QUhzbGdsVjF2WHNIVW5BUGE2Uk5PMlNJa1p4QWxFWTV3MDZxSTBj?= =?utf-8?B?ZVJDWVoySUtycXllZnRoMVVUZS9DUGFEeHVZZjhzVy9DaS9vQ1hPMy9jMHVs?= =?utf-8?B?MUltQ1RoaTBvZjVoNnNCMm8zZCtzR2NpODBmc0ViblhUT1EwUkVOUlJ3d2dm?= =?utf-8?B?eU0rVEZLd3ZPYWpMTHM1dVpQOVgyMUZhbmpSNHZ0cTZNbUc0QmRDa1p6ZktN?= =?utf-8?B?bi9DVkQ0em8vZksyamc4cEw0R2c5RmpsbWJSSSt3QlJBeTR3TkhjTWZKSGNX?= =?utf-8?B?TUdMbVpPYzR1R2IybGZoNGNlL2lwaUUxdGJIV3h2UitqRGFWbXQ0TjIxY2Ry?= =?utf-8?B?SWZjZHBibXZ5RDlTd3dhQXFKSTlDc2dmcXMvWVFuMkxkYlZrNFp2S3crbXBi?= =?utf-8?B?NTA0UFhrNFJDdlB3VGZiTmlwSUhkTkFqNmZnSEYzNEpTQ0pENTZWUHYxWFZO?= =?utf-8?B?ZlhVS2Q5S0tYTXFzSkdraVV4KzBlTnl6eUo4RkNYbnpBK1lNYVpxZVRiUnN2?= =?utf-8?B?dmQ4OWZOaGk5T3UyVzdRdHlPU2NPeWt1OENXTjF4dUtGaDVUcnR5U2pBc0Zz?= =?utf-8?B?ODgrR1BrMmFxUW5BaDU1c0tsUER1YjF5S3cycTQvQlRBYTVMN3ZQaWtZYjFk?= =?utf-8?B?R3oyUHUwUTU1dndDaklSTXlFYlAzN3pwRDN3MWRIOWp6U2FPYnh4U1J0YnVO?= =?utf-8?B?Vk11ck4rY0NYTndyN0NQaisrR1BaZjV1UzZjTzV1Wm5OL2FqNzdXY1VnTUx4?= =?utf-8?B?NXdUN0I4L1owc1J4ZkptQ1BId3IyckVpeXdWRFhPYmNwVHByaTdkbG5CbllD?= =?utf-8?B?dU9qUzJyTTlQZ2xvdEI3Q0lHTEx3UkQ0c0FxcVVTSWpDb29RbjNiaXp2QXJE?= =?utf-8?B?cFZYcGQvREtPV2FBV2EwVVhXK3pJWWVWc2kzcnk2Zk5WUUlpWGM5Z0QxdHFt?= =?utf-8?B?YmQrQzhqVEFRU052NVU5clo5eXZybmxtWkl1SWl3T0VXQVRadGVhQ1Q3YVJP?= =?utf-8?B?V2dyZ1p6WGRzaDA0RDA2RVNwNDJNZzlCT1BKemJ6bFozb0g0UDFWbzFyUDFt?= =?utf-8?B?UCswMzBiWHhVbTZnWHIvUmQrVkhlbHdFb2s0TWVDWHhnSGR4WldQdnRxd0Fn?= =?utf-8?B?OUhZbkYwbVBrdExIMmY0TUhCV05RSld5TEhxMWZ3VzlISis0YXlCOEVxUHhC?= =?utf-8?B?UlQ2bGdmYkxMVTlGMnFaQjRBUkp3RDNPRXI3MWM5U2dKVnVhR0pSUmlFYVlQ?= =?utf-8?B?dkhVZ3huYzJOUTJKVUpKRzMvVGtaUzloZ1A5dFY3MjRGRzNiWldaV2NnZ2dl?= =?utf-8?B?eWlCVy9qczFhMEVtS0hXM2l2V0pBbnphd082NDdnZzJmMWRJbVh2S0Q2U1JY?= =?utf-8?B?azNyMThHM3JONnNPeFdhVUY1bENvSzFQSnVOemYyNVYyNjJXMTBsUGFkQUFh?= =?utf-8?B?K0ZOOWEzMW5RcHFtWG1ndGxBYnBudEJYQWZsUDNQOEdmY1BSMDREd1dGRENU?= =?utf-8?B?d3UzNUQzdHJmOUt5K3VMc1JzcWVNaXR2UDZ6YzJ1TkZsL2VabFlDbFpHWUNw?= =?utf-8?B?eTRnWXNDU3RlWGZDMWc2N1l3RTF4c0Zjd3MyTW91MWNCVWZkaUZHZ3lQQXpz?= =?utf-8?B?LzlWRmZSSUQ5ais5NHZES3crWkV0UHg5STFQVktKN2Vtckg2cUU4TzQwRHJr?= =?utf-8?B?TkhEd2J5UkFlSVZTYjNXUExLamhnYm9nN2hjenh5RFlGSmpqQXZpS0wvbE9O?= =?utf-8?B?YUdZdjJBUk42N21qMTl2dmxmZDJMeWpSanR2ZWhKSVh6bXlYVDNZSnBoVFJo?= =?utf-8?B?bEdxVWlVRjA5T1F2RkdXcUtwakQrcXh4RVAvQlJGVEtDalNsOWpHRWFVYW42?