The quick patch doesn't fix the problem, I encounter it again, please
don't review.
Hi Harry,
Could you take a look it? You're familiar with dc code, or it's a known
issue?
Thanks,
David Zhou
On 2018å¹´01æ??02æ?¥ 18:11, Chunming Zhou wrote:
> [345508.995835] ==================================================================
> [345508.995843] BUG: KASAN: double-free or invalid-free in (null)
>
> [345508.995853] CPU: 4 PID: 18706 Comm: deqp-vk Tainted: G B 4.15.0-rc2-custom #9
> [345508.995854] Hardware name: Gigabyte Technology Co., Ltd. Default string/X99P-SLI-CF, BIOS F23 07/22/2016
> [345508.995854] Call Trace:
> [345508.995856] dump_stack+0xad/0x139
> [345508.995858] ? dma_virt_map_sg+0x1f7/0x1f7
> [345508.995860] ? kmem_cache_alloc_trace+0x100/0x1e0
> [345508.995905] ? dc_create_stream_for_sink+0x9c/0xc20 [amdgpu]
> [345508.995950] ? amdgpu_dm_connector_mode_valid+0x166/0xd40 [amdgpu]
> [345508.995957] ? drm_helper_probe_single_connector_modes+0xd73/0x16a0 [drm_kms_helper]
> [345508.995959] print_address_description+0x6a/0x270
> [345508.995962] kasan_report_double_free+0x65/0xa0
> [345508.995965] kasan_slab_free+0x14f/0x1a0
> [345508.995966] ? kasan_slab_free+0x12c/0x1a0
> [345508.995968] ? kfree+0x8d/0x1a0
> [345508.996012] ? amdgpu_dm_connector_mode_valid+0x346/0xd40 [amdgpu]
> [345508.996023] ? drm_helper_probe_single_connector_modes+0xd73/0x16a0 [drm_kms_helper]
> [345508.996041] ? drm_mode_getconnector+0x4a4/0xdb0 [drm]
> [345508.996058] ? drm_ioctl_kernel+0x1ba/0x2c0 [drm]
> [345508.996076] ? drm_match_cea_mode.part.16+0x3ac/0x490 [drm]
> [345508.996084] ? SyS_ioctl+0x74/0x80
> [345508.996097] ? cea_mode_alternate_timings+0x1b0/0x1b0 [drm]
> [345508.996148] ? dc_create_transfer_func+0x6e/0x110 [amdgpu]
> [345508.996198] ? dc_plane_state_release+0xd0/0xd0 [amdgpu]
> [345508.996249] ? dce120_timing_generator_validate_timing+0x130/0x2f0 [amdgpu]
> [345508.996299] ? dc_stream_release+0x4b/0xc0 [amdgpu]
> [345508.996306] kfree+0x8d/0x1a0
> [345508.996353] dc_stream_release+0x4b/0xc0 [amdgpu]
> [345508.996404] amdgpu_dm_connector_mode_valid+0x346/0xd40 [amdgpu]
> [345508.996455] ? dm_update_crtcs_state+0xca0/0xca0 [amdgpu]
> [345508.996473] ? drm_mode_object_lease_required+0x30/0x30 [drm]
> [345508.996484] drm_helper_probe_single_connector_modes+0xd73/0x16a0 [drm_kms_helper]
> [345508.996496] ? drm_helper_probe_detect+0x170/0x170 [drm_kms_helper]
> [345508.996503] ? rcu_note_context_switch+0x5d0/0x5d0
> [345508.996517] ? drm_mode_object_lease_required+0x30/0x30 [drm]
> [345508.996528] ? drm_helper_probe_detect+0x170/0x170 [drm_kms_helper]
> [345508.996542] drm_mode_getconnector+0x4a4/0xdb0 [drm]
> [345508.996554] ? drm_mode_getresources+0x737/0xac0 [drm]
> [345508.996565] ? drm_mode_connector_property_set_ioctl+0x280/0x280 [drm]
> [345508.996568] ? __check_object_size+0x20b/0x4a0
> [345508.996579] ? drm_mode_connector_property_set_ioctl+0x280/0x280 [drm]
> [345508.996588] drm_ioctl_kernel+0x1ba/0x2c0 [drm]
> [345508.996599] ? drm_ioctl_permit+0x2b0/0x2b0 [drm]
> [345508.996610] drm_ioctl+0x73b/0xa20 [drm]
> [345508.996615] ? e1000_update_nvm_checksum_ich8lan+0x787/0x860 [e1000e]
> [345508.996627] ? drm_mode_connector_property_set_ioctl+0x280/0x280 [drm]
> [345508.996642] ? drm_getstats+0x20/0x20 [drm]
> [345508.996649] ? __save_stack_trace+0x92/0x100
> [345508.996655] ? depot_save_stack+0x12d/0x470
> [345508.996691] amdgpu_drm_ioctl+0x11d/0x290 [amdgpu]
> [345508.996696] ? 0xffffffffc06b8000
> [345508.996698] ? do_filp_open+0x252/0x3c0
> [345508.996700] do_vfs_ioctl+0x18e/0x12a0
> [345508.996703] ? ioctl_preallocate+0x2a0/0x2a0
> [345508.996704] ? syscall_trace_enter+0x456/0x1010
> [345508.996707] ? __fsnotify_update_child_dentry_flags.part.0+0x250/0x250
> [345508.996710] ? iterate_fd+0x2a0/0x2a0
> [345508.996712] ? do_sys_open+0x260/0x640
> [345508.996713] ? kmem_cache_free+0x75/0x1f0
> [345508.996715] ? do_sys_open+0x260/0x640
> [345508.996717] SyS_ioctl+0x74/0x80
> [345508.996719] ? do_vfs_ioctl+0x12a0/0x12a0
