<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> </head> <body> Hi Thomas, yeah that's a known issue. A patch to fix that is already under review. Christian. <div class="moz-cite-prefix">Am 22.06.21 um 14:03 schrieb Thomas Zimmermann: </div> <blockquote type="cite" cite="mid:f470eff7-93c9-e08d-d272-93107b36c090@suse.de">Hi, on drm-tip, I see a null-ptr deref in radeon_ttm_bo_destroy(). Happens when I try to start weston or X. Full error is below. Let me know if you need more info. Best regards Thomas <blockquote type="cite">[ 1849.999218] ================================================================== </blockquote> <blockquote type="cite">[ 1850.006544] BUG: KASAN: null-ptr-deref in radeon_ttm_bo_destroy+0x39/0x1d0 [radeon] </blockquote> <blockquote type="cite">[ 1850.014312] Read of size 4 at addr 0000000000000010 by task weston/1434 </blockquote> <blockquote type="cite">[ 1850.020938] </blockquote> <blockquote type="cite">[ 1850.022434] CPU: 7 PID: 1434 Comm: weston Tainted: G E 5.13.0-rc7-1-default+ #972 </blockquote> <blockquote type="cite">[ 1850.031233] Hardware name: Dell Inc. OptiPlex 9020/0N4YC8, BIOS A24 10/24/2018 </blockquote> <blockquote type="cite">[ 1850.038466] Call Trace: </blockquote> <blockquote type="cite">[ 1850.040920] dump_stack+0xa5/0xdc </blockquote> <blockquote type="cite">[ 1850.044249] ? radeon_ttm_bo_destroy+0x39/0x1d0 [radeon] </blockquote> <blockquote type="cite">[ 1850.049639] kasan_report.cold+0x5f/0xd8 </blockquote> <blockquote type="cite">[ 1850.053575] ? radeon_ttm_bo_destroy+0x39/0x1d0 [radeon] </blockquote> <blockquote type="cite">[ 1850.058967] radeon_ttm_bo_destroy+0x39/0x1d0 [radeon] </blockquote> <blockquote type="cite">[ 1850.064189] radeon_bo_unref+0x1f/0x30 [radeon] </blockquote> <blockquote type="cite">[ 1850.068798] radeon_gem_object_free+0x5f/0x80 [radeon] </blockquote> <blockquote type="cite">[ 1850.074016] ? radeon_gem_object_mmap+0x70/0x70 [radeon] </blockquote> <blockquote type="cite">[ 1850.079404] ? drm_gem_object_handle_put_unlocked+0xd0/0x160 [drm] </blockquote> <blockquote type="cite">[ 1850.085673] ? drm_gem_object_free+0x25/0x40 [drm] </blockquote> <blockquote type="cite">[ 1850.090524] drm_gem_object_release_handle+0x8e/0xa0 [drm] </blockquote> <blockquote type="cite">[ 1850.096070] drm_gem_handle_delete+0x5b/0xa0 [drm] </blockquote> <blockquote type="cite">[ 1850.100922] ? drm_gem_handle_create+0x50/0x50 [drm] </blockquote> <blockquote type="cite">[ 1850.105947] drm_ioctl_kernel+0x131/0x180 [drm] </blockquote> <blockquote type="cite">[ 1850.110538] ? drm_setversion+0x340/0x340 [drm] </blockquote> <blockquote type="cite">[ 1850.115135] ? drm_gem_handle_create+0x50/0x50 [drm] </blockquote> <blockquote type="cite">[ 1850.120157] drm_ioctl+0x309/0x540 [drm] </blockquote> <blockquote type="cite">[ 1850.124143] ? drm_version+0x150/0x150 [drm] </blockquote> <blockquote type="cite">[ 1850.128470] ? __lock_release+0x12f/0x4e0 </blockquote> <blockquote type="cite">[ 1850.132496] ? lock_downgrade+0xa0/0xa0 </blockquote> <blockquote type="cite">[ 1850.136342] ? rpm_callback+0xe0/0xe0 </blockquote> <blockquote type="cite">[ 1850.140015] ? mark_held_locks+0x23/0x90 </blockquote> <blockquote type="cite">[ 1850.143951] ? lockdep_hardirqs_on_prepare.part.0+0x128/0x1d0 </blockquote> <blockquote