From: kernel test robot <lkp@intel.com>
To: oe-kbuild@lists.linux.dev
Cc: lkp@intel.com, Dan Carpenter <error27@gmail.com>
Subject: [agd5f:drm-next-7.1 55/56] drivers/gpu/drm/amd/amdgpu/amdgpu_dev_coredump.c:423 amdgpu_coredump() error: we previously assumed 'job' could be null (see line 414)
Date: Tue, 07 Apr 2026 12:25:13 +0800 [thread overview]
Message-ID: <202604071441.vAPwv1su-lkp@intel.com> (raw)
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
TO: "Pierre-Eric Pelloux-Prayer" <pierre-eric.pelloux-prayer@amd.com>
CC: Alex Deucher <alexander.deucher@amd.com>
tree: https://gitlab.freedesktop.org/agd5f/linux.git drm-next-7.1
head: 7b15fc2d1f1a00fb99f0146e404ff2600999ec74
commit: 32ab301b89b30d71a2e68d86f564eca66f7c52c5 [55/56] drm/amdgpu: store ib info for devcoredump
:::::: branch date: 3 days ago
:::::: commit date: 3 days ago
config: x86_64-randconfig-161-20260405 (https://download.01.org/0day-ci/archive/20260407/202604071441.vAPwv1su-lkp@intel.com/config)
compiler: gcc-14 (Debian 14.2.0-19) 14.2.0
smatch: v0.5.0-9004-gb810ac53
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <error27@gmail.com>
| Closes: https://lore.kernel.org/r/202604071441.vAPwv1su-lkp@intel.com/
smatch warnings:
drivers/gpu/drm/amd/amdgpu/amdgpu_dev_coredump.c:423 amdgpu_coredump() error: we previously assumed 'job' could be null (see line 414)
drivers/gpu/drm/amd/amdgpu/amdgpu_dev_coredump.c:425 amdgpu_coredump() warn: variable dereferenced before check 'job' (see line 423)
vim +/job +423 drivers/gpu/drm/amd/amdgpu/amdgpu_dev_coredump.c
9022f01b9709331 Sunil Khatri 2024-03-21 398
6122f5c72e38a88 Trigger Huang 2024-08-19 399 void amdgpu_coredump(struct amdgpu_device *adev, bool skip_vram_check,
6122f5c72e38a88 Trigger Huang 2024-08-19 400 bool vram_lost, struct amdgpu_job *job)
9022f01b9709331 Sunil Khatri 2024-03-21 401 {
9022f01b9709331 Sunil Khatri 2024-03-21 402 struct drm_device *dev = adev_to_drm(adev);
6122f5c72e38a88 Trigger Huang 2024-08-19 403 struct amdgpu_coredump_info *coredump;
32ab301b89b30d7 Pierre-Eric Pelloux-Prayer 2026-02-04 404 size_t size = sizeof(*coredump);
9022f01b9709331 Sunil Khatri 2024-03-21 405 struct drm_sched_job *s_job;
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 406 u64 total_ring_size, ring_count;
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 407 struct amdgpu_ring *ring;
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 408 int i, off, idx;
9022f01b9709331 Sunil Khatri 2024-03-21 409
4bbba79a7f1d0c7 Pierre-Eric Pelloux-Prayer 2025-02-21 410 /* No need to generate a new coredump if there's one in progress already. */
4bbba79a7f1d0c7 Pierre-Eric Pelloux-Prayer 2025-02-21 411 if (work_pending(&adev->coredump_work))
4bbba79a7f1d0c7 Pierre-Eric Pelloux-Prayer 2025-02-21 412 return;
4bbba79a7f1d0c7 Pierre-Eric Pelloux-Prayer 2025-02-21 413
32ab301b89b30d7 Pierre-Eric Pelloux-Prayer 2026-02-04 @414 if (job && job->pasid)
32ab301b89b30d7 Pierre-Eric Pelloux-Prayer 2026-02-04 415 size += sizeof(struct amdgpu_coredump_ib_info) * job->num_ibs;
32ab301b89b30d7 Pierre-Eric Pelloux-Prayer 2026-02-04 416
32ab301b89b30d7 Pierre-Eric Pelloux-Prayer 2026-02-04 417 coredump = kzalloc(size, GFP_NOWAIT);
e29172987309526 Mario Limonciello (AMD 2025-12-14 418) if (!coredump)
9022f01b9709331 Sunil Khatri 2024-03-21 419 return;
9022f01b9709331 Sunil Khatri 2024-03-21 420
6122f5c72e38a88 Trigger Huang 2024-08-19 421 coredump->skip_vram_check = skip_vram_check;
9022f01b9709331 Sunil Khatri 2024-03-21 422 coredump->reset_vram_lost = vram_lost;
32ab301b89b30d7 Pierre-Eric Pelloux-Prayer 2026-02-04 @423 coredump->pasid = job->pasid;
9022f01b9709331 Sunil Khatri 2024-03-21 424
8d1a13816e59254 Christian König 2024-12-12 @425 if (job && job->pasid) {
9022f01b9709331 Sunil Khatri 2024-03-21 426 struct amdgpu_task_info *ti;
9022f01b9709331 Sunil Khatri 2024-03-21 427
8d1a13816e59254 Christian König 2024-12-12 428 ti = amdgpu_vm_get_task_info_pasid(adev, job->pasid);
9022f01b9709331 Sunil Khatri 2024-03-21 429 if (ti) {
9022f01b9709331 Sunil Khatri 2024-03-21 430 coredump->reset_task_info = *ti;
9022f01b9709331 Sunil Khatri 2024-03-21 431 amdgpu_vm_put_task_info(ti);
9022f01b9709331 Sunil Khatri 2024-03-21 432 }
32ab301b89b30d7 Pierre-Eric Pelloux-Prayer 2026-02-04 433 coredump->num_ibs = job->num_ibs;
