Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp1529256rwb; Fri, 19 Aug 2022 05:24:01 -0700 (PDT) X-Google-Smtp-Source: AA6agR6k70mY570iNd+x2jYmqWVJGlyVfDI8nKz7gmeaDPRRs6YgeNfYm6svgUdrVkKt7xlz25/v X-Received: by 2002:a05:6402:1945:b0:446:692:8aeb with SMTP id f5-20020a056402194500b0044606928aebmr5734314edz.403.1660911841601; Fri, 19 Aug 2022 05:24:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660911841; cv=none; d=google.com; s=arc-20160816; b=nc1jHevxiV9sCXZ+BnNyXRlGqvKZ1kACf2PApqtf7E8KNwgFejTY2Kcw3p31TZUIay v9zZVzFjkf+h7o4XC1CqgJasw2/q2caTSHr+Vybj+1Xd+zzmKX5OSdMrefZT3P2m7i67 1qPXzcGcjcSVeleERiPioBeuUv5ZPzRo0amFBLW/IWHJjmytL+8J9T3ahWPRtGSycY2X roFVzhWmkS9FBG5RgpfzXZ+P7DXiZiCN3F095OmO8eFFAugJuk+hOM3nONzlYvoPMZw5 EkRFjRxU/NxGlvZjnoEi5sI8klExwkHixDbvEMTxI58ooNhbNpSRIkAIvV/MtWqHP9tX HPfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:mime-version:date :message-id:dkim-signature; bh=SVUKzhiHe620Wg/RdCa28ISb6svPs9NwyzodqP70je0=; b=ZBd8OeQ3/EJhMZs+2h/OrfjDdHI9dHG+QBTUo00kw+CGcxrge6diaDPpw3xA7CAHbX Ra56V81eat1EbmGndNzW3NijAqnpFxt8kfSDOYRsq+HKtNP+0DR2xepWQu2jXmmkeXR8 bs76lIfM4VL0bpw3q+0RTO89qKPjjrAB6KDUTAmmPnz6yd5ksqmjN81A2OcZNI4B0oiX fHozshSBMHOpGr6qnkv3tmofBNy4zK2o1agc4WdBeaE44SFI+7shoOOJ6za9ZpnidxCI e0/5eC+6XeuOJra5JQeqvpRdF0FF6dsLeKT8c/OV/wsBUI5zjKgS4HDrXdq1cFUsjEMG 8dJQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@riseup.net header.s=squak header.b=FJ03wUpv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=riseup.net Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p10-20020a1709060dca00b007313013c1adsi2604578eji.259.2022.08.19.05.23.36; Fri, 19 Aug 2022 05:24:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@riseup.net header.s=squak header.b=FJ03wUpv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=riseup.net Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348828AbiHSMNO (ORCPT + 99 others); Fri, 19 Aug 2022 08:13:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41970 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348495AbiHSMNK (ORCPT ); Fri, 19 Aug 2022 08:13:10 -0400 Received: from mx0.riseup.net (mx0.riseup.net [198.252.153.6]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D22C9100F2D for ; Fri, 19 Aug 2022 05:13:08 -0700 (PDT) Received: from fews1.riseup.net (fews1-pn.riseup.net [10.0.1.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.riseup.net", Issuer "R3" (not verified)) by mx0.riseup.net (Postfix) with ESMTPS id 4M8LHm2YrCz9tKP; Fri, 19 Aug 2022 12:13:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1660911188; bh=plrV05ojK26Wf/yBYf8XRy+dwdDvjPN7FxVlOsShQQA=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=FJ03wUpv4yvEWrQXGKyKMhg600RJxxGWDQB8RYdxfMJcx0+5mp8kwn44cZmcSZJ0i IWuViaCOEZ8CcR4fWz5JNPkSel+O+k/04z9tXIc7gbjfQCTtLR3XBWc3k2/b4aq5fQ 6RrwxBIHbREQjdM/Gbo5jCBMZPiDDYGlF2+n5KVI= X-Riseup-User-ID: 883DDC69CA82767B5BE2DB0AD100FF4FFB80C35EBC2D4B584B6F27B16357C36F Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews1.riseup.net (Postfix) with ESMTPSA id 4M8LHk20KVz5vcM; Fri, 19 Aug 2022 12:13:05 +0000 (UTC) Message-ID: Date: Fri, 19 Aug 2022 09:13:04 -0300 MIME-Version: 1.0 Subject: Re: [BUG][5.20] refcount_t: underflow; use-after-free Content-Language: en-US To: Mikhail Gavrilov Cc: Melissa Wen , =?UTF-8?Q?Christian_K=c3=b6nig?