Bug 16407 - Crash after memory fills with cache (GFP_MOVEABLE related corruptions)
Summary: Crash after memory fills with cache (GFP_MOVEABLE related corruptions)
Status: RESOLVED CODE_FIX
Alias: None
Product: Drivers
Classification: Unclassified
Component: Video(DRI - Intel) (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: Chris Wilson
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-07-17 17:49 UTC by Wouter Mense
Modified: 2012-04-18 21:31 UTC (History)
5 users (show)

See Also:
Kernel Version: 2.6.34
Subsystem:
Regression: No
Bisected commit-id:

Attachments
/var/log/messages (4.45 KB, text/plain)
2010-07-17 17:49 UTC, Wouter Mense 		Details
Repeat unbind during free. (9.35 KB, patch)
2010-07-23 21:31 UTC, Chris Wilson 		Details | Diff
Prevent the VM from swapping out active GTT pages. (1.69 KB, patch)
2010-09-26 09:17 UTC, Chris Wilson 		Details | Diff
Add an attachment (proposed patch, testcase, etc.)

Description Wouter Mense 2010-07-17 17:49:03 UTC 
Created attachment 27133 [details]
/var/log/messages

After running for a while, memory fills with cache, all seems normal until 100% is hit, then crash.
Comment 1 Andrew Morton 2010-07-17 18:00:08 UTC 
Recategorised to DRI.

i915_gem_shrink() has got hold of a bad pointer.
Comment 2 Chris Wilson 2010-07-17 18:07:00 UTC 
Any other symptoms that might give a clue to the memory corruption? Is this before or after:

commit 985b823b919273fe1327d56d2196b4f92e5d0fae
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date:   Fri Jul 2 10:04:42 2010 +1000

    drm/i915: fix hibernation since i915 self-reclaim fixes

i.e. 2.6.35-rc4 or later?
Comment 3 Wouter Mense 2010-07-17 18:13:36 UTC 
It is kernel-desktop-2.6.34-12.3.x86_64.rpm from openSUSE 11.3
Comment 4 Chris Wilson 2010-07-23 21:31:04 UTC 
Created attachment 27229 [details]
Repeat unbind during free.

Aside from the memory corruption issues that were identified upon hibernation, I've found a potential use-after-free.
Comment 5 Chris Wilson 2010-09-26 09:17:05 UTC 
Created attachment 31522 [details]
Prevent the VM from swapping out active GTT pages.

It looks like we do not prevent the VM from swapping out pages in use by the GPU, which is bad and leads to garbage being executed by the GPU and the GPU writing over top of random pages.
Comment 6 Chris Wilson 2010-12-22 12:48:00 UTC 
Any new sightings on recent kernels?
Comment 7 Jesse Barnes 2012-04-18 21:31:27 UTC 
I guess not otherwise we would have heard from Wouter. :)
Note You need to log in before you can comment on or make changes to this bug.