Re: WARNING: ODEBUG bug in vudc_probe
From: Dmitry Vyukov
Date: Mon Mar 11 2019 - 10:18:32 EST
On Mon, Mar 11, 2019 at 3:16 PM Dmitry Vyukov <dvyukov@xxxxxxxxxx> wrote:
>
> On Fri, Sep 7, 2018 at 6:25 PM Dmitry Vyukov <dvyukov@xxxxxxxxxx> wrote:
> >
> > On Fri, Sep 7, 2018 at 6:20 PM, Shuah Khan <shuah@xxxxxxxxxx> wrote:
> > > On 09/07/2018 10:14 AM, Dmitry Vyukov wrote:
> > >> On Fri, Sep 7, 2018 at 6:03 PM, Shuah Khan <shuah@xxxxxxxxxx> wrote:
> > >>> Hi Dmitry,
> > >>>
> > >>> On 09/07/2018 04:54 AM, Dmitry Vyukov wrote:
> > >>>> Hi,
> > >>>>
> > >>>> I am getting the following error while booting kernel on upstream
> > >>>> commit a49a9dcce802b3651013f659813df1361d306172, config is attached.
> > >>>> Seems there is some kind of resource leak.
> > >>>>
> > >>>> Thanks
> > >>>
> > >>> Odd. This commit has nothing to do with vudc.
> > >>
> > >> This is not the guilty commit, I just described state of my tree.
> > >>
> > >
> > > Can you send me the full dmesg?
> >
> > Here it is:
> >
> > https://gist.githubusercontent.com/dvyukov/e9dec59fb23da9cedd8ab07a7d8c78ae/raw/3ee13c7a1f406c9927ca3b16db262f2c78e84536/gistfile1.txt
>
> Hello,
>
> The boot seems to be fixed now, but what commit fixed it?
>
> This bug makes all kernels starting from 4.14 unbootable for the
> purposes of bisection. If we figure out what was the bug and what
> fixed it, we can think of possible ways of unbreaking kernel boot.
Booting 4.14 I am actually seeing a double-free but assuming it's the same bug.
[ 6.527072] ==================================================================
[ 6.527913] BUG: KASAN: double-free or invalid-free in
usb_add_gadget_udc_release+0x6f8/0x980
[ 6.528898]
[ 6.529081] CPU: 2 PID: 1 Comm: swapper/0 Not tainted 4.14.0 #4
[ 6.529769] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.10.2-1 04/01/2014
[ 6.530330] Call Trace:
[ 6.530330] dump_stack+0x194/0x25a
[ 6.530330] ? arch_local_irq_restore+0x53/0x53
[ 6.530330] ? show_regs_print_info+0x65/0x65
[ 6.530330] ? usb_add_gadget_udc_release+0x6f8/0x980
[ 6.530330] print_address_description+0xd4/0x230
[ 6.530330] ? usb_add_gadget_udc_release+0x6f8/0x980
[ 6.530330] ? usb_add_gadget_udc_release+0x6f8/0x980
[ 6.530330] kasan_report_double_free+0x55/0x80
[ 6.530330] kasan_slab_free+0xa3/0xc0
[ 6.530330] kfree+0xcc/0x270
[ 6.530330] usb_add_gadget_udc_release+0x6f8/0x980
[ 6.530330] ? __lockdep_init_map+0xe4/0x650
[ 6.530330] ? check_pending_gadget_drivers+0x480/0x480
[ 6.530330] ? lockdep_init_map+0x9/0x10
[ 6.530330] ? init_timer_key+0x146/0x410
[ 6.530330] ? init_timer_on_stack_key+0xb0/0xb0
[ 6.530330] ? __raw_spin_lock_init+0x1c/0x100
[ 6.530330] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 6.530330] ? __lockdep_init_map+0xe4/0x650
[ 6.530330] usb_add_gadget_udc+0x1f/0x30
[ 6.530330] vudc_probe+0x8bd/0xcb0
[ 6.530330] ? put_vudc_device+0x50/0x50
[ 6.530330] ? do_raw_spin_trylock+0x190/0x190
[ 6.530330] ? _raw_spin_unlock+0x2c/0x50
[ 6.530330] ? devices_kset_move_last+0x280/0x3a0
[ 6.530330] ? lock_device_hotplug_sysfs+0x50/0x50
[ 6.530330] ? is_acpi_device_node+0x5a/0x70
[ 6.530330] ? acpi_dev_pm_attach+0x187/0x1f0
[ 6.530330] ? put_vudc_device+0x50/0x50
[ 6.530330] ? platform_drv_remove+0xa0/0xa0
[ 6.530330] platform_drv_probe+0x8f/0x170
[ 6.530330] driver_probe_device+0x63c/0xa20
[ 6.530330] ? driver_probe_done+0xe0/0xe0
[ 6.530330] ? do_raw_spin_unlock+0x1ec/0x300
[ 6.530330] ? do_raw_spin_trylock+0x190/0x190
[ 6.530330] ? acpi_of_match_device+0x1cb/0x250
[ 6.530330] ? platform_match+0x82/0x280
[ 6.530330] ? __driver_attach+0x1c0/0x1c0
[ 6.530330] __device_attach_driver+0x1c7/0x290
[ 6.530330] bus_for_each_drv+0x148/0x1d0
[ 6.530330] ? bus_rescan_devices+0x30/0x30
[ 6.530330] ? _raw_spin_unlock_irqrestore+0xa6/0xe0
[ 6.530330] __device_attach+0x271/0x3d0
[ 6.530330] ? device_bind_driver+0xd0/0xd0
[ 6.530330] ? kobject_uevent_env+0x29f/0xe20
[ 6.530330] ? blocking_notifier_call_chain+0x112/0x190
[ 6.530330] device_initial_probe+0x1a/0x20
[ 6.530330] bus_probe_device+0x1e7/0x290
[ 6.530330] device_add+0xcf9/0x1640
[ 6.530330] ? device_private_init+0x230/0x230
[ 6.530330] ? arch_setup_pdev_archdata+0x9/0x10
[ 6.530330] ? platform_device_alloc+0xd0/0x100
[ 6.530330] ? usbip_host_init+0x123/0x123
[ 6.530330] platform_device_add+0x31e/0x660
[ 6.530330] ? usbip_host_init+0x123/0x123
[ 6.530330] init+0x12d/0x335
[ 6.530330] ? usbip_host_init+0x123/0x123
[ 6.530330] ? vhci_hcd_init+0x432/0x432
[ 6.530330] ? sysfs_create_file_ns+0x86/0xb0
[ 6.530330] ? driver_create_file+0x4c/0x70
[ 6.530330] ? usbip_host_init+0x123/0x123
[ 6.530330] do_one_initcall+0x9e/0x330
[ 6.530330] ? arch_local_save_flags+0x50/0x50
[ 6.530330] ? down_write_nested+0xd0/0x120
[ 6.530330] ? kasan_unpoison_shadow+0x35/0x50
[ 6.530330] kernel_init_freeable+0x469/0x521
[ 6.530330] ? rest_init+0x100/0x100
[ 6.530330] kernel_init+0x13/0x172
[ 6.530330] ? rest_init+0x100/0x100
[ 6.530330] ret_from_fork+0x2a/0x40
[ 6.530330]
[ 6.530330] Allocated by task 1:
[ 6.530330] save_stack_trace+0x16/0x20
[ 6.530330] save_stack+0x43/0xd0
[ 6.530330] kasan_kmalloc+0xad/0xe0
[ 6.530330] kmem_cache_alloc_trace+0x136/0x780
[ 6.530330] usb_add_gadget_udc_release+0x22b/0x980
[ 6.530330] usb_add_gadget_udc+0x1f/0x30
[ 6.530330] vudc_probe+0x8bd/0xcb0
[ 6.530330] platform_drv_probe+0x8f/0x170
[ 6.530330] driver_probe_device+0x63c/0xa20
[ 6.530330] __device_attach_driver+0x1c7/0x290