type="cite">[ 1850.149708] ? _raw_spin_unlock_irqrestore+0x37/0x40 </blockquote> <blockquote type="cite">[ 1850.154684] ? lockdep_hardirqs_on+0x77/0xf0 </blockquote> <blockquote type="cite">[ 1850.158967] ? _raw_spin_unlock_irqrestore+0x37/0x40 </blockquote> <blockquote type="cite">[ 1850.163947] radeon_drm_ioctl+0x75/0xd0 [radeon] </blockquote> <blockquote type="cite">[ 1850.168644] __x64_sys_ioctl+0xb9/0xf0 </blockquote> <blockquote type="cite">[ 1850.172406] do_syscall_64+0x40/0xb0 </blockquote> <blockquote type="cite">[ 1850.175992] entry_SYSCALL_64_after_hwframe+0x44/0xae </blockquote> <blockquote type="cite">[ 1850.181053] RIP: 0033:0x7f7d5fd0c0bb </blockquote> <blockquote type="cite">[ 1850.184636] Code: ff ff ff 85 c0 79 8b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 85 bd 0c 00 f7 d8 64 89 01 48 </blockquote> <blockquote type="cite">[ 1850.203436] RSP: 002b:00007ffc3fb35778 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 </blockquote> <blockquote type="cite">[ 1850.211020] RAX: ffffffffffffffda RBX: 00007ffc3fb357c8 RCX: 00007f7d5fd0c0bb </blockquote> <blockquote type="cite">[ 1850.218171] RDX: 00007ffc3fb357c8 RSI: 0000000040086409 RDI: 0000000000000010 </blockquote> <blockquote type="cite">[ 1850.225330] RBP: 0000000040086409 R08: 0000000000000000 R09: ffffffffffffffff </blockquote> <blockquote type="cite">[ 1850.232489] R10: 00007ffc3fbf4080 R11: 0000000000000246 R12: 00005561d758e130 </blockquote> <blockquote type="cite">[ 1850.239647] R13: 0000000000000010 R14: 00005561d7bda6f0 R15: 00005561d7bcb250 </blockquote> <blockquote type="cite">[ 1850.246863] ================================================================== </blockquote> <blockquote type="cite">[ 1850.254107] Disabling lock debugging due to kernel taint </blockquote> <blockquote type="cite">[ 1850.259487] BUG: kernel NULL pointer dereference, address: 0000000000000010 </blockquote> <blockquote type="cite">[ 1850.266458] #PF: supervisor read access in kernel mode </blockquote> <blockquote type="cite">[ 1850.271602] #PF: error_code(0x0000) - not-present page </blockquote> <blockquote type="cite">[ 1850.276746] PGD 0 P4D 0 </blockquote> <blockquote type="cite">[ 1850.279283] Oops: 0000 [#1] SMP KASAN PTI </blockquote> <blockquote type="cite">[ 1850.283296] CPU: 7 PID: 1434 Comm: weston Tainted: G B E 5.13.0-rc7-1-default+ #972 </blockquote> <blockquote type="cite">[ 1850.292092] Hardware name: Dell Inc. OptiPlex 9020/0N4YC8, BIOS A24 10/24/2018 </blockquote> <blockquote type="cite">[ 1850.299324] RIP: 0010:radeon_ttm_bo_destroy+0x40/0x1d0 [radeon] </blockquote> <blockquote type="cite">[ 1850.305323] Code: 81 c7 68 02 00 00 53 4c 8d ad 08 03 00 00 e8 47 0f d6 ce 48 8b 9d 68 02 00 00 48 8d 7b 10 e8 37 0e d6 ce 48 8d bd 18 01 00 00 <44> 8b 7b 10 e8 27 0f d6 ce 4c 8b b5 18 01 00 00 4c 89 ef e8 18 0f </blockquote> <blockquote type="cite">[ 1850.324124] RSP: 0018:ffffc9000367fbf8 EFLAGS: 00010282 </blockquote> <blockquote type="cite">[ 1850.329356] RAX: 0000000000000001 RBX: 0000000000000000 RCX: dffffc0000000000 </blockquote> <blockquote type="cite">[ 1850.336499] RDX: 0000000000000007 RSI: 0000000000000004 RDI: ffff88818b2fd190 </blockquote> <blockquote type="cite">[ 1850.343643] RBP: ffff88818b2fd078 R08: 0000000000000000 R09: ffffffff9154f743 </blockquote> <blockquote type="cite">[ 1850.350787] R10: fffffbfff22a9ee8 R11: 0000000000000001 R12: ffff88818b2fd000 </blockquote> <blockquote type="cite">[ 1850.357933] R13: ffff88818b2fd380 R14: ffff8881ecf87098 R15: ffff8881ecf87038 </blockquote> <blockquote type="cite">[ 1850.365076] FS: 00007f7d5f6618c0(0000) GS:ffff8887b7e00000(0000) knlGS:0000000000000000 </blockquote> <blockquote type="cite">[ 1850.373176] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 </blockquote> <blockquote type="cite">[ 1850.378927] CR2: 0000000000000010 CR3: 000000024b49a002 CR4: 00000000001706e0 </blockquote> <blockquote type="cite">[ 1850.386070] Call Trace: </blockquote> <blockquote type="cite">[ 1850.388519] radeon_bo_unref+0x1f/0x30 [radeon] </blockquote> <blockquote type="cite">[ 1850.393125] radeon_gem_object_free+0x5f/0x80 [radeon] </blockquote> <blockquote type="cite">[ 1850.398338] ? radeon_gem_object_mmap+0x70/0x70 [radeon] </blockquote> <blockquote type="cite">[ 1850.403724] ? drm_gem_object_handle_put_unlocked+0xd0/0x160 [drm] </blockquote> <blockquote type="cite">[ 1850.409960] ? drm_gem_object_free+0x25/0x40 [drm] </blockquote> <blockquote type="cite">[ 1850.414806] drm_gem_object_release_handle+0x8e/0xa0 [drm] </blockquote> <blockquote type="cite">[ 1850.420346] drm_gem_handle_delete+0x5b/0xa0 [drm] </blockquote> <blockquote type="cite">[ 1850.425194] ? drm_gem_handle_create+0x50/0x50 [drm] </blockquote> <blockquote type="cite">[ 1850.430215] drm_ioctl_kernel+0x131/0x180 [drm] </blockquote> <blockquote type="cite">[ 1850.434803] ? drm_setversion+0x340/0x340 [drm] </blockquote> <blockquote type="cite">[ 1850.439386] ? drm_gem_handle_create+0x50/0x50 [drm] </blockquote> <blockquote type="cite">[ 1850.444407] drm_ioctl+0x309/0x540 [drm] </blockquote> <blockquote type="cite">[ 1850.448384] ? drm_version+0x150/0x150 [drm] </blockquote> <blockquote type="cite">[ 1850.452708] ? __lock_release+0x12f/0x4e0 </blockquote> <blockquote type="cite">[ 1850.456722] ? lock_downgrade+0xa0/0xa0 </blockquote> <blockquote type="cite">[ 1850.460562] ? rpm_callback+0xe0/0xe0 </blockquote> <blockquote type="cite">[ 1850.464230] ? mark_held_locks+0x23/0x90 </blockquote> <blockquote type="cite">[ 1850.468155] ? lockdep_hardirqs_on_prepare.part.0+0x128/0x1d0 </blockquote> <blockquote type="cite">[ 1850.473910] ? _raw_spin_unlock_irqrestore+0x37/0x40 </blockquote> <blockquote type="cite">[ 1850.478880] ? lockdep_hardirqs_on+0x77/0xf0 </blockquote> <blockquote type="cite">[ 1850.483156] ? _raw_spin_unlock_irqrestore+0x37/0x40 </blockquote> <blockquote type="cite">[ 1850.488128] radeon_drm_ioctl+0x75/0xd0 [radeon] </blockquote> <blockquote type="cite">[ 1850.492817] __x64_sys_ioctl+0xb9/0xf0 </blockquote> <blockquote type="cite">[ 1850.496570] do_syscall_64+0x40/0xb0 </blockquote> <blockquote type="cite">[ 1850.500150] entry_SYSCALL_64_after_hwframe+0x44/0xae </blockquote> <blockquote type="cite">[ 1850.505209] RIP: 0033:0x7f7d5fd0c0bb </blockquote> <blockquote type="cite">[ 1850.508787] Code: ff ff ff 85 c0 79 8b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 85 bd 0c 00 f7 d8 64 89 01 48 </blockquote> <blockquote type="cite">[ 1850.527580] RSP: 002b:00007ffc3fb35778 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 </blockquote> <blockquote type="cite">[ 