Bug 112320

Summary: [CI][SHARDS]igt@kms_plane_scaling@pipe-b-scaler-with-clipping-clamping - dmesg-warn - BUG: kernel NULL pointer dereference, address: 0000000000000018
Product: DRI Reporter: Lakshmi <lakshminarayana.vudum>
Component: DRM/IntelAssignee: Intel GFX Bugs mailing list <intel-gfx-bugs>
Status: RESOLVED MOVED QA Contact: Intel GFX Bugs mailing list <intel-gfx-bugs>
Severity: not set    
Priority: not set CC: intel-gfx-bugs
Version: DRI git   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: ICL i915 features: GEM/Other

Description Lakshmi 2019-11-18 11:33:57 UTC
https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_7359/shard-iclb7/igt@kms_plane_scaling@pipe-b-scaler-with-clipping-clamping.html

<1> [644.752543] BUG: kernel NULL pointer dereference, address: 0000000000000018
<1> [644.752553] #PF: supervisor read access in kernel mode
<1> [644.752559] #PF: error_code(0x0000) - not-present page
<6> [644.752566] PGD 0 P4D 0 
<4> [644.752571] Oops: 0000 [#1] PREEMPT SMP NOPTI
<4> [644.752577] CPU: 3 PID: 1219 Comm: kworker/u16:58 Tainted: G     U            5.4.0-rc8-CI-CI_DRM_7359+ #1
<4> [644.752588] Hardware name: Intel Corporation Ice Lake Client Platform/IceLake U DDR4 SODIMM PD RVP, BIOS ICLSFWR1.R00.3234.A01.1906141750 06/14/2019
<4> [644.752644] Workqueue: i915 __i915_gem_free_work [i915]
<4> [644.752653] RIP: 0010:set_page_dirty+0x2f/0xb0
<4> [644.752659] Code: 57 9d 01 00 48 8b 53 08 48 8d 4a ff 83 e2 01 48 0f 45 d9 48 85 c0 74 50 48 8b 4b 08 48 8b 80 08 01 00 00 48 8d 51 ff 83 e1 01 <48> 8b 40 18 48 0f 44 d3 48 8b 12 f7 c2 00 00 04 00 74 14 48 8b 4b
<4> [644.752676] RSP: 0018:ffffc90000b13d18 EFLAGS: 00010246
<4> [644.752683] RAX: 0000000000000000 RBX: ffffea001229d700 RCX: 0000000000000000
<4> [644.752691] RDX: ffffea000f7100c7 RSI: ffffea001229d700 RDI: ffffea001229d700
<4> [644.752698] RBP: ffff888488739260 R08: 0000000000000000 R09: 0000000000000001
<4> [644.752706] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000004000
<4> [644.752714] R13: 0000000000000000 R14: ffff88847f24cb40 R15: ffffea001229d700
<4> [644.752722] FS:  0000000000000000(0000) GS:ffff88849fd80000(0000) knlGS:0000000000000000
<4> [644.752731] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4> [644.752738] CR2: 0000000000000018 CR3: 0000000005210005 CR4: 0000000000760ee0
<4> [644.752746] PKRU: 55555554
<4> [644.752750] Call Trace:
<4> [644.752797]  shmem_put_pages+0x1f1/0x250 [i915]
<4> [644.752851]  __i915_gem_object_put_pages+0x8b/0x110 [i915]
<4> [644.752927]  __i915_gem_free_objects+0xc1/0x3e0 [i915]
<4> [644.752936]  process_one_work+0x26a/0x620
<4> [644.752944]  worker_thread+0x37/0x380
<4> [644.752951]  ? process_one_work+0x620/0x620
<4> [644.752957]  kthread+0x119/0x130
<4> [644.752962]  ? kthread_park+0x80/0x80
<4> [644.752969]  ret_from_fork+0x24/0x50
<4> [644.752977] Modules linked in: vgem snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic i915 x86_pkg_temp_thermal coretemp mei_hdcp snd_hda_intel snd_intel_dspcfg crct10dif_pclmul snd_hda_codec crc32_pclmul cdc_ether snd_hwdep usbnet mii snd_hda_core e1000e ghash_clmulni_intel snd_pcm ptp pps_core mei_me mei thunderbolt prime_numbers
Comment 1 CI Bug Log 2019-11-18 11:34:51 UTC
The CI Bug Log issue associated to this bug has been updated.

### New filters associated

* ICL: igt@kms_plane_scaling@pipe-b-scaler-with-clipping-clamping - dmesg-warn - BUG: kernel NULL pointer dereference, address: 0000000000000018
  - https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_7359/shard-iclb7/igt@kms_plane_scaling@pipe-b-scaler-with-clipping-clamping.html
Comment 2 Chris Wilson 2019-11-18 12:21:28 UTC
int set_page_dirty(struct page *page)
{
        struct address_space *mapping = page_mapping(page);

        page = compound_head(page);
        if (likely(mapping)) {
                int (*spd)(struct page *) = mapping->a_ops->set_page_dirty;


Smells fishy. It's memcorruption; may not be ours.
Comment 3 Chris Wilson 2019-11-19 12:31:17 UTC
One off as far my reproducibility goes; a heisenbug.
Comment 4 Martin Peres 2019-11-29 19:48:42 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/drm/intel/issues/617.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.