From: "Christian König" <christian.koenig@amd.com>
To: Borislav Petkov <bp@alien8.de>, Huang Rui <ray.huang@amd.com>
Cc: dri-devel@lists.freedesktop.org, lkml <linux-kernel@vger.kernel.org>
Subject: Re: 5.11-rc1 TTM list corruption
Date: Fri, 1 Jan 2021 15:34:28 +0100 [thread overview]
Message-ID: <e3bfa0a4-5d0a-bd68-6cc8-73db1d29f22c@amd.com> (raw)
In-Reply-To: <20201231104020.GA4504@zn.tnic>
Hi Borislav,
my best guess is that this is an use after free.
Going to double check the code, but can you reproduce this issue reliable?
Thanks,
Christian.
Am 31.12.20 um 11:40 schrieb Borislav Petkov:
> Hi folks,
>
> got this when trying to suspend my workstation to disk, it was still
> responsive so I could catch the splat:
>
> [22020.334381] ------------[ cut here ]------------
> [22020.339057] list_del corruption. next->prev should be ffffffff8b7a9a40, but was ffff8881020bced0
> [22020.347764] WARNING: CPU: 12 PID: 13134 at lib/list_debug.c:54 __list_del_entry_valid+0x8a/0x90
> [22020.356397] Modules linked in: fuse essiv authenc nft_counter nf_tables libcrc32c nfnetlink loop dm_crypt dm_mod amd64_edac edac_mce_amd kvm_amd snd_hda_codec_realtek snd_hda_codec_generic led_class kvm ledtrig_audio snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core snd_pcm snd_timer irqbypass crct10dif_pclmul snd crc32_pclmul crc32c_intel ghash_clmulni_intel pcspkr k10temp soundcore gpio_amdpt gpio_generic acpi_cpufreq radeon aesni_intel glue_helper crypto_simd cryptd pinctrl_amd
> [22020.400855] CPU: 12 PID: 13134 Comm: hib.sh Not tainted 5.11.0-rc1+ #2
> [22020.400857] Hardware name: Micro-Star International Co., Ltd. MS-7B79/X470 GAMING PRO (MS-7B79), BIOS 1.70 01/23/2019
> [22020.400858] RIP: 0010:__list_del_entry_valid+0x8a/0x90
> [22020.400861] Code: 46 00 0f 0b 31 c0 c3 48 89 f2 48 89 fe 48 c7 c7 78 30 0f 82 e8 24 6c 46 00 0f 0b 31 c0 c3 48 c7 c7 b8 30 0f 82 e8 13 6c 46 00 <0f> 0b 31 c0 c3 cc 48 85 d2 89 f8 74 20 48 8d 0c 16 0f b6 16 48 ff
> [22020.400863] RSP: 0018:ffffc90001fbbcf8 EFLAGS: 00010292
> [22020.441503] RAX: 0000000000000054 RBX: ffffffff8b7a9a40 RCX: 0000000000000000
> [22020.441505] RDX: ffff8887fef26600 RSI: ffff8887fef17450 RDI: ffff8887fef17450
> [22020.441505] RBP: 0000000000003f82 R08: ffff8887fef17450 R09: ffffc90001fbbb38
> [22020.441506] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000
> [22020.441507] R13: 0000000000000080 R14: 0000000000000480 R15: 000000000000019b
> [22020.441508] FS: 00007f51c72f9740(0000) GS:ffff8887fef00000(0000) knlGS:0000000000000000
> [22020.490045] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [22020.490046] CR2: 00005557afb81018 CR3: 000000012099e000 CR4: 00000000003506e0
> [22020.490047] Call Trace:
> [22020.490048] ttm_pool_shrink+0x61/0xd0
> [22020.508965] ttm_pool_shrinker_scan+0xa/0x20
> [22020.508966] shrink_slab.part.0.constprop.0+0x1a1/0x330
> [22020.508970] drop_slab_node+0x37/0x50
> [22020.522011] drop_slab+0x33/0x60
> [22020.522012] drop_caches_sysctl_handler+0x70/0x80
> [22020.522015] proc_sys_call_handler+0x140/0x220
> [22020.534286] new_sync_write+0x10b/0x190
> [22020.534289] vfs_write+0x1b7/0x290
> [22020.534291] ksys_write+0x60/0xe0
> [22020.544762] do_syscall_64+0x33/0x40
> [22020.544765] entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [22020.553320] RIP: 0033:0x7f51c73eaff3
> [22020.553322] Code: 8b 15 a1 ee 0c 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18
> [22020.553324] RSP: 002b:00007ffd0a748ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
> [22020.553325] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f51c73eaff3
> [22020.553326] RDX: 0000000000000002 RSI: 000056039fd0ee70 RDI: 0000000000000001
> [22020.553327] RBP: 000056039fd0ee70 R08: 000000000000000a R09: 0000000000000001
> [22020.553327] R10: 000056039fd0e770 R11: 0000000000000246 R12: 0000000000000002
> [22020.611218] R13: 00007f51c74bb6a0 R14: 0000000000000002 R15: 00007f51c74bb8a0
> [22020.611220] ---[ end trace f7ea94a6ddb98f71 ]---
>
next prev parent reply other threads:[~2021-01-01 14:35 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-31 10:40 5.11-rc1 TTM list corruption Borislav Petkov
2021-01-01 14:34 ` Christian König [this message]
2021-01-04 10:58 ` Borislav Petkov
2021-01-04 14:48 ` Christian König
2021-01-05 4:12 ` Huang Rui
2021-01-05 10:31 ` Borislav Petkov
2021-01-05 11:08 ` Huang Rui
2021-01-05 11:34 ` Christian König
2021-01-05 11:43 ` Borislav Petkov
2021-01-05 12:20 ` Huang Rui
2021-01-05 15:40 ` Christian König
2021-01-06 16:54 ` David Woodhouse
2021-01-06 17:10 ` Alex Deucher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e3bfa0a4-5d0a-bd68-6cc8-73db1d29f22c@amd.com \
--to=christian.koenig@amd.com \
--cc=bp@alien8.de \
--cc=dri-devel@lists.freedesktop.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ray.huang@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox