igt@xe_exec_fault_mode@many-*invalid-userptr-fault - abort/dmesg-warn - WARNING: CPU: * PID: * at lib/refcount
Stdout
Using IGT_SRANDOM=1712541459 for randomisation
Opened device: /dev/dri/card1
Starting subtest: many-invalid-userptr-fault
Subtest many-invalid-userptr-fault: SUCCESS (0.036s)
This test caused an abort condition: Kernel badly tainted (0x200, 0x200) (check dmesg for details):
TAINT_WARN: WARN_ON has happened.
Stderr
Starting subtest: many-invalid-userptr-fault
Subtest many-invalid-userptr-fault: SUCCESS (0.036s)
Dmesg
<6> [780.695172] Console: switching to colour dummy device 80x25
<6> [780.695582] [IGT] xe_exec_fault_mode: executing
<6> [780.708786] [IGT] xe_exec_fault_mode: starting subtest many-invalid-userptr-fault
<7> [780.714218] xe 0000:aa:00.0: [drm:pf_queue_work_func [xe]]
ASID: 3493
VFID: 0
PDATA: 0x00a3
Faulted Address: 0x00000000001a2000
FaultType: 0
AccessType: 0
FaultLevel: 4
EngineClass: 3
EngineInstance: 0
<6> [780.714375] xe 0000:aa:00.0: [drm] Engine reset: guc_id=2
<7> [780.714475] xe 0000:aa:00.0: [drm:pf_queue_work_func [xe]] Fault response: Unsuccessful -22
<4> [780.714710] ------------[ cut here ]------------
<4> [780.714741] refcount_t: addition on 0; use-after-free.
<4> [780.714779] WARNING: CPU: 99 PID: 5188 at lib/refcount.c:25 refcount_warn_saturate+0x9c/0x150
<4> [780.714802] Modules linked in: mei_gsc nls_iso8859_1 intel_rapl_msr intel_rapl_common intel_uncore_frequency intel_uncore_frequency_common i10nm_edac nfit xe drm_gpuvm x86_pkg_temp_thermal gpu_sched intel_powerclamp drm_ttm_helper ttm video drm_suballoc_helper drm_exec drm_display_helper drm_kunit_helpers kunit drm_buddy coretemp dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua ixgbe cmdlinepart mdio mdio_devres smsc75xx dax_hmem spi_nor ast libphy usbnet pmt_telemetry cxl_acpi kvm_intel kvm crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha512_ssse3 sha256_ssse3 sha1_ssse3 aesni_intel crypto_simd cryptd rapl intel_cstate cxl_core efi_pstore isst_if_mmio dca mii isst_if_mbox_pci mtd pmt_class isst_if_common i2c_algo_bit i2c_i801 drm_shmem_helper intel_vsec spi_intel_pci drm_kms_helper spi_intel i2c_smbus mei_me igc mei wmi ipmi_ssif acpi_ipmi ipmi_si ipmi_devintf ipmi_msghandler acpi_pad acpi_power_meter mac_hid sch_fq_codel msr parport_pc ppdev lp parport drm ip_tables x_tables
<4> [780.715380] autofs4
<4> [780.715395] CPU: 99 PID: 5188 Comm: kworker/u901:2 Not tainted 6.9.0-rc2-xe #1
<4> [780.715408] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.86B.0087.D13.2208261706 08/26/2022
<4> [780.715417] Workqueue: xe_gt_page_fault_work_queue pf_queue_work_func [xe] (xe_gt_page_fault_work_q)
<4> [780.715620] RIP: 0010:refcount_warn_saturate+0x9c/0x150
<4> [780.715632] Code: cc cc 0f b6 1d da 18 af 01 80 fb 01 0f 87 d5 73 97 00 83 e3 01 75 e4 48 c7 c7 d0 e2 c7 82 c6 05 be 18 af 01 01 e8 54 6a 73 ff <0f> 0b eb cd 0f b6 1d b0 18 af 01 80 fb 01 0f 87 95 73 97 00 83 e3
<4> [780.715642] RSP: 0018:ffa000000f1cfc70 EFLAGS: 00010286
<4> [780.715656] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000027
<4> [780.715664] RDX: 0000000000000027 RSI: 0000000100015747 RDI: ff11003ffd7b1a48
<4> [780.715673] RBP: ffa000000f1cfc78 R08: 0000000000000000 R09: 0000000100015747
<4> [780.715681] R10: ffa000000f1cfa58 R11: ff1100407fec0ea8 R12: ff1100209387a0a0
<4> [780.715688] R13: ff1100208d6f86f8 R14: ff1100208d6f8940 R15: ff1100209387a208
<4> [780.715695] FS: 0000000000000000(0000) GS:ff11003ffd780000(0000) knlGS:0000000000000000
<4> [780.715704] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4> [780.715712] CR2: 00007f9a97c4f000 CR3: 000000000aa54001 CR4: 0000000000771ef0
<4> [780.715721] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
<4> [780.715728] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
<4> [780.715736] PKRU: 55555554
<4> [780.715743] Call Trace:
<4> [780.715749] <TASK>
<4> [780.715760] ? show_regs+0x67/0x70
<4> [780.715774] ? refcount_warn_saturate+0x9c/0x150
<4> [780.715785] ? __warn+0x8e/0x1b0
<4> [780.715801] ? refcount_warn_saturate+0x9c/0x150
<4> [780.715816] ? report_bug+0x1b7/0x1d0
<4> [780.715840] ? handle_bug+0x46/0x80
<4> [780.715858] ? exc_invalid_op+0x19/0x70
<4> [780.715875] ? asm_exc_invalid_op+0x1b/0x20
<4> [780.715912] ? refcount_warn_saturate+0x9c/0x150
<4> [780.715930] handle_pagefault+0x5d9/0x5f0 [xe]
<4> [780.716133] ? lock_acquire+0xd7/0x300
<4> [780.716158] ? mark_held_locks+0x4d/0x80
<4> [780.716189] pf_queue_work_func+0x130/0x2f0 [xe]
<4> [780.716415] process_scheduled_works+0x389/0x710
<4> [780.716460] worker_thread+0x159/0x300
<4> [780.716479] ? __pfx_worker_thread+0x10/0x10
<4> [780.716492] kthread+0x105/0x140
<4> [780.716503] ? __pfx_kthread+0x10/0x10
<4> [780.716521] ret_from_fork+0x39/0x60
<4> [780.716532] ? __pfx_kthread+0x10/0x10
<4> [780.716544] ret_from_fork_asm+0x1a/0x30
<4> [780.716587] </TASK>
<4> [780.716594] irq event stamp: 356689
<4> [780.716601] hardirqs last enabled at (356695): [<ffffffff811b198a>] console_unlock+0x13a/0x150
<4> [780.716620] hardirqs last disabled at (356700): [<ffffffff811b196f>] console_unlock+0x11f/0x150
<4> [780.716632] softirqs last enabled at (355908): [<ffffffff82381b36>] __do_softirq+0x316/0x441
<4> [780.716649] softirqs last disabled at (355901): [<ffffffff810eb3db>] irq_exit_rcu+0x8b/0xb0
<4> [780.716667] ---[ end trace 0000000000000000 ]---
<4> [780.716678] ------------[ cut here ]------------
<4> [780.716686] refcount_t: underflow; use-after-free.
