<html>
<head>
<base href="https://bugs.freedesktop.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - Kernel crash shortly after gnome-shell login - refcount_t: increment on 0; use-after-free"
href="https://bugs.freedesktop.org/show_bug.cgi?id=109161">109161</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Kernel crash shortly after gnome-shell login - refcount_t: increment on 0; use-after-free
</td>
</tr>
<tr>
<th>Product</th>
<td>DRI
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Other
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>medium
</td>
</tr>
<tr>
<th>Component</th>
<td>DRM/AMDgpu
</td>
</tr>
<tr>
<th>Assignee</th>
<td>dri-devel@lists.freedesktop.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>yaneti@declera.com
</td>
</tr></table>
<p>
<div>
<pre>Fedora rawhide
4.21.0-0.rc0.git1.1.fc30.x86_64 ~= linus a5f2bd479f58
....
[ 12.777868] [drm] initializing kernel modesetting (POLARIS11 0x1002:0x67EF
0x1682:0x9460 0xCF).
....
[ 68.593291] amdgpu 0000:0a:00.0: 0000000038144057 unpin not necessary
[ 68.795444] ------------[ cut here ]------------
[ 68.800304] refcount_t: increment on 0; use-after-free.
[ 68.805649] WARNING: CPU: 12 PID: 1907 at lib/refcount.c:153
refcount_inc_checked+0x26/0x30
[ 68.814053] Modules linked in: nfsv3 nfs_acl nfs lockd grace fscache pppoe
pppox ppp_synctty ppp_async ppp_generic slhc fuse iptable_mangle xt_CHECKSUM
iptable_nat ipt_MASQUERADE nf_nat_ipv4 nf_nat xt_conntrack nf_conntrack
nf_defrag_ipv6 nf_defrag_ipv4 tun bridge stp llc ebtable_filter ebtables
ip6table_filter ip6_tables ib_isert iscsi_target_mod ib_srpt target_core_mod
ib_srp scsi_transport_srp rpcrdma rdma_ucm ib_iser rdma_cm ib_umad ib_ipoib
iw_cm libiscsi ib_cm scsi_transport_iscsi mlx4_ib ib_uverbs ib_core mlx4_en
it87 hwmon_vid sunrpc btrfs xor zstd_compress raid6_pq libcrc32c
zstd_decompress xxhash vfat fat edac_mce_amd kvm_amd kvm irqbypass pl2303
joydev snd_hda_codec_realtek ftdi_sio snd_hda_codec_generic ledtrig_audio
snd_hda_codec_hdmi snd_hda_intel snd_hda_codec ppdev snd_hda_core snd_hwdep
snd_seq crct10dif_pclmul raid1 snd_seq_device mlx4_core crc32_pclmul snd_pcm
wmi_bmof snd_timer ghash_clmulni_intel parport_serial mxm_wmi snd igb
parport_pc sp5100_tco devlink soundcore
[ 68.814090] ccp parport k10temp i2c_piix4 atlantic dca gpio_amdpt
gpio_generic amdgpu hid_logitech_hidpp chash amd_iommu_v2 gpu_sched
i2c_algo_bit ttm drm_kms_helper drm crc32c_intel nvme hid_logitech_dj nvme_core
wmi pinctrl_amd i2c_dev
[ 68.903020] CPU: 12 PID: 1907 Comm: gnome-shell Not tainted
4.21.0-0.rc0.git1.1.fc30.x86_64 #1
[ 68.903021] Hardware name: Gigabyte Technology Co., Ltd. X470 AORUS ULTRA
GAMING/X470 AORUS ULTRA GAMING-CF, BIOS F3g 05/10/2018
[ 68.903023] RIP: 0010:refcount_inc_checked+0x26/0x30
[ 68.903024] Code: 0f 1f 40 00 e8 ab ff ff ff 84 c0 74 01 c3 80 3d 74 62 3b
01 00 75 f6 48 c7 c7 38 32 35 a9 c6 05 64 62 3b 01 01 e8 7e 4d b9 ff <0f> 0b c3
