On Mon, Mar 11, 2019 at 3:16 PM Dmitry Vyukov <dvyukov@xxxxxxxxxx> wrote: > > On Fri, Sep 7, 2018 at 6:25 PM Dmitry Vyukov <dvyukov@xxxxxxxxxx> wrote: > > > > On Fri, Sep 7, 2018 at 6:20 PM, Shuah Khan <shuah@xxxxxxxxxx> wrote: > > > On 09/07/2018 10:14 AM, Dmitry Vyukov wrote: > > >> On Fri, Sep 7, 2018 at 6:03 PM, Shuah Khan <shuah@xxxxxxxxxx> wrote: > > >>> Hi Dmitry, > > >>> > > >>> On 09/07/2018 04:54 AM, Dmitry Vyukov wrote: > > >>>> Hi, > > >>>> > > >>>> I am getting the following error while booting kernel on upstream > > >>>> commit a49a9dcce802b3651013f659813df1361d306172, config is attached. > > >>>> Seems there is some kind of resource leak. > > >>>> > > >>>> Thanks > > >>> > > >>> Odd. This commit has nothing to do with vudc. > > >> > > >> This is not the guilty commit, I just described state of my tree. > > >> > > > > > > Can you send me the full dmesg? > > > > Here it is: > > > > https://gist.githubusercontent.com/dvyukov/e9dec59fb23da9cedd8ab07a7d8c78ae/raw/3ee13c7a1f406c9927ca3b16db262f2c78e84536/gistfile1.txt > > Hello, > > The boot seems to be fixed now, but what commit fixed it? > > This bug makes all kernels starting from 4.14 unbootable for the > purposes of bisection. If we figure out what was the bug and what > fixed it, we can think of possible ways of unbreaking kernel boot. Booting 4.14 I am actually seeing a double-free but assuming it's the same bug. [ 6.527072] ================================================================== [ 6.527913] BUG: KASAN: double-free or invalid-free in usb_add_gadget_udc_release+0x6f8/0x980 [ 6.528898] [ 6.529081] CPU: 2 PID: 1 Comm: swapper/0 Not tainted 4.14.0 #4 [ 6.529769] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 6.530330] Call Trace: [ 6.530330] dump_stack+0x194/0x25a [ 6.530330] ? arch_local_irq_restore+0x53/0x53 [ 6.530330] ? show_regs_print_info+0x65/0x65 [ 6.530330] ? usb_add_gadget_udc_release+0x6f8/0x980 [ 6.530330] print_address_description+0xd4/0x230 [ 6.530330] ? usb_add_gadget_udc_release+0x6f8/0x980 [ 6.530330] ? usb_add_gadget_udc_release+0x6f8/0x980 [ 6.530330] kasan_report_double_free+0x55/0x80 [ 6.530330] kasan_slab_free+0xa3/0xc0 [ 6.530330] kfree+0xcc/0x270 [ 6.530330] usb_add_gadget_udc_release+0x6f8/0x980 [ 6.530330] ? __lockdep_init_map+0xe4/0x650 [ 6.530330] ? check_pending_gadget_drivers+0x480/0x480 [ 6.530330] ? lockdep_init_map+0x9/0x10 [ 6.530330] ? init_timer_key+0x146/0x410 [ 6.530330] ? init_timer_on_stack_key+0xb0/0xb0 [ 6.530330] ? __raw_spin_lock_init+0x1c/0x100 [ 6.530330] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 6.530330] ? __lockdep_init_map+0xe4/0x650 [ 6.530330] usb_add_gadget_udc+0x1f/0x30 [ 6.530330] vudc_probe+0x8bd/0xcb0 [ 6.530330] ? put_vudc_device+0x50/0x50 [ 6.530330] ? do_raw_spin_trylock+0x190/0x190 [ 6.530330] ? _raw_spin_unlock+0x2c/0x50 [ 6.530330] ? devices_kset_move_last+0x280/0x3a0 [ 6.530330] ? lock_device_hotplug_sysfs+0x50/0x50 [ 6.530330] ? is_acpi_device_node+0x5a/0x70 [ 6.530330] ? acpi_dev_pm_attach+0x187/0x1f0 [ 6.530330] ? put_vudc_device+0x50/0x50 [ 6.530330] ? platform_drv_remove+0xa0/0xa0 [ 6.530330] platform_drv_probe+0x8f/0x170 [ 6.530330] driver_probe_device+0x63c/0xa20 [ 6.530330] ? driver_probe_done+0xe0/0xe0 [ 6.530330] ? do_raw_spin_unlock+0x1ec/0x300 [ 6.530330] ? do_raw_spin_trylock+0x190/0x190 [ 6.530330] ? acpi_of_match_device+0x1cb/0x250 [ 6.530330] ? platform_match+0x82/0x280 [ 6.530330] ? __driver_attach+0x1c0/0x1c0 [ 6.530330] __device_attach_driver+0x1c7/0x290 [ 6.530330] bus_for_each_drv+0x148/0x1d0 [ 6.530330] ? bus_rescan_devices+0x30/0x30 [ 6.530330] ? _raw_spin_unlock_irqrestore+0xa6/0xe0 [ 6.530330] __device_attach+0x271/0x3d0 [ 6.530330] ? device_bind_driver+0xd0/0xd0 [ 6.530330] ? kobject_uevent_env+0x29f/0xe20 [ 6.530330] ? blocking_notifier_call_chain+0x112/0x190 [ 6.530330] device_initial_probe+0x1a/0x20 [ 6.530330] bus_probe_device+0x1e7/0x290 [ 6.530330] device_add+0xcf9/0x1640 [ 6.530330] ? device_private_init+0x230/0x230 [ 6.530330] ? arch_setup_pdev_archdata+0x9/0x10 [ 6.530330] ? platform_device_alloc+0xd0/0x100 [ 6.530330] ? usbip_host_init+0x123/0x123 [ 6.530330] platform_device_add+0x31e/0x660 [ 6.530330] ? usbip_host_init+0x123/0x123 [ 6.530330] init+0x12d/0x335 [ 6.530330] ? usbip_host_init+0x123/0x123 [ 6.530330] ? vhci_hcd_init+0x432/0x432 [ 6.530330] ? sysfs_create_file_ns+0x86/0xb0 [ 6.530330] ? driver_create_file+0x4c/0x70 [ 6.530330] ? usbip_host_init+0x123/0x123 [ 6.530330] do_one_initcall+0x9e/0x330 [ 6.530330] ? arch_local_save_flags+0x50/0x50 [ 6.530330] ? down_write_nested+0xd0/0x120 [ 6.530330] ? kasan_unpoison_shadow+0x35/0x50 [ 6.530330] kernel_init_freeable+0x469/0x521 [ 6.530330] ? rest_init+0x100/0x100 [ 6.530330] kernel_init+0x13/0x172 [ 6.530330] ? rest_init+0x100/0x100 [ 6.530330] ret_from_fork+0x2a/0x40 [ 6.530330] [ 6.530330] Allocated by task 1: [ 6.530330] save_stack_trace+0x16/0x20 [ 6.530330] save_stack+0x43/0xd0 [ 6.530330] kasan_kmalloc+0xad/0xe0 [ 6.530330] kmem_cache_alloc_trace+0x136/0x780 [ 6.530330] usb_add_gadget_udc_release+0x22b/0x980 [ 6.530330] usb_add_gadget_udc+0x1f/0x30 [ 6.530330] vudc_probe+0x8bd/0xcb0 [ 6.530330] platform_drv_probe+0x8f/0x170 [ 6.530330] driver_probe_device+0x63c/0xa20 [ 6.530330] __device_attach_driver+0x1c7/0x290 [ 6.530330] bus_for_each_drv+0x148/0x1d0 [ 6.530330] __device_attach+0x271/0x3d0 [ 6.530330] device_initial_probe+0x1a/0x20 [ 6.530330] bus_probe_device+0x1e7/0x290 [ 6.530330] device_add+0xcf9/0x1640 [ 6.530330] platform_device_add+0x31e/0x660 [ 6.530330] init+0x12d/0x335 [ 6.530330] do_one_initcall+0x9e/0x330 [ 6.530330] kernel_init_freeable+0x469/0x521 [ 6.530330] kernel_init+0x13/0x172 [ 6.530330] ret_from_fork+0x2a/0x40 [ 6.530330] [ 6.530330] Freed by task 1: [ 6.530330] save_stack_trace+0x16/0x20 [ 6.530330] save_stack+0x43/0xd0 [ 6.530330] kasan_slab_free+0x71/0xc0 [ 6.530330] kfree+0xcc/0x270 [ 6.530330] usb_udc_release+0x16/0x20 [ 6.530330] device_release+0x7c/0x200 [ 6.530330] kobject_put+0x26e/0x400 [ 6.530330] put_device+0x20/0x30 [ 6.530330] usb_add_gadget_udc_release+0x6e3/0x980 [ 6.530330] usb_add_gadget_udc+0x1f/0x30 [ 6.530330] vudc_probe+0x8bd/0xcb0 [ 6.530330] platform_drv_probe+0x8f/0x170 [ 6.530330] driver_probe_device+0x63c/0xa20 [ 6.530330] __device_attach_driver+0x1c7/0x290 [ 6.530330] bus_for_each_drv+0x148/0x1d0 [ 6.530330] __device_attach+0x271/0x3d0 [ 6.530330] device_initial_probe+0x1a/0x20 [ 6.530330] bus_probe_device+0x1e7/0x290 [ 6.530330] device_add+0xcf9/0x1640 [ 6.530330] platform_device_add+0x31e/0x660 [ 6.530330] init+0x12d/0x335 [ 6.530330] do_one_initcall+0x9e/0x330 [ 6.530330] kernel_init_freeable+0x469/0x521 [ 6.530330] kernel_init+0x13/0x172 [ 6.530330] ret_from_fork+0x2a/0x40 [ 6.530330] [ 6.530330] The buggy address belongs to the object at ffff8800675bed00 [ 6.530330] which belongs to the cache kmalloc-2048 of size 2048 [ 6.530330] The buggy address is located 0 bytes inside of [ 6.530330] 2048-byte region [ffff8800675bed00, ffff8800675bf500) [ 6.530330] The buggy address belongs to the page: [ 6.530330] page:ffffea00019d6f80 count:1 mapcount:0 mapping:ffff8800675be480 index:0x0 compound_mapcount: 0 [ 6.530330] flags: 0x1fffc0000008100(slab|head) [ 6.530330] raw: 01fffc0000008100 ffff8800675be480 0000000000000000 0000000100000003 [ 6.530330] raw: ffffea00018c8620 ffffea00019d70a0 ffff88006c000c40 0000000000000000 [ 6.530330] page dumped because: kasan: bad access detected [ 6.530330] [ 6.530330] Memory state around the buggy address: [ 6.530330] ffff8800675bec00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 6.530330] ffff8800675bec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 6.530330] >ffff8800675bed00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 6.530330] ^ [ 6.530330] ffff8800675bed80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 6.530330] ffff8800675bee00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 6.530330] ==================================================================