32ab301b89b30d7 Pierre-Eric Pelloux-Prayer 2026-02-04 434 for (i = 0; i < job->num_ibs; ++i) {
32ab301b89b30d7 Pierre-Eric Pelloux-Prayer 2026-02-04 435 coredump->ibs[i].gpu_addr = job->ibs[i].gpu_addr;
32ab301b89b30d7 Pierre-Eric Pelloux-Prayer 2026-02-04 436 coredump->ibs[i].ib_size_dw = job->ibs[i].length_dw;
32ab301b89b30d7 Pierre-Eric Pelloux-Prayer 2026-02-04 437 }
9022f01b9709331 Sunil Khatri 2024-03-21 438 }
9022f01b9709331 Sunil Khatri 2024-03-21 439
9022f01b9709331 Sunil Khatri 2024-03-21 440 if (job) {
9022f01b9709331 Sunil Khatri 2024-03-21 441 s_job = &job->base;
9022f01b9709331 Sunil Khatri 2024-03-21 442 coredump->ring = to_amdgpu_ring(s_job->sched);
9022f01b9709331 Sunil Khatri 2024-03-21 443 }
9022f01b9709331 Sunil Khatri 2024-03-21 444
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 445 /* Dump ring content if memory allocation succeeds. */
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 446 ring_count = 0;
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 447 total_ring_size = 0;
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 448 for (i = 0; i < adev->num_rings; i++) {
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 449 ring = adev->rings[i];
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 450
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 451 /* Only dump rings with unsignalled fences. */
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 452 if (atomic_read(&ring->fence_drv.last_seq) == ring->fence_drv.sync_seq &&
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 453 coredump->ring != ring)
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 454 continue;
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 455
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 456 total_ring_size += ring->ring_size;
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 457 ring_count++;
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 458 }
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 459 coredump->rings_dw = kzalloc(total_ring_size, GFP_NOWAIT);
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 460 coredump->rings = kcalloc(ring_count, sizeof(struct amdgpu_coredump_ring), GFP_NOWAIT);
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 461 if (coredump->rings && coredump->rings_dw) {
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 462 for (i = 0, off = 0, idx = 0; i < adev->num_rings; i++) {
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 463 ring = adev->rings[i];
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 464
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 465 if (atomic_read(&ring->fence_drv.last_seq) == ring->fence_drv.sync_seq &&
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 466 coredump->ring != ring)
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 467 continue;
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 468
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 469 coredump->rings[idx].ring_index = ring->idx;
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 470 coredump->rings[idx].rptr = amdgpu_ring_get_rptr(ring);
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 471 coredump->rings[idx].wptr = amdgpu_ring_get_wptr(ring);
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 472 coredump->rings[idx].offset = off;
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 473
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 474 memcpy(&coredump->rings_dw[off], ring->ring, ring->ring_size);
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 475 off += ring->ring_size;
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 476 idx++;
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 477 }
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 478 coredump->num_rings = idx;
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 479 } else {
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 480 kvfree(coredump->rings_dw);
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 481 kvfree(coredump->rings);
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 482 coredump->rings_dw = NULL;
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 483 coredump->rings = NULL;
