Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp3196874rwb; Mon, 19 Sep 2022 17:01:50 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6RYUzNdmNQVa7ky2OhwT5vGYOhuTXlQzW1krlwy0h79HWAyelXF6pbucRRgcIP7lgitB1E X-Received: by 2002:a17:902:d70a:b0:178:5d52:9e41 with SMTP id w10-20020a170902d70a00b001785d529e41mr2225010ply.0.1663632109853; Mon, 19 Sep 2022 17:01:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663632109; cv=none; d=google.com; s=arc-20160816; b=wPuOIKQoJQlWrphE/0IEIgat0g3OhUnD4rgkbemqmpY8uuN86Zo/WpzOfBQ6oC3G/k 97eBUGyzN6abq/rBOMY58zjH5xUkAeRoNQ77MY7UymJnUuHQAQ34rCweQiRBd29Rdxm0 9e46xJTWCQyoLgz5BPMoT2hg0w9M/L4gMlPM17VsvfSm1sFSrIUFebZcclHYu4guZgHL Qi4aFnFYvnUxrXDYtpq748iUmQANJqiN2J3LyxWzllkbJ7rWNHsZAz8JsYJyPhPKUja8 BKGfacWKlidI6z2Z8QCBb09/lacdWGq7DwzqWcZbAaX9hZJ/bJI0H38De1XAemKrA6G8 NcBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=xMvfvNVQtD64q8tGiwGnOVfsRnwh7XTr2/3zVgHXpHc=; b=v5tltoGTAgua4locJa5NYMJLPc+VTChbVJkgYlU/7lvSYz1LeVrqXt9C4tXsHsm2E9 Z+YgCc80E34GMS5YX/Bjti6LtKpmOEn2FZdZz+Y3Fpkd4Dgx9JbU6wzL6zejXlVytaon OfclenTaj2IWiE7HjNRSnf1XCBGUGQ6ixxPn/l3rI2CHSWrxaesu5Sxd3ETGjF5AsD6t ID/eqdQyU20xCtNmHDRxqZXz6OOtUL0ESnJ1oOx0ZgQAERq1miV0EbWrwKYwE+dDCwRK pvZQ9zSEeG4ATcjhVO5+e/7mLeK6C07G6lxFLNOyX5USkriP+ZaArHEMZnblF679IerK j/Sw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=ng9M6AZx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u7-20020a63d347000000b00438fa5ecea2si1302457pgi.255.2022.09.19.17.01.36; Mon, 19 Sep 2022 17:01:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=ng9M6AZx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229622AbiISX2N (ORCPT + 99 others); Mon, 19 Sep 2022 19:28:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56720 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229520AbiISX17 (ORCPT ); Mon, 19 Sep 2022 19:27:59 -0400 Received: from mail-pl1-x62f.google.com (mail-pl1-x62f.google.com [IPv6:2607:f8b0:4864:20::62f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 270354E86E for ; Mon, 19 Sep 2022 16:27:58 -0700 (PDT) Received: by mail-pl1-x62f.google.com with SMTP id c24so691749plo.3 for ; Mon, 19 Sep 2022 16:27:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date; bh=xMvfvNVQtD64q8tGiwGnOVfsRnwh7XTr2/3zVgHXpHc=; b=ng9M6AZxxJGzK2DAPzv8G7JXiiarrTi2EMXAAzkq7M3NSGLurxQGcSaW77aXCx6J4E QPVxrAEGAzOCDZfT/cmnUZNFawji6hYzBjlgVu3TkqtmkLv5Aj9w8c3Q+ILb1cl3z5iz OqNlPhBne/YqnrsipEwB4Lb8Z2jRB+5Twv2AvZ+jGxsSm9l96Y4EKSIBQiLXBaMVck5k /IyfGXoAHGe+8Ml6mEx87gJVKkUfV+tryOIUNk/dG1GPofPD2233LRO+K2VdqDHsrAY+ w2tlZNeVZkntM3l2/ULU7Qu4PgUAYz5MaSCb28QXY+2Q4HbslxwNAGxtnhreAsMDHuYl wADw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date; bh=xMvfvNVQtD64q8tGiwGnOVfsRnwh7XTr2/3zVgHXpHc=; b=Q9VHOTuMXkIiUCyWgQ7jtlvdJzl83IBeCNxcSyHILF5L/+SoKvNQHyKjIIHS/HO44y 4u93SetU+oqHS7qhJ2Ah4YSh8/XCi21H6slS/5rknPJKLhw4kyhyeQtbLxA6nG76oG5l