[Bug 104825] [amdgpu] [drm:gfx_v8_0_hw_fini] *ERROR* KCQ disabled failed (scratch(0xC040)=0x00000000) when unbinding

[bugzilla-daemon@xxxxxxxxxxxxxxx]

Comment # 12 on bug 104825 from Andrey Grodzovsky

(In reply to Harry Wentland from comment #11)
> Created attachment 137662 [details] [review] [review]
> [PATCH] drm/amd/display: Use atomic crtc_disable for DC on shutdown
> 
> Andrey, can you see if this fixes the warning for you?

Get use after free now 

[   82.400097 <    0.000387>] BUG: KASAN: use-after-free in
amdgpu_dm_set_pflip_irq_state+0x3d/0xa0 [amdgpu]
[   82.400185 <    0.000088>] Read of size 4 at addr ffff88008f53ee94 by task
bash/1178

[   82.400302 <    0.000117>] CPU: 0 PID: 1178 Comm: bash Tainted: G        W 
OE    4.16.0-rc1.main+ #14
[   82.400308 <    0.000006>] Hardware name: AMD Gardenia/Gardenia, BIOS
RGA1101C 07/20/2015
[   82.400312 <    0.000004>] Call Trace:
[   82.400329 <    0.000017>]  dump_stack+0x5c/0x78
[   82.400342 <    0.000013>]  print_address_description+0xd1/0x270
[   82.400618 <    0.000276>]  ? amdgpu_dm_set_pflip_irq_state+0x3d/0xa0
[amdgpu]
[   82.400627 <    0.000009>]  kasan_report+0x260/0x360
[   82.400913 <    0.000286>]  amdgpu_dm_set_pflip_irq_state+0x3d/0xa0 [amdgpu]
[   82.401189 <    0.000276>]  amdgpu_irq_disable_all+0x111/0x190 [amdgpu]
[   82.401452 <    0.000263>]  amdgpu_device_ip_fini+0x1b7/0x610 [amdgpu]
[   82.401718 <    0.000266>]  amdgpu_device_fini+0xa1/0x320 [amdgpu]
[   82.401973 <    0.000255>]  amdgpu_driver_unload_kms+0x6a/0xd0 [amdgpu]
[   82.402059 <    0.000086>]  drm_dev_unregister+0x79/0x180 [drm]
[   82.402315 <    0.000256>]  amdgpu_pci_remove+0x2a/0x60 [amdgpu]
[   82.402331 <    0.000016>]  pci_device_remove+0x5b/0x100
[   82.402347 <    0.000016>]  device_release_driver_internal+0x1da/0x300
[   82.402363 <    0.000016>]  unbind_store+0x143/0x190
[   82.402376 <    0.000013>]  ? sysfs_file_ops+0xa0/0xa0
[   82.402386 <    0.000010>]  kernfs_fop_write+0x186/0x220
[   82.402402 <    0.000016>]  __vfs_write+0xb9/0x2e0
[   82.402412 <    0.000010>]  ? locks_remove_posix+0x87/0x220
[   82.402421 <    0.000009>]  ? kernel_read+0xa0/0xa0
[   82.402430 <    0.000009>]  ? find_held_lock+0xfb/0x130
[   82.402441 <    0.000011>]  ? __lock_acquire.isra.30+0x414/0xb00
[   82.402465 <    0.000024>]  ? vfs_write+0x227/0x250
[   82.402485 <    0.000020>]  ? __sb_start_write+0xc3/0x1a0
[   82.402492 <    0.000007>]  ? vfs_write+0x227/0x250
[   82.402506 <    0.000014>]  vfs_write+0xe6/0x250
[   82.402522 <    0.000016>]  SyS_write+0xa1/0x120
[   82.402532 <    0.000010>]  ? SyS_read+0x120/0x120
[   82.402547 <    0.000015>]  ? vtime_user_exit+0xc8/0xe0
[   82.402558 <    0.000011>]  ? SyS_read+0x120/0x120
[   82.402570 <    0.000012>]  do_syscall_64+0xf0/0x270
[   82.402588 <    0.000018>]  entry_SYSCALL_64_after_hwframe+0x21/0x86
[   82.402597 <    0.000009>] RIP: 0033:0x7fd050bc32c0
[   82.402603 <    0.000006>] RSP: 002b:00007ffc06b7f3b8 EFLAGS: 00000246
ORIG_RAX: 0000000000000001
[   82.402615 <    0.000012>] RAX: ffffffffffffffda RBX: 000000000000000d RCX:
00007fd050bc32c0
[   82.402620 <    0.000005>] RDX: 000000000000000d RSI: 0000000001a6e408 RDI:
0000000000000001
[   82.402626 <    0.000006>] RBP: 0000000001a6e408 R08: 00007fd050e92780 R09:
00007fd0514d9700
[   82.402632 <    0.000006>] R10: 000000000000000c R11: 0000000000000246 R12:
000000000000000d
[   82.402637 <    0.000005>] R13: 0000000000000001 R14: 00007fd050e91620 R15:
0000000000000000

