| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Jul 2023 02:13:15 +0000
From: "Chen, Guchun" <Guchun.Chen@....com>
To: Mikhail Gavrilov <mikhail.v.gavrilov@...il.com>,
"Koenig, Christian" <Christian.Koenig@....com>,
"Pelloux-Prayer, Pierre-Eric" <Pierre-eric.Pelloux-prayer@....com>,
"Deucher, Alexander" <Alexander.Deucher@....com>,
amd-gfx list <amd-gfx@...ts.freedesktop.org>,
Linux List Kernel Mailing <linux-kernel@...r.kernel.org>
Subject: RE: [bug/bisected] commit a2848d08742c8e8494675892c02c0d22acbe3cf8
cause general protection fault, probably for non-canonical address
0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI
[Public]
Hello Mike,
I guess this patch can resolve your problem.
https://patchwork.freedesktop.org/patch/547897/
Regards,
Guchun
> -----Original Message-----
> From: amd-gfx <amd-gfx-bounces@...ts.freedesktop.org> On Behalf Of
> Mikhail Gavrilov
> Sent: Tuesday, July 18, 2023 3:34 AM
> To: Koenig, Christian <Christian.Koenig@....com>; Pelloux-Prayer, Pierre-
> Eric <Pierre-eric.Pelloux-prayer@....com>; Deucher, Alexander
> <Alexander.Deucher@....com>; amd-gfx list <amd-
> gfx@...ts.freedesktop.org>; Linux List Kernel Mailing <linux-
> kernel@...r.kernel.org>
> Subject: [bug/bisected] commit
> a2848d08742c8e8494675892c02c0d22acbe3cf8 cause general protection
> fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1]
> PREEMPT SMP KASAN NOPTI
>
> Hi,
> at weekend I catched another problem.
> I noted my computer starts hang after launching Steam and Google Chrome.
> In the kernel log I saw such backtrace:
> [ 90.002283] general protection fault, probably for non-canonical
> address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI
> [ 90.002292] KASAN: null-ptr-deref in range
> [0x0000000000000000-0x0000000000000007]
> [ 90.002296] CPU: 12 PID: 3499 Comm: chrome:cs0 Tainted: G B W
> L 6.4.0-rc7-07-a2848d08742c8e8494675892c02c0d22acbe3cf8+ #124
> [ 90.002299] Hardware name: ASUSTeK COMPUTER INC. ROG Strix
> G513QY_G513QY/G513QY, BIOS G513QY.331 02/24/2023
> [ 90.002301] RIP: 0010:ttm_bo_evict_swapout_allowable+0x322/0x5e0 [ttm]
> [ 90.002313] Code: b6 04 02 48 89 ea 83 e2 07 38 d0 7f 08 84 c0 0f
> 85 e8 01 00 00 4c 89 e2 c6 45 00 00 48 b8 00 00 00 00 00 fc ff df 48
> c1 ea 03 <0f> b6 04 02 4c 89 e2 83 e2 07 38 d0 7f 08 84 c0 0f 85 ca 01
> 00 00
> [ 90.002316] RSP: 0018:ffffc9000703ee08 EFLAGS: 00010256
> [ 90.002319] RAX: dffffc0000000000 RBX: ffff888180ac1858 RCX:
> ffffc9000703ee90
> [ 90.002321] RDX: 0000000000000000 RSI: ffffc9000703f228 RDI:
> ffff888180ac1ab4
> [ 90.002323] RBP: ffffc9000703ee90 R08: 0000000000000000 R09:
> ffffc9000703eed0
> [ 90.002324] R10: fffff52000e07db3 R11: ffffffffb17dde80 R12:
> 0000000000000000
> [ 90.002326] R13: ffffc9000703f228 R14: ffffc9000703eed0 R15:
> ffff888180ac1858
> [ 90.002328] FS: 00007f77461fe6c0(0000) GS:ffff888f9c800000(0000)
> knlGS:0000000000000000
> [ 90.002330] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 90.002332] CR2: 00007f773549c000 CR3: 000000024213e000 CR4:
> 0000000000750ee0
> [ 90.002334] PKRU: 55555554
> [ 90.002335] Call Trace:
