Bug 107397 - [CI][BAT] igt@drv_module_reload@basic-reload-inject - dmesg-fail - general protection fault: 0000 [#1] PREEMPT SMP PTI
Summary: [CI][BAT] igt@drv_module_reload@basic-reload-inject - dmesg-fail - general pr...
Status: CLOSED FIXED
Alias: None
Product: DRI
Classification: Unclassified
Component: DRM/Intel (show other bugs)
Version: XOrg git
Hardware: Other All
: medium normal
Assignee: Intel GFX Bugs mailing list
QA Contact: Intel GFX Bugs mailing list
URL:
Whiteboard: ReadyForDev
Keywords:
Depends on:
Blocks:
 
Reported: 2018-07-27 10:55 UTC by Martin Peres
Modified: 2018-08-07 07:52 UTC (History)
1 user (show)

See Also:
i915 platform: CFL, KBL, SKL
i915 features: firmware/guc

Attachments

Description Martin Peres 2018-07-27 10:55:57 UTC 
https://intel-gfx-ci.01.org/tree/drm-tip/IGT_4575/fi-kbl-guc/igt@drv_module_reload@basic-reload-inject.html

https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_4542/fi-skl-guc/igt@drv_module_reload@basic-reload-inject.html

https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_4548/fi-cfl-guc/igt@drv_module_reload@basic-reload-inject.html

[  393.545338] general protection fault: 0000 [#1] PREEMPT SMP PTI
[  393.545353] CPU: 11 PID: 4772 Comm: drv_module_relo Tainted: G     U            4.18.0-rc6-CI-CI_DRM_4548+ #1
[  393.545363] Hardware name: Micro-Star International Co., Ltd. MS-7B54/Z370M MORTAR (MS-7B54), BIOS 1.10 12/28/2017
[  393.545380] RIP: 0010:__lock_acquire+0xf6/0x1b50
[  393.545386] Code: 85 c0 4c 8b 9d 40 ff ff ff 8b 8d 38 ff ff ff 44 8b 8d 30 ff ff ff 4c 8b 85 28 ff ff ff 44 8b 95 24 ff ff ff 0f 84 54 03 00 00 <f0> ff 80 38 01 00 00 8b 15 45 8c 59 02 45 8b bc 24 70 08 00 00 85 
[  393.545469] RSP: 0018:ffffc900004abb40 EFLAGS: 00010002
[  393.545477] RAX: 6b6b6b6b6b6b6b6b RBX: 0000000000000001 RCX: 0000000000000000
[  393.545486] RDX: 0000000000000046 RSI: 0000000000000000 RDI: 0000000000000000
[  393.545494] RBP: ffffc900004abc20 R08: ffffffff810a25e9 R09: 0000000000000000
[  393.545502] R10: 0000000000000000 R11: ffff88025fcd03d8 R12: ffff8801c9310040
[  393.545510] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000246
[  393.545519] FS:  00007fceaed88980(0000) GS:ffff8802664c0000(0000) knlGS:0000000000000000
[  393.545529] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  393.545536] CR2: 000055d7250e31d8 CR3: 00000001a7b18001 CR4: 00000000003606e0
[  393.545544] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  393.545553] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  393.545561] Call Trace:
[  393.545574]  ? lock_acquire+0xa6/0x210
[  393.545582]  lock_acquire+0xa6/0x210
[  393.545592]  ? drain_workqueue+0x19/0x180
[  393.545603]  __mutex_lock+0x89/0x980
[  393.545612]  ? drain_workqueue+0x19/0x180
[  393.545621]  ? _raw_spin_unlock_irqrestore+0x4c/0x60
[  393.545630]  ? trace_hardirqs_on_caller+0xe0/0x1b0
[  393.545639]  ? drain_workqueue+0x19/0x180
[  393.545650]  ? debug_object_active_state+0x127/0x150
[  393.545661]  ? drain_workqueue+0x19/0x180
[  393.545669]  drain_workqueue+0x19/0x180
[  393.545680]  destroy_workqueue+0x12/0x1f0
[  393.545786]  intel_guc_fini_misc+0x36/0x90 [i915]
[  393.545920]  i915_gem_fini+0x91/0x100 [i915]
[  393.546011]  i915_driver_unload+0xd2/0x110 [i915]
[  393.546104]  i915_pci_remove+0x19/0x30 [i915]
[  393.546120]  pci_device_remove+0x36/0xb0
[  393.546133]  device_release_driver_internal+0x185/0x250
[  393.546146]  driver_detach+0x35/0x70
[  393.546160]  bus_remove_driver+0x53/0xd0
[  393.546172]  pci_unregister_driver+0x25/0xa0
[  393.546188]  __se_sys_delete_module+0x162/0x210
[  393.546201]  ? do_syscall_64+0xd/0x190
[  393.546212]  do_syscall_64+0x55/0x190
[  393.546225]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  393.546237] RIP: 0033:0x7fceae43a1b7
[  393.546244] Code: 73 01 c3 48 8b 0d d1 8c 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 b0 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a1 8c 2c 00 f7 d8 64 89 01 48 
[  393.546360] RSP: 002b:00007ffd719f0368 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0
[  393.546375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fceae43a1b7
[  393.546387] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 000055e13df91558
[  393.546399] RBP: 000055e13df914f0 R08: 000055e13df9155c R09: 00007ffd719f03a8
[  393.546410] R10: 00007ffd719ef364 R11: 0000000000000206 R12: 000055e13cc51470
[  393.546422] R13: 00007ffd719f0950 R14: 0000000000000000 R15: 0000000000000000
[  393.546437] Modules linked in: i915(-) vgem snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic x86_pkg_temp_thermal coretemp snd_hda_codec crct10dif_pclmul snd_hwdep crc32_pclmul snd_hda_core ghash_clmulni_intel e1000e snd_pcm mei_me prime_numbers mei [last unloaded: i915]
Comment 1 Chris Wilson 2018-07-27 11:15:37 UTC 
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date:   Thu Jul 26 09:50:31 2018 +0100

