Greetings, Here is another bug exposed by patch commit bea5b158ff0da9c7246ff391f754f5f38e34577a Author: Rob Herring AuthorDate: Thu Aug 11 10:20:58 2016 -0500 Commit: Greg Kroah-Hartman CommitDate: Wed Aug 31 15:13:55 2016 +0200 driver core: add test of driver remove calls during probe In recent discussions on ksummit-discuss[1], it was suggested to do a sequence of probe, remove, probe for testing driver remove paths. This adds a kconfig option for said test. [1] https://lists.linuxfoundation.org/pipermail/ksummit-discuss/2016-August/003459.html Suggested-by: Arnd Bergmann Cc: Greg Kroah-Hartman Signed-off-by: Rob Herring Signed-off-by: Greg Kroah-Hartman +-------------------------------------------------+------------+------------+-------------+ | | cebf8fd169 | bea5b158ff | v4.9_122400 | +-------------------------------------------------+------------+------------+-------------+ | boot_successes | 76 | 0 | 0 | | boot_failures | 12 | 22 | 13 | | BUG:kernel_reboot-without-warning_in_test_stage | 12 | | | | calltrace:async_run_entry_fn | 0 | 22 | 13 | | BUG:Double_free_or_freeing_an_invalid_pointer | 0 | 22 | 13 | | calltrace:scsi_debug_init | 0 | 22 | 13 | | WARNING:at_include/linux/kref.h:#kobject_get | 0 | 22 | 13 | | BUG:KASAN:use-after-free_in | 0 | 22 | 10 | | calltrace:init | 0 | 22 | 9 | +-------------------------------------------------+------------+------------+-------------+ [ 16.231489] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, supports DPO and FUA [ 16.256951] kobject (ffff88001ec08640): tried to init an initialized object, something is seriously wrong. [ 16.260429] CPU: 0 PID: 6 Comm: kworker/u2:0 Not tainted 4.8.0-rc4-00003-gbea5b15 #1 [ 16.263455] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014 [ 16.266996] Workqueue: events_unbound async_run_entry_fn [ 16.282095] 0000000000000000 ffff8800191a7bb0 ffffffffb70814cb ffff8800191a7bd8 [ 16.285505] ffffffffb7083d08 ffff88001ec08000 ffff88001f3fa200 ffff88001f3fa200 [ 16.288901] ffff8800191a7c10 ffffffffb706df61 ffff88001ec08000 ffff88001f3fa200 [ 16.292359] Call Trace: [ 16.306703] [] dump_stack+0x19/0x1b [ 16.308553] [] kobject_init+0x35/0xb3 [ 16.310402] [] blk_mq_register_disk+0x3e/0x123 [ 16.312426] [] blk_register_queue+0xd8/0x12a [ 16.314399] [] device_add_disk+0x4cc/0x677 [ 16.316342] [] sd_probe_async+0x226/0x2fa [ 16.318270] [] ? sd_revalidate_disk+0x16b3/0x16b3 [ 16.333417] [] async_run_entry_fn+0x74/0x18e [ 16.335418] [] process_one_work+0x2c0/0x4c8 [ 16.337372] [] ? process_one_work+0x23d/0x4c8 [ 16.339361] [] worker_thread+0x2d2/0x408 [ 16.341262] [] ? process_scheduled_works+0x3e/0x3e [ 16.343330] [] kthread+0x105/0x114 [ 16.358179] [] ? _raw_spin_unlock_irq+0x27/0x3e [ 16.360504] [] ret_from_fork+0x1f/0x40 [ 16.362651] [] ? init_completion+0x2d/0x2d [ 16.364894] kobject (ffff88001e909308): tried