> [ 90.002337] <TASK>
> [ 90.002339] ? die_addr+0x40/0xa0
> [ 90.002346] ? exc_general_protection+0x159/0x240
> [ 90.002352] ? asm_exc_general_protection+0x26/0x30
> [ 90.002357] ? ttm_bo_evict_swapout_allowable+0x322/0x5e0 [ttm]
> [ 90.002365] ? ttm_bo_evict_swapout_allowable+0x42e/0x5e0 [ttm]
> [ 90.002373] ttm_bo_swapout+0x134/0x7f0 [ttm]
> [ 90.002383] ? __pfx_ttm_bo_swapout+0x10/0x10 [ttm]
> [ 90.002391] ? lock_acquire+0x44d/0x4f0
> [ 90.002398] ? ttm_device_swapout+0xa5/0x260 [ttm]
> [ 90.002412] ? lock_acquired+0x355/0xa00
> [ 90.002416] ? do_raw_spin_trylock+0xb6/0x190
> [ 90.002421] ? __pfx_lock_acquired+0x10/0x10
> [ 90.002426] ? ttm_global_swapout+0x25/0x210 [ttm]
> [ 90.002442] ttm_device_swapout+0x198/0x260 [ttm]
> [ 90.002456] ? __pfx_ttm_device_swapout+0x10/0x10 [ttm]
> [ 90.002472] ttm_global_swapout+0x75/0x210 [ttm]
> [ 90.002486] ttm_tt_populate+0x187/0x3f0 [ttm]
> [ 90.002501] ttm_bo_handle_move_mem+0x437/0x590 [ttm]
> [ 90.002517] ttm_bo_validate+0x275/0x430 [ttm]
> [ 90.002530] ? __pfx_ttm_bo_validate+0x10/0x10 [ttm]
> [ 90.002544] ? kasan_save_stack+0x33/0x60
> [ 90.002550] ? kasan_set_track+0x25/0x30
> [ 90.002554] ? __kasan_kmalloc+0x8f/0xa0
> [ 90.002558] ? amdgpu_gtt_mgr_new+0x81/0x420 [amdgpu]
> [ 90.003023] ? ttm_resource_alloc+0xf6/0x220 [ttm]
> [ 90.003038] amdgpu_bo_pin_restricted+0x2dd/0x8b0 [amdgpu]
> [ 90.003210] ? __x64_sys_ioctl+0x131/0x1a0
> [ 90.003210] ? do_syscall_64+0x60/0x90
> [ 90.003210] ? __pfx_amdgpu_bo_pin_restricted+0x10/0x10 [amdgpu]
> [ 90.003210] ? unmap_mapping_range+0xb6/0x250
> [ 90.003210] ? __pfx___might_resched+0x10/0x10
> [ 90.003210] ? lock_acquired+0x355/0xa00
> [ 90.003210] ? __down_read_trylock+0x1be/0x3a0
> [ 90.003210] dma_buf_map_attachment+0x1dd/0x560
> [ 90.003210] ? rcu_is_watching+0x15/0xb0
> [ 90.003210] amdgpu_bo_move+0x1227/0x1830 [amdgpu]
> [ 90.003210] ? lock_release+0x4ec/0xba0
> [ 90.003210] ? ttm_bo_add_move_fence.isra.0+0x22/0x290 [ttm]
> [ 90.003210] ? rcu_is_watching+0x15/0xb0
> [ 90.003210] ? __pfx_amdgpu_bo_move+0x10/0x10 [amdgpu]
> [ 90.003210] ? dma_resv_reserve_fences+0xe8/0x7f0
> [ 90.003210] ? unmap_mapping_range+0xe3/0x250
> [ 90.003210] ? __pfx_dma_resv_reserve_fences+0x10/0x10
> [ 90.003210] ? _raw_spin_unlock+0x2d/0x50
> [ 90.003210] ? ttm_bo_add_move_fence.isra.0+0x12b/0x290 [ttm]
> [ 90.003210] ttm_bo_handle_move_mem+0x244/0x590 [ttm]
> [ 90.003210] ttm_bo_validate+0x275/0x430 [ttm]
> [ 90.003210] ? __pfx_ttm_bo_validate+0x10/0x10 [ttm]
> [ 90.003210] ? lock_acquired+0x355/0xa00
> [ 90.003210] amdgpu_cs_bo_validate+0x25a/0xcb0 [amdgpu]
> [ 90.003210] ? __kmalloc+0xe1/0x160
> [ 90.003210] ? amdgpu_vm_validate_pt_bos+0x372/0x670 [amdgpu]
> [ 90.003210] ? __pfx_amdgpu_cs_bo_validate+0x10/0x10 [amdgpu]
> [ 90.003210] ? __pfx___mutex_unlock_slowpath+0x10/0x10
> [ 90.003210] amdgpu_cs_list_validate+0x26c/0x390 [amdgpu]
> [ 90.003210] ? __pfx_amdgpu_cs_list_validate+0x10/0x10 [amdgpu]
> [ 90.003210] ? __pfx_amdgpu_cs_bo_validate+0x10/0x10 [amdgpu]
> [ 90.003210] ? seqcount_lockdep_reader_access.constprop.0+0xa5/0xb0
> [ 90.003210] ? trace_hardirqs_on+0x16/0x100
> [ 90.003210] amdgpu_cs_ioctl+0x2207/0x55e0 [amdgpu]
> [ 90.003210] ? rcu_is_watching+0x15/0xb0
> [ 90.003210] ? __pfx_amdgpu_cs_ioctl+0x10/0x10 [amdgpu]
> [ 90.003210] ? finish_task_switch.isra.0+0x22b/0xc20
> [ 90.003210] ? rcu_is_watching+0x15/0xb0
> [ 90.003210] ? __switch_to+0x413/0xde0
> [ 90.003210] ? __pfx_lock_release+0x10/0x10
> [ 90.003210] ? rcu_is_watching+0x15/0xb0
> [ 90.003210] ? lock_acquire+0x44d/0x4f0
> [ 90.003210] ? rcu_is_watching+0x15/0xb0
> [ 90.003210] ? __pfx_amdgpu_cs_ioctl+0x10/0x10 [amdgpu]
> [ 90.003210] drm_ioctl_kernel+0x1fc/0x3d0
> [ 90.003210] ? __pfx___might_resched+0x10/0x10
> [ 90.003210] ? __pfx_drm_ioctl_kernel+0x10/0x10
> [ 90.003210] drm_ioctl+0x4c5/0xaa0
> [ 90.003210] ? __pfx_amdgpu_cs_ioctl+0x10/0x10 [amdgpu]
> [ 90.003210] ? __pfx_drm_ioctl+0x10/0x10
> [ 90.003210] ? lock_release+0x4ec/0xba0
> [ 90.003210] ? rcu_is_watching+0x15/0xb0
> [ 90.003210] ? _raw_spin_unlock_irqrestore+0x66/0x80
> [ 90.003210] ? trace_hardirqs_on+0x16/0x100
> [ 90.003210] ? _raw_spin_unlock_irqrestore+0x4f/0x80
> [ 90.003210] amdgpu_drm_ioctl+0xd2/0x1b0 [amdgpu]
> [ 90.003210] __x64_sys_ioctl+0x131/0x1a0
> [ 90.003210] do_syscall_64+0x60/0x90
> [ 90.003210] ? do_syscall_64+0x6c/0x90
> [ 90.003210] ? do_syscall_64+0x6c/0x90
> [ 90.003210] ? trace_hardirqs_on_prepare+0xe3/0x100
> [ 90.003210] entry_SYSCALL_64_after_hwframe+0x72/0xdc
> [ 90.003210] RIP: 0033:0x7f775a9113ad
> [ 90.003210] Code: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10
> c7 45 b0 10 00 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00
> 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1a 48 8b 45 c8 64 48 2b 04 25 28 00
> 00 00
> [ 90.003210] RSP: 002b:00007f77461fd1d0 EFLAGS: 00000246 ORIG_RAX:
> 0000000000000010
> [ 90.003210] RAX: ffffffffffffffda RBX: 00007f77461fd368 RCX:
> 00007f775a9113ad
> [ 90.003210] RDX: 00007f77461fd2a0 RSI: 00000000c0186444 RDI:
> 000000000000001c
> [ 90.003210] RBP: 00007f77461fd220 R08: 00007f77461fd3d0 R09:
> 00007f77461fd270
> [ 90.003210] R10: 00001a94000b2900 R11: 0000000000000246 R12:
> 00007f77461fd2a0
> [ 90.003210] R13: 00000000c0186444 R14: 000000000000001c R15:
> 00007f77461fd368
> [ 90.003210] </TASK>
> [ 90.003210] Modules linked in: uinput rfcomm snd_seq_dummy
> snd_hrtimer nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet
> nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet
> nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat
> nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables nfnetlink qrtr
> bnep sunrpc snd_hda_codec_realtek snd_hda_codec_generic
> snd_hda_codec_hdmi binfmt_misc snd_sof_amd_rembrandt
> snd_sof_amd_renoir snd_sof_amd_acp snd_sof_pci snd_sof_xtensa_dsp
> snd_sof snd_sof_utils mt7921e mt7921_common intel_rapl_msr
> intel_rapl_common vfat mt76_connac_lib fat btusb edac_mce_amd mt76
> btrtl btbcm snd_hda_intel btintel snd_intel_dspcfg snd_soc_core
> snd_intel_sdw_acpi kvm_amd btmtk snd_hda_codec mac80211
> snd_compress snd_hda_core bluetooth ac97_bus snd_pcm_dmaengine kvm
