Hi! Unfortunately the use-after-free issue still happens on the 6.0-rc5 kernel. The issue became hard to repeat. I spent the whole day at the computer when use-after-free again happened, I was playing the game Tiny Tina's Wonderlands. Therefore, forget about repeatability. It remains only to hope for logs and tracing. I didn't see anything new in the logs. It seems that we need to somehow expand the logging so that the next time this happens we have more information. Sep 18 20:52:16 primary-ws gnome-shell[2388]: meta_window_set_stack_position_no_sync: assertion 'window->stack_position >= 0' failed Sep 18 20:52:27 primary-ws gnome-shell[2388]: meta_window_set_stack_position_no_sync: assertion 'window->stack_position >= 0' failed Sep 18 20:53:44 primary-ws gnome-shell[2388]: Window manager warning: Window 0x4e00003 sets an MWM hint indicating it isn't resizable, but sets min size 1 x 1 and max size 2147483647 x 2147483647; this doesn't make much sense. Sep 18 20:53:45 primary-ws kernel: umip_printk: 11 callbacks suppressed Sep 18 20:53:45 primary-ws kernel: umip: Wonderlands.exe[213853] ip:14ebb0d03 sp:4ee528: SGDT instruction cannot be used by applications. Sep 18 20:53:45 primary-ws kernel: umip: Wonderlands.exe[213853] ip:14ebb0d03 sp:4ee528: For now, expensive software emulation returns the result. Sep 18 20:53:53 primary-ws gnome-shell[2388]: meta_window_set_stack_position_no_sync: assertion 'window->stack_position >= 0' failed Sep 18 20:53:53 primary-ws kernel: umip: Wonderlands.exe[213853] ip:14ebb0d03 sp:4ee528: SGDT instruction cannot be used by applications. Sep 18 20:53:53 primary-ws kernel: umip: Wonderlands.exe[213853] ip:14ebb0d03 sp:4ee528: For now, expensive software emulation returns the result. Sep 18 20:54:15 primary-ws kernel: umip: Wonderlands.exe[214194] ip:15a270815 sp:6eaef490: SGDT instruction cannot be used by applications. Sep 18 20:56:01 primary-ws kernel: umip_printk: 15 callbacks suppressed Sep 18 20:56:01 primary-ws kernel: umip: Wonderlands.exe[213853] ip:15e3a82b0 sp:4ed178: SGDT instruction cannot be used by applications. Sep 18 20:56:01 primary-ws kernel: umip: Wonderlands.exe[213853] ip:15e3a82b0 sp:4ed178: For now, expensive software emulation returns the result. Sep 18 20:56:03 primary-ws kernel: umip: Wonderlands.exe[213853] ip:15e3a82b0 sp:4edbe8: SGDT instruction cannot be used by applications. Sep 18 20:56:03 primary-ws kernel: umip: Wonderlands.exe[213853] ip:15e3a82b0 sp:4edbe8: For now, expensive software emulation returns the result. Sep 18 20:56:03 primary-ws kernel: umip: Wonderlands.exe[213853] ip:15e3a82b0 sp:4ebf18: SGDT instruction cannot be used by applications. Sep 18 20:57:55 primary-ws kernel: ------------[ cut here ]------------ Sep 18 20:57:55 primary-ws kernel: refcount_t: underflow; use-after-free. Sep 18 20:57:55 primary-ws kernel: WARNING: CPU: 22 PID: 235114 at lib/refcount.c:28 refcount_warn_saturate+0xba/0x110 Sep 18 20:57:55 primary-ws kernel: Modules linked in: tls uinput rfcomm snd_seq_dummy snd_hrtimer nft_objref nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_> Sep 18 20:57:55 primary-ws kernel: asus_wmi ledtrig_audio sparse_keymap platform_profile irqbypass rfkill mc rapl snd_timer video wmi_bmof pcspkr snd k10temp i2c_piix4 soundcore acpi_cpufreq zram amdgpu drm_ttm_helper ttm iommu_v2 crct1> Sep 18 20:57:55 primary-ws kernel: Unloaded tainted modules: amd64_edac():1 amd64_edac():1 amd64_edac():1 amd64_edac():1 amd64_edac():1 amd64_edac():1 amd64_edac():1 amd64_edac():1 amd64_edac():1 pcc_cpufreq():1 pcc_cpufreq():1 amd64_eda> Sep 18 20:57:55 primary-ws kernel: pcc_cpufreq():1 pcc_cpufreq():1 fjes():1 fjes():1 pcc_cpufreq():1 fjes():1 fjes():1 fjes():1 fjes():1 fjes():1 Sep 18 20:57:55 primary-ws kernel: CPU: 22 PID: 235114 Comm: kworker/22:0 