<4> [780.716708] WARNING: CPU: 99 PID: 5188 at lib/refcount.c:28 refcount_warn_saturate+0xf4/0x150
<4> [780.716720] Modules linked in: mei_gsc nls_iso8859_1 intel_rapl_msr intel_rapl_common intel_uncore_frequency intel_uncore_frequency_common i10nm_edac nfit xe drm_gpuvm x86_pkg_temp_thermal gpu_sched intel_powerclamp drm_ttm_helper ttm video drm_suballoc_helper drm_exec drm_display_helper drm_kunit_helpers kunit drm_buddy coretemp dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua ixgbe cmdlinepart mdio mdio_devres smsc75xx dax_hmem spi_nor ast libphy usbnet pmt_telemetry cxl_acpi kvm_intel kvm crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha512_ssse3 sha256_ssse3 sha1_ssse3 aesni_intel crypto_simd cryptd rapl intel_cstate cxl_core efi_pstore isst_if_mmio dca mii isst_if_mbox_pci mtd pmt_class isst_if_common i2c_algo_bit i2c_i801 drm_shmem_helper intel_vsec spi_intel_pci drm_kms_helper spi_intel i2c_smbus mei_me igc mei wmi ipmi_ssif acpi_ipmi ipmi_si ipmi_devintf ipmi_msghandler acpi_pad acpi_power_meter mac_hid sch_fq_codel msr parport_pc ppdev lp parport drm ip_tables x_tables
<4> [780.717093] autofs4
<4> [780.717107] CPU: 99 PID: 5188 Comm: kworker/u901:2 Tainted: G W 6.9.0-rc2-xe #1
<4> [780.717117] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.86B.0087.D13.2208261706 08/26/2022
<4> [780.717124] Workqueue: xe_gt_page_fault_work_queue pf_queue_work_func [xe] (xe_gt_page_fault_work_q)
<4> [780.717336] RIP: 0010:refcount_warn_saturate+0xf4/0x150
<4> [780.717347] Code: eb a1 0f b6 1d 81 18 af 01 80 fb 01 0f 87 a5 73 97 00 83 e3 01 75 8c 48 c7 c7 00 e3 c7 82 c6 05 65 18 af 01 01 e8 fc 69 73 ff <0f> 0b e9 72 ff ff ff 0f b6 1d 50 18 af 01 80 fb 01 0f 87 62 73 97
<4> [780.717358] RSP: 0018:ffa000000f1cfc60 EFLAGS: 00010282
<4> [780.717371] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000027
<4> [780.717378] RDX: 0000000000000027 RSI: 000000010001577b RDI: ff11003ffd7b1a48
<4> [780.717387] RBP: ffa000000f1cfc68 R08: 0000000000000000 R09: 000000010001577b
<4> [780.717394] R10: ffa000000f1cfa48 R11: ff1100407fec1388 R12: 0000000000000000
<4> [780.717402] R13: 00000000ffffffea R14: ff1100012b542410 R15: ff1100209387a208
<4> [780.717410] FS: 0000000000000000(0000) GS:ff11003ffd780000(0000) knlGS:0000000000000000
<4> [780.717417] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4> [780.717422] CR2: 00007f9a97c4f000 CR3: 000000000aa54001 CR4: 0000000000771ef0
<4> [780.717426] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
<4> [780.717428] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
<4> [780.717432] PKRU: 55555554
<4> [780.717435] Call Trace:
<4> [780.717437] <TASK>
<4> [780.717441] ? show_regs+0x67/0x70
<4> [780.717446] ? refcount_warn_saturate+0xf4/0x150
<4> [780.717450] ? __warn+0x8e/0x1b0
<4> [780.717457] ? refcount_warn_saturate+0xf4/0x150
<4> [780.717464] ? report_bug+0x1b7/0x1d0
<4> [780.717473] ? handle_bug+0x46/0x80
<4> [780.717480] ? exc_invalid_op+0x19/0x70
<4> [780.717488] ? asm_exc_invalid_op+0x1b/0x20
<4> [780.717502] ? refcount_warn_saturate+0xf4/0x150
<4> [780.717510] drm_gpuvm_put+0x4b/0x60 [drm_gpuvm]