= , amd-gfx list , dri-devel , Linux List Kernel Mailing References: <20220817160751.moqhebkiuiydraka@mail.igalia.com> From: =?UTF-8?Q?Ma=c3=adra_Canal?= In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 8/17/22 17:57, Mikhail Gavrilov wrote: > On Wed, Aug 17, 2022 at 11:43 PM Maíra Canal wrote: >> >> Hi Mikhail, >> >> Looks like 45ecaea738830b9d521c93520c8f201359dcbd95 ("drm/sched: Partial >> revert of 'drm/sched: Keep s_fence->parent pointer'") introduced the >> error. Try reverting it and check if the use-after-free still happens. > > Thanks, but unfortunately, this did not lead to the expected result. > Again happens use-after-free in an incomprehensible context. > From the new: added warning "suspicious RCU usage" but it looks like > it is completely not related to the use-after-free issue. > Hi Mikhail, Could you please specify the steps to reproduce this use-after-free? I will try to reproduce it on the RX5700 XT and bisect the issue. Best Regards, - Maíra Canal > [ 215.434115] ------------[ cut here ]------------ > [ 215.434184] refcount_t: underflow; use-after-free. > [ 215.434204] WARNING: CPU: 7 PID: 1258 at lib/refcount.c:28 > refcount_warn_saturate+0xba/0x110 > [ 215.434214] Modules linked in: uinput rfcomm snd_seq_dummy > snd_hrtimer nft_objref nf_conntrack_netbios_ns nf_conntrack_broadcast > nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet > nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat > nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables nfnetlink > qrtr bnep sunrpc binfmt_misc snd_seq_midi snd_seq_midi_event > intel_rapl_msr intel_rapl_common snd_hda_codec_realtek vfat > snd_hda_codec_generic snd_hda_codec_hdmi mt76x2u fat mt76x2_common > snd_hda_intel mt76x02_usb snd_intel_dspcfg snd_intel_sdw_acpi mt76_usb > iwlmvm edac_mce_amd snd_usb_audio snd_hda_codec mt76x02_lib > snd_hda_core snd_usbmidi_lib snd_hwdep snd_rawmidi uvcvideo mt76 > kvm_amd snd_seq videobuf2_vmalloc videobuf2_memops snd_seq_device > mac80211 videobuf2_v4l2 videobuf2_common kvm btusb iwlwifi snd_pcm > btrtl videodev libarc4 eeepc_wmi btbcm asus_wmi iwlmei btintel > ledtrig_audio xpad irqbypass sparse_keymap btmtk platform_profile > joydev > [ 215.434436] hid_logitech_hidpp rapl ff_memless mc snd_timer > bluetooth cfg80211 video pcspkr wmi_bmof snd soundcore k10temp > i2c_piix4 rfkill mei asus_ec_sensors acpi_cpufreq zram amdgpu > drm_ttm_helper ttm iommu_v2 ucsi_ccg gpu_sched crct10dif_pclmul > crc32_pclmul typec_ucsi drm_buddy crc32c_intel ghash_clmulni_intel ccp > igb sp5100_tco typec drm_display_helper nvme dca nvme_core cec wmi > ip6_tables ip_tables fuse > [ 215.434528] Unloaded tainted modules: amd64_edac():1 amd64_edac():1 > amd64_edac():1 amd64_edac():1 amd64_edac():1 amd64_edac():1 > amd64_edac():1 amd64_edac():1 amd64_edac():1 amd64_edac():1 > amd64_edac():1 pcc_cpufreq():1 amd64_edac():1 pcc_cpufreq():1 > pcc_cpufreq():1 amd64_edac():1 amd64_edac():1 pcc_cpufreq():1 > pcc_cpufreq():1 amd64_edac():1 amd64_edac():1 pcc_cpufreq():1 > amd64_edac():1 pcc_cpufreq():1 amd64_edac():1 pcc_cpufreq():1 > amd64_edac():1 pcc_cpufreq():1 amd64_edac():1 pcc_cpufreq():1 > amd64_edac():1 pcc_cpufreq():1 amd64_edac():1 pcc_cpufreq():1 > amd64_edac():1 pcc_cpufreq():1 amd64_edac():1 pcc_cpufreq():1 > amd64_edac():1 pcc_cpufreq():1 pcc_cpufreq():1 amd64_edac():1 > amd64_edac():1 pcc_cpufreq():1 pcc_cpufreq():1 amd64_edac():1 > pcc_cpufreq():1 amd64_edac():1 pcc_cpufreq():1 pcc_cpufreq():1 > amd64_edac():1 pcc_cpufreq():1 pcc_cpufreq():1 amd64_edac():1 > pcc_cpufreq():1 amd64_edac():1 pcc_cpufreq():1 pcc_cpufreq():1 > pcc_cpufreq():1 pcc_cpufreq():1 pcc_cpufreq():1 fjes():1 > [ 215.434672] pcc_cpufreq():1 fjes():1 pcc_cpufreq():1 fjes():1 > pcc_cpufreq():1 fjes():1 fjes():1 fjes():1 fjes():1 fjes():1 > [ 215.434702] CPU: 7 PID: 1258 Comm: kworker/7:3 Tainted: G W L > ------- --- 6.0.0-0.rc1.20220817git3cc40a443a04.14.fc38.x86_64 #1 > [ 215.434709] Hardware name: System manufacturer System Product > Name/ROG STRIX X570-I GAMING, BIOS 4403 04/27/2022 > [ 215.434715] Workqueue: events drm_sched_entity_kill_jobs_work [gpu_sched] > [ 215.434728] RIP: 0010:refcount_warn_saturate+0xba/0x110 > [ 215.434734] Code: 01 01 e8 59 59 6f 00 0f 0b e9 22 46 a5 00 80 3d be > 7d be 01 00 75 85 48 c7 c7 c0 99 8e 92 c6 05 ae 7d be 01 01 e8 36 59 > 6f 00 <0f> 0b e9 ff 45 a5 00 80 3d 99 7d be 01 00 0f 85 5e ff ff ff 48 > c7 > [ 215.434740] RSP: 0018:ffff9ccb0237fe60 EFLAGS: 00010286 > [ 215.434747] RAX: 0000000000000026 RBX: ffff8d531f6f2828 RCX: 0000000000000000 > [ 215.434753] RDX: 0000000000000001 RSI: ffffffff928d07a4 RDI: 00000000ffffffff > [ 215.434757] RBP: ffff8d61e47f5600 R08: 0000000000000000 R09: ffff9ccb0237fd10 > [ 215.434762] R10: 0000000000000003 R11: ffff8d622e2fffe8 R12: ffff8d61e47fc800 > [ 215.434767] R13: ffff8d5313e95500 R14: ffff8d61e47fc805 R15: ffff8d531f6f2830 > [ 215.434772] FS: 0000000000000000(0000) GS:ffff8d61e4600000(0000) > knlGS:0000000000000000 > [ 215.434777] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 215.434782] CR2: 00007f0c8b815048 CR3: 00000001ab0e8000 CR4: 0000000000350ee0 > [ 215.434788] Call Trace: > [ 215.434792] > [ 215.434797] process_one_work+0x2a0/0x600 > [ 215.434819] worker_thread+0x4f/0x3a0 > [ 215.434830] ? process_one_work+0x600/0x600 > [ 215.434836] kthread+0xf5/0x120 > [ 215.434842] ? kthread_complete_and_exit+0x20/0x20 > [ 215.434854] ret_from_fork+0x22/0x30 > [ 215.434881] > [ 215.434885] irq event stamp: 134873 > [ 215.434890] hardirqs last enabled at (134881): [] > __up_console_sem+0x5e/0x70 > [ 215.434897] hardirqs last disabled at (134888): [] > __up_console_sem+0x43/0x70 > [ 215.434903] softirqs last enabled at (131264): [] > __irq_exit_rcu+0xf9/0x170 > [ 215.434910] softirqs last disabled at (131257): [] > __irq_exit_rcu+0xf9/0x170 > [ 215.434917] ---[ end trace 0000000000000000 ]--- > > Full kerner log: https://pastebin.com/qED477Pz >