Tainted: G W L ------- --- 6.0.0-0.rc5.20220914git3245cb65fd91.39.fc38.x86_64 #1 Sep 18 20:57:55 primary-ws kernel: Hardware name: System manufacturer System Product Name/ROG STRIX X570-I GAMING, BIOS 4403 04/27/2022 Sep 18 20:57:55 primary-ws kernel: Workqueue: events drm_sched_entity_kill_jobs_work [gpu_sched] Sep 18 20:57:55 primary-ws kernel: RIP: 0010:refcount_warn_saturate+0xba/0x110 Sep 18 20:57:55 primary-ws kernel: Code: 01 01 e8 69 6b 6f 00 0f 0b e9 32 38 a5 00 80 3d 4d 7d be 01 00 75 85 48 c7 c7 80 b7 8e 95 c6 05 3d 7d be 01 01 e8 46 6b 6f 00 <0f> 0b e9 0f 38 a5 00 80 3d 28 7d be 01 00 0f 85 5e ff ff ff 48 c7 Sep 18 20:57:55 primary-ws kernel: RSP: 0018:ffffa1a853ccbe60 EFLAGS: 00010286 Sep 18 20:57:55 primary-ws kernel: RAX: 0000000000000026 RBX: ffff8e0e60a96c28 RCX: 0000000000000000 Sep 18 20:57:55 primary-ws kernel: RDX: 0000000000000001 RSI: ffffffff958d255c RDI: 00000000ffffffff Sep 18 20:57:55 primary-ws kernel: RBP: ffff8e19a83f5600 R08: 0000000000000000 R09: ffffa1a853ccbd10 Sep 18 20:57:55 primary-ws kernel: R10: 0000000000000003 R11: ffff8e19ee2fffe8 R12: ffff8e19a83fc800 Sep 18 20:57:55 primary-ws kernel: R13: ffff8e0d44a4b440 R14: ffff8e19a83fc805 R15: ffff8e0e60a96c30 Sep 18 20:57:55 primary-ws kernel: FS: 0000000000000000(0000) GS:ffff8e19a8200000(0000) knlGS:0000000000000000 Sep 18 20:57:55 primary-ws kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Sep 18 20:57:55 primary-ws kernel: CR2: 00001adc05fb2000 CR3: 00000002cf050000 CR4: 0000000000350ee0 Sep 18 20:57:55 primary-ws kernel: Call Trace: Sep 18 20:57:55 primary-ws kernel: <TASK> Sep 18 20:57:55 primary-ws kernel: process_one_work+0x2a0/0x600 Sep 18 20:57:55 primary-ws kernel: worker_thread+0x4f/0x3a0 Sep 18 20:57:55 primary-ws kernel: ? process_one_work+0x600/0x600 Sep 18 20:57:55 primary-ws kernel: kthread+0xf5/0x120 Sep 18 20:57:55 primary-ws kernel: ? kthread_complete_and_exit+0x20/0x20 Sep 18 20:57:55 primary-ws kernel: ret_from_fork+0x22/0x30 Sep 18 20:57:55 primary-ws kernel: </TASK> Sep 18 20:57:55 primary-ws kernel: irq event stamp: 63606683 Sep 18 20:57:55 primary-ws kernel: hardirqs last enabled at (63606691): [<ffffffff9418ce0e>] __up_console_sem+0x5e/0x70 Sep 18 20:57:55 primary-ws kernel: hardirqs last disabled at (63606698): [<ffffffff9418cdf3>] __up_console_sem+0x43/0x70 Sep 18 20:57:55 primary-ws kernel: softirqs last enabled at (63490566): [<ffffffff940ff749>] __irq_exit_rcu+0xf9/0x170 Sep 18 20:57:55 primary-ws kernel: softirqs last disabled at (63490561): [<ffffffff940ff749>] __irq_exit_rcu+0xf9/0x170 Sep 18 20:57:55 primary-ws kernel: ---[ end trace 0000000000000000 ]--- Sep 18 20:57:56 primary-ws abrt-dump-journal-oops[1409]: abrt-dump-journal-oops: Found oopses: 1 Sep 18 20:57:56 primary-ws abrt-dump-journal-oops[1409]: abrt-dump-journal-oops: Creating problem directories Sep 18 20:57:57 primary-ws abrt-notification[261766]: [🡕] System encountered a non-fatal error in kthread_complete_and_exit() Sep 18 20:57:57 primary-ws abrt-dump-journal-oops[1409]: Reported 1 kernel oopses to Abrt Sep 18 20:58:23 primary-ws gsd-power[2776]: Failed to acquire idle monitor proxy: Timeout was reached Sep 18 20:58:23 primary-ws gsd-power[2776]: Error setting property 'PowerSaveMode' on interface org.gnome.Mutter.DisplayConfig: Timeout was reached (g-io-error-quark, 24) Sep 18 20:58:53 primary-ws gsd-power[2776]: Failed to acquire idle monitor proxy: Timeout was reached Sep 18 20:58:53 primary-ws gsd-power[2776]: Error setting property 'PowerSaveMode' on interface org.gnome.Mutter.DisplayConfig: Timeout was reached (g-io-error-quark, 24) Sep 18 20:58:54 primary-ws gsd-power[2776]: Failed to acquire idle monitor proxy: Timeout was reached Full kernel log: https://pastebin.com/nj2syLPM -- Best Regards, Mike Gavrilov.