FDHN0vUdEV2FxBkNC8lqGlP1h1dIb1naMGrYBmoXMEbbFLACgvp9U0SXW1yFe4dovWUd y0VQuEDEuUu7WpnCT4MK9npjPYPrTF5hnpfc4B6j2MQSaWrvqeqWyZMDo5z11tUzaFy1 K73IqnjO3LDAXsZYDP2d1m+hyFF92RRTXdy4FUIkIa81LjIAS7ksNWb3qaDaTT/mZ5nB 9f+w== X-Gm-Message-State: ACrzQf1U3MHYG6TQDAEs1uWt1OBZNkxOhn3lXUuURAM9S9o71GfzYOGj yDgg6D5Cml0dL0H59g/L8z0glq4FNNxIm27tZDA= X-Received: by 2002:a17:902:ccc2:b0:178:29e1:899e with SMTP id z2-20020a170902ccc200b0017829e1899emr2090041ple.114.1663630077367; Mon, 19 Sep 2022 16:27:57 -0700 (PDT) MIME-Version: 1.0 References: <20220817160751.moqhebkiuiydraka@mail.igalia.com> In-Reply-To: From: Mikhail Gavrilov Date: Tue, 20 Sep 2022 04:27:45 +0500 Message-ID: Subject: Re: [BUG][5.20] refcount_t: underflow; use-after-free To: =?UTF-8?B?TWHDrXJhIENhbmFs?= Cc: Melissa Wen , =?UTF-8?Q?Christian_K=C3=B6nig?= , amd-gfx list , dri-devel , Linux List Kernel Mailing Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi! Unfortunately the use-after-free issue still happens on the 6.0-rc5 kernel. The issue became hard to repeat. I spent the whole day at the computer when use-after-free again happened, I was playing the game Tiny Tina's Wonderlands. Therefore, forget about repeatability. It remains only to hope for logs and tracing. I didn't see anything new in the logs. It seems that we need to somehow expand the logging so that the next time this happens we have more information. Sep 18 20:52:16 primary-ws gnome-shell[2388]: meta_window_set_stack_position_no_sync: assertion 'window->stack_position >=3D 0' failed Sep 18 20:52:27 primary-ws gnome-shell[2388]: meta_window_set_stack_position_no_sync: assertion 'window->stack_position >=3D 0' failed Sep 18 20:53:44 primary-ws gnome-shell[2388]: Window manager warning: Window 0x4e00003 sets an MWM hint indicating it isn't resizable, but sets min size 1 x 1 and max size 2147483647 x 2147483647; this doesn't make much sense. Sep 18 20:53:45 primary-ws kernel: umip_printk: 11 callbacks suppressed Sep 18 20:53:45 primary-ws kernel: umip: Wonderlands.exe[213853] ip:14ebb0d03 sp:4ee528: SGDT instruction cannot be used by applications. Sep 18 20:53:45 primary-ws kernel: umip: Wonderlands.exe[213853] ip:14ebb0d03 sp:4ee528: For now, expensive software emulation returns the result. Sep 18 20:53:53 primary-ws gnome-shell[2388]: meta_window_set_stack_position_no_sync: assertion 'window->stack_position >=3D 0' failed Sep 18 20:53:53 primary-ws kernel: umip: Wonderlands.exe[213853] ip:14ebb0d03 sp:4ee528: SGDT instruction cannot be used by applications. Sep 18 20:53:53 primary-ws kernel: umip: Wonderlands.exe[213853] ip:14ebb0d03 sp:4ee528: For now, expensive software emulation returns the result. Sep 18 20:54:15 primary-ws kernel: umip: Wonderlands.exe[214194] ip:15a270815 sp:6eaef490: SGDT instruction cannot be used by