to init an initialized object, something is seriously wrong. [ 16.368305] CPU: 0 PID: 6 Comm: kworker/u2:0 Not tainted 4.8.0-rc4-00003-gbea5b15 #1 [ 16.371523] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014 [ 16.375153] Workqueue: events_unbound async_run_entry_fn [ 16.377279] 0000000000000000 ffff8800191a7bb0 ffffffffb70814cb ffff8800191a7bd8 [ 16.381022] ffffffffb7083d08 ffff88001ec08000 ffff88001f3fa200 ffff88001f3fa200 [ 16.384768] ffff8800191a7c10 ffffffffb706df87 ffff88001ec08000 ffff88001f3fa200 [ 16.388537] Call Trace: [ 16.389920] [] dump_stack+0x19/0x1b [ 16.391919] [] kobject_init+0x35/0xb3 [ 16.393956] [] blk_mq_register_disk+0x64/0x123 [ 16.396187] [] blk_register_queue+0xd8/0x12a [ 16.398384] [] device_add_disk+0x4cc/0x677 [ 16.400516] [] sd_probe_async+0x226/0x2fa [ 16.402637] [] ? sd_revalidate_disk+0x16b3/0x16b3 [ 16.404920] [] async_run_entry_fn+0x74/0x18e [ 16.407099] [] process_one_work+0x2c0/0x4c8 [ 16.409251] [] ? process_one_work+0x23d/0x4c8 [ 16.411465] [] worker_thread+0x2d2/0x408 [ 16.413563] [] ? process_scheduled_works+0x3e/0x3e [ 16.415867] [] kthread+0x105/0x114 [ 16.417847] [] ? _raw_spin_unlock_irq+0x27/0x3e [ 16.420090] [] ret_from_fork+0x1f/0x40 [ 16.422180] [] ? init_completion+0x2d/0x2d [ 16.424525] ================================================================== [ 16.427671] BUG: Double free or freeing an invalid pointer [ 16.429721] Unexpected shadow byte: 0xFB [ 16.431429] CPU: 0 PID: 6 Comm: kworker/u2:0 Not tainted 4.8.0-rc4-00003-gbea5b15 #1 [ 16.434680] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014 [ 16.438491] Workqueue: events_unbound async_run_entry_fn [ 16.440632] 0000000000000000 ffff8800191a79f8 ffffffffb70814cb ffff8800191a7a20 [ 16.444325] ffffffffb6dd2ca5 00000000fffffffb ffff880019001c80 ffff8800190a46f0 [ 16.447995] ffff8800191a7a50 ffffffffb6dd2d86 0000000000000296 ffff880019001c80 [ 16.451695] Call Trace: [ 16.453069] [] dump_stack+0x19/0x1b [ 16.455050] [] kasan_object_err+0x1c/0x73 [ 16.457141] [] kasan_report_double_free+0x45/0x56 [ 16.459389] [] kasan_slab_free+0x38/0x8f [ 16.461464] [] slab_free_freelist_hook+0x88/0xa0 [ 16.463687] [] kfree+0x64/0xef [ 16.465571] [] ? kfree_const+0x1b/0x1d [ 16.467609] [] kfree_const+0x1b/0x1d [ 16.469813] [] kobject_set_name_vargs+0x9f/0xb5 [ 16.472363] [] kobject_add+0x80/0xbc [ 16.474649] [] ? kobject_uevent_env+0xaa/0x671 [ 16.477186] [] blk_mq_register_hctx+0x75/0xf4 [ 16.479686] [] ? blk_mq_register_disk+0xd9/0x123 [ 16.482285] [] blk_mq_register_disk+0xe2/0x123 [ 16.484822] [] blk_register_queue+0xd8/0x12a [ 16.487320] [] device_add_disk+0x4cc/0x677 [ 16.489754] [] sd_probe_async+0x226/0x2fa [ 16.492177] [] ? sd_revalidate_disk+0x16b3/0x16b3 [ 16.494780] [] async_run_entry_fn+0x74/0x18e [ 16.497259] [] process_one_work+0x2c0/0x4c8 [ 