<html> <head> <base href="https://bugs.freedesktop.org/"> </head> <body> <div> <a class="bz_bug_link bz_status_NEW " title="NEW - radeon - ring 0 stalled - GPU lockup - SI" href="https://bugs.freedesktop.org/show_bug.cgi?id=107545#c5">Comment # 5</a> on <a class="bz_bug_link bz_status_NEW " title="NEW - radeon - ring 0 stalled - GPU lockup - SI" href="https://bugs.freedesktop.org/show_bug.cgi?id=107545">bug 107545</a> from <a class="email" href="mailto:julien.isorce@gmail.com" title="Julien Isorce <julien.isorce@gmail.com>"> Julien Isorce</a> <pre>Extract of the 2 attached cs dumps: User space so before ioctl radeon_cs_ioctl: 0x00000290 0x00000000 0xC0016900 0x000002A1 Kernel space so in radeon_cs_ioctl: 0x00000290 0x0000000b 0x00000000 0x000002a1 So for some reasons 0x00000000C0016900 gets overwritten by 0x0000000b00000000 Note that it always get overwritten with this value above and this value also appears in the other packet0 bug report: <a class="bz_bug_link bz_status_NEW " title="NEW - [radeonsi] radeon 0000:01:00.0: Packet0 not allowed!" href="show_bug.cgi?id=84500#c7">https://bugs.freedesktop.org/show_bug.cgi?id=84500#c7</a> I have started to narrow down the issue and it looks like it happens in "radeon_cs_parser_init" in kernel/drivers/gpu/drm/radeon as the overwrtting is already present just after this function. But it is not easy to debug further as this function is quite difficult to understand so any inputs would be appreciated, thx! Does kernel space make a copy of the cs chunks or just keep a pointer on it, as I see "user_ptr" ? Also note that the issue does not happen with amdgpu so one possibility is that "amdgpu_cs_parser_init" is more robust.</pre> </div> <hr> You are receiving this mail because: <ul> <li>You are the assignee for the bug.</li> </ul> </body> </html>