RX 5700 XT (GFX10 NAVI 10): igt@kms_color@pipe-invalid-degamma-lut-sizes - refcount_t: underflow; use-after-free.
Brief summary of the problem:
When running the IGT test igt@kms_color@pipe-invalid-degamma-lut-sizes
, I get the following refcount_t: underflow; use-after-free
warning:
[ 21.800751] [3318/3436] kms_color (pipe-invalid-degamma-lut-sizes)
[ 21.921468] ------------[ cut here ]------------
[ 21.929832] refcount_t: underflow; use-after-free.
[ 21.937301] WARNING: CPU: 21 PID: 887 at lib/refcount.c:28 refcount_warn_saturate+0xa6/0xf0
[ 21.950988] Modules linked in:
[ 21.956771] CPU: 21 PID: 887 Comm: kms_color Not tainted 5.11.6-CI #55
[ 21.966355] Hardware name: Gigabyte Technology Co., Ltd. B550 AORUS ELITE/B550 AORUS ELITE, BIOS F2 07/07/2020
[ 21.981985] RIP: 0010:refcount_warn_saturate+0xa6/0xf0
[ 21.989802] Code: 05 db 83 c3 03 01 e8 83 6f 87 00 0f 0b c3 80 3d c9 83 c3 03 00 75 95 48 c7 c7 a0 09 39 9f c6 05 b9 83 c3 03 01 e8 64 6f 87 00 <0f> 0b c3 80 3d a8 83 c3 03 00 0f 85 72 ff ff ff 48 c7 c7 f8 09 39
[ 22.016821] RSP: 0018:ffff99bd422d7c90 EFLAGS: 00010286
[ 22.024714] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 22.037193] RDX: ffff93a91ef668d0 RSI: ffff93a91ef578f0 RDI: ffff93a91ef578f0
[ 22.050494] RBP: ffff93a217ea0048 R08: ffffffff9f72f4a8 R09: 0000000000009ffb
[ 22.062967] R10: 00000000ffffe000 R11: 3fffffffffffffff R12: 0000000000000000
[ 22.075789] R13: ffff93a217ea0000 R14: 00000000ffffffff R15: 0000000000000006
[ 22.088259] FS: 0000000000000000(0000) GS:ffff93a91ef40000(0000) knlGS:0000000000000000
[ 22.101978] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 22.110409] CR2: 00007feccbc30fc0 CR3: 000000044140a000 CR4: 0000000000350ee0
[ 22.122870] Call Trace:
[ 22.127946] dc_resource_state_destruct+0x49/0x70
[ 22.135826] dc_release_state+0x21/0x40
[ 22.142336] dm_atomic_destroy_state+0x17/0x20
[ 22.149451] drm_atomic_state_default_clear+0x223/0x2d0
[ 22.157360] __drm_atomic_state_free+0x51/0x90
[ 22.164485] drm_client_modeset_commit_atomic+0x1ef/0x220
[ 22.172767] drm_client_modeset_commit_locked+0x51/0x150
[ 22.180827] drm_client_modeset_commit+0x1f/0x40
[ 22.188817] drm_fb_helper_lastclose+0x3e/0x80
[ 22.195939] amdgpu_driver_lastclose_kms+0x5/0x10
[ 22.203320] drm_release+0xd4/0x110
[ 22.209879] __fput+0x87/0x230
[ 22.215594] task_work_run+0x57/0x90
[ 22.221851] do_exit+0x35e/0xa20
[ 22.227768] do_group_exit+0x2e/0x90
[ 22.234815] __x64_sys_exit_group+0xf/0x10
[ 22.241591] do_syscall_64+0x33/0x40
[ 22.247837] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 22.255587] RIP: 0033:0x7feccd50b416
[ 22.261849] Code: Unable to access opcode bytes at RIP 0x7feccd50b3ec.
[ 22.271347] RSP: 002b:00007ffc20037e28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 22.284260] RAX: ffffffffffffffda RBX: 00007feccd601470 RCX: 00007feccd50b416
[ 22.296721] RDX: 0000000000000062 RSI: 000000000000003c RDI: 0000000000000062
[ 22.309395] RBP: 0000000000000062 R08: 00000000000000e7 R09: ffffffffffffff80
[ 22.321874] R10: 00007feccc48e84e R11: 0000000000000246 R12: 00007feccd601470
[ 22.334358] R13: 0000000000000004 R14: 00007feccd604e68 R15: 0000000000000000
[ 22.346805] ---[ end trace 80680f8111d9e4b0 ]---
Hardware description:
- CPU: AMD Ryzen 9 3900XT 12-Core Processor
- GPU: GFX10, RX 5700 XT
- System Memory: 32 GB
- Display(s): 1
- Type of Display Connection: HDMI (Full HD)
System information:
- Distro name and Version: IGT's container registry.freedesktop.org/drm/igt-gpu-tools/igt:master
- Kernel version: v5.6.11
- Custom kernel: self-compiled kernel, with one additional unrelated patch to the init process
- AMD package version: No package
How to reproduce the issue:
You may reproduce the problem by running the following command:
# docker run --privileged registry.freedesktop.org/drm/igt-gpu-tools/igt:master igt_runner -t kms_color@pipe-invalid-degamma-lut-sizes -o results/