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 484 }
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 485
9022f01b9709331 Sunil Khatri 2024-03-21 486 coredump->adev = adev;
9022f01b9709331 Sunil Khatri 2024-03-21 487
9022f01b9709331 Sunil Khatri 2024-03-21 488 ktime_get_ts64(&coredump->reset_time);
9022f01b9709331 Sunil Khatri 2024-03-21 489
4bbba79a7f1d0c7 Pierre-Eric Pelloux-Prayer 2025-02-21 490 /* Update the current coredump pointer (no lock needed, this function can only be called
4bbba79a7f1d0c7 Pierre-Eric Pelloux-Prayer 2025-02-21 491 * from a single thread)
4bbba79a7f1d0c7 Pierre-Eric Pelloux-Prayer 2025-02-21 492 */
4bbba79a7f1d0c7 Pierre-Eric Pelloux-Prayer 2025-02-21 493 adev->coredump = coredump;
4bbba79a7f1d0c7 Pierre-Eric Pelloux-Prayer 2025-02-21 494 /* Kick off coredump formatting to a worker thread. */
4bbba79a7f1d0c7 Pierre-Eric Pelloux-Prayer 2025-02-21 495 queue_work(system_unbound_wq, &adev->coredump_work);
28d05f0836dfc44 André Almeida 2025-02-20 496
28d05f0836dfc44 André Almeida 2025-02-20 497 drm_info(dev, "AMDGPU device coredump file has been created\n");
28d05f0836dfc44 André Almeida 2025-02-20 498 drm_info(dev, "Check your /sys/class/drm/card%d/device/devcoredump/data\n",
28d05f0836dfc44 André Almeida 2025-02-20 499 dev->primary->index);
9022f01b9709331 Sunil Khatri 2024-03-21 500 }
4bbba79a7f1d0c7 Pierre-Eric Pelloux-Prayer 2025-02-21 501
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <error27@gmail.com>
To: oe-kbuild@lists.linux.dev,
Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer@amd.com>
Cc: lkp@intel.com, oe-kbuild-all@lists.linux.dev,
Alex Deucher <alexander.deucher@amd.com>
Subject: [agd5f:drm-next-7.1 55/56] drivers/gpu/drm/amd/amdgpu/amdgpu_dev_coredump.c:423 amdgpu_coredump() error: we previously assumed 'job' could be null (see line 414)
Date: Tue, 7 Apr 2026 12:17:55 +0300 [thread overview]
Message-ID: <202604071441.vAPwv1su-lkp@intel.com> (raw)
Message-ID: <20260407091755.bZLLHEGPug2efXAZAALBaxEmBVMd7-7tYjhuCkHk4Xw@z> (raw)
tree: https://gitlab.freedesktop.org/agd5f/linux.git drm-next-7.1
head: 7b15fc2d1f1a00fb99f0146e404ff2600999ec74
commit: 32ab301b89b30d71a2e68d86f564eca66f7c52c5 [55/56] drm/amdgpu: store ib info for devcoredump
config: x86_64-randconfig-161-20260405 (https://download.01.org/0day-ci/archive/20260407/202604071441.vAPwv1su-lkp@intel.com/config)
compiler: gcc-14 (Debian 14.2.0-19) 14.2.0
smatch: v0.5.0-9004-gb810ac53
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <error27@gmail.com>
| Closes: https://lore.kernel.org/r/202604071441.vAPwv1su-lkp@intel.com/
smatch warnings:
drivers/gpu/drm/amd/amdgpu/amdgpu_dev_coredump.c:423 amdgpu_coredump() error: we previously assumed 'job' could be null (see line 414)
drivers/gpu/drm/amd/amdgpu/amdgpu_dev_coredump.c:425 amdgpu_coredump() warn: variable dereferenced before check 'job' (see line 423)
vim +/job +423 drivers/gpu/drm/amd/amdgpu/amdgpu_dev_coredump.c
6122f5c72e38a88 Trigger Huang 2024-08-19 399 void amdgpu_coredump(struct amdgpu_device *adev, bool skip_vram_check,
6122f5c72e38a88 Trigger Huang 2024-08-19 400 bool vram_lost, struct amdgpu_job *job)
9022f01b9709331 Sunil Khatri 2024-03-21 401 {
9022f01b9709331 Sunil Khatri 2024-03-21 402 struct drm_device *dev = adev_to_drm(adev);
6122f5c72e38a88 Trigger Huang 2024-08-19 403 struct amdgpu_coredump_info *coredump;
32ab301b89b30d7 Pierre-Eric Pelloux-Prayer 2026-02-04 404 size_t size = sizeof(*coredump);
9022f01b9709331 Sunil Khatri 2024-03-21 405 struct drm_sched_job *s_job;
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 406 u64 total_ring_size, ring_count;
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 407 struct amdgpu_ring *ring;
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 408 int i, off, idx;
9022f01b9709331 Sunil Khatri 2024-03-21 409
4bbba79a7f1d0c7 Pierre-Eric Pelloux-Prayer 2025-02-21 410 /* No need to generate a new coredump if there's one in progress already. */
4bbba79a7f1d0c7 Pierre-Eric Pelloux-Prayer 2025-02-21 411 if (work_pending(&adev->coredump_work))
4bbba79a7f1d0c7 Pierre-Eric Pelloux-Prayer 2025-02-21 412 return;
4bbba79a7f1d0c7 Pierre-Eric Pelloux-Prayer 2025-02-21 413
32ab301b89b30d7 Pierre-Eric Pelloux-Prayer 2026-02-04 @414 if (job && job->pasid)
^^^
Can job be NULL?