= =?utf-8?B?MFllVG1YWFRmMFRaMHNEZEdYWGY3RFRnaTVGOUlxQ0t5SHJsU01odStESnpL?= =?utf-8?B?bTNvVjZYRGs0SW5VQ3AxSldrcjYraG1DdjRFOUNpN2pvTGI5aVdGZVhrMzJn?= =?utf-8?B?Tk5NT002dmU5TkdiZnV4NDR3ZmVxLzJ2c3QyRFA2VmswbEVhSTB5MytKQnFw?= =?utf-8?Q?EX7o=3D?= Content-Type: multipart/mixed; boundary="_002_BL0PR12MB2465BE82A18038353E48E025F1659BL0PR12MB2465namp_" MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BL0PR12MB2465.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5dde8213-6abf-4e28-6a96-08db45f9f99d X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Apr 2023 02:00:14.0057 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: pxauCZaBkMAfTtegq5dMFy4HcepsNPnnDv5O4KuihmXsCJG3fPD5poUFlGwt71QCwJRDmcQ6aVJe8CIZ4EaaXA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB7116 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --_002_BL0PR12MB2465BE82A18038353E48E025F1659BL0PR12MB2465namp_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 After reviewing this whole history, maybe attached patch is able to fix you= r problem. Can you have a try please? Regards, Guchun > -----Original Message----- > From: amd-gfx On Behalf Of > Mikhail Gavrilov > Sent: Tuesday, April 25, 2023 9:20 PM > To: Koenig, Christian > Cc: Daniel Vetter ; dri-devel devel@lists.freedesktop.org>; amd-gfx list ; > Linux List Kernel Mailing > Subject: Re: BUG: KASAN: null-ptr-deref in > drm_sched_job_cleanup+0x96/0x290 [gpu_sched] >=20 > On Thu, Apr 20, 2023 at 3:32=E2=80=AFPM Mikhail Gavrilov > wrote: > > > > Important don't give up. > > https://youtu.be/25zhHBGIHJ8 [40 min] > > https://youtu.be/utnDR26eYBY [50 min] > > https://youtu.be/DJQ_tiimW6g [12 min] > > https://youtu.be/Y6AH1oJKivA [6 min] > > Yes the issue is everything reproducible, but time to time it not > > happens at first attempt. > > I also uploaded other videos which proves that the issue definitely > > exists if someone will launch those games in turn. > > Reproducibility is only a matter of time. > > > > Anyway I didn't want you to spend so much time trying to reproduce it. > > This monkey business fits me more than you. > > It would be better if I could collect more useful info. >=20 > Christian, > Did you manage to reproduce the problem? >=20 > At the weekend I faced with