Bug 109041 - [CI][DRMTIP] igt@gem_exec_reuse@baggage - dmesg-warn - BUG i915_lut_handle (Tainted: G U ): Redzone overwritten
Summary: [CI][DRMTIP] igt@gem_exec_reuse@baggage - dmesg-warn - BUG i915_lut_handle (T...
Status: CLOSED DUPLICATE of bug 109040
Alias: None
Product: DRI
Classification: Unclassified
Component: DRM/Intel (show other bugs)
Version: XOrg git
Hardware: Other All
: medium normal
Assignee: Intel GFX Bugs mailing list
QA Contact: Intel GFX Bugs mailing list
URL:
Whiteboard: ReadyForDev
Keywords:
Depends on:
Blocks:
 
Reported: 2018-12-12 16:00 UTC by Martin Peres
Modified: 2019-03-08 14:15 UTC (History)
1 user (show)

See Also:
i915 platform: I945G
i915 features: GEM/Other

Attachments

Description Martin Peres 2018-12-12 16:00:45 UTC 
https://intel-gfx-ci.01.org/tree/drm-tip/drmtip_157/fi-gdg-551/igt@gem_exec_reuse@baggage.html

<3> [116.177964] =============================================================================
<3> [116.179217] BUG i915_lut_handle (Tainted: G     U           ): Redzone overwritten
<3> [116.179273] -----------------------------------------------------------------------------\x0a
<3> [116.179343] INFO: 0x000000007013ebfa-0x00000000e3f0e3b6. First byte 0x0 instead of 0xcc
<3> [116.179465] INFO: Allocated in eb_lookup_vmas+0x796/0x1270 [i915] age=6368 cpu=0 pid=1089
<3> [116.179523] \x09kmem_cache_alloc+0x21c/0x280
<3> [116.179616] \x09eb_lookup_vmas+0x796/0x1270 [i915]
<3> [116.179713] \x09i915_gem_do_execbuffer+0x515/0x1820 [i915]
<3> [116.179814] \x09i915_gem_execbuffer2_ioctl+0x21b/0x3f0 [i915]
<3> [116.179856] \x09drm_ioctl_kernel+0x81/0xf0
<3> [116.179886] \x09drm_ioctl+0x2de/0x390
<3> [116.179915] \x09do_vfs_ioctl+0xa0/0x6e0
<3> [116.179946] \x09ksys_ioctl+0x35/0x60
<3> [116.179973] \x09__x64_sys_ioctl+0x11/0x20
<3> [116.180003] \x09do_syscall_64+0x55/0x190
<3> [116.180032] \x09entry_SYSCALL_64_after_hwframe+0x49/0xbe
<3> [116.180071] INFO: Slab 0x00000000acc00df6 objects=21 used=21 fp=0x          (null) flags=0x4000000000010201
<3> [116.180136] INFO: Object 0x00000000531658cf @offset=8 fp=0x          (null)\x0a
<3> [116.180196] Redzone 000000007013ebfa: 00 00 00 00 cc cc cc cc                          ........
<3> [116.180257] Object 00000000531658cf: 00 01 00 00 00 00 ad de 00 02 00 00 00 00 ad de  ................
<3> [116.180320] Object 000000005b5478e6: 00 01 00 00 00 00 ad de 00 02 00 00 00 00 ad de  ................
<3> [116.180384] Object 00000000c39fb179: 88 aa e3 2b 22 8c ff ff 9c 28 00 00 6b 6b 6b a5  ...+"....(..kkk.
<3> [116.180448] Redzone 0000000087e9411e: cc cc cc cc cc cc cc cc                          ........
<3> [116.180508] Padding 000000001ace189e: 5a 5a 5a 5a 5a 5a 5a 5a                          ZZZZZZZZ
<4> [116.180570] CPU: 0 PID: 1089 Comm: gem_exec_reuse Tainted: G    BU            4.20.0-rc5-ga5b8ef7f5d69-drmtip_157+ #1
<4> [116.180641] Hardware name: Dell Inc.                 OptiPlex GX280               /0G8310, BIOS A04 02/09/2005
<4> [116.180707] Call Trace:
<4> [116.180732]  dump_stack+0x67/0x9b
<4> [116.180761]  check_bytes_and_report+0xbd/0x100
<4> [116.180798]  check_object+0x177/0x270
<4> [116.180831]  free_debug_processing+0x137/0x370
<4> [116.180932]  ? i915_gem_close_object+0x14e/0x270 [i915]
<4> [116.180975]  __slab_free+0x337/0x510
<4> [116.181006]  ? _raw_spin_unlock_irqrestore+0x4c/0x60
<4> [116.181046]  ? lockdep_hardirqs_on+0xe0/0x1b0
<4> [116.181081]  ? _raw_spin_unlock_irqrestore+0x39/0x60
<4> [116.181123]  ? debug_check_no_obj_freed+0x132/0x210
<4> [116.181229]  ? i915_gem_close_object+0x14e/0x270 [i915]
<4> [116.181270]  ? kmem_cache_free+0x275/0x2e0
<4> [116.181304]  kmem_cache_free+0x275/0x2e0
<4> [116.181404]  i915_gem_close_object+0x14e/0x270 [i915]
<4> [116.181446]  drm_gem_object_release_handle+0x2e/0xb0
<4> [116.181486]  ? drm_gem_object_handle_put_unlocked+0xb0/0xb0
<4> [116.182659]  idr_for_each+0x49/0xd0
<4> [116.183833]  drm_gem_release+0x17/0x20
<4> [116.185003]  drm_file_free.part.0+0x2d0/0x330
<4> [116.186189]  drm_release+0xa9/0x120
<4> [116.187350]  __fput+0xb9/0x1f0
<4> [116.188488]  task_work_run+0x82/0xb0
<4> [116.189610]  do_exit+0x34e/0xd10
<4> [116.190711]  do_group_exit+0x34/0xb0
<4> [116.191794]  __x64_sys_exit_group+0xf/0x10
<4> [116.192861]  do_syscall_64+0x55/0x190
<4> [116.193927]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
<4> [116.194976] RIP: 0033:0x7fa3d4955e06
<4> [116.196013] Code: Bad RIP value.
<4> [116.197028] RSP: 002b:00007ffde3c29028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
<4> [116.198090] RAX: ffffffffffffffda RBX: 00007fa3d4c58740 RCX: 00007fa3d4955e06
<4> [116.199171] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
<4> [116.200265] RBP: 0000000000000000 R08: 00000000000000e7 R09: ffffffffffffff80
<4> [116.201361] R10: 00007fa3c8dc40c0 R11: 0000000000000246 R12: 00007fa3d4c58740
<4> [116.202468] R13: 0000000000000003 R14: 00007fa3d4c61628 R15: 0000000000000000
<3> [116.203591] FIX i915_lut_handle: Restoring 0x000000007013ebfa-0x00000000e3f0e3b6=0xcc\x0a
<4> [116.205760] 
<4> [116.205761] ======================================================
<4> [116.205762] WARNING: possible circular locking dependency detected
<4> [116.205763] 4.20.0-rc5-ga5b8ef7f5d69-drmtip_157+ #1 Tainted: G     U           
<4> [116.205764] ------------------------------------------------------
<4> [116.205765] gem_exec_reuse/1089 is trying to acquire lock:
<4> [116.205765] 00000000db050603 (&(&pool->lock)->rlock){-.-.}, at: __queue_work+0xbc/0x580
<4> [116.205769] 
<4> [116.205769] but task is already holding lock:
<4> [116.205770] 0000000025dc24b9 (console_owner){-...}, at: console_unlock+0x144/0x5f0
<4> [116.205773] 
<4> [116.205774] which lock already depends on the new lock.
<4> [116.205774] 
<4> [116.205775] 
<4> [116.205775] the existing dependency chain (in reverse order) is:
<4> [116.205776] 
<4> [116.205777] -> #2 (console_owner){-...}:
<4> [116.205779]        vprintk_emit+0xfe/0x320
<4> [116.205780]        printk+0x4d/0x69
<4> [116.205781]        slab_bug+0x5c/0xb0
<4> [116.205781]        check_bytes_and_report+0x90/0x100
<4> [116.205782]        check_object+0x177/0x270
<4> [116.205783]        free_debug_processing+0x137/0x370
<4> [116.205784]        __slab_free+0x337/0x510
<4> [116.205784]        kmem_cache_free+0x275/0x2e0
<4> [116.205785]        i915_gem_close_object+0x14e/0x270 [i915]
<4> [116.205786]        drm_gem_object_release_handle+0x2e/0xb0
<4> [116.205787]        idr_for_each+0x49/0xd0
<4> [116.205787]        drm_gem_release+0x17/0x20
<4> [116.205788]        drm_file_free.part.0+0x2d0/0x330
<4> [116.205789]        drm_release+0xa9/0x120
<4> [116.205789]        __fput+0xb9/0x1f0
<4> [116.205790]        task_work_run+0x82/0xb0
<4> [116.205791]        do_exit+0x34e/0xd10
<4> [116.205791]        do_group_exit+0x34/0xb0
<4> [116.205792]        __x64_sys_exit_group+0xf/0x10
<4> [116.205793]        do_syscall_64+0x55/0x190
<4> [116.205794]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
<4> [116.205794] 
<4> [116.205795] -> #1 (&(&n->list_lock)->rlock){-.-.}:
<4> [116.205798]        get_partial_node.isra.29+0x56/0x460
<4> [116.205798]        ___slab_alloc.constprop.34+0x1aa/0x380
<4> [116.205799]        __slab_alloc.isra.27.constprop.33+0x3d/0x70
<4> [116.205800]        kmem_cache_alloc+0x21c/0x280
<4> [116.205801]        __debug_object_init+0x524/0x550
<4> [116.205801]        __flush_work+0xba/0x310
<4> [116.205802]        deferred_probe_initcall+0x3b/0x90
<4> [116.205803]        do_one_initcall+0x58/0x2e0
<4> [116.205804]        kernel_init_freeable+0x2c9/0x35b
<4> [116.205804]        kernel_init+0x5/0x100
<4> [116.205805]        ret_from_fork+0x3a/0x50
<4> [116.205806] 
<4> [116.205806] -> #0 (&(&pool->lock)->rlock){-.-.}:
<4> [116.205809]        _raw_spin_lock+0x2a/0x40
<4> [116.205810]        __queue_work+0xbc/0x580
<4> [116.205810]        queue_work_on+0x60/0x70
<4> [116.205811]        soft_cursor+0x1f4/0x220
<4> [116.205812]        bit_cursor+0x523/0x5f0
<4> [116.205812]        hide_cursor+0x25/0xa0
<4> [116.205813]        vt_console_print+0x3d4/0x3f0
<4> [116.205814]        console_unlock+0x40e/0x5f0
<4> [116.205814]        vprintk_emit+0xfe/0x320
<4> [116.205815]        printk+0x4d/0x69
<4> [116.205816]        slab_bug+0x5c/0xb0
<4> [116.205816]        check_bytes_and_report+0x90/0x100
<4> [116.205817]        check_object+0x177/0x270
<4> [116.205818]        free_debug_processing+0x137/0x370
<4> [116.205819]        __slab_free+0x337/0x510
<4> [116.205819]        kmem_cache_free+0x275/0x2e0
<4> [116.205820]        i915_gem_close_object+0x14e/0x270 [i915]
<4> [116.205821]        drm_gem_object_release_handle+0x2e/0xb0
<4> [116.205821]        idr_for_each+0x49/0xd0
<4> [116.205822]        drm_gem_release+0x17/0x20
<4> [116.205823]        drm_file_free.part.0+0x2d0/0x330
<4> [116.205824]        drm_release+0xa9/0x120
<4> [116.205824]        __fput+0xb9/0x1f0
<4> [116.205825]        task_work_run+0x82/0xb0
<4> [116.205826]        do_exit+0x34e/0xd10
<4> [116.205826]        do_group_exit+0x34/0xb0
<4> [116.205827]        __x64_sys_exit_group+0xf/0x10
<4> [116.205828]        do_syscall_64+0x55/0x190
<4> [116.205829]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
<4> [116.205829] 
<4> [116.205830] other info that might help us debug this:
<4> [116.205830] 
<4> [116.205831] Chain exists of:
<4> [116.205832]   &(&pool->lock)->rlock --> &(&n->list_lock)->rlock --> console_owner
<4> [116.205835] 
<4> [116.205836]  Possible unsafe locking scenario:
<4> [116.205836] 
<4> [116.205837]        CPU0                    CPU1
<4> [116.205838]        ----                    ----
<4> [116.205838]   lock(console_owner);
<4> [116.205840]                                lock(&(&n->list_lock)->rlock);
<4> [116.205842]                                lock(console_owner);
<4> [116.205844]   lock(&(&pool->lock)->rlock);
<4> [116.205845] 
<4> [116.205846]  *** DEADLOCK ***
<4> [116.205847] 
<4> [116.205847] 6 locks held by gem_exec_reuse/1089:
<4> [116.205848]  #0: 00000000136fa04b (drm_global_mutex){+.+.}, at: drm_release+0x38/0x120
<4> [116.205851]  #1: 0000000099e165d0 (&dev->struct_mutex){+.+.}, at: i915_gem_close_object+0x36/0x270 [i915]
<4> [116.205855]  #2: 00000000f7e64cbd (&(&n->list_lock)->rlock){-.-.}, at: free_debug_processing+0x37/0x370
<4> [116.205858]  #3: 0000000017601443 (console_lock){+.+.}, at: vprintk_emit+0xf1/0x320
<4> [116.205861]  #4: 0000000025dc24b9 (console_owner){-...}, at: console_unlock+0x144/0x5f0
<4> [116.205865]  #5: 000000007760c951 (printing_lock){....}, at: vt_console_print+0x73/0x3f0
<4> [116.205868] 