applications. Sep 18 20:56:01 primary-ws kernel: umip_printk: 15 callbacks suppressed Sep 18 20:56:01 primary-ws kernel: umip: Wonderlands.exe[213853] ip:15e3a82b0 sp:4ed178: SGDT instruction cannot be used by applications. Sep 18 20:56:01 primary-ws kernel: umip: Wonderlands.exe[213853] ip:15e3a82b0 sp:4ed178: For now, expensive software emulation returns the result. Sep 18 20:56:03 primary-ws kernel: umip: Wonderlands.exe[213853] ip:15e3a82b0 sp:4edbe8: SGDT instruction cannot be used by applications. Sep 18 20:56:03 primary-ws kernel: umip: Wonderlands.exe[213853] ip:15e3a82b0 sp:4edbe8: For now, expensive software emulation returns the result. Sep 18 20:56:03 primary-ws kernel: umip: Wonderlands.exe[213853] ip:15e3a82b0 sp:4ebf18: SGDT instruction cannot be used by applications. Sep 18 20:57:55 primary-ws kernel: ------------[ cut here ]------------ Sep 18 20:57:55 primary-ws kernel: refcount_t: underflow; use-after-free. Sep 18 20:57:55 primary-ws kernel: WARNING: CPU: 22 PID: 235114 at lib/refcount.c:28 refcount_warn_saturate+0xba/0x110 Sep 18 20:57:55 primary-ws kernel: Modules linked in: tls uinput rfcomm snd_seq_dummy snd_hrtimer nft_objref nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_> Sep 18 20:57:55 primary-ws kernel: asus_wmi ledtrig_audio sparse_keymap platform_profile irqbypass rfkill mc rapl snd_timer video wmi_bmof pcspkr snd k10temp i2c_piix4 soundcore acpi_cpufreq zram amdgpu drm_ttm_helper ttm iommu_v2 crct1> Sep 18 20:57:55 primary-ws kernel: Unloaded tainted modules: amd64_edac():1 amd64_edac():1 amd64_edac():1 amd64_edac():1 amd64_edac():1 amd64_edac():1 amd64_edac():1 amd64_edac():1 amd64_edac():1 pcc_cpufreq():1 pcc_cpufreq():1 amd64_eda> Sep 18 20:57:55 primary-ws kernel: pcc_cpufreq():1 pcc_cpufreq():1 fjes():1 fjes():1 pcc_cpufreq():1 fjes():1 fjes():1 fjes():1 fjes():1 fjes():1 Sep 18 20:57:55 primary-ws kernel: CPU: 22 PID: 235114 Comm: kworker/22:0 Tainted: G W L ------- --- 6.0.0-0.rc5.20220914git3245cb65fd91.39.fc38.x86_64 #1 Sep 18 20:57:55 primary-ws kernel: Hardware name: System manufacturer System Product Name/ROG STRIX X570-I GAMING, BIOS 4403 04/27/2022 Sep 18 20:57:55 primary-ws kernel: Workqueue: events drm_sched_entity_kill_jobs_work [gpu_sched] Sep 18 20:57:55 primary-ws kernel: RIP: 0010:refcount_warn_saturate+0xba/0x= 110 Sep 18 20:57:55 primary-ws kernel: Code: 01 01 e8 69 6b 6f 00 0f 0b e9 32 38 a5 00 80 3d 4d 7d be 01 00 75 85 48 c7 c7 80 b7 8e 95 c6 05 3d 7d be 01 01 e8 46 6b 6f 00 <0f> 0b e9 0f 38 a5 00 80 3d 28 7d be 01 00 0f 85 5e ff ff ff 48 c7 Sep 18 20:57:55 primary-ws kernel: RSP: 0018:ffffa1a853ccbe60 EFLAGS: 00010= 286 Sep 18 20:57:55 primary-ws kernel: RAX: 0000000000000026 RBX: ffff8e0e60a96c28 RCX: 0000000000000000 Sep 18 20:57:55 primary-ws kernel: RDX: 0000000000000001 RSI: ffffffff958d255c RDI: 