slab-use-after-free in > amdgpu_vm_handle_moved. > I didn't play in the games at this time. > The Xwayland process was affected so it leads to desktop hang. >=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D > BUG: KASAN: slab-use-after-free in > amdgpu_vm_handle_moved+0x286/0x2d0 [amdgpu] Read of size 8 at addr > ffff888295c66190 by task Xwayland:cs0/173185 >=20 > CPU: 21 PID: 173185 Comm: Xwayland:cs0 Tainted: G W L > ------- --- 6.3.0-0.rc7.20230420gitcb0856346a60.59.fc39.x86_64+debug > #1 > Hardware name: System manufacturer System Product Name/ROG STRIX > X570-I GAMING, BIOS 4601 02/02/2023 Call Trace: > > dump_stack_lvl+0x76/0xd0 > print_report+0xcf/0x670 > ? amdgpu_vm_handle_moved+0x286/0x2d0 [amdgpu] ? > amdgpu_vm_handle_moved+0x286/0x2d0 [amdgpu] > kasan_report+0xa8/0xe0 > ? amdgpu_vm_handle_moved+0x286/0x2d0 [amdgpu] > amdgpu_vm_handle_moved+0x286/0x2d0 [amdgpu] > amdgpu_cs_ioctl+0x2b7e/0x5630 [amdgpu] > ? __pfx___lock_acquire+0x10/0x10 > ? __pfx_amdgpu_cs_ioctl+0x10/0x10 [amdgpu] ? mark_lock+0x101/0x16e0 ? > __lock_acquire+0xe54/0x59f0 ? __pfx_lock_release+0x10/0x10 ? > __pfx_amdgpu_cs_ioctl+0x10/0x10 [amdgpu] > drm_ioctl_kernel+0x1fc/0x3d0 > ? __pfx_drm_ioctl_kernel+0x10/0x10 > drm_ioctl+0x4c5/0xaa0 > ? __pfx_amdgpu_cs_ioctl+0x10/0x10 [amdgpu] ? > __pfx_drm_ioctl+0x10/0x10 ? _raw_spin_unlock_irqrestore+0x66/0x80 > ? lockdep_hardirqs_on+0x81/0x110 > ? _raw_spin_unlock_irqrestore+0x4f/0x80 > amdgpu_drm_ioctl+0xd2/0x1b0 [amdgpu] > __x64_sys_ioctl+0x131/0x1a0 > do_syscall_64+0x60/0x90 > ? do_syscall_64+0x6c/0x90 > ? lockdep_hardirqs_on+0x81/0x110 > ? do_syscall_64+0x6c/0x90 > ? lockdep_hardirqs_on+0x81/0x110 > ? do_syscall_64+0x6c/0x90 > ? lockdep_hardirqs_on+0x81/0x110 > ? do_syscall_64+0x6c/0x90 > ? lockdep_hardirqs_on+0x81/0x110 > entry_SYSCALL_64_after_hwframe+0x72/0xdc > RIP: 0033:0x7ffb71b0892d > Code: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10 c7 45 b0 10 00 > 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00 00 0f 05 <89> c2 3d= 00 > f0 ff ff 77 1a 48 8b 45 c8 64 48 2b 04 25 28 00 00 00 > RSP: 002b:00007ffb677fe840 EFLAGS: 00000246 ORIG_RAX: > 0000000000000010 > RAX: ffffffffffffffda RBX: 00007ffb677fe9f8 RCX: 00007ffb71b0892d > RDX: 00007ffb677fe900 RSI: 00000000c0186444 