Re: BUG: KASAN: slab-use-after-free in drm_connector_cleanup
On Mon, Oct 16, 2023 at 04:13:53PM +0300, Dan Carpenter wrote: > If I had to guess, I'd say it's an issue in the vc4_mock driver. It's > crashing somewhere in Subtest: drm_vc4_test_pv_muxing. Thanks for the report. I'm currently at XDC but I'll have a look as soon as I get back. Maxime
Re: BUG: KASAN: slab-use-after-free in drm_connector_cleanup
If I had to guess, I'd say it's an issue in the vc4_mock driver. It's crashing somewhere in Subtest: drm_vc4_test_pv_muxing. regards, dan carpenter On Fri, Oct 13, 2023 at 11:44:32PM +0530, Naresh Kamboju wrote: > Following kasan bug was noticed on arm64 bcm2711-rpi-4-b device running > Linux next 6.6.0-rc5-next-20231011 with given config. > > This was first noticed on 6.6.0-rc2-next-20230918. > This is an intermittent issue. > Links to build and test logs provided. > > Reported-by: Linux Kernel Functional Testing > > Boot log: > - > > [ 209.991842] Bluetooth: Core ver 2.22 > [ 209.996014] NET: Registered PF_BLUETOOTH protocol family > [ 210.002564] Bluetooth: HCI device and connection manager initialized > [ 210.009204] Bluetooth: HCI socket layer initialized > [ 210.014443] Bluetooth: L2CAP socket layer initialized > [ 210.019906] Bluetooth: SCO socket layer initialized > [ 210.175889] KTAP version 1 > [ 210.178771] 1..3 > [ 210.184030] KTAP version 1 > [ 210.187234] # Subtest: vc4-pv-muxing-combinations > [ 210.192491] # module: vc4 > [ 210.192572] 1..2 > [ 210.197937] KTAP version 1 > [ 210.201544] # Subtest: drm_vc4_test_pv_muxing > [ 210.218416] Bluetooth: HCI UART driver ver 2.3 > [ 210.236869] [drm] Initialized vc4 0.0.0 20140616 for > drm-kunit-mock-device on minor 1 > [ 210.241063] Bluetooth: HCI UART protocol H4 registered > [ 210.320009] Bluetooth: HCI UART protocol LL registered > [ 210.464457] Bluetooth: HCI UART protocol Broadcom registered > [ 210.470871] hci_uart_bcm serial0-0: supply vbat not found, using > dummy regulator > [ 210.472120] Bluetooth: HCI UART protocol QCA registered > [ 210.480123] hci_uart_bcm serial0-0: supply vddio not found, using > dummy regulator > [ 210.490971] Bluetooth: HCI UART protocol Marvell registered > > Debian GNU/Linux 12 runner-vwmj3eza-project-40964107-concurrent-0 ttyS0 > > runner-vwmj3eza-project-40964107-concurrent-0 login: [ 2root > 10.623188] cfg80211: Loading compiled-in X.509 certificates for > regulatory database > [ 210.658616] > == > [ 210.666006] BUG: KASAN: slab-use-after-free in > drm_connector_cleanup+0x30/0x488 drm > [ 210.675144] Read of size 8 at addr 000113a8e0a8 by task > kunit_try_catch/1750 > [ 210.682685] > [ 210.684219] CPU: 1 PID: 1750 Comm: kunit_try_catch Tainted: GB > N 6.6.0-rc5-next-20231011 #1 > [ 210.694056] Hardware name: Raspberry Pi 4 Model B (DT) > [ 210.699323] Call trace: > r[ 210.701824] dump_backtrace (arch/arm64/kernel/stacktrace.c:235) > [ 210.705757] show_stack (arch/arm64/kernel/stacktrace.c:242) > [ 210.709160] dump_stack_lvl (lib/dump_stack.c:107) > [ 210.712917] print_report (mm/kasan/report.c:365 mm/kasan/report.c:475) > [ 210.716560] kasan_report (mm/kasan/report.c:590) > o[ 210.720201] __asan_load8 (mm/kasan/generic.c:260) > o[ 210.723827] drm_connector_cleanup+0x30/0x488 drm > [ 