Re: radeon on drm-tip: null-ptr deref in radeon_ttm_bo_destroy()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Thomas,

yeah that's a known issue. A patch to fix that is already under review.

Christian.

Am 22.06.21 um 14:03 schrieb Thomas Zimmermann:
Hi,

on drm-tip, I see a null-ptr deref in radeon_ttm_bo_destroy(). Happens when I try to start weston or X. Full error is below. Let me know if you need more info.

Best regards
Thomas

[ 1849.999218] ==================================================================

[ 1850.006544] BUG: KASAN: null-ptr-deref in radeon_ttm_bo_destroy+0x39/0x1d0 [radeon]

[ 1850.014312] Read of size 4 at addr 0000000000000010 by task weston/1434

[ 1850.020938]

[ 1850.022434] CPU: 7 PID: 1434 Comm: weston Tainted: G            E     5.13.0-rc7-1-default+ #972

[ 1850.031233] Hardware name: Dell Inc. OptiPlex 9020/0N4YC8, BIOS A24 10/24/2018

[ 1850.038466] Call Trace:

[ 1850.040920]  dump_stack+0xa5/0xdc

[ 1850.044249]  ? radeon_ttm_bo_destroy+0x39/0x1d0 [radeon]

[ 1850.049639]  kasan_report.cold+0x5f/0xd8

[ 1850.053575]  ? radeon_ttm_bo_destroy+0x39/0x1d0 [radeon]

[ 1850.058967]  radeon_ttm_bo_destroy+0x39/0x1d0 [radeon]

[ 1850.064189]  radeon_bo_unref+0x1f/0x30 [radeon]

[ 1850.068798]  radeon_gem_object_free+0x5f/0x80 [radeon]

[ 1850.074016]  ? radeon_gem_object_mmap+0x70/0x70 [radeon]

[ 1850.079404]  ? drm_gem_object_handle_put_unlocked+0xd0/0x160 [drm]

[ 1850.085673]  ? drm_gem_object_free+0x25/0x40 [drm]

[ 1850.090524]  drm_gem_object_release_handle+0x8e/0xa0 [drm]

[ 1850.096070]  drm_gem_handle_delete+0x5b/0xa0 [drm]

[ 1850.100922]  ? drm_gem_handle_create+0x50/0x50 [drm]

[ 1850.105947]  drm_ioctl_kernel+0x131/0x180 [drm]

[ 1850.110538]  ? drm_setversion+0x340/0x340 [drm]

[ 1850.115135]  ? drm_gem_handle_create+0x50/0x50 [drm]

[ 1850.120157]  drm_ioctl+0x309/0x540 [drm]

[ 1850.124143]  ? drm_version+0x150/0x150 [drm]

[ 1850.128470]  ? __lock_release+0x12f/0x4e0

[ 1850.132496]  ? lock_downgrade+0xa0/0xa0

[ 1850.136342]  ? rpm_callback+0xe0/0xe0

[ 1850.140015]  ? mark_held_locks+0x23/0x90

[ 1850.143951]  ? lockdep_hardirqs_on_prepare.part.0+0x128/0x1d0

[ 1850.149708]  ? _raw_spin_unlock_irqrestore+0x37/0x40

[ 1850.154684]  ? lockdep_hardirqs_on+0x77/0xf0

[ 1850.158967]  ? _raw_spin_unlock_irqrestore+0x37/0x40

[ 1850.163947]  radeon_drm_ioctl+0x75/0xd0 [radeon]

[ 1850.168644]  __x64_sys_ioctl+0xb9/0xf0

[ 1850.172406]  do_syscall_64+0x40/0xb0

[ 1850.175992]  entry_SYSCALL_64_after_hwframe+0x44/0xae

[ 1850.181053] RIP: 0033:0x7f7d5fd0c0bb

[ 1850.184636] Code: ff ff ff 85 c0 79 8b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 85 bd 0c 00 f7 d8 64 89 01 48

[ 1850.203436] RSP: 002b:00007ffc3fb35778 EFLAGS: 00000246 ORIG_RAX: 0000000000000010

