few xe tests - abort - BUG: KASAN: slab-use-after-free in drm_sched_add_msg
<7> [629.713169] xe 0000:03:00.0: [drm:xe_vm_dbg_print_entries [xe]] 0: Update level 1 at (448 + 64) [7f8000000...800000000) f:0
<3> [629.918559] ==================================================================
<3> [629.918570] BUG: KASAN: slab-use-after-free in drm_sched_add_msg+0x9e/0xd0 [gpu_sched]
<3> [629.918585] Read of size 1 at addr ffff888130893bca by task kworker/u40:1/2556
<3> [629.918591]
<3> [629.918594] CPU: 10 PID: 2556 Comm: kworker/u40:1 Tainted: G U 6.3.0-xe #1
<3> [629.918601] Hardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 2014 10/14/2022
<3> [629.918608] Workqueue: events_unbound g2h_worker_func [xe]
<3> [629.918708] Call Trace:
<3> [629.918712] <TASK>
<3> [629.918715] dump_stack_lvl+0x64/0xb0
<3> [629.918723] print_report+0xc2/0x600
<3> [629.918729] ? __virt_addr_valid+0xbc/0x140
<3> [629.918736] ? drm_sched_add_msg+0x9e/0xd0 [gpu_sched]
<3> [629.918746] kasan_report+0x96/0xc0
<3> [629.918751] ? drm_sched_add_msg+0x9e/0xd0 [gpu_sched]
<3> [629.918761] drm_sched_add_msg+0x9e/0xd0 [gpu_sched]
<3> [629.918771] xe_guc_deregister_done_handler+0x29f/0x360 [xe]
<3> [629.918856] dequeue_one_g2h+0x349/0x680 [xe]
<3> [629.918939] g2h_worker_func+0xb4/0x1b0 [xe]
<3> [629.919022] ? __pfx_g2h_worker_func+0x10/0x10 [xe]
<3> [629.919104] ? move_linked_works+0x107/0x140
<3> [629.919110] ? mark_held_locks+0x24/0x90
<3> [629.919117] process_one_work+0x527/0x990
<3> [629.919123] ? __pfx_process_one_work+0x10/0x10
<3> [629.919129] ? __pfx_do_raw_spin_lock+0x10/0x10
<3> [629.919133] ? mark_held_locks+0x24/0x90
<3> [629.919139] worker_thread+0x2d1/0x640
<3> [629.919145] ? __pfx_worker_thread+0x10/0x10
<3> [629.919150] kthread+0x174/0x1b0
<3> [629.919155] ? __pfx_kthread+0x10/0x10
<3> [629.919159] ret_from_fork+0x29/0x50
<3> [629.919166] </TASK>
<3> [629.919169]
<3> [629.919171] Allocated by task 2582:
<4> [629.919175] kasan_save_stack+0x22/0x50
<4> [629.919178] kasan_set_track+0x25/0x30
<4> [629.919180] __kasan_kmalloc+0x7f/0x90
<4> [629.919183] guc_engine_init+0xd3/0x7e0 [xe]
<4> [629.919262] xe_engine_create+0x461/0x5b0 [xe]
<4> [629.919337] xe_engine_create_ioctl+0x1123/0x1230 [xe]
<4> [629.919413] drm_ioctl_kernel+0x16f/0x250 [drm]
<4> [629.919463] drm_ioctl+0x35e/0x620 [drm]
<4> [629.919516] __x64_sys_ioctl+0xb1/0xf0
<4> [629.919519] do_syscall_64+0x3c/0x90
<4> [629.919522] entry_SYSCALL_64_after_hwframe+0x72/0xdc
<3> [629.919525]
<3> [629.919528] Freed by task 124:
<4> [629.919532] kasan_save_stack+0x22/0x50
<4> [629.919535] kasan_set_track+0x25/0x30
<4> [629.919537] kasan_save_free_info+0x2e/0x50
<4> [629.919539] __kasan_slab_free+0x109/0x1a0
<4> [629.919542] __kmem_cache_free+0x221/0x410
<4> [629.919544] __guc_engine_fini_async+0x234/0x2e0 [xe]
<4> [629.919660] process_one_work+0x527/0x990
<4> [629.919662] worker_thread+0x2d1/0x640
<4> [629.919665] kthread+0x174/0x1b0
<4> [629.919666] ret_from_fork+0x29/0x50
<3> [629.919669]
<3> [629.919671] Last potentially related work creation:
<4> [629.919676] kasan_save_stack+0x22/0x50
<4> [629.919679] __kasan_record_aux_stack+0x9e/0xb0
<4> [629.919681] insert_work+0x34/0x160
<4> [629.919683] __queue_work+0x25d/0x7d0
<4> [629.919685] queue_work_on+0x83/0x90
<4> [629.919687] guc_engine_fini_async+0x10b/0x150 [xe]
<4> [629.919803] guc_engine_process_msg+0x6c0/0x8c0 [xe]
<4> [629.919918] drm_sched_main+0x29c/0x8f0 [gpu_sched]
<4> [629.919926] process_one_work+0x527/0x990
<4> [629.919929] worker_thread+0x2d1/0x640
<4> [629.919931] kthread+0x174/0x1b0
<4> [629.919933] ret_from_fork+0x29/0x50
<3> [629.919935]
<3> [629.919938] Second to last potentially related work creation:
<4> [629.919943] kasan_save_stack+0x22/0x50
<4> [629.919946] __kasan_record_aux_stack+0x9e/0xb0
<4> [629.919948] insert_work+0x34/0x160
<4> [629.919950] __queue_work+0x25d/0x7d0
<4> [629.919952] queue_work_on+0x83/0x90
<4> [629.919954] xe_guc_engine_lr_cleanup+0x121/0x3d0 [xe]
<4> [629.920069] process_one_work+0x527/0x990
<4> [629.920072] worker_thread+0x2d1/0x640
<4> [629.920074] kthread+0x174/0x1b0
<4> [629.920076] ret_from_fork+0x29/0x50
<3> [629.920078]
<3> [629.920081] The buggy address belongs to the object at ffff888130893800
which belongs to the cache kmalloc-2k of size 2048
<3> [629.920091] The buggy address is located 970 bytes inside of
freed 2048-byte region [ffff888130893800, ffff888130894000)
<3> [629.920101]
<3> [629.920104] The buggy address belongs to the physical page:
<4> [629.920109] page:ffffea0004c22400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x130890
<4> [629.920113] head:ffffea0004c22400 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
<4> [629.920115] flags: 0x4000000000010200(slab|head|zone=2)
<4> [629.920119] raw: 4000000000010200 ffff88810004d240 ffffea0004956c10 ffffea0004b71c10
<4> [629.920121] raw: 0000000000000000 0000000000050005 00000001ffffffff 0000000000000000
<4> [629.920122] page dumped because: kasan: bad access detected
<3> [629.920124]
<3> [629.920126] Memory state around the buggy address:
<3> [629.920131] ffff888130893a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<3> [629.920138] ffff888130893b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<3> [629.920145] >ffff888130893b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<3> [629.920151] ^
<3> [629.920157] ffff888130893c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<3> [629.920164] ffff888130893c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<3> [629.920170] ==================================================================
<4> [629.920188] Disabling lock debugging due to kernel taint
<6> [630.319511] [IGT] xe_evict: finished subtest evict-beng-small-external-cm, SUCCESS
<6> [630.323781] [IGT] xe_evict: exiting, ret=0
<6> [630.340117] Console: switching to colour frame buffer device 480x135