[ 6.530330] bus_for_each_drv+0x148/0x1d0
[ 6.530330] __device_attach+0x271/0x3d0
[ 6.530330] device_initial_probe+0x1a/0x20
[ 6.530330] bus_probe_device+0x1e7/0x290
[ 6.530330] device_add+0xcf9/0x1640
[ 6.530330] platform_device_add+0x31e/0x660
[ 6.530330] init+0x12d/0x335
[ 6.530330] do_one_initcall+0x9e/0x330
[ 6.530330] kernel_init_freeable+0x469/0x521
[ 6.530330] kernel_init+0x13/0x172
[ 6.530330] ret_from_fork+0x2a/0x40
[ 6.530330]
[ 6.530330] Freed by task 1:
[ 6.530330] save_stack_trace+0x16/0x20
[ 6.530330] save_stack+0x43/0xd0
[ 6.530330] kasan_slab_free+0x71/0xc0
[ 6.530330] kfree+0xcc/0x270
[ 6.530330] usb_udc_release+0x16/0x20
[ 6.530330] device_release+0x7c/0x200
[ 6.530330] kobject_put+0x26e/0x400
[ 6.530330] put_device+0x20/0x30
[ 6.530330] usb_add_gadget_udc_release+0x6e3/0x980
[ 6.530330] usb_add_gadget_udc+0x1f/0x30
[ 6.530330] vudc_probe+0x8bd/0xcb0
[ 6.530330] platform_drv_probe+0x8f/0x170
[ 6.530330] driver_probe_device+0x63c/0xa20
[ 6.530330] __device_attach_driver+0x1c7/0x290
[ 6.530330] bus_for_each_drv+0x148/0x1d0
[ 6.530330] __device_attach+0x271/0x3d0
[ 6.530330] device_initial_probe+0x1a/0x20
[ 6.530330] bus_probe_device+0x1e7/0x290
[ 6.530330] device_add+0xcf9/0x1640
[ 6.530330] platform_device_add+0x31e/0x660
[ 6.530330] init+0x12d/0x335
[ 6.530330] do_one_initcall+0x9e/0x330
[ 6.530330] kernel_init_freeable+0x469/0x521
[ 6.530330] kernel_init+0x13/0x172
[ 6.530330] ret_from_fork+0x2a/0x40
[ 6.530330]
[ 6.530330] The buggy address belongs to the object at ffff8800675bed00
[ 6.530330] which belongs to the cache kmalloc-2048 of size 2048
[ 6.530330] The buggy address is located 0 bytes inside of
[ 6.530330] 2048-byte region [ffff8800675bed00, ffff8800675bf500)
[ 6.530330] The buggy address belongs to the page:
[ 6.530330] page:ffffea00019d6f80 count:1 mapcount:0
mapping:ffff8800675be480 index:0x0 compound_mapcount: 0
[ 6.530330] flags: 0x1fffc0000008100(slab|head)
[ 6.530330] raw: 01fffc0000008100 ffff8800675be480 0000000000000000
0000000100000003
[ 6.530330] raw: ffffea00018c8620 ffffea00019d70a0 ffff88006c000c40
0000000000000000
[ 6.530330] page dumped because: kasan: bad access detected
[ 6.530330]
[ 6.530330] Memory state around the buggy address:
[ 6.530330] ffff8800675bec00: fb fb fb fb fb fb fb fb fb fb fb fb
fb fb fb fb
[ 6.530330] ffff8800675bec80: fc fc fc fc fc fc fc fc fc fc fc fc
fc fc fc fc
[ 6.530330] >ffff8800675bed00: fb fb fb fb fb fb fb fb fb fb fb fb
fb fb fb fb
[ 6.530330] ^
[ 6.530330] ffff8800675bed80: fb fb fb fb fb fb fb fb fb fb fb fb
fb fb fb fb
[ 6.530330] ffff8800675bee00: fb fb fb fb fb fb fb fb fb fb fb fb
fb fb fb fb
[ 6.530330] ==================================================================