<html>
<head>
<base href="https://bugs.freedesktop.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - [BAT BDW SKL] slab poisoning over module reload since build CI_DRM_862"
href="https://bugs.freedesktop.org/show_bug.cgi?id=93248">93248</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>[BAT BDW SKL] slab poisoning over module reload since build CI_DRM_862
</td>
</tr>
<tr>
<th>Product</th>
<td>DRI
</td>
</tr>
<tr>
<th>Version</th>
<td>XOrg git
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Other
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>medium
</td>
</tr>
<tr>
<th>Component</th>
<td>DRM/Intel
</td>
</tr>
<tr>
<th>Assignee</th>
<td>intel-gfx-bugs@lists.freedesktop.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>daniel@ffwll.ch
</td>
</tr>
<tr>
<th>QA Contact</th>
<td>intel-gfx-bugs@lists.freedesktop.org
</td>
</tr>
<tr>
<th>CC</th>
<td>intel-gfx-bugs@lists.freedesktop.org
</td>
</tr></table>
<p>
<div>
<pre>Our dear CI started to catch a slab poisoning regression on bdw-nuci7 and
skl-i5k-2. Unfortuntely by the time slab notices the problem i915.ko is
unloaded already, which means the crucial functions aren't decoded. Someone
with local access to the machines needs to first grab a copy of /proc/kallsyms,
then reproduce using the module reload testcase and then manually decode where
the culprit exactly is.
Anyway, example dmesg splat below:
[ 170.349516]
=============================================================================
[ 170.349523] BUG kmalloc-256 (Tainted: G BU W ): Poison overwritten
[ 170.349526]
-----------------------------------------------------------------------------
[ 170.349533] INFO: 0xffff880212ff16d0-0xffff880212ff16d0. First byte 0x66
instead of 0x6b
[ 170.349539] INFO: Allocated in 0xffffffffa01eb19b age=161765 cpu=2 pid=299
[ 170.349544] ___slab_alloc.constprop.59+0x35e/0x390
[ 170.349548] __slab_alloc.isra.56.constprop.58+0x43/0x80
[ 170.349552] kmem_cache_alloc_trace+0x25e/0x2e0
[ 170.349555] 0xffffffffa01eb19b
[ 170.349557] 0xffffffffa01eb5f5
[ 170.349560] 0xffffffffa02001e2
[ 170.349562] 0xffffffffa027edff
[ 170.349566] drm_dev_register+0xa4/0xb0
[ 170.349570] drm_get_pci_dev+0xce/0x1e0
[ 170.349572] 0xffffffffa01c22cf
[ 170.349577] pci_device_probe+0x87/0xf0
[ 170.349581] driver_probe_device+0x221/0x4a0
[ 170.349584] __driver_attach+0x83/0x90
[ 170.349587] bus_for_each_dev+0x61/0xa0
[ 170.349590] driver_attach+0x19/0x20
[ 170.349593] bus_add_driver+0x1ef/0x290
[ 170.349596] INFO: Freed in 0xffffffffa01eaf59 age=142 cpu=2 pid=6059
[ 170.349600] __slab_free+0x356/0x4a0
[ 170.349603] kfree+0x283/0x290
[ 170.349606] 0xffffffffa01eaf59
[ 170.349608] 0xffffffffa01eb843
[ 170.349610] 0xffffffffa027f6b0
[ 170.349614] drm_dev_unregister+0x24/0xa0
[ 170.349617] drm_put_dev+0x1e/0x60
[ 170.349620] 0xffffffffa01c2290
[ 170.349623] pci_device_remove+0x34/0xb0
[ 170.349626] __device_release_driver+0x91/0x130
[ 170.349630] driver_detach+0xb3/0xc0
[ 170.349633] bus_remove_driver+0x53/0xd0
[ 170.349636] driver_unregister+0x27/0x50
[ 170.349640] pci_unregister_driver+0x25/0x70
[ 170.349643] drm_pci_exit+0x74/0x90
[ 170.349645] 0xffffffffa02809be
[ 170.349648] INFO: Slab 0xffffea00084bfc00 objects=28 used=28 fp=0x
(null) flags=0x8000000000004080
[ 170.349654] INFO: Object 0xffff880212ff16d0 @offset=5840
fp=0xffff880212ff0db0
[ 170.349660] Bytes b4 ffff880212ff16c0: 82 8d fb ff 00 00 00 00 5a 5a 5a 5a
5a 5a 5a 5a ........ZZZZZZZZ
[ 170.349665] Object ffff880212ff16d0: 66 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b fkkkkkkkkkkkkkkk
[ 170.349671] Object ffff880212ff16e0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b kkkkkkkkkkkkkkkk
[ 170.349676] Object ffff880212ff16f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b kkkkkkkkkkkkkkkk
[ 170.349681] Object ffff880212ff1700: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b kkkkkkkkkkkkkkkk
[ 170.349686] Object ffff880212ff1710: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b kkkkkkkkkkkkkkkk
[ 170.349691] Object ffff880212ff1720: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b kkkkkkkkkkkkkkkk
[ 170.349696] Object ffff880212ff1730: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b kkkkkkkkkkkkkkkk
[ 170.349701] Object ffff880212ff1740: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b kkkkkkkkkkkkkkkk
[ 170.349706] Object ffff880212ff1750: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b kkkkkkkkkkkkkkkk
[ 170.349711] Object ffff880212ff1760: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b kkkkkkkkkkkkkkkk
[ 170.349716] Object ffff880212ff1770: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b kkkkkkkkkkkkkkkk
[ 170.349721] Object ffff880212ff1780: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b kkkkkkkkkkkkkkkk
[ 170.349726] Object ffff880212ff1790: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b kkkkkkkkkkkkkkkk
[ 170.349731] Object ffff880212ff17a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b kkkkkkkkkkkkkkkk
[ 170.349736] Object ffff880212ff17b0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b kkkkkkkkkkkkkkkk
[ 170.349741] Object ffff880212ff17c0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b a5 kkkkkkkkkkkkkkk.
[ 170.349746] Redzone ffff880212ff17d0: bb bb bb bb bb bb bb bb
........
[ 170.349751] Padding ffff880212ff1910: 5a 5a 5a 5a 5a 5a 5a 5a
ZZZZZZZZ
[ 170.349756] CPU: 3 PID: 6065 Comm: modprobe Tainted: G BU W
4.4.0-rc3-gfxbench+ #1
[ 170.349757] Hardware name: /NUC5i7RYB, BIOS
RYBDWi35.86A.0249.2015.0529.1640 05/29/2015
[ 170.349758] ffff880212ff16d0 ffff8800d8c5f580 ffffffff813df42c
ffff8802158073c0
[ 170.349761] ffff8800d8c5f5c0 ffffffff811a6093 0000000000000008
ffff880200000001
[ 170.349763] ffff880212ff16d1 ffff8802158073c0 000000000000006b
ffff880212ff16d0
[ 170.349765] Call Trace:
[ 170.349767] [<ffffffff813df42c>] dump_stack+0x4e/0x82
[ 170.349768] [<ffffffff811a6093>] print_trailer+0x143/0x1f0
[ 170.349770] [<ffffffff811a6208>] check_bytes_and_report+0xc8/0x110
[ 170.349771] [<ffffffff811a6411>] check_object+0x1c1/0x240
[ 170.349773] [<ffffffff812300c2>] ? __proc_create+0xb2/0x280
[ 170.349774] [<ffffffff811a9b0b>] alloc_debug_processing+0x9b/0x190
[ 170.349775] [<ffffffff811a9f5e>] ___slab_alloc.constprop.59+0x35e/0x390
[ 170.349776] [<ffffffff812300c2>] ? __proc_create+0xb2/0x280