00000000ffffffff Sep 18 20:57:55 primary-ws kernel: RBP: ffff8e19a83f5600 R08: 0000000000000000 R09: ffffa1a853ccbd10 Sep 18 20:57:55 primary-ws kernel: R10: 0000000000000003 R11: ffff8e19ee2fffe8 R12: ffff8e19a83fc800 Sep 18 20:57:55 primary-ws kernel: R13: ffff8e0d44a4b440 R14: ffff8e19a83fc805 R15: ffff8e0e60a96c30 Sep 18 20:57:55 primary-ws kernel: FS: 0000000000000000(0000) GS:ffff8e19a8200000(0000) knlGS:0000000000000000 Sep 18 20:57:55 primary-ws kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Sep 18 20:57:55 primary-ws kernel: CR2: 00001adc05fb2000 CR3: 00000002cf050000 CR4: 0000000000350ee0 Sep 18 20:57:55 primary-ws kernel: Call Trace: Sep 18 20:57:55 primary-ws kernel: Sep 18 20:57:55 primary-ws kernel: process_one_work+0x2a0/0x600 Sep 18 20:57:55 primary-ws kernel: worker_thread+0x4f/0x3a0 Sep 18 20:57:55 primary-ws kernel: ? process_one_work+0x600/0x600 Sep 18 20:57:55 primary-ws kernel: kthread+0xf5/0x120 Sep 18 20:57:55 primary-ws kernel: ? kthread_complete_and_exit+0x20/0x20 Sep 18 20:57:55 primary-ws kernel: ret_from_fork+0x22/0x30 Sep 18 20:57:55 primary-ws kernel: Sep 18 20:57:55 primary-ws kernel: irq event stamp: 63606683 Sep 18 20:57:55 primary-ws kernel: hardirqs last enabled at (63606691): [] __up_console_sem+0x5e/0x70 Sep 18 20:57:55 primary-ws kernel: hardirqs last disabled at (63606698): [] __up_console_sem+0x43/0x70 Sep 18 20:57:55 primary-ws kernel: softirqs last enabled at (63490566): [] __irq_exit_rcu+0xf9/0x170 Sep 18 20:57:55 primary-ws kernel: softirqs last disabled at (63490561): [] __irq_exit_rcu+0xf9/0x170 Sep 18 20:57:55 primary-ws kernel: ---[ end trace 0000000000000000 ]--- Sep 18 20:57:56 primary-ws abrt-dump-journal-oops[1409]: abrt-dump-journal-oops: Found oopses: 1 Sep 18 20:57:56 primary-ws abrt-dump-journal-oops[1409]: abrt-dump-journal-oops: Creating problem directories Sep 18 20:57:57 primary-ws abrt-notification[261766]: [=F0=9F=A1=95] System encountered a non-fatal error in kthread_complete_and_exit() Sep 18 20:57:57 primary-ws abrt-dump-journal-oops[1409]: Reported 1 kernel oopses to Abrt Sep 18 20:58:23 primary-ws gsd-power[2776]: Failed to acquire idle monitor proxy: Timeout was reached Sep 18 20:58:23 primary-ws gsd-power[2776]: Error setting property 'PowerSaveMode' on interface org.gnome.Mutter.DisplayConfig: Timeout was reached (g-io-error-quark, 24) Sep 18 20:58:53 primary-ws gsd-power[2776]: Failed to acquire idle monitor proxy: Timeout was reached Sep 18 20:58:53 primary-ws gsd-power[2776]: Error setting property 'PowerSaveMode' on interface org.gnome.Mutter.DisplayConfig: Timeout was reached (g-io-error-quark, 24) Sep 18 20:58:54 primary-ws gsd-power[2776]: Failed to acquire idle monitor proxy: Timeout was reached Full kernel log: https://pastebin.com/nj2syLPM --=20 Best Regards, Mike Gavrilov.