search

FreeBSDDesktop / kms-drm

the DRM part of the linuxkpi-based KMS
63 stars 26 forks source link

Crash on 4.11: double free #27

Closed johalun closed 6 years ago

johalun commented 6 years ago

One of three occasional crashes I'm seeing. Crashes can easily be triggered by running piglit. 

#1  0xffffffff81f672d8 in vt_kms_postswitch () from /boot/modules.JD411/drm.ko
#2  0xffffffff80548fab in vt_window_switch (vw=0xfffff800029b3440) at /usr/src/sys/dev/vt/vt_core.c:542
#3  0xffffffff80546700 in vtterm_cngrab (tm=<value optimized out>) at /usr/src/sys/dev/vt/vt_core.c:1509
#4  0xffffffff806507f2 in cngrab () at /usr/src/sys/kern/kern_cons.c:370
#5  0xffffffff806b12bb in vpanic (fmt=0xffffffff80af2f86 "Duplicate free of %p from zone %p(%s) slab %p(%d)\n", 
    ap=0xfffffe00406c6880) at /usr/src/sys/kern/kern_shutdown.c:785
#6  0xffffffff806b13f3 in panic (fmt=<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:738
#7  0xffffffff809cda29 in uma_dbg_free (zone=<value optimized out>, slab=<value optimized out>, item=<value optimized out>)
    at atomic.h:450
#8  0xffffffff809cd3a5 in uma_zfree_arg (zone=0xfffff800049c3a80, item=0xfffff800897c4600, udata=0x0) at pcpu.h:228
#9  0xffffffff81f9f9a2 in linux_rcu_cleaner_func (context=<value optimized out>, pending=<value optimized out>)
    at /usr/src/sys/compat/linuxkpi/common/src/linux_rcu.c:167
#10 0xffffffff80709a5c in taskqueue_run_locked (queue=0xfffff8000268a000) at /usr/src/sys/kern/subr_taskqueue.c:465
#11 0xffffffff807098ca in taskqueue_run (queue=0xfffff8000268a000) at /usr/src/sys/kern/subr_taskqueue.c:484
#12 0xffffffff806743a9 in intr_event_execute_handlers (p=<value optimized out>, ie=0xfffff80002689e00)
    at /usr/src/sys/kern/kern_intr.c:1338
#13 0xffffffff80674a97 in ithread_loop (arg=0xfffff80002692f20) at /usr/src/sys/kern/kern_intr.c:1351
#14 0xffffffff80671774 in fork_exit (callout=0xffffffff806749e0 <ithread_loop>, arg=0xfffff80002692f20, frame=0xfffffe00406c6ac0)
    at /usr/src/sys/kern/kern_fork.c:1039
#15 0xffffffff80a058ae in fork_trampoline () at /usr/src/sys/amd64/amd64/exception.S:687
Alix82 commented 6 years ago

I'm having this crash occasionally on my Thinkpad T480 running 12.0-CURRENT with drm-next-kmod 4.11.g20180619. From textdump (panic.txt), I see Duplicate free of 0xfffff802cf0e1240 from zone 0xfffff80170f40000(i915_gem_request) slab 0xfffff801e0d74620(1)

I see that the issue is closed, it has been fixed in later commits/versions? Thanks.

EDIT: I've upgraded to 4.15, hopefully it is more stable. EDIT: Reverted back to 4.11, with 4.15 I got general protection fault while in kernel mode, in intel_atomic_commit.

Will try to look into the double free crash problem, 4.11 apparently is the only usable option for me for now.