[ 170.349778] [<ffffffff813fc18c>] ? debug_check_no_obj_freed+0x10c/0x1f0
[ 170.349780] [<ffffffff813e0da7>] ? ida_get_new_above+0x1d7/0x210
[ 170.349781] [<ffffffff811a91d4>] ? kmem_cache_free+0x134/0x350
[ 170.349782] [<ffffffff812300c2>] ? __proc_create+0xb2/0x280
[ 170.349784] [<ffffffff811a9fd3>]
__slab_alloc.isra.56.constprop.58+0x43/0x80
[ 170.349785] [<ffffffff811aadbb>] __kmalloc+0x2bb/0x330
[ 170.349786] [<ffffffff812300c2>] __proc_create+0xb2/0x280
[ 170.349788] [<ffffffff8123065d>] proc_create_data+0x4d/0xc0
[ 170.349790] [<ffffffff810da1d8>] register_irq_proc+0x138/0x140
[ 170.349791] [<ffffffff810d598e>] __setup_irq+0x27e/0x600
[ 170.349807] [<ffffffffa02ef900>] ? gen8_gt_irq_handler+0x250/0x250 [i915]
[ 170.349809] [<ffffffff810d5e90>] request_threaded_irq+0xf0/0x190
[ 170.349810] [<ffffffff814f3fa0>] drm_irq_install+0x90/0x170
[ 170.349822] [<ffffffffa02f2940>] intel_irq_install+0x20/0x30 [i915]
[ 170.349843] [<ffffffffa03a4ddc>] i915_driver_load+0xeec/0x1670 [i915]
[ 170.349845] [<ffffffff813fc18c>] ? debug_check_no_obj_freed+0x10c/0x1f0
[ 170.349847] [<ffffffff8178f4e0>] ? klist_add_tail+0x20/0x40
[ 170.349849] [<ffffffff814f745c>] ? drm_minor_register+0x7c/0x110
[ 170.349851] [<ffffffff814f7481>] ? drm_minor_register+0xa1/0x110
[ 170.349852] [<ffffffff814f7594>] drm_dev_register+0xa4/0xb0
[ 170.349854] [<ffffffff814f93fe>] drm_get_pci_dev+0xce/0x1e0
[ 170.349856] [<ffffffff81797b6d>] ? _raw_spin_unlock_irqrestore+0x3d/0x60
[ 170.349867] [<ffffffffa02e82cf>] i915_pci_probe+0x2f/0x50 [i915]
[ 170.349869] [<ffffffff81425ea7>] pci_device_probe+0x87/0xf0
[ 170.349870] [<ffffffff8151a551>] driver_probe_device+0x221/0x4a0
[ 170.349872] [<ffffffff8151a853>] __driver_attach+0x83/0x90
[ 170.349873] [<ffffffff8151a7d0>] ? driver_probe_device+0x4a0/0x4a0
[ 170.349875] [<ffffffff81518371>] bus_for_each_dev+0x61/0xa0
[ 170.349876] [<ffffffff81519ee9>] driver_attach+0x19/0x20
[ 170.349878] [<ffffffff81519a6f>] bus_add_driver+0x1ef/0x290
[ 170.349879] [<ffffffff8151b4ab>] driver_register+0x5b/0xe0
[ 170.349881] [<ffffffff81424e3b>] __pci_register_driver+0x5b/0x60
[ 170.349883] [<ffffffff814f95e6>] drm_pci_init+0xd6/0x100
[ 170.349884] [<ffffffffa0171000>] ? 0xffffffffa0171000
[ 170.349895] [<ffffffffa0171094>] i915_init+0x94/0x9b [i915]
[ 170.349897] [<ffffffff810003de>] do_one_initcall+0xae/0x1d0
[ 170.349899] [<ffffffff81153bb2>] ? do_init_module+0x22/0x1e0
[ 170.349900] [<ffffffff811aa3c3>] ? kmem_cache_alloc_trace+0xe3/0x2e0
[ 170.349902] [<ffffffff81153beb>] do_init_module+0x5b/0x1e0
[ 170.349904] [<ffffffff81101877>] load_module+0x1b57/0x2440
[ 170.349905] [<ffffffff810fefc0>] ? symbol_put_addr+0x60/0x60
[ 170.349907] [<ffffffff810ff2b6>] ? copy_module_from_fd.isra.58+0xe6/0x140
[ 170.349909] [<ffffffff8110233b>] SyS_finit_module+0x7b/0xa0
[ 170.349911] [<ffffffff8179849b>] entry_SYSCALL_64_fastpath+0x16/0x73
[ 170.349912] FIX kmalloc-256: Restoring
0xffff880212ff16d0-0xffff880212ff16d0=0x6b
[ 170.349918] FIX kmalloc-256: Marking all objects used</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the QA Contact for the bug.</li>
<li>You are on the CC list for the bug.</li>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>