[ 1850.211020] RAX: ffffffffffffffda RBX: 00007ffc3fb357c8 RCX: 00007f7d5fd0c0bb

[ 1850.218171] RDX: 00007ffc3fb357c8 RSI: 0000000040086409 RDI: 0000000000000010

[ 1850.225330] RBP: 0000000040086409 R08: 0000000000000000 R09: ffffffffffffffff

[ 1850.232489] R10: 00007ffc3fbf4080 R11: 0000000000000246 R12: 00005561d758e130

[ 1850.239647] R13: 0000000000000010 R14: 00005561d7bda6f0 R15: 00005561d7bcb250

[ 1850.246863] ==================================================================

[ 1850.254107] Disabling lock debugging due to kernel taint

[ 1850.259487] BUG: kernel NULL pointer dereference, address: 0000000000000010

[ 1850.266458] #PF: supervisor read access in kernel mode

[ 1850.271602] #PF: error_code(0x0000) - not-present page

[ 1850.276746] PGD 0 P4D 0

[ 1850.279283] Oops: 0000 [#1] SMP KASAN PTI

[ 1850.283296] CPU: 7 PID: 1434 Comm: weston Tainted: G    B       E     5.13.0-rc7-1-default+ #972

[ 1850.292092] Hardware name: Dell Inc. OptiPlex 9020/0N4YC8, BIOS A24 10/24/2018

[ 1850.299324] RIP: 0010:radeon_ttm_bo_destroy+0x40/0x1d0 [radeon]

[ 1850.305323] Code: 81 c7 68 02 00 00 53 4c 8d ad 08 03 00 00 e8 47 0f d6 ce 48 8b 9d 68 02 00 00 48 8d 7b 10 e8 37 0e d6 ce 48 8d bd 18 01 00 00 <44> 8b 7b 10 e8 27 0f d6 ce 4c 8b b5 18 01 00 00 4c 89 ef e8 18 0f

[ 1850.324124] RSP: 0018:ffffc9000367fbf8 EFLAGS: 00010282

[ 1850.329356] RAX: 0000000000000001 RBX: 0000000000000000 RCX: dffffc0000000000

[ 1850.336499] RDX: 0000000000000007 RSI: 0000000000000004 RDI: ffff88818b2fd190

[ 1850.343643] RBP: ffff88818b2fd078 R08: 0000000000000000 R09: ffffffff9154f743

[ 1850.350787] R10: fffffbfff22a9ee8 R11: 0000000000000001 R12: ffff88818b2fd000

[ 1850.357933] R13: ffff88818b2fd380 R14: ffff8881ecf87098 R15: ffff8881ecf87038

[ 1850.365076] FS:  00007f7d5f6618c0(0000) GS:ffff8887b7e00000(0000) knlGS:0000000000000000

[ 1850.373176] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033

[ 1850.378927] CR2: 0000000000000010 CR3: 000000024b49a002 CR4: 00000000001706e0

[ 1850.386070] Call Trace:

[ 1850.388519]  radeon_bo_unref+0x1f/0x30 [radeon]

[ 1850.393125]  radeon_gem_object_free+0x5f/0x80 [radeon]

[ 1850.398338]  ? radeon_gem_object_mmap+0x70/0x70 [radeon]

[ 1850.403724]  ? drm_gem_object_handle_put_unlocked+0xd0/0x160 [drm]

[ 1850.409960]  ? drm_gem_object_free+0x25/0x40 [drm]

[ 1850.414806]  drm_gem_object_release_handle+0x8e/0xa0 [drm]

[ 1850.420346]  drm_gem_handle_delete+0x5b/0xa0 [drm]

[ 1850.425194]  ? drm_gem_handle_create+0x50/0x50 [drm]

[ 1850.430215]  drm_ioctl_kernel+0x131/0x180 [drm]

[ 1850.434803]  ? drm_setversion+0x340/0x340 [drm]

[ 1850.439386]  ? drm_gem_handle_create+0x50/0x50 [drm]

[ 1850.444407]  drm_ioctl+0x309/0x540 [drm]

[ 1850.448384]  ? drm_version+0x150/0x150 [drm]

[ 1850.452708]  ? __lock_release+0x12f/0x4e0

[ 1850.456722]  ? lock_downgrade+0xa0/0xa0

[ 1850.460562]  ? rpm_callback+0xe0/0xe0

[ 1850.464230]  ? mark_held_locks+0x23/0x90

[ 1850.468155]  ? lockdep_hardirqs_on_prepare.part.0+0x128/0x1d0

[ 1850.473910]  ? _raw_spin_unlock_irqrestore+0x37/0x40

[ 1850.478880]  ? lockdep_hardirqs_on+0x77/0xf0

[ 1850.483156]  ? _raw_spin_unlock_irqrestore+0x37/0x40

[ 1850.488128]  radeon_drm_ioctl+0x75/0xd0 [radeon]

