[Bug 76582] igt/drv_module_reload causes call trace

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Wed Apr 30 01:00:24 PDT 2014 

https://bugs.freedesktop.org/show_bug.cgi?id=76582

lu hua <huax.lu at intel.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |NEW

--- Comment #19 from lu hua <huax.lu at intel.com> ---
Re-bisect it,24b9bf43e93e0edd89072da51cf1fab95fc69dec is the first bad commit
commit 24b9bf43e93e0edd89072da51cf1fab95fc69dec
Author: Nikolay Aleksandrov <nikolay at redhat.com>
Date:   Mon Mar 3 23:19:18 2014 +0100

    net: fix for a race condition in the inet frag code

    I stumbled upon this very serious bug while hunting for another one,
    it's a very subtle race condition between inet_frag_evictor,
    inet_frag_intern and the IPv4/6 frag_queue and expire functions
    (basically the users of inet_frag_kill/inet_frag_put).

    What happens is that after a fragment has been added to the hash chain
    but before it's been added to the lru_list (inet_frag_lru_add) in
    inet_frag_intern, it may get deleted (either by an expired timer if
    the system load is high or the timer sufficiently low, or by the
    fraq_queue function for different reasons) before it's added to the
    lru_list, then after it gets added it's a matter of time for the
    evictor to get to a piece of memory which has been freed leading to a
    number of different bugs depending on what's left there.

    I've been able to trigger this on both IPv4 and IPv6 (which is normal
    as the frag code is the same), but it's been much more difficult to
    trigger on IPv4 due to the protocol differences about how fragments
    are treated.

Revert this commit, new warning and call trace appears:
[    1.357371] ------------[ cut here ]------------
[    1.357376] WARNING: CPU: 0 PID: 1230 at drivers/gpu/drm/drm_modes.c:119
drm_mode_probed_add+0x27/0x41 [drm]()
[    1.357376] Modules linked in: firewire_ohci(+) firewire_core crc_itu_t
i915(+) video drm_kms_helper drm floppy button
[    1.357381] CPU: 0 PID: 1230 Comm: systemd-udevd Tainted: G        W   
3.14.0-rc7_queued_revert_24b9bf43e_20140429+ #1
[    1.357382] Hardware name: Gigabyte Technology Co., Ltd.
H55M-UD2H/H55M-UD2H, BIOS F4 12/02/2009
[    1.357383]  0000000000000000 0000000000000009 ffffffff81716de3
0000000000000000
[    1.357385]  ffffffff81035052 ffff88003734f000 ffffffffa0029754
0000000000004ba5
[    1.357386]  ffff880111359300 ffff8800d368ec00 ffff8800d35a1500
0000000000004ba5
[    1.357388] Call Trace:
[    1.357390]  [<ffffffff81716de3>] ? dump_stack+0x41/0x51
[    1.357392]  [<ffffffff81035052>] ? warn_slowpath_common+0x73/0x8b
[    1.357396]  [<ffffffffa0029754>] ? drm_mode_probed_add+0x27/0x41 [drm]
[    1.357400]  [<ffffffffa0029754>] ? drm_mode_probed_add+0x27/0x41 [drm]
[    1.357403]  [<ffffffffa002c45f>] ? drm_add_edid_modes+0x2d6/0xd02 [drm]
[    1.357408]  [<ffffffffa002575f>] ? drm_mode_object_get+0x51/0x60 [drm]
[    1.357423]  [<ffffffffa00b7790>] ? intel_connector_update_modes+0x1c/0x36
[i915]
[    1.357425]  [<ffffffff8171b390>] ? mutex_lock+0x9/0x25
[    1.357441]  [<ffffffffa00c0b1c>] ? intel_crt_ddc_get_modes+0x21/0x3c [i915]
[    1.357458]  [<ffffffffa00c0b7d>] ? intel_crt_get_modes+0x46/0x8a [i915]
[    1.357471]  [<ffffffffa005f5b3>] ?
drm_helper_probe_single_connector_modes+0x138/0x2d2 [drm_kms_helper]
[    1.357475]  [<ffffffffa0060318>] ?
drm_fb_helper_probe_connector_modes+0x38/0x4c [drm_kms_helper]
[    1.357477]  [<ffffffffa006127c>] ? drm_fb_helper_initial_config+0x1ab/0x450
[drm_kms_helper]
[    1.357480]  [<ffffffff810d9b6d>] ? kmem_cache_alloc+0x23/0xac
[    1.357497]  [<ffffffffa00a1374>] ? gen5_write32+0x21/0x47 [i915]
[    1.357514]  [<ffffffffa0096bb7>] ? ibx_display_interrupt_update+0x91/0xb4
[i915]
[    1.357531]  [<ffffffffa00a1374>] ? gen5_write32+0x21/0x47 [i915]
[    1.357553]  [<ffffffffa00d8865>] ? i915_driver_load+0xbad/0xe1e [i915]
[    1.357560]  [<ffffffffa002049f>] ? drm_dev_register+0x74/0xe7 [drm]
[    1.357565]  [<ffffffffa0022729>] ? drm_get_pci_dev+0xff/0x1bc [drm]
[    1.357567]  [<ffffffff81384e55>] ? __pm_runtime_resume+0x5b/0x6a
[    1.357569]  [<ffffffff812f8bc9>] ? local_pci_probe+0x35/0x7a
[    1.357572]  [<ffffffff8137c904>] ? driver_probe_device+0x1b3/0x1b3
[    1.357574]  [<ffffffff812f8e6c>] ? pci_device_probe+0xcc/0xf0
[    1.357576]  [<ffffffff8137c7e3>] ? driver_probe_device+0x92/0x1b3
[    1.357578]  [<ffffffff8137c957>] ? __driver_attach+0x53/0x73
[    1.357580]  [<ffffffff8137b0be>] ? bus_for_each_dev+0x4e/0x7f
[    1.357582]  [<ffffffff8137c065>] ? bus_add_driver+0xe2/0x1c7
[    1.357585]  [<ffffffff8137ce9a>] ? driver_register+0x82/0xb5
[    1.357587]  [<ffffffffa010e000>] ? 0xffffffffa010dfff
[    1.357589]  [<ffffffff81000296>] ? do_one_initcall+0x78/0xfa
[    1.357591]  [<ffffffff8104e4af>] ? __blocking_notifier_call_chain+0x4f/0x5d
[    1.357594]  [<ffffffff8107fe72>] ? load_module+0x1745/0x1a13
[    1.357596]  [<ffffffff8107da98>] ? mod_kobject_put+0x42/0x42
[    1.357599]  [<ffffffff81080229>] ? SyS_finit_module+0x4e/0x62
[    1.357602]  [<ffffffff817214a2>] ? system_call_fastpath+0x16/0x1b
[    1.357603] ---[ end trace e75cbd96bfbd4fea ]---
[    1.357605] ------------[ cut here ]------------

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/intel-gfx-bugs/attachments/20140430/3fe69dc0/attachment-0001.html>

More information about the intel-gfx-bugs mailing list