Bug 107712 - [BAT] igt@pm_rpm@module-reload - dmesg-fail - segfault in remove_conflicting_framebuffers
Summary: [BAT] igt@pm_rpm@module-reload - dmesg-fail - segfault in remove_conflicting_...
Status: CLOSED WORKSFORME
Alias: None
Product: DRI
Classification: Unclassified
Component: DRM/Intel (show other bugs)
Version: XOrg git
Hardware: Other All
: high normal
Assignee: Nischala Yelchuri
QA Contact: Intel GFX Bugs mailing list
URL:
Whiteboard: ReadyForDev
Keywords:
: 108072 (view as bug list)
Depends on:
Blocks:
 
Reported: 2018-08-28 12:28 UTC by Martin Peres
Modified: 2019-03-07 12:39 UTC (History)
1 user (show)

See Also:
i915 platform: BXT
i915 features: power/runtime PM


Attachments

Description Martin Peres 2018-08-28 12:28:55 UTC
https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_4628/fi-bxt-j4205/igt@amdgpu_amd_prime@i915-to-amd.html

https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_4714/fi-bxt-j4205/igt@pm_rpm@module-reload.html

[  369.873880] stack segment: 0000 [#1] PREEMPT SMP PTI
[  369.873898] CPU: 1 PID: 4194 Comm: pm_rpm Tainted: G     U            4.19.0-rc1-CI-CI_DRM_4714+ #1
[  369.873915] Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./J4205-ITX, BIOS P1.10 09/29/2016
[  369.873938] RIP: 0010:do_remove_conflicting_framebuffers+0x56/0x170
[  369.873951] Code: 49 8b 45 00 48 85 c0 74 50 f6 40 0a 08 74 4a 4d 85 e4 48 8b a8 78 04 00 00 74 1f 48 85 ed 74 1a 41 8b 0c 24 31 db 85 c9 74 10 <8b> 55 00 85 d2 75 42 83 c3 01 41 39 1c 24 77 f0 48 85 ed 74 1a 45
[  369.873982] RSP: 0018:ffffc9000005ba88 EFLAGS: 00010202
[  369.873995] RAX: ffff8802689c37e8 RBX: 0000000000000000 RCX: 0000000000000001
[  369.874008] RDX: 0000000000000001 RSI: ffffffffa0248634 RDI: ffff88026edb7cc8
[  369.874022] RBP: 6b6b6b6b6b6b6b6b R08: 00000000710a9ce0 R09: ffffffffa0248634
[  369.874035] R10: ffffc9000005bae8 R11: ffffffff820de938 R12: ffff88026edb7cc8
[  369.874049] R13: ffffffff8234ca20 R14: ffffffff8234cb20 R15: 0000000000000001
[  369.874063] FS:  00007fdb8e1ab980(0000) GS:ffff880277e80000(0000) knlGS:0000000000000000
[  369.874079] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  369.874091] CR2: 000056367a19ec08 CR3: 0000000272a74000 CR4: 00000000003406e0
[  369.874104] Call Trace:
[  369.874117]  remove_conflicting_framebuffers+0x28/0x40
[  369.874190]  i915_driver_load+0x7f5/0x10c0 [i915]
[  369.874205]  ? _raw_spin_unlock_irqrestore+0x4c/0x60
[  369.874218]  ? lockdep_hardirqs_on+0xe0/0x1b0
[  369.874291]  i915_pci_probe+0x29/0xa0 [i915]
[  369.874304]  pci_device_probe+0xa1/0x130
[  369.874317]  really_probe+0x25d/0x3c0
[  369.874328]  driver_probe_device+0x10a/0x120
[  369.874340]  __driver_attach+0xdb/0x100
[  369.874350]  ? driver_probe_device+0x120/0x120
[  369.874361]  bus_for_each_dev+0x74/0xc0
[  369.874373]  bus_add_driver+0x15f/0x250
[  369.874383]  ? 0xffffffffa0706000
[  369.874393]  driver_register+0x56/0xe0
[  369.874403]  ? 0xffffffffa0706000
[  369.874412]  do_one_initcall+0x58/0x2e0
[  369.874423]  ? rcu_lockdep_current_cpu_online+0x8f/0xd0
[  369.874437]  ? do_init_module+0x1d/0x1ea
[  369.874448]  ? rcu_read_lock_sched_held+0x6f/0x80
[  369.874460]  ? kmem_cache_alloc_trace+0x264/0x290
[  369.874473]  do_init_module+0x56/0x1ea
[  369.874484]  load_module+0x26ba/0x29a0
[  369.874499]  ? vfs_read+0x122/0x140
[  369.874515]  ? __se_sys_finit_module+0xd3/0xf0
[  369.874526]  __se_sys_finit_module+0xd3/0xf0
[  369.874542]  do_syscall_64+0x55/0x190
[  369.874552]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  369.874564] RIP: 0033:0x7fdb8d43b839
[  369.874574] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1f f6 2c 00 f7 d8 64 89 01 48
[  369.874605] RSP: 002b:00007ffd15bc3e88 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[  369.874622] RAX: ffffffffffffffda RBX: 000056367a199d80 RCX: 00007fdb8d43b839
[  369.874636] RDX: 0000000000000000 RSI: 00007fdb8cae70e5 RDI: 0000000000000003
[  369.874649] RBP: 00007fdb8cae70e5 R08: 0000000000000000 R09: 0000000000000000
[  369.874663] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[  369.874676] R13: 000056367a195000 R14: 0000000000000000 R15: 000056367a199d80
[  369.874695] Modules linked in: i915(+) vgem snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic x86_pkg_temp_thermal coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel r8169 lpc_ich snd_hda_codec snd_hwdep snd_hda_core snd_pcm mei_me pinctrl_broxton pinctrl_intel prime_numbers mei [last unloaded: i915]
Comment 1 Martin Peres 2018-08-28 12:30:17 UTC
Increase the priority to reflect the severity of the issue.
Comment 2 Chris Wilson 2018-08-28 12:34:16 UTC
Where's the "i915 feature" not an i915 feature?

This has been occurring in any of the module reload tests, a chance use-after-free do_remove_conflicting_framebuffer, but hasn't yet been caught by a kasan run.
Comment 3 Martin Peres 2018-08-28 16:12:09 UTC
(In reply to Chris Wilson from comment #2)
> Where's the "i915 feature" not an i915 feature?

Well, that usually is handled by selecting a new product ;) But there are cases where we can't... so maybe we can introduce something like this. Any idea on the name?

> 
> This has been occurring in any of the module reload tests, a chance
> use-after-free do_remove_conflicting_framebuffer, but hasn't yet been caught
> by a kasan run.

Thanks for the information.
Comment 4 Chris Wilson 2018-09-26 10:23:54 UTC
*** Bug 108072 has been marked as a duplicate of this bug. ***
Comment 5 Nischala Yelchuri 2019-02-15 22:21:41 UTC
Closing this as it is not reproducible and hasn't been failing on CI.
Comment 6 Martin Peres 2019-03-07 12:39:33 UTC
(In reply to Nischala Yelchuri from comment #5)
> Closing this as it is not reproducible and hasn't been failing on CI.

This used to happen in average every 45.3 runs, and not seen since CI_DRM_4900. Applying the 10x rule, we should wait until CI_DRM_5353 before closing, and we are now at CI_DRM_5713.

So yeah, I agree that this is long overdue! Thanks!
Comment 7 CI Bug Log 2019-03-07 12:39:42 UTC
The CI Bug Log issue associated to this bug has been archived.

New failures matching the above filters will not be associated to this bug anymore.


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.