> snd_hwdep snd_seq snd_pci_ps snd_rpl_pci_acp6x snd_seq_device libarc4
> snd_pci_acp6x irqbypass snd_pci_acp5x snd_pcm cfg80211 rapl
> asus_nb_wmi snd_rn_pci_acp3x snd_timer wmi_bmof snd_acp_config
> snd_soc_acpi snd pcspkr
> [ 90.003210] acpi_cpufreq snd_pci_acp3x i2c_piix4 k10temp soundcore
> amd_pmc asus_wireless joydev loop zram amdgpu i2c_algo_bit hid_asus
> drm_ttm_helper crct10dif_pclmul asus_wmi ttm ledtrig_audio crc32_pclmul
> drm_suballoc_helper sparse_keymap crc32c_intel iommu_v2 polyval_clmulni
> platform_profile drm_buddy polyval_generic gpu_sched nvme rfkill ucsi_acpi
> hid_multitouch drm_display_helper ghash_clmulni_intel nvme_core
> serio_raw typec_ucsi sha512_ssse3 r8169 ccp cec nvme_common sp5100_tco
> typec video i2c_hid_acpi i2c_hid wmi ip6_tables ip_tables fuse
> [ 90.008560] ---[ end trace 0000000000000000 ]---
> [ 90.008565] RIP: 0010:ttm_bo_evict_swapout_allowable+0x322/0x5e0 [ttm]
> [ 90.008580] Code: b6 04 02 48 89 ea 83 e2 07 38 d0 7f 08 84 c0 0f
> 85 e8 01 00 00 4c 89 e2 c6 45 00 00 48 b8 00 00 00 00 00 fc ff df 48
> c1 ea 03 <0f> b6 04 02 4c 89 e2 83 e2 07 38 d0 7f 08 84 c0 0f 85 ca 01
> 00 00
> [ 90.008583] RSP: 0018:ffffc9000703ee08 EFLAGS: 00010256
> [ 90.008587] RAX: dffffc0000000000 RBX: ffff888180ac1858 RCX:
> ffffc9000703ee90
> [ 90.008591] RDX: 0000000000000000 RSI: ffffc9000703f228 RDI:
> ffff888180ac1ab4
> [ 90.008594] RBP: ffffc9000703ee90 R08: 0000000000000000 R09:
> ffffc9000703eed0
> [ 90.008597] R10: fffff52000e07db3 R11: ffffffffb17dde80 R12:
> 0000000000000000
> [ 90.008600] R13: ffffc9000703f228 R14: ffffc9000703eed0 R15:
> ffff888180ac1858
> [ 90.008603] FS: 00007f77461fe6c0(0000) GS:ffff888f9c800000(0000)
> knlGS:0000000000000000
> [ 90.008606] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 90.008609] CR2: 00007f773549c000 CR3: 000000024213e000 CR4:
> 0000000000750ee0
> [ 90.008613] PKRU: 55555554
> [ 90.008616] note: chrome:cs0[3499] exited with preempt_count 1
>
>
> Bisect said that commit a2848d08742c8e8494675892c02c0d22acbe3cf8 is
> culprit here.
>
> commit a2848d08742c8e8494675892c02c0d22acbe3cf8
> Author: Christian König <christian.koenig@....com>
> Date: Fri Jul 7 11:25:00 2023 +0200
>
> drm/ttm: never consider pinned BOs for eviction&swap
>
> There is a small window where we have already incremented the pin count
> but not yet moved the bo from the lru to the pinned list.
>
> Signed-off-by: Christian König <christian.koenig@....com>
> Reported-by: Pelloux-Prayer, Pierre-Eric <Pierre-eric.Pelloux-
> prayer@....com>
> Tested-by: Pelloux-Prayer, Pierre-Eric <Pierre-eric.Pelloux-
> prayer@....com>
> Acked-by: Alex Deucher <alexander.deucher@....com>
> Cc: stable@...r.kernel.org
> Link:
> https://patchwork.freedesktop.org/patch/msgid/20230707120826.3701-1-
> christian.koenig@....com
>
> drivers/gpu/drm/ttm/ttm_bo.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> I attached here a full bisect log, all kernel logs from all bisect steps and my
> kernel build config.
> Is there anything else I can help here?
>
> --
> Best Regards,
> Mike Gavrilov.
Powered by blists - more mailing lists