Re: X lock up 2019-04-19 snapshot with Intel graphics

[Jonathan Gray]

On Sat, Apr 20, 2019 at 04:42:29PM +0200, Matthias Schmidt wrote:
> Hi,
> 
> * Jonathan Gray wrote:
> > 
> > There is some kind of use after free or double free that triggers only
> > when opting into the 'intel' driver on recent hardware instead of the
> > 'modesetting' default.
> > 
> > As you are using xf86-video-intel you are likely hitting that.
> > Doesn't trigger on machines I can easily use serial on like x61.
> > 
> > here is a trace provided by sthen@
> > 
> > login: kernel: protection fault trap, code=0
> > Stopped at      linux_root_RB_NEXT+0x23:        movq    0(%rcx),%rcx
> > ddb{0}> sh reg
> > rdi               0xffff800000eb1228
> > rsi                             0x10
> > rbp               0xffff800022335d70
> > rbx               0xffff800000eb1228
> > rdx               0xfe00000003ff1e32
> > rcx               0xdeafbeaddeafbead
> > rax               0xdeafbeaddeafbead
> > r8                              0x7f
> > r9                0xffffffff81dce788    sched_lock
> > r10               0xde411193c377fb0c
> > r11               0xdef8fb561704900e
> > r12               0xffff800000eb1200
> > r13               0xffff800000eb1200
> > r14               0xffff800000efe028
> > r15               0xffff800000eb1200
> > rip               0xffffffff814db7c3    linux_root_RB_NEXT+0x23
> > cs                               0x8
> > rflags                       0x10282    __ALIGN_SIZE+0xf282
> > rsp               0xffff800022335d60
> > ss                              0x10
> > linux_root_RB_NEXT+0x23:        movq    0(%rcx),%rcx
> > ddb{0}> ps /o
> >     TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
> >  482804  44419     35        0x12          0    3  Xorg
> >  186441  83863    732    0x200003      0x480    1  mongod
> > * 27314   7158      0     0x14000      0x200    0K i915
> > ddb{0}> tr
> > linux_root_RB_NEXT(ffff800000eb1228) at linux_root_RB_NEXT+0x23
> > i915_vma_destroy(ffff800000efe028) at i915_vma_destroy+0x15d
> > __i915_gem_free_objects(ffff80000011a000,ffff800000f009f8) at 
> > __i915_gem_free_objects+0xc3
> > __i915_gem_free_work(ffff80000011de90) at __i915_gem_free_work+0x5b
> > taskq_thread(ffff8000001ef300) at taskq_thread+0x4d
> > end trace frame: 0x0, count: -5
> 
> I was hit by the bug as well on a Thinkpad T450s while I was about to
> move my xorg.conf config for the Intel driver away.  Interestingly, I
> was on ttyC0 and restarting xenodm.
> 
> Here is the backtracke (transcript by hand):
> 
> linux_root_RB_NEXT() at linux_root_RB_NEXT+0x23
> i915_vma_destroy() at i915_vma_destroy+0x15d
> i915_ppgtt_release() at i915_oogtt_release+0x7f
> i915_gem_context_free() at i915_gem_context_free+0x3e
> contexts_free_worker() at contexts_free_worker+0x4d
> taskq_thread() at taskq_thread+0x4d

This should be fixed in the latest snapshot.