Which driver are you using? I guess your driver is a bit old, the issue should be fixed before. Regards, David Zhou On 2017å¹´11æ??23æ?¥ 06:31, Johannes Hirte wrote: > Ok, now I have more use-after-free report, this time without dc. I > don't know if this is related, but I didn't have runtime errors without > dc for now. > > kasan report: > > [22697.845475] ================================================================== > [22697.845495] BUG: KASAN: use-after-free in amdgpu_job_free_cb+0x140/0x150 > [22697.845500] Read of size 8 at addr ffff8801c02e91c8 by task kworker/0:2/22547 > > [22697.845509] CPU: 0 PID: 22547 Comm: kworker/0:2 Not tainted 4.14.0-11095-g0c86a6bd85ff #404 > [22697.845513] Hardware name: HP HP ProBook 645 G2/80FE, BIOS N77 Ver. 01.09 06/09/2017 > [22697.845520] Workqueue: events amd_sched_job_finish > [22697.845525] Call Trace: > [22697.845534] dump_stack+0x99/0x11e > [22697.845541] ? _atomic_dec_and_lock+0x152/0x152 > [22697.845548] print_address_description+0x65/0x270 > [22697.845553] kasan_report+0x272/0x360 > [22697.845557] ? amdgpu_job_free_cb+0x140/0x150 > [22697.845562] amdgpu_job_free_cb+0x140/0x150 > [22697.845566] amd_sched_job_finish+0x288/0x560 > [22697.845571] ? amd_sched_process_job+0x220/0x220 > [22697.845576] ? amdgpu_unpin_work_func+0x266/0x460 > [22697.845582] ? _raw_spin_unlock_irq+0xbe/0x120 > [22697.845587] ? _raw_spin_unlock+0x120/0x120 > [22697.845593] process_one_work+0x84b/0x1600 > [22697.845599] ? tick_nohz_dep_clear_signal+0x20/0x20 > [22697.845603] ? _raw_spin_unlock_irq+0xbe/0x120 > [22697.845607] ? _raw_spin_unlock+0x120/0x120 > [22697.845611] ? pwq_dec_nr_in_flight+0x3c0/0x3c0 > [22697.845617] ? release_thread+0xa0/0xe0 > [22697.845621] ? cyc2ns_read_end+0x20/0x20 > [22697.845626] ? finish_task_switch+0x27d/0x7f0 > [22697.845630] ? wq_worker_waking_up+0xc0/0xc0 > [22697.845640] ? pci_mmcfg_check_reserved+0x100/0x100 > [22697.845644] ? pci_mmcfg_check_reserved+0x100/0x100 > [22697.845648] ? preempt_schedule_irq+0x4e/0xb0 > [22697.845653] ? retint_kernel+0x1b/0x1d > [22697.845659] ? schedule+0xfb/0x3b0 > [22697.845663] ? __schedule+0x19b0/0x19b0 > [22697.845669] ? _raw_spin_unlock_irq+0xb9/0x120 > [22697.845674] ? _raw_spin_unlock_irq+0xbe/0x120 > [22697.845678] ? _raw_spin_unlock+0x120/0x120 > [22697.845683] worker_thread+0x211/0x1790 > [22697.845692] ? pick_next_task_fair+0x97d/0x10f0 > [22697.845697] ? trace_event_raw_event_workqueue_work+0x170/0x170 > [22697.845703] ? tick_nohz_dep_clear_signal+0x20/0x20 > [22697.845708] ? _raw_spin_unlock_irq+0xbe/0x120 > [22697.845713] ? _raw_spin_unlock+0x120/0x120 > [22697.845718] ? compat_start_thread+0x70/0x70 > [22697.845722] ? finish_task_switch+0x27d/0x7f0 > [22697.845727] ? sched_clock_cpu+0x18/0x1e0 > [22697.845733] ? ret_from_fork+0x1f/0x30 > [22697.845739] ? pci_mmcfg_check_reserved+0x100/0x100 > [22697.845744] ? unix_write_space+0x410/0x410 > [22697.845749] ? cyc2ns_read_end+0x20/0x20 > [22697.845755] ? schedule+0xfb/0x3b0 > [22697.845759] ? __schedule+0x19b0/0x19b0 > [22697.845765] ? remove_wait_queue+0x2b0/0x2b0 > [22697.845770] ? arch_vtime_task_switch+0xee/0x190 > [22697.845774] ? _raw_spin_unlock_irqrestore+0xc2/0x130 > [22697.845778] ? _raw_spin_unlock_irq+0x120/0x120 > [22697.845783] ? trace_event_raw_event_workqueue_work+0x170/0x170 > [22697.845788] kthread+0x2d4/0x390 > [22697.845793] ? kthread_create_worker+0xd0/0xd0 > [22697.845797] ret_from_fork+0x1f/0x30 > > [22697.845809] Allocated by task 2378: > [22697.845817] kasan_kmalloc+0xa0/0xd0 > [22697.845822] kmem_cache_alloc_trace+0xd1/0x1e0 > [22697.845829] amdgpu_driver_open_kms+0x12b/0x4d0 > [22697.845839] drm_open+0x7c3/0x1100 > [22697.845843] drm_stub_open+0x2a8/0x400 > [22697.845851] chrdev_open+0x1eb/0x5a0 > [22697.845857] do_dentry_open+0x5a1/0xc50 > [22697.845865] path_openat+0x11d3/0x4e90 > [22697.845868] do_filp_open+0x239/0x3c0 > [22697.845872] do_sys_open+0x402/0x630 > [22697.845878] do_syscall_64+0x220/0x670 > [22697.845881] return_from_SYSCALL_64+0x0/0x65 > > [22697.845887] Freed by task 24090: > [22697.845892] kasan_slab_free+0x71/0xc0 > [22697.845895] kfree+0x88/0x1b0 > [22697.845900] amdgpu_driver_postclose_kms+0x469/0x860 > [22697.845904] drm_release+0x8a8/0x1180 > [22697.845909] __fput+0x2ab/0x730 > [22697.845913] task_work_run+0x14b/0x200 > [22697.845919] do_exit+0x7c6/0x13a0 > [22697.845922] do_group_exit+0x121/0x340 > [22697.845926] SyS_exit_group+0x14/0x20 > [22697.845929] do_syscall_64+0x220/0x670 > [22697.845932] return_from_SYSCALL_64+0x0/0x65 > > [22697.845940] The buggy address belongs to the object at ffff8801c02e9100 > [22697.845946] The buggy address is located 200 bytes inside of > [22697.845949] The buggy address belongs to the page: > [22697.845958] page:ffffea000700ba00 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 > [22697.845967] flags: 0x2000000000008100(slab|head) > [22697.845977] raw: 2000000000008100 0000000000000000 0000000000000000 00000001000f000f > [22697.845982] raw: dead000000000100 dead000000000200 ffff8803f3402a80 0000000000000000 > [22697.845985] page dumped because: kasan: bad access detected > > [22697.845990] Memory state around the buggy address: > [22697.845995] ffff8801c02e9080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > [22697.845999] ffff8801c02e9100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb > [22697.846003] >ffff8801c02e9180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb > [22697.846005] ^ > [22697.846009] ffff8801c02e9200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb > [22697.846012] ffff8801c02e9280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb > [22697.846015] ================================================================== > [22697.846018] Disabling lock debugging due to kernel taint >