16.499716] [] ? process_one_work+0x23d/0x4c8 [ 16.502224] [] worker_thread+0x2d2/0x408 [ 16.504608] [] ? process_scheduled_works+0x3e/0x3e [ 16.507234] [] kthread+0x105/0x114 [ 16.509475] [] ? _raw_spin_unlock_irq+0x27/0x3e [ 16.512025] [] ret_from_fork+0x1f/0x40 [ 16.514371] [] ? init_completion+0x2d/0x2d [ 16.516795] Object at ffff8800190a46f0, in cache kmalloc-8 size: 8 [ 16.519335] Allocated: [ 16.520806] PID = 6 [ 16.522210] [] save_stack_trace+0x25/0x40 [ 16.524733] [] save_stack+0x46/0xce [ 16.527116] [] kasan_kmalloc+0x99/0xa8 [ 16.529564] [] kasan_slab_alloc+0x12/0x14 [ 16.532094] [] slab_post_alloc_hook+0x38/0x45 [ 16.534706] [] __kmalloc_track_caller+0xe4/0xf2 [ 16.537375] [] kvasprintf+0x54/0xa9 [ 16.539761] [] kvasprintf_const+0xa5/0xae [ 16.542287] [] kobject_set_name_vargs+0x3c/0xb5 [ 16.544960] [] kobject_add+0x80/0xbc [ 16.547373] [] blk_mq_register_hctx+0x75/0xf4 [ 16.549998] [] blk_mq_register_disk+0xe2/0x123 [ 16.552657] [] blk_register_queue+0xd8/0x12a [ 16.555280] [] device_add_disk+0x4cc/0x677 [ 16.557938] [] sd_probe_async+0x226/0x2fa [ 16.560630] [] async_run_entry_fn+0x74/0x18e [ 16.563328] [] process_one_work+0x2c0/0x4c8 [ 16.565914] [] worker_thread+0x2d2/0x408 [ 16.568420] [] kthread+0x105/0x114 [ 16.570767] [] ret_from_fork+0x1f/0x40 [ 16.573072] Freed: [ 16.574312] PID = 1 [ 16.575684] [] save_stack_trace+0x25/0x40 [ 16.578237] [] save_stack+0x46/0xce [ 16.580640] [] kasan_slab_free+0x6d/0x8f [ 16.583162] [] slab_free_freelist_hook+0x88/0xa0 [ 16.585873] [] kfree+0x64/0xef [ 16.588152] [] kfree_const+0x1b/0x1d [ 16.590568] [] kobject_release+0x78/0x81 [ 16.593087] [] kobject_put+0x49/0x4c [ 16.595500] [] __blk_mq_unregister_disk+0x102/0x15d [ 16.598308] [] blk_mq_unregister_disk+0x17/0x1e [ 16.600994] [] blk_unregister_queue+0x54/0xa0 [ 16.603634] [] del_gendisk+0x16e/0x255 [ 16.606109] [] sd_remove+0x9e/0x106 [ 16.608492] [] driver_probe_device+0x1f4/0x433 [ 16.611149] [] __device_attach_driver+0xb7/0xd3 [ 16.613494] [] bus_for_each_drv+0xb7/0xbc [ 16.615567] [] __device_attach+0xb9/0x120 [ 16.617636] [] device_initial_probe+0xe/0x10 [ 16.619777] [] bus_probe_device+0x55/0xf9 [ 16.621839] [] device_add+0x5a4/0x730 [ 16.623825] [] scsi_sysfs_add_sdev+0x162/0x2eb [ 16.625978] [] scsi_probe_and_add_lun+0xeae/0xf8d [ 16.628203] [] __scsi_scan_target+0x9c/0x20e [ 16.630325] [] scsi_scan_channel+0x67/0x75 [ 16.632543] [] scsi_scan_host_selected+0x156/0x1c8 [ 16.634788] [] do_scsi_scan_host+0xd6/0xdf [ 16.636866] [] scsi_scan_host+0x234/0x248 [ 16.638925] [] sdebug_driver_probe+0x2ef/0x2ff [ 16.641096] [] driver_probe_device+0x1a0/0x433 [ 16.643258] [] __device_attach_driver+0xb7/0xd3 [ 16.648042] [] bus_for_each_drv+0xb7/0xbc [ 16.650111] [] __device_attach+0xb9/0x120 [ 16.668921] [] device_initial_probe+0xe/0x10 [ 16.671077] [] bus_probe_device+0x55/0xf9 [ 16.673142] [] device_add+0x5a4/0x730 [ 16.675130] [] device_register+0x15/0x18 [ 16.677173] [] sdebug_add_adapter+0x179/0x231 [ 16.679314] [] scsi_debug_init+0x78a/0x820 [ 16.681404] [] do_one_initcall+0x98/0x124 [ 16.685969] [] kernel_init_freeable+0x185/0x220 [ 16.688164] [] kernel_init+0xc/0x108 [ 16.690137] [] ret_from_fork+0x1f/0x40 [ 16.692149] ================================================================== [ 16.697206] Disabling lock debugging due to kernel taint [ 16.699412] ================================================================== [ 16.702312] BUG: Double free or freeing an invalid pointer [ 16.704236] Unexpected shadow byte: 0xFB [ 16.705809] CPU: 0 PID: 6 Comm: kworker/u2:0 Tainted: G B 4.8.0-rc4-00003-gbea5b15 #1 [ 16.711927] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014 [ 16.715932] Workqueue: events_unbound async_run_entry_fn [ 16.718375] 0000000000000000 ffff8800191a79f8 ffffffffb70814cb ffff8800191a7a20 [ 16.722505] ffffffffb6dd2ca5 00000000fffffffb ffff880019001c80 ffff8800190a46c0 [ 16.726502] ffff8800191a7a50 ffffffffb6dd2d86 0000000000000296 ffff880019001c80 [ 16.729274] Call Trace: [ 16.730398] [] dump_stack+0x19/0x1b [ 16.731827] [] kasan_object_err+0x1c/0x73 [ 16.733596] [] kasan_report_double_free+0x45/0x56 [ 16.735298] [] kasan_slab_free+0x38/0x8f [ 16.737000] [] slab_free_freelist_hook+0x88/0xa0 [ 16.738666] [] kfree+0x64/0xef [ 16.740695] [] ? kfree_const+0x1b/0x1d [ 16.742947] [] kfree_const+0x1b/0x1d [ 16.744908] [] kobject_set_name_vargs+0x9f/0xb5 [ 16.747089] [] kobject_add+0x80/0xbc [ 16.749029] [] ? kobject_uevent_env+0xaa/0x671 [ 16.751189] [] blk_mq_register_hctx+0xdf/0xf4 [ 16.753289] [] blk_mq_register_disk+0xe2/0x123 [ 16.755359] [] blk_register_queue+0xd8/0x12a [ 16.757379] [] device_add_disk+0x4cc/0x677 [ 16.759366] [] sd_probe_async+0x226/0x2fa [ 16.761330] [] ? sd_revalidate_disk+0x16b3/0x16b3 [ 16.763447] [] async_run_entry_fn+0x74/0x18e [ 16.765512] [] process_one_work+0x2c0/0x4c8 [ 16.767905] [] ? process_one_work+0x23d/0x4c8 [ 16.770411] [] worker_thread+0x2d2/0x408 [ 16.772781] [] ? process_scheduled_works+0x3e/0x3e [ 16.775395] [] kthread+0x105/0x114 [ 16.777624] [] ? _raw_spin_unlock_irq+0x27/0x3e [ 16.780154] [] ret_from_fork+0x1f/0x40 [ 16.782452] [] ? init_completion+0x2d/0x2d [ 16.784578] Object at ffff8800190a46c0, in cache kmalloc-8 size: 8 [ 16.786795] Allocated: [ 16.788095] PID = 6 [ 16.789325] [] save_stack_trace+0x25/0x40 [ 16.791540] [] save_stack+0x46/0xce [ 16.793848] [] kasan_kmalloc+0x99/0xa8 [ 16.796289] [] kasan_slab_alloc+0x12/0x14 [ 16.798810] [] slab_post_alloc_hook+0x38/0x45 [ 16.801393] [] __kmalloc_track_caller+0xe4/0xf2 [ 16.804070] [] kvasprintf+0x54/0xa9 git bisect start v4.9 v4.8 -- git bisect bad 9fe68cad6e74967b88d0c6aeca7d9cd6b6e91942 # 10:11 0- 3 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 