210.729265] drm_connector_cleanup_action+0x1c/0x30 drm > t[ 210.735228] drm_managed_release+0x128/0x228 drm > [ 210.740570] drm_dev_put.part.0+0xb4/0xf8 drm > [ 210.742616] Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7' > [ 210.745649] devm_drm_dev_init_release+0x1c/0x38 drm > [ 210.756667] devm_action_release (drivers/base/devres.c:722) > [ 210.760840] release_nodes (drivers/base/devres.c:506) > [ 210.764569] devres_release_all (drivers/base/devres.c:535) > [ 210.765145] platform regulatory.0: Direct firmware load for > regulatory.db failed with error -2 > [ 210.768737] device_unbind_cleanup (drivers/base/dd.c:551) > [ 210.768759] device_release_driver_internal (drivers/base/dd.c:1280 > drivers/base/dd.c:1295) > [ 210.768775] device_release_driver (drivers/base/dd.c:1319) > [ 210.768788] bus_remove_device (include/linux/kobject.h:193 > drivers/base/base.h:73 drivers/base/bus.c:581) > [ 210.768801] device_del (drivers/base/core.c:3815) > [ 210.768812] platform_device_del.part.0 (drivers/base/platform.c:753) > [ 210.768824] platform_device_del (drivers/base/platform.c:764) > > [ 210.768834] kunit_action_platform_device_del+0x18/0x30 drm_kunit_helpers > [ 210.810264] cfg80211: failed to load regulatory.db > [ 210.815438] __kunit_action_free (lib/kunit/resource.c:92) > [ 210.815460] kunit_remove_resource (include/kunit/resource.h:120 > include/linux/kref.h:65 include/kunit/resource.h:138 > lib/kunit/resource.c:59 lib/kunit/resource.c:48) > [ 210.815474] kunit_cleanup (lib/kunit/test.c:815 (discriminator 1)) > [ 210.815486] kunit_try_run_case_cleanup (lib/kunit/test.c:412) > [ 210.815499] kunit_generic_run_threadfn_adapter (lib/kunit/try-catch.c:30) > [ 210.815514] kthr
BUG: KASAN: slab-use-after-free in drm_connector_cleanup
Following kasan bug was noticed on arm64 bcm2711-rpi-4-b device running Linux next 6.6.0-rc5-next-20231011 with given config. This was first noticed on 6.6.0-rc2-next-20230918. This is an intermittent issue. Links to build and test logs provided. Reported-by: Linux Kernel Functional Testing Boot log: - [ 209.991842] Bluetooth: Core ver 2.22 [ 209.996014] NET: Registered PF_BLUETOOTH protocol family [ 210.002564] Bluetooth: HCI device and connection manager initialized [ 210.009204] Bluetooth: HCI socket layer initialized [ 210.014443] Bluetooth: L2CAP socket layer initialized [ 210.019906] Bluetooth: SCO socket layer initialized [ 210.175889] KTAP version 1 [ 210.178771] 1..3 [ 210.184030] KTAP version 1 [ 210.187234] # Subtest: vc4-pv-muxing-combinations [ 210.192491] # module: vc4 [ 210.192572] 1..2 [ 210.197937] KTAP version 1 [ 210.201544] # Subtest: drm_vc4_test_pv_muxing [ 210.218416] Bluetooth: HCI UART driver ver 2.3 [ 210.236869] [drm] Initialized vc4 0.0.0 20140616 for drm-kunit-mock-device on minor 1 [ 210.241063] Bluetooth: HCI UART protocol H4 registered [ 210.320009] Bluetooth: HCI UART protocol LL registered [ 210.464457] Bluetooth: HCI UART protocol Broadcom registered [ 210.470871] hci_uart_bcm serial0-0: supply vbat not found, using dummy regulator [ 210.472120] Bluetooth: HCI UART protocol QCA registered [ 210.480123] hci_uart_bcm serial0-0: supply vddio not found, using dummy regulator [ 210.490971] Bluetooth: HCI UART protocol Marvell registered Debian GNU/Linux 12 runner-vwmj3eza-project-40964107-concurrent-0 ttyS0 runner-vwmj3eza-project-40964107-concurrent-0 login: [ 2root 10.623188] cfg80211: Loading compiled-in X.509 certificates for regulatory database [ 210.658616] == [ 210.666006] BUG: KASAN: slab-use-after-free in drm_connector_cleanup+0x30/0x488 drm [ 210.675144] Read of size 8 at addr 000113a8e0a8 by task kunit_try_catch/1750 [ 210.682685] [ 210.684219] CPU: 1 PID: 1750 Comm: kunit_try_catch Tainted: GB N 6.6.0-rc5-next-20231011 #1 [ 210.694056] Hardware name: Raspberry Pi 4 Model B (DT) [ 210.699323] Call trace: r[ 210.701824] dump_backtrace (arch/arm64/kernel/stacktrace.c:235) [ 210.705757] show_stack (arch/arm64/kernel/stacktrace.c:242) [ 210.709160] dump_stack_lvl (lib/dump_stack.c:107) [ 210.712917] print_report (mm/kasan/report.c:365 mm/kasan/report.c:475) [ 210.716560] kasan_report (mm/kasan/report.c:590) o[ 210.720201] __asan_load8 (mm/kasan/generic.c:260) o[ 210.723827] drm_connector_cleanup+0x30/0x488 drm [ 210.729265] drm_connector_cleanup_action+0x1c/0x30 drm t[ 210.735228] drm_managed_release+0x128/0x228 drm [ 210.740570] drm_dev_put.part.0+0xb4/0xf8 drm [ 210.742616] Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7' [ 210.745649] devm_drm_dev_init_release+0x1c/0x38 drm [ 210.756667] devm_action_release (drivers/base/devres.c:722) [ 210.760840] release_nodes (drivers/base/devres.c:506) [ 210.764569] devres_release_all (drivers/base/devres.c:535) [ 210.765145] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 210.768737] device_unbind_cleanup (drivers/base/dd.c:551) [ 210.768759] device_release_driver_internal (drivers/base/dd.c:1280 drivers/base/dd.c:1295) [ 210.768775] device_release_driver (drivers/base/dd.c:1319) [ 210.768788] bus_remove_device (include/linux/kobject.h:193 drivers/base/base.h:73 drivers/base/bus.c:581) [ 210.768801] device_del (drivers/base/core.c:3815) [ 210.768812] platform_device_del.part.0 (drivers/base/platform.c:753) [ 210.768824] platform_device_del (drivers/base/platform.c:764) [ 210.768834] kunit_action_platform_device_del+0x18/0x30 drm_kunit_helpers [ 210.810264] cfg80211: failed to load regulatory.db [ 210.815438] __kunit_action_free (lib/kunit/resource.c:92) [ 210.815460] kunit_remove_resource (include/kunit/resource.h:120 include/linux/kref.h:65 include/kunit/resource.h:138 lib/kunit/resource.c:59 lib/kunit/resource.c:48) [ 210.815474] kunit_cleanup (lib/kunit/test.c:815 (discriminator 1)) [ 210.815486] kunit_try_run_case_cleanup (lib/kunit/test.c:412) [ 210.815499] kunit_generic_run_threadfn_adapter (lib/kunit/try-catch.c:30) [ 210.815514] kthread (kernel/kthread.c:388) [ 210.815526] ret_from_fork (arch/arm64/kernel/entry.S:858) [ 210.815540] [ 210.815544] Allocated by task 1745: [ 210.815552] kasan_save_stack (mm/kasan/common.c:46) [ 210.815567] kasan_set_track (mm/kasan/common.c:52 (discriminator 1)) [ 210.815579] kasan_save_alloc_info (mm/kasan/generic.c:512) [ 210.815592] __kasan_kmalloc (mm/kasan/common.c:374 mm/kasan/common.c:383) [ 210.815603] __kmalloc (include/linux/kasan.h:198 mm/slab_common.c:1004 mm/slab_common.c:1017) [ 210.815613] kunit_kmalloc_array (include/linux/slab.h:637 lib/kunit/test.c:779) [ 210.815625] vc4_dummy_output+0xac/0x228 vc4 [ 210.882798] __mock_device+0x24c/0x4b0 vc4