> [345508.996722] do_syscall_64+0x229/0x610
> [345508.996723] ? exit_to_usermode_loop+0x137/0x1f0
> [345508.996727] ? syscall_return_slowpath+0x2f0/0x2f0
> [345508.996734] ? do_page_fault+0x93/0x330
> [345508.996739] ? __do_page_fault+0xad0/0xad0
> [345508.996747] ? prepare_exit_to_usermode+0x1c2/0x210
> [345508.996752] ? syscall_trace_enter+0x1010/0x1010
> [345508.996758] entry_SYSCALL64_slow_path+0x25/0x25
> [345508.996763] RIP: 0033:0x7f3528147f07
> [345508.996767] RSP: 002b:00007ffdc30575a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
> [345508.996770] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3528147f07
> [345508.996771] RDX: 00007ffdc3057610 RSI: 00000000c05064a7 RDI: 0000000000000009
> [345508.996772] RBP: 00007ffdc30575e0 R08: 0000000006d62370 R09: 00007ffdc3057700
> [345508.996772] R10: 0000000000000005 R11: 0000000000000202 R12: 0000000006ba8510
> [345508.996773] R13: 0000000000000009 R14: 0000000000000000 R15: 000000000705e1c8
>
> [345508.996776] Allocated by task 25684:
> [345508.996778] kmem_cache_alloc_trace+0x100/0x1e0
> [345508.996823] dc_sink_create+0x90/0x420 [amdgpu]
> [345508.996872] dc_link_detect+0x7b0/0x3010 [amdgpu]
> [345508.996922] handle_hpd_irq+0xa4/0x150 [amdgpu]
> [345508.996972] dm_irq_work_func+0xd9/0x140 [amdgpu]
> [345508.996980] process_one_work+0x859/0x15f0
> [345508.996986] worker_thread+0x216/0x17b0
> [345508.996991] kthread+0x2d9/0x390
> [345508.996993] ret_from_fork+0x1f/0x30
>
> [345508.996995] Freed by task 25684:
> [345508.996997] kfree+0x8d/0x1a0
> [345508.997041] dc_link_detect+0x485/0x3010 [amdgpu]
> [345508.997091] handle_hpd_irq+0xa4/0x150 [amdgpu]
> [345508.997141] dm_irq_work_func+0xd9/0x140 [amdgpu]
> [345508.997148] process_one_work+0x859/0x15f0
> [345508.997150] worker_thread+0x216/0x17b0
> [345508.997151] kthread+0x2d9/0x390
> [345508.997152] ret_from_fork+0x1f/0x30
>
> [345508.997154] The buggy address belongs to the object at ffff8801b5ee7980
> [345508.997154] which belongs to the cache kmalloc-1024 of size 1024
> [345508.997157] The buggy address is located 0 bytes inside of
> [345508.997157] 1024-byte region [ffff8801b5ee7980, ffff8801b5ee7d80)
> [345508.997159] The buggy address belongs to the page:
> [345508.997161] page:00000000b0e44434 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0
> [345508.997163] flags: 0x17ffffc0008100(slab|head)
> [345508.997172] raw: 0017ffffc0008100 0000000000000000 0000000000000000 00000001001c001c
> [345508.997179] raw: dead000000000100 dead000000000200 ffff8803bb80ebc0 0000000000000000
> [345508.997187] page dumped because: kasan: bad access detected
>
> [345508.997194] Memory state around the buggy address:
> [345508.997195] ffff8801b5ee7880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
> [345508.997197] ffff8801b5ee7900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [345508.997198] >ffff8801b5ee7980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
> [345508.997200] ^
> [345508.997201] ffff8801b5ee7a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
> [345508.997202] ffff8801b5ee7a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
> [345508.997205] ==================================================================
>
> Change-Id: I069f723d501acb988aae7895a4f865ebf0313f21
> Signed-off-by: Chunming Zhou <david1.zhou at amd.com>
> ---
> drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_stream.c b/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
> index 261811e0c094..afd04974b70b 100644
> --- a/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
> +++ b/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
> @@ -58,11 +58,10 @@ static void construct(struct dc_stream_state *stream,
> {
> uint32_t i = 0;
>
> + dc_sink_retain(dc_sink_data);
> stream->sink = dc_sink_data;
> stream->ctx = stream->sink->ctx;
>
> - dc_sink_retain(dc_sink_data);
> -
> /* Copy audio modes */
> /* TODO - Remove this translation */
> for (i = 0; i < (dc_sink_data->edid_caps.audio_mode_count); i++)
