KFENCE: use-after-free read in dma_resv_iter_next_unlocked
Hi,
My kernel discovered the following use-after-free bug:
[Fri May 26 17:22:47 2023] ==================================================================
[Fri May 26 17:22:47 2023] BUG: KFENCE: use-after-free read in dma_resv_iter_next_unlocked+0x1d/0xa0
[Fri May 26 17:22:47 2023] Use-after-free read at 0x000000009a757fb4 (in kfence-#199):
[Fri May 26 17:22:47 2023] dma_resv_iter_next_unlocked+0x1d/0xa0
[Fri May 26 17:22:47 2023] dma_resv_wait_timeout+0x6c/0xe0
[Fri May 26 17:22:47 2023] ttm_bo_delayed_delete+0x2a/0x80 [ttm]
[Fri May 26 17:22:47 2023] process_one_work+0x1c7/0x3d0
[Fri May 26 17:22:47 2023] worker_thread+0x51/0x390
[Fri May 26 17:22:47 2023] kthread+0xde/0x110
[Fri May 26 17:22:47 2023] ret_from_fork+0x2c/0x50
[Fri May 26 17:22:47 2023] kfence-#199: 0x00000000bfaaf5bb-0x00000000ba9596a0, size=752, cache=kmalloc-1k
[Fri May 26 17:22:47 2023] allocated by task 554 on cpu 2 at 37.441744s:
[Fri May 26 17:22:47 2023] __kmem_cache_alloc_node+0x2c3/0x310
[Fri May 26 17:22:47 2023] kmalloc_trace+0x2a/0xa0
[Fri May 26 17:22:47 2023] radeon_bo_create+0x83/0x1e0 [radeon]
[Fri May 26 17:22:47 2023] radeon_gem_object_create+0xb7/0x1c0 [radeon]
[Fri May 26 17:22:47 2023] radeon_gem_create_ioctl+0x77/0x130 [radeon]
[Fri May 26 17:22:47 2023] drm_ioctl_kernel+0xcd/0x170
[Fri May 26 17:22:47 2023] drm_ioctl+0x26d/0x4b0
[Fri May 26 17:22:47 2023] radeon_drm_ioctl+0x4d/0x80 [radeon]
[Fri May 26 17:22:47 2023] __x64_sys_ioctl+0x94/0xd0
[Fri May 26 17:22:47 2023] do_syscall_64+0x60/0x90
[Fri May 26 17:22:47 2023] entry_SYSCALL_64_after_hwframe+0x72/0xdc
[Fri May 26 17:22:47 2023] freed by task 6154 on cpu 3 at 45587.323250s:
[Fri May 26 17:22:47 2023] process_one_work+0x1c7/0x3d0
[Fri May 26 17:22:47 2023] worker_thread+0x51/0x390
[Fri May 26 17:22:47 2023] kthread+0xde/0x110
[Fri May 26 17:22:47 2023] ret_from_fork+0x2c/0x50
[Fri May 26 17:22:47 2023] CPU: 3 PID: 112 Comm: kworker/3:1H Not tainted 6.3.3-arch1-1 #1 fa7b7e0107004b3021a57a74b951e0a25e7e8584
[Fri May 26 17:22:47 2023] Hardware name: System manufacturer System Product Name/M4A785TD-V EVO, BIOS 2105 07/23/2010
[Fri May 26 17:22:47 2023] Workqueue: ttm ttm_bo_delayed_delete [ttm]
[Fri May 26 17:22:47 2023] ==================================================================
After this bug occur, more it is working in this state, more problems I have; so finally I need to restart the machine.