[ 1850.492817]  __x64_sys_ioctl+0xb9/0xf0

[ 1850.496570]  do_syscall_64+0x40/0xb0

[ 1850.500150]  entry_SYSCALL_64_after_hwframe+0x44/0xae

[ 1850.505209] RIP: 0033:0x7f7d5fd0c0bb

[ 1850.508787] Code: ff ff ff 85 c0 79 8b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 85 bd 0c 00 f7 d8 64 89 01 48

[ 1850.527580] RSP: 002b:00007ffc3fb35778 EFLAGS: 00000246 ORIG_RAX: 0000000000000010

[ 1850.535157] RAX: ffffffffffffffda RBX: 00007ffc3fb357c8 RCX: 00007f7d5fd0c0bb

[ 1850.542299] RDX: 00007ffc3fb357c8 RSI: 0000000040086409 RDI: 0000000000000010

[ 1850.549443] RBP: 0000000040086409 R08: 0000000000000000 R09: ffffffffffffffff

[ 1850.556587] R10: 00007ffc3fbf4080 R11: 0000000000000246 R12: 00005561d758e130

[ 1850.563733] R13: 0000000000000010 R14: 00005561d7bda6f0 R15: 00005561d7bcb250

[ 1850.570878] Modules linked in: af_packet(E) rfkill(E) dmi_sysfs(E) intel_rapl_msr(E) snd_hda_codec_realtek(E) snd_hda_codec_generic(E) intel_rapl_common(E) ledtrig_audio(E) snd_hda_codec_hdmi(E) x86_pkg_temp_thermal(E) snd_hda_intel(E)

[ 1850.570970]  blake2b_generic(E) libcrc32c(E) crc32c_intel(E) xor(E) raid6_pq(E) sg(E) dm_multipath(E) dm_mod(E) scsi_dh_rdac(E) scsi_dh_emc(E) scsi_dh_alua(E) msr(E) efivarfs(E)

[ 1850.673011] CR2: 0000000000000010

[ 1850.676355] ---[ end trace 7f92395c6274c049 ]---

[ 1850.703761] RIP: 0010:radeon_ttm_bo_destroy+0x40/0x1d0 [radeon]

[ 1850.709761] Code: 81 c7 68 02 00 00 53 4c 8d ad 08 03 00 00 e8 47 0f d6 ce 48 8b 9d 68 02 00 00 48 8d 7b 10 e8 37 0e d6 ce 48 8d bd 18 01 00 00 <44> 8b 7b 10 e8 27 0f d6 ce 4c 8b b5 18 01 00 00 4c 89 ef e8 18 0f

[ 1850.728562] RSP: 0018:ffffc9000367fbf8 EFLAGS: 00010282

[ 1850.733800] RAX: 0000000000000001 RBX: 0000000000000000 RCX: dffffc0000000000

[ 1850.740949] RDX: 0000000000000007 RSI: 0000000000000004 RDI: ffff88818b2fd190

[ 1850.748095] RBP: ffff88818b2fd078 R08: 0000000000000000 R09: ffffffff9154f743

[ 1850.755242] R10: fffffbfff22a9ee8 R11: 0000000000000001 R12: ffff88818b2fd000

[ 1850.762388] R13: ffff88818b2fd380 R14: ffff8881ecf87098 R15: ffff8881ecf87038

[ 1850.769533] FS:  00007f7d5f6618c0(0000) GS:ffff8887b7e00000(0000) knlGS:0000000000000000

[ 1850.777634] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033

[ 1850.783391] CR2: 0000000000000010 CR3: 000000024b49a002 CR4: 00000000001706e0



CTRL-A Z for help | 115200 8N1 | NOR | Minicom 2.7.1 | VT102 | Online 0:30 | ttyUSB0                                                                                                                                                        






_______________________________________________
amd-gfx mailing list
amd-gfx@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/amd-gfx


[Index of Archives]     [Linux DRI Users]     [Linux Intel Graphics]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux