[bug report] KFENCE: use-after-free read in amdgpu_bo_move+0x1ce/0x710 [amdgpu]

voidastro voidastro at proton.me
Thu Apr 25 20:45:57 UTC 2024 

platform: Ryzen 5600U

[520277.842817] ==================================================================
[520277.842821] BUG: KFENCE: use-after-free read in amdgpu_bo_move+0x1ce/0x710 [amdgpu]

[520277.843054] Use-after-free read at 0x0000000031f4f80d (in kfence-#198):
[520277.843057] amdgpu_bo_move+0x1ce/0x710 [amdgpu]
[520277.843213] ttm_bo_handle_move_mem+0xbb/0x170 [ttm]
[520277.843219] ttm_bo_validate+0xee/0x190 [ttm]
[520277.843224] amdgpu_cs_bo_validate+0x9c/0x2e0 [amdgpu]
[520277.843382] amdgpu_vm_validate_pt_bos+0xbd/0x380 [amdgpu]
[520277.843541] amdgpu_cs_parser_bos.isra.0+0x490/0x820 [amdgpu]
[520277.843699] amdgpu_cs_ioctl+0xa2f/0x1a30 [amdgpu]
[520277.843855] drm_ioctl_kernel+0xb5/0x110 [drm]
[520277.843879] drm_ioctl+0x26d/0x4b0 [drm]
[520277.843896] amdgpu_drm_ioctl+0x4e/0x90 [amdgpu]
[520277.844047] __x64_sys_ioctl+0x97/0xd0
[520277.844051] do_syscall_64+0x85/0x180
[520277.844055] entry_SYSCALL_64_after_hwframe+0x78/0x80

[520277.844059] kfence-#198: 0x000000008e037a15-0x000000002b09d47d, size=240, cache=kmalloc-256

[520277.844062] allocated by task 27081 on cpu 2 at 509864.487557s:
[520277.844318] kmalloc_trace+0x286/0x320
[520277.844320] amdgpu_gtt_mgr_new+0x40/0x140 [amdgpu]
[520277.844480] ttm_resource_alloc+0x3b/0x80 [ttm]
[520277.844485] ttm_bo_mem_space+0x88/0x230 [ttm]
[520277.844490] ttm_mem_evict_first+0x1c6/0x530 [ttm]
[520277.844495] ttm_resource_manager_evict_all+0xa7/0x1d0 [ttm]
[520277.844501] amdgpu_device_suspend+0xc3/0x190 [amdgpu]
[520277.844651] amdgpu_pmops_freeze+0x25/0x70 [amdgpu]
[520277.844800] pci_pm_freeze+0x58/0xc0
[520277.844802] dpm_run_callback+0x8c/0x1e0
[520277.844804] __device_suspend+0x10a/0x560
[520277.844806] async_suspend+0x1e/0x70
[520277.844808] async_run_entry_fn+0x34/0x130
[520277.844810] process_one_work+0x174/0x340
[520277.844812] worker_thread+0x27b/0x3a0
[520277.844814] kthread+0xf7/0x130
[520277.844815] ret_from_fork+0x34/0x50
[520277.844817] ret_from_fork_asm+0x1b/0x30

[520277.844820] freed by task 16138 on cpu 0 at 520277.842810s:
[520277.844823] ttm_resource_free+0x6b/0x80 [ttm]
[520277.844828] ttm_bo_move_accel_cleanup+0xc8/0x2a0 [ttm]
[520277.844834] amdgpu_bo_move+0x5d0/0x710 [amdgpu]
[520277.844987] ttm_bo_handle_move_mem+0xbb/0x170 [ttm]
[520277.844992] ttm_bo_validate+0xee/0x190 [ttm]
[520277.844998] amdgpu_cs_bo_validate+0x9c/0x2e0 [amdgpu]
[520277.845153] amdgpu_vm_validate_pt_bos+0xbd/0x380 [amdgpu]
[520277.845310] amdgpu_cs_parser_bos.isra.0+0x490/0x820 [amdgpu]
[520277.845466] amdgpu_cs_ioctl+0xa2f/0x1a30 [amdgpu]
[520277.845622] drm_ioctl_kernel+0xb5/0x110 [drm]
[520277.845641] drm_ioctl+0x26d/0x4b0 [drm]
[520277.845658] amdgpu_drm_ioctl+0x4e/0x90 [amdgpu]
[520277.845808] __x64_sys_ioctl+0x97/0xd0
[520277.845811] do_syscall_64+0x85/0x180
[520277.845813] entry_SYSCALL_64_after_hwframe+0x78/0x80

[520277.845816] CPU: 0 PID: 16138 Comm: vo Tainted: G B 6.8.6_1 #1
[520277.845820] Hardware name: HP HP ProBook 445 G8 Notebook PC/8861, BIOS T78 Ver. 01.16.00 02/14/2024[520277.845822] ==================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/amd-gfx/attachments/20240425/99c2461b/attachment-0001.htm>

More information about the amd-gfx mailing list