32ab301b89b30d7 Pierre-Eric Pelloux-Prayer 2026-02-04 415 size += sizeof(struct amdgpu_coredump_ib_info) * job->num_ibs;
32ab301b89b30d7 Pierre-Eric Pelloux-Prayer 2026-02-04 416
32ab301b89b30d7 Pierre-Eric Pelloux-Prayer 2026-02-04 417 coredump = kzalloc(size, GFP_NOWAIT);
e29172987309526 Mario Limonciello (AMD 2025-12-14 418) if (!coredump)
9022f01b9709331 Sunil Khatri 2024-03-21 419 return;
9022f01b9709331 Sunil Khatri 2024-03-21 420
6122f5c72e38a88 Trigger Huang 2024-08-19 421 coredump->skip_vram_check = skip_vram_check;
9022f01b9709331 Sunil Khatri 2024-03-21 422 coredump->reset_vram_lost = vram_lost;
32ab301b89b30d7 Pierre-Eric Pelloux-Prayer 2026-02-04 @423 coredump->pasid = job->pasid;
^^^^^^^^^^
Unchecked dereference
9022f01b9709331 Sunil Khatri 2024-03-21 424
8d1a13816e59254 Christian König 2024-12-12 @425 if (job && job->pasid) {
^^^
The next line assumes it can be NULL again.
9022f01b9709331 Sunil Khatri 2024-03-21 426 struct amdgpu_task_info *ti;
9022f01b9709331 Sunil Khatri 2024-03-21 427
8d1a13816e59254 Christian König 2024-12-12 428 ti = amdgpu_vm_get_task_info_pasid(adev, job->pasid);
9022f01b9709331 Sunil Khatri 2024-03-21 429 if (ti) {
9022f01b9709331 Sunil Khatri 2024-03-21 430 coredump->reset_task_info = *ti;
9022f01b9709331 Sunil Khatri 2024-03-21 431 amdgpu_vm_put_task_info(ti);
9022f01b9709331 Sunil Khatri 2024-03-21 432 }
32ab301b89b30d7 Pierre-Eric Pelloux-Prayer 2026-02-04 433 coredump->num_ibs = job->num_ibs;
32ab301b89b30d7 Pierre-Eric Pelloux-Prayer 2026-02-04 434 for (i = 0; i < job->num_ibs; ++i) {
32ab301b89b30d7 Pierre-Eric Pelloux-Prayer 2026-02-04 435 coredump->ibs[i].gpu_addr = job->ibs[i].gpu_addr;
32ab301b89b30d7 Pierre-Eric Pelloux-Prayer 2026-02-04 436 coredump->ibs[i].ib_size_dw = job->ibs[i].length_dw;
32ab301b89b30d7 Pierre-Eric Pelloux-Prayer 2026-02-04 437 }
9022f01b9709331 Sunil Khatri 2024-03-21 438 }
9022f01b9709331 Sunil Khatri 2024-03-21 439
9022f01b9709331 Sunil Khatri 2024-03-21 440 if (job) {
9022f01b9709331 Sunil Khatri 2024-03-21 441 s_job = &job->base;
9022f01b9709331 Sunil Khatri 2024-03-21 442 coredump->ring = to_amdgpu_ring(s_job->sched);
9022f01b9709331 Sunil Khatri 2024-03-21 443 }
9022f01b9709331 Sunil Khatri 2024-03-21 444
eea85914d15bfe3 Pierre-Eric Pelloux-Prayer 2026-02-04 445 /* Dump ring content if memory allocation succeeds. */
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next reply other threads:[~2026-04-07 4:25 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-07 4:25 kernel test robot [this message]
2026-04-07 9:17 ` [agd5f:drm-next-7.1 55/56] drivers/gpu/drm/amd/amdgpu/amdgpu_dev_coredump.c:423 amdgpu_coredump() error: we previously assumed 'job' could be null (see line 414) Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202604071441.vAPwv1su-lkp@intel.com \
--to=lkp@intel.com \
--cc=error27@gmail.com \
--cc=oe-kbuild@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox