[Bug 111273] crash calling AMDGPU_INFO_READ_MMR_REG with count set to -1

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Wed Jul 31 19:11:59 UTC 2019 

https://bugs.freedesktop.org/show_bug.cgi?id=111273

            Bug ID: 111273
           Summary: crash calling AMDGPU_INFO_READ_MMR_REG with count set
                    to -1
           Product: DRI
           Version: DRI git
          Hardware: x86-64 (AMD64)
                OS: Linux (All)
            Status: NEW
          Severity: normal
          Priority: medium
         Component: DRM/AMDgpu
          Assignee: dri-devel at lists.freedesktop.org
          Reporter: trek00 at inbox.ru

calling from libdrm_amdgpu
  amdgpu_read_mm_registers(dev, 0x8010 / 4, -1, 0xffffffff, 0, out)
leads to this dump:

WARNING: CPU: 3 PID: 30278 at mm/page_alloc.c:4377
__alloc_pages_nodemask+0x241/0x2b0
CPU: 3 PID: 30278 Comm: radeontop Not tainted 4.19.0-5-amd64 #1 Debian
4.19.37-5+deb10u1
RIP: 0010:__alloc_pages_nodemask+0x241/0x2b0
Code: 89 f7 89 ee 45 31 f6 e8 bd d5 ff ff e9 fb fe ff ff e8 e3 ac 01 00 e9 cb
fe ff ff 45 31 f6 81 e7 00 02 00 00 0f 85 e7 fe ff ff <0f> 0b e9 e0 fe ff ff 31
c0 e9 6a fe ff ff 65 48 8b 04 25 40 5c 01
RSP: 0018:ffffb64a01c27a58 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff8b4853df0000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000016 RDI: 0000000000000000
RBP: 00000003fffffffc R08: 0000000000000001 R09: ffffffffc0f01ebf
R10: 0000000000000000 R11: 0000000000000000 R12: 00000000006000c0
R13: ffffb64a01c27d98 R14: 0000000000000000 R15: 0000000000000008
FS:  00007fa12fe5f280(0000) GS:ffff8b4856f80000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa12f5f45b0 CR3: 000000010e498000 CR4: 00000000000406e0
Call Trace:
 kmalloc_order+0x14/0x30
 kmalloc_order_trace+0x1d/0xa0
 amdgpu_info_ioctl+0x908/0x1290 [amdgpu]
 ? get_page_from_freelist+0x7be/0x11b0
 ? unix_destruct_scm+0x80/0xa0
 ? select_idle_sibling+0x22/0x3a0
 ? kmem_cache_free+0x1a7/0x1d0
 ? free_unref_page_commit+0x91/0x100
 ? amdgpu_firmware_info.isra.5+0x210/0x210 [amdgpu]
 drm_ioctl_kernel+0xa1/0xf0 [drm]
 drm_ioctl+0x206/0x3a0 [drm]
 ? amdgpu_firmware_info.isra.5+0x210/0x210 [amdgpu]
 ? tlb_finish_mmu+0x1f/0x30
 ? unmap_region+0xdd/0x110
 amdgpu_drm_ioctl+0x49/0x80 [amdgpu]
 do_vfs_ioctl+0xa4/0x630
 ksys_ioctl+0x60/0x90
 __x64_sys_ioctl+0x16/0x20
 do_syscall_64+0x53/0x110
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7fa12faa8427
Code: 00 00 90 48 8b 05 69 aa 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff
c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 8b 0d 39 aa 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007ffc737ffda8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00005561b8c625b0 RCX: 00007fa12faa8427
RDX: 00007ffc737ffdf0 RSI: 0000000040206445 RDI: 0000000000000003
RBP: 00007ffc737ffdf0 R08: 0000000000000000 R09: 00005561b8c6a950
R10: fffffffffffffd06 R11: 0000000000000246 R12: 0000000040206445
R13: 0000000000000003 R14: 00007ffc7380002b R15: 0000000000000000
---[ end trace e7c99a8c5897d841 ]---

libdrm's amdgpu_read_mm_registers() calls drmCommandWrite(DRM_AMDGPU_INFO) with
AMDGPU_INFO_READ_MMR_REG query, that calls kernel's amdgpu_kms.c
amdgpu_info_ioctl()

it is not always reproducible, but it seems I can crash it once for each boot

the system is Debian 10 buster amd64 Linux 4.19.37 libdrm 2.4.97 chipset KAVERI

tell me if you need more info
thanks!

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/dri-devel/attachments/20190731/507749ef/attachment.html>

More information about the dri-devel mailing list