git bisect bad 5fa0eb0b4d4780fbd6d8a09850cc4fd539e9fe65 # 10:22 0- 1 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip git bisect bad d8ea757b25ec82687c497fc90aa83f9bcea24b5b # 10:52 0- 10 Merge tag 'xtensa-20161005' of git://github.com/jcmvbkbc/linux-xtensa git bisect bad e6445f52d9c8b0e6557a45fa7d0e8e088d430a8c # 11:15 0- 9 Merge tag 'usb-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb git bisect good 1a4a2bc460721bc8f91e4c1294d39b38e5af132f # 11:26 22+ 0 Merge branch 'x86-asm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip git bisect good 49deffe0b0e4c2030696c7a6fd680bacf4761069 # 12:01 20+ 3 Merge tag 'arc-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc git bisect good 597f03f9d133e9837d00965016170271d4f87dcf # 12:25 21+ 0 Merge branch 'smp-hotplug-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip git bisect bad 9929780e86854833e649b39b290b5fe921eb1701 # 13:08 0- 13 Merge tag 'driver-core-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core git bisect good 7a53eea1f7b527fd3b6d7ca992914840981afe99 # 14:13 20+ 0 Merge tag 'char-misc-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc git bisect bad 775115c06091fcfa1189a50aca488fa596839617 # 14:26 0- 22 drivers/base dmam_declare_coherent_memory leaks git bisect bad 426bc8e789f8ac84270b196191904d347586032f # 14:37 0- 3 base: soc: make it explicitly non-modular git bisect bad bea5b158ff0da9c7246ff391f754f5f38e34577a # 14:47 0- 10 driver core: add test of driver remove calls during probe git bisect good cebf8fd16900fdfd58c0028617944f808f97fe50 # 15:00 20+ 3 driver core: fix race between creating/querying glue dir and its cleanup # first bad commit: [bea5b158ff0da9c7246ff391f754f5f38e34577a] driver core: add test of driver remove calls during probe git bisect good cebf8fd16900fdfd58c0028617944f808f97fe50 # 15:06 67+ 12 driver core: fix race between creating/querying glue dir and its cleanup # extra tests with CONFIG_DEBUG_INFO_REDUCED git bisect bad bea5b158ff0da9c7246ff391f754f5f38e34577a # 15:16 0- 1 driver core: add test of driver remove calls during probe # extra tests on HEAD of linux-devel/devel-hourly-2016122400 git bisect bad 8eb25c4694b925e2998ed795d6ea365439adab6c # 15:16 0- 13 0day head guard for 'devel-hourly-2016122400' # extra tests on tree/branch linus/master git bisect bad 6ac3bb167fed0b3d02b4fd3daa0d819841d5f6f4 # 15:25 0- 1 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip # extra tests on tree/branch linus/master git bisect bad 6ac3bb167fed0b3d02b4fd3daa0d819841d5f6f4 # 15:25 0- 1 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip # extra tests on tree/branch linux-next/master git bisect bad 968481a1ffee88cafc836feb83fb23d1738e8238 # 15:34 0- 5 Add linux-next specific files for 20161223 --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/lkp Intel Corporation