93907 – NULL pointer dereference at i915_gem_request_retire

Bug 93907 - NULL pointer dereference at i915_gem_request_retire

Summary: NULL pointer dereference at i915_gem_request_retire

Status:	CLOSED FIXED

Alias:	None

Product:	DRI
Classification:	Unclassified
Component:	DRM/Intel (show other bugs)
Version:	DRI git
Hardware:	Other All

Importance:	highest critical
Assignee:	Intel GFX Bugs mailing list
QA Contact:	Intel GFX Bugs mailing list

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2016-01-28 19:59 UTC by Chris Wilson
Modified:	2017-07-24 22:43 UTC (History)
CC List:	2 users (show)

See Also:
i915 platform:	SNB
i915 features:	GEM/PPGTT

Attachments

Description Chris Wilson 2016-01-28 19:59:55 UTC

[16143.380413] gem_concurrent_blit: starting subtest full-gtt-render-sanitycheck1-bomb
[16146.865569] BUG: unable to handle kernel NULL pointer dereference at 0000000000000050
[16146.865592] IP: [<ffffffff81368b3b>] i915_gem_request_retire+0x1b/0x110
[16146.865602] PGD 455e57067 PUD 455e56067 PMD 0 
[16146.865613] Oops: 0002 [#1] SMP 
[16146.865624] CPU: 3 PID: 7974 Comm: gem_concurrent_ Not tainted 4.5.0-rc1+ #2056
[16146.865630] Hardware name: Intel Corporation SandyBridge Platform/LosLunas CRB, BIOS ASNBCPT1.86C.0075.P00.1106281639 06/28/2011
[16146.865637] task: ffff880081a0de00 ti: ffff88029c470000 task.ti: ffff88029c470000
[16146.865642] RIP: 0010:[<ffffffff81368b3b>]  [<ffffffff81368b3b>] i915_gem_request_retire+0x1b/0x110
[16146.865652] RSP: 0018:ffff88029c4739a8  EFLAGS: 00010283
[16146.865656] RAX: 0000000000000000 RBX: ffff88045b5919f0 RCX: ffff88045b591a40
[16146.865661] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88045b5919f0
[16146.865665] RBP: ffff88029c4739b8 R08: 0000000000000000 R09: 0000000000000000
[16146.865670] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88003d1cac00
[16146.865674] R13: ffff88045b591880 R14: ffff88045b590000 R15: ffff88029b894000
[16146.865679] FS:  00007f46ad739740(0000) GS:ffff88046e380000(0000) knlGS:0000000000000000
[16146.865685] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[16146.865689] CR2: 0000000000000050 CR3: 00000003e2371000 CR4: 00000000000406e0
[16146.865693] Stack:
[16146.865696]  ffff88045b5919f0 ffff88003d1cac00 ffff88029c4739e0 ffffffff81368ca9
[16146.865709]  0000000000000000 ffff8803e205cfc0 ffff8803e205cfc0 ffff88029c473a08
[16146.865721]  ffffffff81369139 0000000000000125 ffff8802d2f8a000 0000000000000000
[16146.865734] Call Trace:
[16146.865739]  [<ffffffff81368ca9>] i915_wait_request+0x79/0xb0
[16146.865744]  [<ffffffff81369139>] i915_gem_object_wait_rendering+0x39/0xc0
[16146.865749]  [<ffffffff8136c3ad>] __i915_vma_unbind+0x16d/0x2d0
[16146.865754]  [<ffffffff8136c523>] i915_vma_unbind+0x13/0x20
[16146.865760]  [<ffffffff8135b6fe>] i915_gem_evict_something+0x1fe/0x360
[16146.865766]  [<ffffffff8136d5d2>] i915_gem_object_do_pin+0x842/0xb20
[16146.865771]  [<ffffffff8136d8ea>] i915_gem_object_pin+0x3a/0x40
[16146.865776]  [<ffffffff8135bf29>] i915_gem_execbuffer_reserve_vma.isra.7+0x99/0x160
[16146.865782]  [<ffffffff8135c36a>] i915_gem_execbuffer_reserve.isra.8+0x37a/0x3d0
[16146.865789]  [<ffffffff8135d41e>] i915_gem_do_execbuffer.isra.14+0x72e/0x1360
[16146.865795]  [<ffffffff81056253>] ? __sigqueue_free.part.2+0x33/0x40
[16146.865800]  [<ffffffff8105661b>] ? recalc_sigpending+0x1b/0x50
[16146.865806]  [<ffffffff8135eca7>] i915_gem_execbuffer2+0xd7/0x240
[16146.865811]  [<ffffffff81312393>] drm_ioctl+0x143/0x510
[16146.865816]  [<ffffffff81059295>] ? signal_setup_done+0x65/0xa0
[16146.865821]  [<ffffffff8135ebd0>] ? i915_gem_execbuffer+0x310/0x310
[16146.865827]  [<ffffffff81141852>] do_vfs_ioctl+0x92/0x570
[16146.865832]  [<ffffffff8100e97d>] ? fpu__restore_sig+0x4d/0x60
[16146.865837]  [<ffffffff81141d71>] SyS_ioctl+0x41/0x70
[16146.865843]  [<ffffffff8153ed57>] entry_SYSCALL_64_fastpath+0x12/0x66
[16146.865846] Code: 5d 5d c3 4c 89 e7 e8 35 0b ff ff eb df 0f 1f 00 66 66 66 66 90 55 48 89 e5 41 54 53 48 89 fb 66 66 66 66 90 48 8b 43 38 8b 53 24 <89> 50 50 48 8b 4b 50 48 8d 43 50 48 8b 53 58 48 89 51 08 48 89 
[16146.865970] RIP  [<ffffffff81368b3b>] i915_gem_request_retire+0x1b/0x110
[16146.865977]  RSP <ffff88029c4739a8>
[16146.865981] CR2: 0000000000000050
[16146.865989] ---[ end trace c2913a6ca5a79bc5 ]---

Comment 1 Chris Wilson 2016-03-09 10:19:45 UTC

Still in commit b519bbd9633eca6bc8e8e80588b48bcee447c330
Author: Daniel Vetter <daniel.vetter@ffwll.ch>
Date:   Tue Mar 8 14:01:31 2016 +0100

    drm-intel-nightly: 2016y-03m-08d-13h-00m-35s UTC integration manifest

Comment 2 Chris Wilson 2016-04-14 09:54:13 UTC

commit aa9b78104fe3210758fa9e6c644e9a108d371e8b
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date:   Wed Apr 13 17:35:15 2016 +0100

    drm/i915: Late request cancellations are harmful

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.