94385 – [BAT ILK] Null ptr deref with red zone overwrite on drv_module_reload_basic (ext4)

Bug 94385 - [BAT ILK] Null ptr deref with red zone overwrite on drv_module_reload_basic (ext4)

Summary: [BAT ILK] Null ptr deref with red zone overwrite on drv_module_reload_basic (...

Status:	CLOSED NOTOURBUG

Alias:	None

Product:	DRI
Classification:	Unclassified
Component:	DRM/Intel (show other bugs)
Version:	DRI git
Hardware:	Other All

Importance:	high critical
Assignee:	Intel GFX Bugs mailing list
QA Contact:	Intel GFX Bugs mailing list

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2016-03-03 11:03 UTC by Mika Kuoppala
Modified:	2016-10-10 07:11 UTC (History)
CC List:	1 user (show)

See Also:
i915 platform:	ILK
i915 features:

Attachments

Description Mika Kuoppala 2016-03-03 11:03:19 UTC

Similar trace can be found from nightly run of 1066


[  424.021566] BUG: unable to handle kernel paging request at 00000000fffff02f
[  424.021578] IP: [<ffffffff811b523a>] deactivate_slab+0x19a/0x740
[  424.021589] PGD 0 
[  424.021593] Oops: 0000 [#1] PREEMPT SMP 
[  424.021598] Modules linked in: i915(+) ax88179_178a usbnet mii snd_hda_codec_hdmi intel_powerclamp snd_hda_codec_generic coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_hda_codec snd_hwdep snd_hda_core mei_me snd_pcm lpc_ich mei sdhci_pci sdhci e1000e mmc_core ptp pps_core [last unloaded: i915]
[  424.021629] CPU: 3 PID: 5287 Comm: systemd Tainted: G     U          4.5.0-rc6-gfxbench+ #1
[  424.021635] Hardware name: Hewlett-Packard HP EliteBook 8440p/172A, BIOS 68CCU Ver. F.24 09/13/2013
[  424.021640] task: ffff8801314fa580 ti: ffff8800b3d04000 task.ti: ffff8800b3d04000
[  424.021647] RIP: 0010:[<ffffffff811b523a>]  [<ffffffff811b523a>] deactivate_slab+0x19a/0x740
[  424.021655] RSP: 0018:ffff8800b3d07710  EFLAGS: 00010082
[  424.021660] RAX: 00000000ffffefff RBX: ffff8800b3a8efd0 RCX: 0000000000000002
[  424.021666] RDX: 0000000000000030 RSI: ffffea0002cea380 RDI: 00000000ffffffff
[  424.021673] RBP: ffff8800b3d07810 R08: ffff8800b3a8f870 R09: ffff8800b3a8f898
[  424.021679] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000180160011
[  424.021688] R13: 0000000000008016 R14: ffffea0002cea380 R15: ffff8800b6688fc0
[  424.021698] FS:  00007f41261fe8c0(0000) GS:ffff880137cc0000(0000) knlGS:0000000000000000
[  424.021711] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  424.021719] CR2: 00000000fffff02f CR3: 00000000b4924000 CR4: 00000000000006e0
[  424.021728] Stack:
[  424.021735]  ffff8800b3d07790 ffffffff81007254 ffff8800b3d0775c 0000000002cea3a0
[  424.021752]  ffff880137cc3fc0 ffff8801314fa580 0000000f00000003 ffff8800b6670fc0
[  424.021767]  00000000ffffefff ffff8800b3a8f140 ffff8800b3d077a8 ffff8800b3d077b8
[  424.021781] Call Trace:
[  424.021793]  [<ffffffff81007254>] ? dump_trace+0x134/0x320
[  424.021807]  [<ffffffff812a23d9>] ? __es_insert_extent+0xa9/0x370
[  424.021818]  [<ffffffff812a23d9>] ? __es_insert_extent+0xa9/0x370
[  424.021829]  [<ffffffff812a23d9>] ? __es_insert_extent+0xa9/0x370
[  424.021841]  [<ffffffff814175f7>] ? debug_smp_processor_id+0x17/0x20
[  424.021851]  [<ffffffff811b1df8>] ? set_track+0x88/0x120
[  424.021860]  [<ffffffff811b31a9>] ? init_object+0x39/0x70