0f 1f 80 00 00 00 00 8b 06 83 f8 ff 74 20 31 c9 39 f8 89
[ 68.903025] RSP: 0018:ffffadf1c8b8bb10 EFLAGS: 00010282
[ 68.903026] RAX: 0000000000000000 RBX: ffff98d381b58050 RCX:
0000000000000000
[ 68.903027] RDX: ffff98d3be7ddc40 RSI: ffff98d3be7d6c28 RDI:
ffff98d3be7d6c28
[ 68.903028] RBP: ffff98d381b5807c R08: 0000000000000002 R09:
0000000000000000
[ 68.903029] R10: 0000000000000000 R11: 0000000000000000 R12:
ffff98d3a9fa2d08
[ 68.903030] R13: ffff98d381b580f8 R14: ffff98d381b588f8 R15:
ffff98d3a9fa3160
[ 68.903035] FS: 00007f05a5b04d00(0000) GS:ffff98d3be600000(0000)
knlGS:0000000000000000
[ 68.903036] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 68.903037] CR2: 00007f0538b3b00c CR3: 00000007f465c000 CR4:
00000000003406e0
[ 68.903037] Call Trace:
[ 68.903042] ttm_bo_add_to_lru+0xab/0x160 [ttm]
[ 68.903047] ttm_eu_backoff_reservation+0x4e/0xe0 [ttm]
[ 69.044521] amdgpu_gem_object_close+0xf3/0x1e0 [amdgpu]
[ 69.044540] drm_gem_object_release_handle+0x7b/0xc0 [drm]
[ 69.055515] drm_gem_handle_delete+0x61/0x90 [drm]
[ 69.055523] ? drm_mode_destroy_dumb+0x40/0x40 [drm]
[ 69.065443] drm_ioctl_kernel+0xa9/0xf0 [drm]
[ 69.065452] drm_ioctl+0x201/0x3a0 [drm]
[ 69.073783] ? drm_mode_destroy_dumb+0x40/0x40 [drm]
[ 69.073787] ? sched_clock+0x5/0x10
[ 69.082443] ? sched_clock_cpu+0xc/0xb0
[ 69.086349] ? lockdep_hardirqs_on+0xed/0x180
[ 69.086379] amdgpu_drm_ioctl+0x49/0x80 [amdgpu]
[ 69.086384] do_vfs_ioctl+0xa5/0x6f0
[ 69.099131] ksys_ioctl+0x60/0x90
[ 69.099135] __x64_sys_ioctl+0x16/0x20
[ 69.106318] do_syscall_64+0x60/0x1f0
[ 69.110043] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 69.115181] RIP: 0033:0x7f05a965c2fb
[ 69.118817] Code: 0f 1e fa 48 8b 05 8d 9b 0c 00 64 c7 00 26 00 00 00 48 c7
c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01
f0 ff ff 73 01 c3 48 8b 0d 5d 9b 0c 00 f7 d8 64 89 01 48
[ 69.118818] RSP: 002b:00007ffd2a76dea8 EFLAGS: 00000246 ORIG_RAX:
0000000000000010
[ 69.118819] RAX: ffffffffffffffda RBX: 00005627173c6080 RCX:
00007f05a965c2fb
[ 69.118820] RDX: 00007ffd2a76dee4 RSI: 00000000c00464b4 RDI:
000000000000000b
[ 69.118820] RBP: 00007ffd2a76dee4 R08: 0000562717496a20 R09:
0000000000000005
[ 69.118821] R10: 0000000000000011 R11: 0000000000000246 R12:
00000000c00464b4
[ 69.118824] R13: 000000000000000b R14: 00005627175aba10 R15:
0000000000000007
[ 69.181886] irq event stamp: 2263926
[ 69.181889] hardirqs last enabled at (2263925): [<ffffffffa813c59e>]
console_unlock+0x45e/0x610
[ 69.181892] hardirqs last disabled at (2263926): [<ffffffffa80037e8>]
trace_hardirqs_off_thunk+0x1a/0x1c
[ 69.204101] softirqs last enabled at (2263922): [<ffffffffa8e00365>]
__do_softirq+0x365/0x47c
[ 69.204103] softirqs last disabled at (2263915): [<ffffffffa80c60e9>]
irq_exit+0x119/0x120
[ 69.204104] ---[ end trace f9abd5c695102e80 ]---
....</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>