1850.535157] RAX: ffffffffffffffda RBX: 00007ffc3fb357c8 RCX: 00007f7d5fd0c0bb </blockquote> <blockquote type="cite">[ 1850.542299] RDX: 00007ffc3fb357c8 RSI: 0000000040086409 RDI: 0000000000000010 </blockquote> <blockquote type="cite">[ 1850.549443] RBP: 0000000040086409 R08: 0000000000000000 R09: ffffffffffffffff </blockquote> <blockquote type="cite">[ 1850.556587] R10: 00007ffc3fbf4080 R11: 0000000000000246 R12: 00005561d758e130 </blockquote> <blockquote type="cite">[ 1850.563733] R13: 0000000000000010 R14: 00005561d7bda6f0 R15: 00005561d7bcb250 </blockquote> <blockquote type="cite">[ 1850.570878] Modules linked in: af_packet(E) rfkill(E) dmi_sysfs(E) intel_rapl_msr(E) snd_hda_codec_realtek(E) snd_hda_codec_generic(E) intel_rapl_common(E) ledtrig_audio(E) snd_hda_codec_hdmi(E) x86_pkg_temp_thermal(E) snd_hda_intel(E) </blockquote> <blockquote type="cite">[ 1850.570970] blake2b_generic(E) libcrc32c(E) crc32c_intel(E) xor(E) raid6_pq(E) sg(E) dm_multipath(E) dm_mod(E) scsi_dh_rdac(E) scsi_dh_emc(E) scsi_dh_alua(E) msr(E) efivarfs(E) </blockquote> <blockquote type="cite">[ 1850.673011] CR2: 0000000000000010 </blockquote> <blockquote type="cite">[ 1850.676355] ---[ end trace 7f92395c6274c049 ]--- </blockquote> <blockquote type="cite">[ 1850.703761] RIP: 0010:radeon_ttm_bo_destroy+0x40/0x1d0 [radeon] </blockquote> <blockquote type="cite">[ 1850.709761] Code: 81 c7 68 02 00 00 53 4c 8d ad 08 03 00 00 e8 47 0f d6 ce 48 8b 9d 68 02 00 00 48 8d 7b 10 e8 37 0e d6 ce 48 8d bd 18 01 00 00 <44> 8b 7b 10 e8 27 0f d6 ce 4c 8b b5 18 01 00 00 4c 89 ef e8 18 0f </blockquote> <blockquote type="cite">[ 1850.728562] RSP: 0018:ffffc9000367fbf8 EFLAGS: 00010282 </blockquote> <blockquote type="cite">[ 1850.733800] RAX: 0000000000000001 RBX: 0000000000000000 RCX: dffffc0000000000 </blockquote> <blockquote type="cite">[ 1850.740949] RDX: 0000000000000007 RSI: 0000000000000004 RDI: ffff88818b2fd190 </blockquote> <blockquote type="cite">[ 1850.748095] RBP: ffff88818b2fd078 R08: 0000000000000000 R09: ffffffff9154f743 </blockquote> <blockquote type="cite">[ 1850.755242] R10: fffffbfff22a9ee8 R11: 0000000000000001 R12: ffff88818b2fd000 </blockquote> <blockquote type="cite">[ 1850.762388] R13: ffff88818b2fd380 R14: ffff8881ecf87098 R15: ffff8881ecf87038 </blockquote> <blockquote type="cite">[ 1850.769533] FS: 00007f7d5f6618c0(0000) GS:ffff8887b7e00000(0000) knlGS:0000000000000000 </blockquote> <blockquote type="cite">[ 1850.777634] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 </blockquote> <blockquote type="cite">[ 1850.783391] CR2: 0000000000000010 CR3: 000000024b49a002 CR4: 00000000001706e0 </blockquote> <blockquote type="cite"> </blockquote> <blockquote type="cite">CTRL-A Z for help | 115200 8N1 | NOR | Minicom 2.7.1 | VT102 | Online 0:30 | ttyUSB0 </blockquote> <blockquote type="cite"> </blockquote> <fieldset class="mimeAttachmentHeader"></fieldset> <pre class="moz-quote-pre" wrap="">_______________________________________________ amd-gfx mailing list <a class="moz-txt-link-abbreviated" href="mailto:amd-gfx@lists.freedesktop.org">amd-gfx@lists.freedesktop.org</a> <a class="moz-txt-link-freetext" href="https://lists.freedesktop.org/mailman/listinfo/amd-gfx">https://lists.freedesktop.org/mailman/listinfo/amd-gfx</a> </pre> </blockquote> </body> </html>