RDI: 000000000000000d > RBP: 00007ffb677fe890 R08: 00007ffb677fea50 R09: 00007ffb677fe8e0 > R10: 0000556c4611bec0 R11: 0000000000000246 R12: 00007ffb677fe900 > R13: 00000000c0186444 R14: 000000000000000d R15: 00007ffb677fe9f8 > >=20 > Allocated by task 173181: > kasan_save_stack+0x33/0x60 > kasan_set_track+0x25/0x30 > __kasan_kmalloc+0x8f/0xa0 > __kmalloc_node+0x65/0x160 > amdgpu_bo_create+0x31e/0xfb0 [amdgpu] > amdgpu_bo_create_user+0xca/0x160 [amdgpu] > amdgpu_gem_create_ioctl+0x398/0x980 [amdgpu] > drm_ioctl_kernel+0x1fc/0x3d0 > drm_ioctl+0x4c5/0xaa0 > amdgpu_drm_ioctl+0xd2/0x1b0 [amdgpu] > __x64_sys_ioctl+0x131/0x1a0 > do_syscall_64+0x60/0x90 > entry_SYSCALL_64_after_hwframe+0x72/0xdc >=20 > Freed by task 173185: > kasan_save_stack+0x33/0x60 > kasan_set_track+0x25/0x30 > kasan_save_free_info+0x2e/0x50 > __kasan_slab_free+0x10b/0x1a0 > slab_free_freelist_hook+0x11e/0x1d0 > __kmem_cache_free+0xc0/0x2e0 > ttm_bo_release+0x667/0x9e0 [ttm] > amdgpu_bo_unref+0x35/0x70 [amdgpu] > amdgpu_gem_object_free+0x73/0xb0 [amdgpu] > drm_gem_handle_delete+0xe3/0x150 > drm_ioctl_kernel+0x1fc/0x3d0 > drm_ioctl+0x4c5/0xaa0 > amdgpu_drm_ioctl+0xd2/0x1b0 [amdgpu] > __x64_sys_ioctl+0x131/0x1a0 > do_syscall_64+0x60/0x90 > entry_SYSCALL_64_after_hwframe+0x72/0xdc >=20 > Last potentially related work creation: > kasan_save_stack+0x33/0x60 > __kasan_record_aux_stack+0x97/0xb0 > __call_rcu_common.constprop.0+0xf8/0x1af0 > drm_sched_fence_release_scheduled+0xb8/0xe0 [gpu_sched] > dma_resv_reserve_fences+0x4dc/0x7f0 > ttm_eu_reserve_buffers+0x3f6/0x1190 [ttm] > amdgpu_cs_ioctl+0x204d/0x5630 [amdgpu] > drm_ioctl_kernel+0x1fc/0x3d0 > drm_ioctl+0x4c5/0xaa0 > amdgpu_drm_ioctl+0xd2/0x1b0 [amdgpu] > __x64_sys_ioctl+0x131/0x1a0 > do_syscall_64+0x60/0x90 > entry_SYSCALL_64_after_hwframe+0x72/0xdc >=20 > Second to last potentially related work creation: > kasan_save_stack+0x33/0x60 > __kasan_record_aux_stack+0x97/0xb0 > __call_rcu_common.constprop.0+0xf8/0x1af0 > drm_sched_fence_release_scheduled+0xb8/0xe0 [gpu_sched] > amdgpu_ctx_add_fence+0x2b1/0x390 [amdgpu] > amdgpu_cs_ioctl+0x44d0/0x5630 [amdgpu] > drm_ioctl_kernel+0x1fc/0x3d0 > drm_ioctl+0x4c5/0xaa0 > amdgpu_drm_ioctl+0xd2/0x1b0 [amdgpu] > __x64_sys_ioctl+0x131/0x1a0 > do_syscall_64+0x60/0x90 > entry_SYSCALL_64_after_hwframe+0x72/0xdc >=20 > The buggy address belongs to the object at ffff888295c66000 which belongs > to the cache kmalloc-1k of size 1024 The buggy address is located 400 byt= es > inside of freed 1024-byte region [ffff888295c66000, ffff888295c66400) >=20 > The buggy address belongs to the physical page: > page:00000000125ffbe3 refcount:1 mapcount:0 mapping:0000000000000000 > index:0x0 pfn:0x295c60 > head:00000000125ffbe3 order:3 entire_mapcount:0 nr_pages_mapped:0 > pincount:0 anon flags: > 0x17ffffc0010200(slab|head|node=3D0|zone=3D2|lastcpupid=3D0x1fffff) > raw: 0017ffffc0010200 ffff88810004cdc0 0000000000000000 > dead000000000001 > raw: 0000000000000000 0000000000100010 00000001ffffffff > 0000000000000000 page dumped because: kasan: bad access detected >=20 > Memory state around the buggy address: > ffff888295c66080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb > ffff888295c66100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb > >ffff888295c66180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb > ^ > ffff888295c66200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb > ffff888295c66280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D >=20 > -- > Best Regards, > Mike Gavrilov. --_002_BL0PR12MB2465BE82A18038353E48E025F1659BL0PR12MB2465namp_ Content-Type: application/octet-stream; name="0001-drm-amdgpu-drop-redudant-sched-job-cleanup-when-cs-i.patch" Content-Description: 0001-drm-amdgpu-drop-redudant-sched-job-cleanup-when-cs-i.patch Content-Disposition: attachment; filename="0001-drm-amdgpu-drop-redudant-sched-job-cleanup-when-cs-i.patch"; size=1953; creation-date="Wed, 26 Apr 2023 01:59:09 GMT"; modification-date="Wed, 26 Apr 2023 02:00:13 GMT" Content-Transfer-Encoding: base64 RnJvbSA3NTlmMTQ0YjNiMDQzNjQ2NTdlY2EyYWFkYmVjODhkZmEyY2FkYjcyIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBHdWNodW4gQ2hlbiA8Z3VjaHVuLmNoZW5AYW1kLmNvbT4KRGF0 ZTogV2VkLCAyNiBBcHIgMjAyMyAwOTo0Njo1NCArMDgwMApTdWJqZWN0OiBbUEFUQ0hdIGRybS9h bWRncHU6IGRyb3AgcmVkdWRhbnQgc2NoZWQgam9iIGNsZWFudXAgd2hlbiBjcyBpcwogYWJvcnRl ZAoKT25jZSBjb21tYW5kIHN1Ym1pc3Npb24gZmFpbGVkIGR1ZSB0byB1c2VycHRyIGludmFsaWRh dGlvbiBpbgphbWRncHVfY3Nfc3VibWl0LCBsZWdhY3kgY29kZSB3aWxsIHBlcmZvcm0gY2xlYW51 cCBvZiBzY2hlZHVsZXIKam9iLiBIb3dldmVyLCBpdCdzIG5vdCBuZWVkZWQgYXQgYWxsLCBhcyBm N2Q2NmZiMmVhNDMgaGFzIGludGVncmF0ZWQKam9iIGNsZWFudXAgc3R1ZmYgaW50byBhbWRncHVf am9iX2ZyZWUuIE90aGVyd2lzZSwgYmVjYXVzZSBvZiBkb3VibGUKZnJlZSwgYSBOVUxMIHBvaW50 ZXIgZGVyZWZlcmVuY2Ugd2lsbCBvY2N1ciBpbiBzdWNoIHNjZW5hcmlvLgoKQnVnOiBodHRwczov L2dpdGxhYi5mcmVlZGVza3RvcC5vcmcvZHJtL2FtZC8tL2lzc3Vlcy8yNDU3CkZpeGVzOiBmN2Q2 NmZiMmVhNDMoImRybS9hbWRncHU6IGNsZWFudXAgc2NoZWR1bGVyIGpvYiBpbml0aWFsaXphdGlv biB2MiIpClNpZ25lZC1vZmYtYnk6IEd1Y2h1biBDaGVuIDxndWNodW4uY2hlbkBhbWQuY29tPgot LS0KIGRyaXZlcnMvZ3B1L2RybS9hbWQvYW1kZ3B1L2FtZGdwdV9jcy5jIHwgMTMgKysrLS0tLS0t LS0tLQogMSBmaWxlIGNoYW5nZWQsIDMgaW5zZXJ0aW9ucygrKSwgMTAgZGVsZXRpb25zKC0pCgpk aWZmIC0tZ2l0IGEvZHJpdmVycy9ncHUvZHJtL2FtZC9hbWRncHUvYW1kZ3B1X2NzLmMgYi9kcml2 ZXJzL2dwdS9kcm0vYW1kL2FtZGdwdS9hbWRncHVfY3MuYwppbmRleCAwOGVjZWQwOTdiZDguLjJl YjJjNjY4NDNhOCAxMDA2NDQKLS0tIGEvZHJpdmVycy9ncHUvZHJtL2FtZC9hbWRncHUvYW1kZ3B1 X2NzLmMKKysrIGIvZHJpdmVycy9ncHUvZHJtL2FtZC9hbWRncHUvYW1kZ3B1X2NzLmMKQEAgLTEy NzYsNyArMTI3Niw3IEBAIHN0YXRpYyBpbnQgYW1kZ3B1X2NzX3N1Ym1pdChzdHJ1Y3QgYW1kZ3B1 X2NzX3BhcnNlciAqcCwKIAkJciA9IGRybV9zY2hlZF9qb2JfYWRkX2RlcGVuZGVuY3koJmxlYWRl ci0+YmFzZSwgZmVuY2UpOwogCQlpZiAocikgewogCQkJZG1hX2ZlbmNlX3B1dChmZW5jZSk7Ci0J CQlnb3RvIGVycm9yX2NsZWFudXA7CisJCQlyZXR1cm4gcjsKIAkJfQogCX0KIApAQCAtMTMwMyw3 ICsxMzAzLDggQEAgc3RhdGljIGludCBhbWRncHVfY3Nfc3VibWl0KHN0cnVjdCBhbWRncHVfY3Nf cGFyc2VyICpwLAogCX0KIAlpZiAocikgewogCQlyID0gLUVBR0FJTjsKLQkJZ290byBlcnJvcl91 bmxvY2s7CisJCW11dGV4X3VubG9jaygmcC0+YWRldi0+bm90aWZpZXJfbG9jayk7CisJCXJldHVy biByOwogCX0KIAogCXAtPmZlbmNlID0gZG1hX2ZlbmNlX2dldCgmbGVhZGVyLT5iYXNlLnNfZmVu Y2UtPmZpbmlzaGVkKTsKQEAgLTEzNTAsMTQgKzEzNTEsNiBAQCBzdGF0aWMgaW50IGFtZGdwdV9j c19zdWJtaXQoc3RydWN0IGFtZGdwdV9jc19wYXJzZXIgKnAsCiAJbXV0ZXhfdW5sb2NrKCZwLT5h ZGV2LT5ub3RpZmllcl9sb2NrKTsKIAltdXRleF91bmxvY2soJnAtPmJvX2xpc3QtPmJvX2xpc3Rf bXV0ZXgpOwogCXJldHVybiAwOwotCi1lcnJvcl91bmxvY2s6Ci0JbXV0ZXhfdW5sb2NrKCZwLT5h ZGV2LT5ub3RpZmllcl9sb2NrKTsKLQotZXJyb3JfY2xlYW51cDoKLQlmb3IgKGkgPSAwOyBpIDwg cC0+Z2FuZ19zaXplOyArK2kpCi0JCWRybV9zY2hlZF9qb2JfY2xlYW51cCgmcC0+am9ic1tpXS0+ YmFzZSk7Ci0JcmV0dXJuIHI7CiB9CiAKIC8qIENsZWFudXAgdGhlIHBhcnNlciBzdHJ1Y3R1cmUg Ki8KLS0gCjIuMjUuMQoK --_002_BL0PR12MB2465BE82A18038353E48E025F1659BL0PR12MB2465namp_--