<4> [116.205868] stack backtrace:
<4> [116.205870] CPU: 0 PID: 1089 Comm: gem_exec_reuse Tainted: G     U            4.20.0-rc5-ga5b8ef7f5d69-drmtip_157+ #1
<4> [116.205871] Hardware name: Dell Inc.                 OptiPlex GX280               /0G8310, BIOS A04 02/09/2005
<4> [116.205871] Call Trace:
<4> [116.205872]  dump_stack+0x67/0x9b
<4> [116.205873]  print_circular_bug.isra.16+0x1c8/0x2b0
<4> [116.205874]  __lock_acquire+0x183a/0x1b00
<4> [116.205874]  ? lock_acquire+0xa6/0x1c0
<4> [116.205875]  lock_acquire+0xa6/0x1c0
<4> [116.205876]  ? __queue_work+0xbc/0x580
<4> [116.205876]  _raw_spin_lock+0x2a/0x40
<4> [116.205877]  ? __queue_work+0xbc/0x580
<4> [116.205878]  __queue_work+0xbc/0x580
<4> [116.205878]  queue_work_on+0x60/0x70
<4> [116.205879]  soft_cursor+0x1f4/0x220
<4> [116.205880]  bit_cursor+0x523/0x5f0
<4> [116.205880]  ? update_attr.isra.0+0x80/0x80
<4> [116.205881]  ? fbcon_cursor+0xfb/0x180
<4> [116.205882]  hide_cursor+0x25/0xa0
<4> [116.205882]  vt_console_print+0x3d4/0x3f0
<4> [116.205883]  console_unlock+0x40e/0x5f0
<4> [116.205884]  vprintk_emit+0xfe/0x320
<4> [116.205884]  printk+0x4d/0x69
<4> [116.205885]  slab_bug+0x5c/0xb0
<4> [116.205886]  check_bytes_and_report+0x90/0x100
<4> [116.205886]  check_object+0x177/0x270
<4> [116.205887]  free_debug_processing+0x137/0x370
<4> [116.205888]  ? i915_gem_close_object+0x14e/0x270 [i915]
<4> [116.205889]  __slab_free+0x337/0x510
<4> [116.205889]  ? _raw_spin_unlock_irqrestore+0x4c/0x60
<4> [116.205890]  ? lockdep_hardirqs_on+0xe0/0x1b0
<4> [116.205891]  ? _raw_spin_unlock_irqrestore+0x39/0x60
<4> [116.205892]  ? debug_check_no_obj_freed+0x132/0x210
<4> [116.205892]  ? i915_gem_close_object+0x14e/0x270 [i915]
<4> [116.205893]  ? kmem_cache_free+0x275/0x2e0
<4> [116.205894]  kmem_cache_free+0x275/0x2e0
<4> [116.205895]  i915_gem_close_object+0x14e/0x270 [i915]
<4> [116.205895]  drm_gem_object_release_handle+0x2e/0xb0
<4> [116.205896]  ? drm_gem_object_handle_put_unlocked+0xb0/0xb0
<4> [116.205897]  idr_for_each+0x49/0xd0
<4> [116.205898]  drm_gem_release+0x17/0x20
<4> [116.205898]  drm_file_free.part.0+0x2d0/0x330
<4> [116.205899]  drm_release+0xa9/0x120
<4> [116.205900]  __fput+0xb9/0x1f0
<4> [116.205900]  task_work_run+0x82/0xb0
<4> [116.205901]  do_exit+0x34e/0xd10
<4> [116.205902]  do_group_exit+0x34/0xb0
<4> [116.205902]  __x64_sys_exit_group+0xf/0x10
<4> [116.205903]  do_syscall_64+0x55/0x190
<4> [116.205904]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
<4> [116.205904] RIP: 0033:0x7fa3d4955e06
<4> [116.205905] Code: Bad RIP value.
<4> [116.205906] RSP: 002b:00007ffde3c29028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
<4> [116.205907] RAX: ffffffffffffffda RBX: 00007fa3d4c58740 RCX: 00007fa3d4955e06
<4> [116.205908] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
<4> [116.205909] RBP: 0000000000000000 R08: 00000000000000e7 R09: ffffffffffffff80
<4> [116.205910] R10: 00007fa3c8dc40c0 R11: 0000000000000246 R12: 00007fa3d4c58740
<4> [116.205911] R13: 0000000000000003 R14: 00007fa3d4c61628 R15: 0000000000000000
<3> [116.348283] FIX i915_lut_handle: Object at 0x00000000531658cf not freed
Comment 1 Chris Wilson 2018-12-13 07:41:14 UTC 
Same 32b write of 0 into a random location.

*** This bug has been marked as a duplicate of bug 109040 ***
Comment 2 CI Bug Log 2019-03-08 14:15:13 UTC 
The CI Bug Log issue associated to this bug has been archived.

New failures matching the above filters will not be associated to this bug anymore.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.