[  424.021868]  [<ffffffff811b6b82>] ___slab_alloc.constprop.58+0x212/0x3b0
[  424.021879]  [<ffffffff812a23d9>] ? __es_insert_extent+0xa9/0x370
[  424.021888]  [<ffffffff810cb007>] ? __lock_acquire+0x977/0x20f0
[  424.021899]  [<ffffffff817c256d>] ? _raw_spin_unlock_irqrestore+0x3d/0x60
[  424.021910]  [<ffffffff8141884c>] ? debug_check_no_obj_freed+0x10c/0x1f0
[  424.021920]  [<ffffffff812a23d9>] ? __es_insert_extent+0xa9/0x370
[  424.021930]  [<ffffffff811b6d63>] __slab_alloc.isra.55.constprop.57+0x43/0x80
[  424.021939]  [<ffffffff811b700c>] kmem_cache_alloc+0x26c/0x2d0
[  424.021947]  [<ffffffff812a23d9>] ? __es_insert_extent+0xa9/0x370
[  424.021956]  [<ffffffff812a23d9>] __es_insert_extent+0xa9/0x370
[  424.021968]  [<ffffffff812a34c1>] ext4_es_insert_extent+0x101/0x270
[  424.021980]  [<ffffffff8125fe36>] ext4_map_blocks+0x266/0x4e0
[  424.021990]  [<ffffffff81260743>] ext4_getblk+0x43/0x180
[  424.022001]  [<ffffffff8126bd0c>] ext4_find_entry+0x32c/0x6a0
[  424.022015]  [<ffffffff811ec9ee>] ? d_alloc+0x5e/0x70
[  424.022026]  [<ffffffff8126c0b3>] ext4_lookup+0x33/0x130
[  424.022035]  [<ffffffff811dcff8>] lookup_real+0x18/0x60
[  424.022041]  [<ffffffff811dd7ae>] __lookup_hash+0x2e/0x40
[  424.022048]  [<ffffffff811e0e0f>] walk_component+0x18f/0x270
[  424.022054]  [<ffffffff811ddf86>] ? __inode_permission+0x26/0xb0
[  424.022061]  [<ffffffff811e104a>] link_path_walk+0x15a/0x4f0
[  424.022067]  [<ffffffff811dec41>] ? path_init+0x4b1/0x700
[  424.022073]  [<ffffffff811ded8e>] ? path_init+0x5fe/0x700
[  424.022079]  [<ffffffff811e187b>] path_openat+0x7b/0xfa0
[  424.022086]  [<ffffffff811b6b82>] ? ___slab_alloc.constprop.58+0x212/0x3b0
[  424.022092]  [<ffffffff811e2912>] ? getname_flags+0x32/0x190
[  424.022099]  [<ffffffff811e3619>] do_filp_open+0x79/0xd0
[  424.022106]  [<ffffffff817c24cc>] ? _raw_spin_unlock+0x2c/0x50
[  424.022113]  [<ffffffff811f21d4>] ? __alloc_fd+0xf4/0x200
[  424.022120]  [<ffffffff811d2145>] do_sys_open+0x115/0x1e0
[  424.022127]  [<ffffffff811d2229>] SyS_open+0x19/0x20
[  424.022133]  [<ffffffff817c2e9b>] entry_SYSCALL_64_fastpath+0x16/0x73
[  424.022139] Code: 01 74 44 41 0f ba 36 00 bf 01 00 00 00 e8 af d8 ee ff 65 8b 05 30 5d e5 7e 85 c0 75 05 e8 f5 bd e4 ff 49 63 57 20 48 8b 44 24 40 <48> 8b 0c 10 48 85 c9 74 1f 48 8b 5c 24 40 49 8b 46 10 48 89 4c 
[  424.022187] RIP  [<ffffffff811b523a>] deactivate_slab+0x19a/0x740
[  424.022194]  RSP <ffff8800b3d07710>
[  424.022199] CR2: 00000000fffff02f
[  424.022205] ---[ end trace f0ef412fa5d49500 ]---
[  424.022211] BUG: sleeping function called from invalid context at include/linux/sched.h:2795
[  424.022220] in_atomic(): 1, irqs_disabled(): 1, pid: 5287, name: systemd
[  424.022226] INFO: lockdep is turned off.
[  424.022231] irq event stamp: 53926
[  424.022235] hardirqs last  enabled at (53925): [<ffffffff811b5ca9>] __slab_free+0x369/0x4a0
[  424.022245] hardirqs last disabled at (53926): [<ffffffff811b6d3f>] __slab_alloc.isra.55.constprop.57+0x1f/0x80
[  424.022256] softirqs last  enabled at (53872): [<ffffffff816eaa43>] netlink_poll+0x133/0x1c0
[  424.022268] softirqs last disabled at (53870): [<ffffffff816eaa02>] netlink_poll+0xf2/0x1c0
[  424.022278] Preemption disabled at:[<ffffffff812a3474>] ext4_es_insert_extent+0xb4/0x270

[  424.022293] CPU: 3 PID: 5287 Comm: systemd Tainted: G     UD         4.5.0-rc6-gfxbench+ #1
[  424.022306] Hardware name: Hewlett-Packard HP EliteBook 8440p/172A, BIOS 68CCU Ver. F.24 09/13/2013
[  424.022315]  0000000000000000 ffff8800b3d07440 ffffffff813fba95 0000000000000000
[  424.022326]  ffff8801314fa580 ffff8800b3d07468 ffffffff810a1c2d ffffffff81a6229b
[  424.022337]  0000000000000aeb 0000000000000000 ffff8800b3d07490 ffffffff810a1d54
[  424.022347] Call Trace:
[  424.022354]  [<ffffffff813fba95>] dump_stack+0x67/0x92
[  424.022364]  [<ffffffff810a1c2d>] ___might_sleep+0x15d/0x240
[  424.022371]  [<ffffffff810a1d54>] __might_sleep+0x44/0x80
[  424.022379]  [<ffffffff810891ff>] exit_signals+0x1f/0x130
[  424.022387]  [<ffffffff8107bbba>] do_exit+0xaa/0xc30
[  424.022395]  [<ffffffff810d7dfe>] ? kmsg_dump+0x10e/0x190
[  424.022402]  [<ffffffff81007cd8>] oops_end+0x68/0x90
[  424.022410]  [<ffffffff81047b37>] no_context+0x137/0x390
[  424.022417]  [<ffffffff81047e99>] __bad_area_nosemaphore+0x109/0x220
[  424.022424]  [<ffffffff810cb047>] ? __lock_acquire+0x9b7/0x20f0
[  424.022431]  [<ffffffff81047fbe>] bad_area_nosemaphore+0xe/0x10
[  424.022438]  [<ffffffff81048205>] __do_page_fault+0x85/0x480
[  424.022445]  [<ffffffff81001010>] ? trace_hardirqs_off_thunk+0x17/0x19
[  424.022453]  [<ffffffff8104860c>] do_page_fault+0xc/0x10
[  424.022460]  [<ffffffff817c4bf2>] page_fault+0x22/0x30
[  424.022466]  [<ffffffff811b523a>] ? deactivate_slab+0x19a/0x740
[  424.022473]  [<ffffffff81007254>] ? dump_trace+0x134/0x320
[  424.022480]  [<ffffffff812a23d9>] ? __es_insert_extent+0xa9/0x370
[  424.022487]  [<ffffffff812a23d9>] ? __es_insert_extent+0xa9/0x370
[  424.022494]  [<ffffffff812a23d9>] ? __es_insert_extent+0xa9/0x370
[  424.022501]  [<ffffffff814175f7>] ? debug_smp_processor_id+0x17/0x20
[  424.022507]  [<ffffffff811b1df8>] ? set_track+0x88/0x120
[  424.022514]  [<ffffffff811b31a9>] ? init_object+0x39/0x70
[  424.022521]  [<ffffffff811b6b82>] ___slab_alloc.constprop.58+0x212/0x3b0
[  424.022528]  [<ffffffff812a23d9>] ? __es_insert_extent+0xa9/0x370
[  424.022535]  [<ffffffff810cb007>] ? __lock_acquire+0x977/0x20f0
[  424.022542]  [<ffffffff817c256d>] ? _raw_spin_unlock_irqrestore+0x3d/0x60
[  424.022549]  [<ffffffff8141884c>] ? debug_check_no_obj_freed+0x10c/0x1f0
[  424.022558]  [<ffffffff812a23d9>] ? __es_insert_extent+0xa9/0x370
[  424.022567]  [<ffffffff811b6d63>] __slab_alloc.isra.55.constprop.57+0x43/0x80
[  424.022574]  [<ffffffff811b700c>] kmem_cache_alloc+0x26c/0x2d0
[  424.022581]  [<ffffffff812a23d9>] ? __es_insert_extent+0xa9/0x370
[  424.022588]  [<ffffffff812a23d9>] __es_insert_extent+0xa9/0x370
[  424.022595]  [<ffffffff812a34c1>] ext4_es_insert_extent+0x101/0x270
[  424.022602]  [<ffffffff8125fe36>] ext4_map_blocks+0x266/0x4e0
[  424.022609]  [<ffffffff81260743>] ext4_getblk+0x43/0x180
[  424.022615]  [<ffffffff8126bd0c>] ext4_find_entry+0x32c/0x6a0
[  424.022623]  [<ffffffff811ec9ee>] ? d_alloc+0x5e/0x70
[  424.022629]  [<ffffffff8126c0b3>] ext4_lookup+0x33/0x130
[  424.022635]  [<ffffffff811dcff8>] lookup_real+0x18/0x60
[  424.022642]  [<ffffffff811dd7ae>] __lookup_hash+0x2e/0x40
[  424.022648]  [<ffffffff811e0e0f>] walk_component+0x18f/0x270
[  424.022655]  [<ffffffff811ddf86>] ? __inode_permission+0x26/0xb0
[  424.022661]  [<ffffffff811e104a>] link_path_walk+0x15a/0x4f0
[  424.022668]  [<ffffffff811dec41>] ? path_init+0x4b1/0x700
[  424.022674]  [<ffffffff811ded8e>] ? path_init+0x5fe/0x700
[  424.022681]  [<ffffffff811e187b>] path_openat+0x7b/0xfa0
[  424.022688]  [<ffffffff811b6b82>] ? ___slab_alloc.constprop.58+0x212/0x3b0
[  424.022695]  [<ffffffff811e2912>] ? getname_flags+0x32/0x190
[  424.022701]  [<ffffffff811e3619>] do_filp_open+0x79/0xd0
[  424.022708]  [<ffffffff817c24cc>] ? _raw_spin_unlock+0x2c/0x50
[  424.022715]  [<ffffffff811f21d4>] ? __alloc_fd+0xf4/0x200
[  424.022721]  [<ffffffff811d2145>] do_sys_open+0x115/0x1e0
[  424.022728]  [<ffffffff811d2229>] SyS_open+0x19/0x20
[  424.022734]  [<ffffffff817c2e9b>] entry_SYSCALL_64_fastpath+0x16/0x73
[  425.453351] =============================================================================
[  425.454474] BUG ext4_extent_status (Tainted: G     UD        ): Redzone overwritten
[  425.455591] -----------------------------------------------------------------------------

[  425.457828] INFO: 0xffff8800b3a8f728-0xffff8800b3a8f72f. First byte 0xbb instead of 0xcc
[  425.458975] INFO: Slab 0xffffea0002cea380 objects=22 used=22 fp=0x          (null) flags=0x4000000000004081
[  425.460144] INFO: Object 0xffff8800b3a8f700 @offset=5888 fp=0x          (null)

[  425.462467] Bytes b4 ffff8800b3a8f6f0: 00 00 00 00 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a  ........ZZZZZZZZ

Comment 1 Chris Wilson 2016-03-03 12:09:58 UTC

Bisect pending?

Comment 2 Mika Kuoppala 2016-03-04 11:13:46 UTC

No bisect as of now. This ilk is in ci/bat grid.

Comment 3 Jari Tahvanainen 2016-07-04 09:05:11 UTC

priority aligned for igt basic tests on gen7 to High+Critical

Comment 4 Jari Tahvanainen 2016-09-09 07:32:46 UTC

Failure has not been visible on ILK in any of the CI testing runs on last 64 execution rounds (~almost 1 month).
The latest results from today are showing:
CI_DRM_1622/fi-ilk-650 - Result: pass
CI_DRM_1622/fi-ilk-m540 - Result: pass

Reloading i915.ko with
unbinding /sys/class/vtconsole/vtcon0/: (M) frame buffer device
module successfully unloaded
module successfully loaded again
Reloading i915.ko with inject_load_failure=1
unbinding /sys/class/vtconsole/vtcon0/: (M) frame buffer device
module successfully unloaded
Reloading i915.ko with inject_load_failure=2
module successfully unloaded
Reloading i915.ko with inject_load_failure=3
module successfully unloaded
Reloading i915.ko with inject_load_failure=4
module successfully unloaded
Reloading i915.ko with
module successfully unloaded
module successfully loaded again

Based on the previous I would propose this to be marked as resolved+worksforme. Please comment if you disagree.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.