[Intel-gfx] Oops with i915
Ville Syrjälä
ville.syrjala at linux.intel.com
Mon Jun 18 12:09:15 UTC 2018
On Thu, Jun 07, 2018 at 11:06:33AM +0100, Sudip Mukherjee wrote:
> Hi All,
>
> We are running v4.14.47 kernel and recently in one of our test cycle
> we saw the below trace. I know this is not the usual way to raise a
> BUG report, but since this was seen only once in one of the automated
> test cycle so I donot have anything else apart from this trace.
> Is this a known issue? Will appreciate any help in understanding what
> the problem might be.
>
> [ 1176.909543] BUG: unable to handle kernel paging request at 8298fb0a
> [ 1176.916565] IP: queued_spin_lock_slowpath+0xfc/0x142
> [ 1176.922111] *pdpt = 000000003367a001 *pde = 0000000000000000
> [ 1176.928534] Oops: 0002 [#1] PREEMPT SMP
> [ 1177.002434] CPU: 2 PID: 24688 Comm: kworker/u8:4 Tainted: G U O 4.14.47-20180606-a6b8390e8cc1de032b8314d1a5b193fe9e21f325 #1
> [ 1177.024120] Workqueue: events_unbound intel_atomic_commit_work
> [ 1177.030630] task: ef2ee200 task.stack: efbf4000
> [ 1177.035685] EIP: queued_spin_lock_slowpath+0xfc/0x142
> [ 1177.041327] EFLAGS: 00010087 CPU: 2
> [ 1177.045212] EAX: 8298fb0a EBX: 00003ba0 ECX: ee82489c EDX: f4656fc0
> [ 1177.052215] ESI: 000c0000 EDI: 00000001 EBP: efbf5e88 ESP: efbf5e78
> [ 1177.059217] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
> [ 1177.065239] CR0: 80050033 CR2: 8298fb0a CR3: 2e8ed320 CR4: 001006f0
> [ 1177.072240] Call Trace:
> [ 1177.074973] _raw_spin_lock_irqsave+0x28/0x2d
> [ 1177.079840] complete_all+0x12/0x36
> [ 1177.083737] drm_atomic_helper_commit_hw_done+0x3c/0x43
> [ 1177.089576] intel_atomic_commit_tail+0xa5f/0xbd9
> [ 1177.094832] ? wait_woken+0x5a/0x5a
> [ 1177.098727] ? wait_woken+0x5a/0x5a
> [ 1177.102622] intel_atomic_commit_work+0xb/0xd
> [ 1177.107489] ? intel_atomic_commit_work+0xb/0xd
> [ 1177.112551] process_one_work+0x109/0x1ee
> [ 1177.117029] worker_thread+0x1a4/0x257
> [ 1177.121215] kthread+0xee/0xf3
> [ 1177.124625] ? rescuer_thread+0x207/0x207
> [ 1177.129103] ? kthread_create_on_node+0x1a/0x1a
> [ 1177.134165] ret_from_fork+0x2e/0x38
> [ 1177.138156] Code: 12 09 de 89 f0 89 75 f0 c1 e8 10 66 87 41 02 89 c3 c1 e3 10 74 51 83 e0 03 c1 eb 12 6b c0 0c 05 c0 1f 7e c1 03 04 9d d8 b1 6c c1 <89> 10 8b 42 04 85 c0 75 04 f3 90 eb f5 8b 1a 85 db 74 03 0f 0d
> [ 1177.159204] EIP: queued_spin_lock_slowpath+0xfc/0x142 SS:ESP: 0068:efbf5e78
> [ 1177.166983] CR2: 000000008298fb0a
Presumably a use after free in atomic. Possibly 21a01abbe32a
("drm/atomic: Fix freeing connector/plane state too early by tracking
commits, v3.") But there may have been other similar fixes.
--
Ville Syrjälä
Intel
More information about the Intel-gfx
mailing list