[   82.402711 <    0.000074>] Allocated by task 1084:
[   82.402771 <    0.000060>]  kasan_kmalloc+0xa6/0xd0
[   82.402780 <    0.000009>]  kmem_cache_alloc_trace+0x13a/0x270
[   82.403079 <    0.000299>]  dm_hw_init+0x898/0x1660 [amdgpu]
[   82.403338 <    0.000259>]  amdgpu_device_init+0x1a97/0x2100 [amdgpu]
[   82.403596 <    0.000258>]  amdgpu_driver_load_kms+0xa8/0x3a0 [amdgpu]
[   82.403673 <    0.000077>]  drm_dev_register+0x1d5/0x2f0 [drm]
[   82.403931 <    0.000258>]  amdgpu_pci_probe+0x1bf/0x290 [amdgpu]
[   82.403941 <    0.000010>]  local_pci_probe+0x74/0xe0
[   82.403951 <    0.000010>]  pci_device_probe+0x1dc/0x2d0
[   82.403970 <    0.000019>]  driver_probe_device+0x40e/0x6b0
[   82.403977 <    0.000007>]  __driver_attach+0x11d/0x130
[   82.403984 <    0.000007>]  bus_for_each_dev+0xd8/0x140
[   82.403990 <    0.000006>]  bus_add_driver+0x31d/0x3a0
[   82.403998 <    0.000008>]  driver_register+0xc6/0x170
[   82.404006 <    0.000008>]  do_one_initcall+0x82/0x1d0
[   82.404012 <    0.000006>]  do_init_module+0xe7/0x333
[   82.404020 <    0.000008>]  load_module+0x41b3/0x4c40
[   82.404028 <    0.000008>]  SYSC_finit_module+0x14d/0x180
[   82.404036 <    0.000008>]  do_syscall_64+0xf0/0x270
[   82.404044 <    0.000008>]  entry_SYSCALL_64_after_hwframe+0x21/0x86

[   82.404095 <    0.000051>] Freed by task 1178:
[   82.404152 <    0.000057>]  __kasan_slab_free+0x124/0x170
[   82.404159 <    0.000007>]  kfree+0xd4/0x200
[   82.404239 <    0.000080>]  drm_mode_config_cleanup+0x241/0x450 [drm]
[   82.404536 <    0.000297>]  amdgpu_dm_fini+0x29/0xb0 [amdgpu]
[   82.404834 <    0.000298>]  dm_hw_fini+0x1e/0x30 [amdgpu]
[   82.405091 <    0.000257>]  amdgpu_device_ip_fini+0x157/0x610 [amdgpu]
[   82.405349 <    0.000258>]  amdgpu_device_fini+0xa1/0x320 [amdgpu]
[   82.405607 <    0.000258>]  amdgpu_driver_unload_kms+0x6a/0xd0 [amdgpu]
[   82.405684 <    0.000077>]  drm_dev_unregister+0x79/0x180 [drm]
[   82.405941 <    0.000257>]  amdgpu_pci_remove+0x2a/0x60 [amdgpu]
[   82.405949 <    0.000008>]  pci_device_remove+0x5b/0x100
[   82.405957 <    0.000008>]  device_release_driver_internal+0x1da/0x300
[   82.405963 <    0.000006>]  unbind_store+0x143/0x190
[   82.405971 <    0.000008>]  kernfs_fop_write+0x186/0x220
[   82.405978 <    0.000007>]  __vfs_write+0xb9/0x2e0
[   82.405985 <    0.000007>]  vfs_write+0xe6/0x250
[   82.405991 <    0.000006>]  SyS_write+0xa1/0x120
[   82.405998 <    0.000007>]  do_syscall_64+0xf0/0x270
[   82.406007 <    0.000009>]  entry_SYSCALL_64_after_hwframe+0x21/0x86

[   82.406057 <    0.000050>] The buggy address belongs to the object at
ffff88008f53e600
                               which belongs to the cache kmalloc-4096 of size
4096
[   82.406163 <    0.000106>] The buggy address is located 2196 bytes inside of
                               4096-byte region [ffff88008f53e600,
ffff88008f53f600)
[   82.406262 <    0.000099>] The buggy address belongs to the page:
[   82.406326 <    0.000064>] page:ffffea00023d4e00 count:1 mapcount:0 mapping:
         (null) index:0x0 compound_mapcount: 0
[   82.406424 <    0.000098>] flags: 0x1ffff0000008100(slab|head)
[   82.406488 <    0.000064>] raw: 01ffff0000008100 0000000000000000
0000000000000000 0000000100070007
[   82.406571 <    0.000083>] raw: dead000000000100 dead000000000200
ffff880102802600 0000000000000000
[   82.406649 <    0.000078>] page dumped because: kasan: bad access detected

[   82.406754 <    0.000105>] Memory state around the buggy address:
[   82.406816 <    0.000062>]  ffff88008f53ed80: fb fb fb fb fb fb fb fb fb fb
fb fb fb fb fb fb
[   82.406893 <    0.000077>]  ffff88008f53ee00: fb fb fb fb fb fb fb fb fb fb
fb fb fb fb fb fb
[   82.406968 <    0.000075>] >ffff88008f53ee80: fb fb fb fb fb fb fb fb fb fb
fb fb fb fb fb fb
[   82.407036 <    0.000068>]                          ^
[   82.407087 <    0.000051>]  ffff88008f53ef00: fb fb fb fb fb fb fb fb fb fb
fb fb fb fb fb fb
[   82.407157 <    0.000070>]  ffff88008f53ef80: fb fb fb fb fb fb fb fb fb fb
fb fb fb fb fb fb
[   82.407226 <    0.000069>]
==================================================================

---

      You are receiving this mail because:

• You are the assignee for the bug.

_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/dri-devel