    drm/i915: Protect guc_fini_wq() against module load abort
    
    Prevent
    [  397.873143] general protection fault: 0000 [#1] PREEMPT SMP PTI
    [  397.873154] CPU: 4 PID: 4799 Comm: drv_module_relo Tainted: G     U            4.18.0-rc6-CI-CI_DRM_4534+ #1
    [  397.873162] Hardware name: Micro-Star International Co., Ltd. MS-7B54/Z370M MORTAR (MS-7B54), BIOS 1.10 12/28/2017
    [  397.873175] RIP: 0010:__lock_acquire+0xf6/0x1b50
    [  397.873179] Code: 85 c0 4c 8b 9d 40 ff ff ff 8b 8d 38 ff ff ff 44 8b 8d 30 ff ff ff 4c 8b 85 28 ff ff ff 44 8b 95 24 ff ff ff 0f 84 54 03 00 00 <f0> ff 80 38 01 00 00 8b 15 45 8c 59 02 45 8b bc 24 70 08 00 00 85
    [  397.873240] RSP: 0018:ffffc90000497b40 EFLAGS: 00010002
    [  397.873246] RAX: 6b6b6b6b6b6b6b6b RBX: 0000000000000001 RCX: 0000000000000000
    [  397.873252] RDX: 0000000000000046 RSI: 0000000000000000 RDI: 0000000000000000
    [  397.873258] RBP: ffffc90000497c20 R08: ffffffff810a25e9 R09: 0000000000000000
    [  397.873264] R10: 0000000000000000 R11: ffff880255c63c28 R12: ffff8801093b2840
    [  397.873270] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000246
    [  397.873277] FS:  00007faf88d71980(0000) GS:ffff880266300000(0000) knlGS:0000000000000000
    [  397.873284] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    [  397.873289] CR2: 000055d866c9ca10 CR3: 000000025472e006 CR4: 00000000003606e0
    [  397.873295] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    [  397.873301] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
    [  397.873308] Call Trace:
    [  397.873318]  ? lock_acquire+0xa6/0x210
    [  397.873323]  lock_acquire+0xa6/0x210
    [  397.873331]  ? drain_workqueue+0x19/0x180
    [  397.873339]  __mutex_lock+0x89/0x980
    [  397.873346]  ? drain_workqueue+0x19/0x180
    [  397.873352]  ? _raw_spin_unlock_irqrestore+0x4c/0x60
    [  397.873359]  ? trace_hardirqs_on_caller+0xe0/0x1b0
    [  397.873365]  ? drain_workqueue+0x19/0x180
    [  397.873373]  ? debug_object_active_state+0x127/0x150
    [  397.873381]  ? drain_workqueue+0x19/0x180
    [  397.873387]  drain_workqueue+0x19/0x180
    [  397.873395]  destroy_workqueue+0x12/0x1f0
    [  397.873476]  intel_guc_fini_misc+0x36/0x90 [i915]
    [  397.873540]  i915_gem_fini+0x91/0x100 [i915]
    [  397.873588]  i915_driver_unload+0xd2/0x110 [i915]
    [  397.873638]  i915_pci_remove+0x19/0x30 [i915]
    [  397.873646]  pci_device_remove+0x36/0xb0
    [  397.873653]  device_release_driver_internal+0x185/0x250
    [  397.873660]  driver_detach+0x35/0x70
    [  397.873668]  bus_remove_driver+0x53/0xd0
    [  397.873675]  pci_unregister_driver+0x25/0xa0
    [  397.873683]  __se_sys_delete_module+0x162/0x210
    [  397.873691]  ? do_syscall_64+0xd/0x190
    [  397.873697]  do_syscall_64+0x55/0x190
    [  397.873704]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
    [  397.873710] RIP: 0033:0x7faf884231b7
    [  397.873714] Code: 73 01 c3 48 8b 0d d1 8c 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 b0 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a1 8c 2c 00 f7 d8 64 89 01 48
    [  397.873775] RSP: 002b:00007ffda4e98cf8 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0
    [  397.873784] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007faf884231b7
    [  397.873790] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 000055fbb18f1bd8
    [  397.873796] RBP: 000055fbb18f1b70 R08: 000055fbb18f1bdc R09: 00007ffda4e98d38
    [  397.873802] R10: 00007ffda4e97cf4 R11: 0000000000000206 R12: 000055fbb0d32470
    [  397.873808] R13: 00007ffda4e992e0 R14: 0000000000000000 R15: 0000000000000000
    
    v2: It's use-after-free; not a NULL pointer.
    
    Testcase: igt/drv_module_reload/basic-reload-inject
    Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
    Cc: Michał Winiarski <michal.winiarski@intel.com>
    Cc: Michal Wajdeczko <michal.wajdeczko@intel.com>
    Reviewed-by: Michał Winiarski <michal.winiarski@intel.com>
    Link: https://patchwork.freedesktop.org/patch/msgid/20180726085033.4044-1-chris@chris-wilson.co.uk
Comment 2 Francesco Balestrieri 2018-08-04 09:17:56 UTC 
Martin, OK to close?
Comment 3 Francesco Balestrieri 2018-08-07 07:52:59 UTC 
Not seen for a 10+ days, closing.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.