[next] arm64: juno-r2: BUG: KASAN: use-after-free in __pci_enable_msi_range

Naresh Kamboju naresh.kamboju at linaro.org
Mon Dec 20 01:54:40 PST 2021


While booting Linux next 20211215 and next 20211217 on arm64 juno-r2 device
the following kernel crash reported and several LTP syscalls test cases,

Only noticed on juno-r2 whereas dragonboard-410c and hikey-hi6220 tests pass.

Test case failure:
add_key05.c:207: TBROK: Failed to open FILE
'/proc/sys/kernel/keys/gc_delay' for writing: ENOENT (2)
tst_taint.c:15: TBROK: Failed to open FILE '/proc/sys/kernel/tainted'
for reading: ENOENT (2)
tst_pid.c:43: TBROK: Failed to open FILE '/proc/sys/kernel/pid_max'
for reading: ENOENT (2)

arm64 juno-r2 kernel crash log while booting.

Starting kernel ...

[    0.000000] Booting Linux on physical CPU 0x0000000100 [0x410fd033]
[    0.000000] Linux version 5.16.0-rc5-next-20211217
(tuxmake at tuxmake) (aarch64-linux-gnu-gcc (Debian 11.2.0-9) 11.2.0, GNU
ld (GNU Binutils for Debian) 2.37) #1 SMP PREEMPT @1639749733
[    0.000000] Machine model: ARM Juno development board (r2)
<trim>
[    2.191774] hw perfevents: enabled with armv8_cortex_a72 PMU
driver, 7 counters available
[    2.201822] sysctl duplicate entry: /kernel//perf_user_access
[    2.207718] CPU: 2 PID: 1 Comm: swapper/0 Not tainted
5.16.0-rc5-next-20211217 #1
[    2.215235] Hardware name: ARM Juno development board (r2) (DT)
[    2.221175] Call trace:
[    2.223629]  dump_backtrace+0x228/0x240
[    2.227493]  show_stack+0x24/0x80
[    2.230827]  dump_stack_lvl+0x8c/0xb8
[    2.234515]  dump_stack+0x1c/0x38
[    2.237851]  __register_sysctl_table+0x520/0xa30
[    2.242499]  register_sysctl+0x2c/0x40
[    2.246273]  armv8_a53_pmu_init+0x21c/0x264
[    2.250481]  arm_pmu_device_probe+0x254/0x6e0
[    2.254867]  armv8_pmu_device_probe+0x28/0x34
[    2.259248]  platform_probe+0x98/0x120
[    2.263018]  really_probe+0x11c/0x684
[    2.266705]  __driver_probe_device+0x194/0x22c
[    2.271177]  driver_probe_device+0x68/0x150
[    2.275386]  __driver_attach+0x124/0x260
[    2.279335]  bus_for_each_dev+0xf0/0x160
[    2.283281]  driver_attach+0x40/0x50
[    2.286880]  bus_add_driver+0x20c/0x300
[    2.290739]  driver_register+0xf8/0x21c
[    2.294601]  __platform_driver_register+0x50/0x60
[    2.299328]  armv8_pmu_driver_init+0x40/0x60
[    2.303623]  do_one_initcall+0xa8/0x3ec
[    2.307480]  kernel_init_freeable+0x300/0x388
[    2.311864]  kernel_init+0x30/0x15c
[    2.315374]  ret_from_fork+0x10/0x20
[    2.320928] hw perfevents: enabled with armv8_cortex_a53 PMU
driver, 7 counters available
[    2.329472] kvm [1]: IPA Size Limit: 40 bits
[    2.342423] kvm [1]: vgic interrupt IRQ9
[    2.347393] kvm [1]: Hyp mode initialized successfully
[    2.362544] Initialise system trusted keyrings
[    2.368278] workingset: timestamp_bits=42 max_order=21 bucket_order=0
[    2.428029] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[    2.439945] NFS: Registering the id_resolver key type
[    2.445176] Key type id_resolver registered
[    2.449411] Key type id_legacy registered
[    2.454010] nfs4filelayout_init: NFSv4 File Layout Driver Registering...
[    2.460773] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver
Registering...
[    2.469105] 9p: Installing v9fs 9p2000 file system support
[    2.515228] NET: Registered PF_ALG protocol family
[    2.520108] Key type asymmetric registered
[    2.524277] Asymmetric key parser 'x509' registered
[    2.529923] Block layer SCSI generic (bsg) driver version 0.4
loaded (major 244)
[    2.537382] io scheduler mq-deadline registered
[    2.541964] io scheduler kyber registered
[    2.631942] pl061_gpio 1c1d0000.gpio: PL061 GPIO chip registered
[    2.653688] pci-host-generic 40000000.pcie: host bridge
/pcie at 40000000 ranges:
[    2.661162] pci-host-generic 40000000.pcie:       IO
0x005f800000..0x005fffffff -> 0x0000000000
[    2.670092] pci-host-generic 40000000.pcie:      MEM
0x0050000000..0x0057ffffff -> 0x0050000000
[    2.678953] pci-host-generic 40000000.pcie:      MEM
0x4000000000..0x40ffffffff -> 0x4000000000
[    2.687901] pci-host-generic 40000000.pcie:   IB MEM
0x002c1c0000..0x002c1fffff -> 0x002c1c0000
[    2.696819] pci-host-generic 40000000.pcie:   IB MEM
0x0080000000..0x00ffffffff -> 0x0080000000
[    2.705670] pci-host-generic 40000000.pcie:   IB MEM
0x0800000000..0x09ffffffff -> 0x0800000000
[    2.793723] pci-host-generic 40000000.pcie: ECAM at [mem
0x40000000-0x4fffffff] for [bus 00-ff]
[    2.803466] pci-host-generic 40000000.pcie: PCI host bridge to bus 0000:00
[    2.810427] pci_bus 0000:00: root bus resource [bus 00-ff]
[    2.816008] pci_bus 0000:00: root bus resource [io  0x0000-0x7fffff]
[    2.822435] pci_bus 0000:00: root bus resource [mem 0x50000000-0x57ffffff]
[    2.829384] pci_bus 0000:00: root bus resource [mem
0x4000000000-0x40ffffffff pref]
[    2.837252] pci 0000:00:00.0: [1556:1100] type 01 class 0x060400
[    2.843508] pci 0000:00:00.0: reg 0x10: [mem 0x00000000-0x00003fff
64bit pref]
[    2.851351] pci 0000:00:00.0: supports D1 D2
[    2.855676] pci 0000:00:00.0: PME# supported from D0 D1 D2 D3hot D3cold
[    2.868561] pci 0000:00:00.0: bridge configuration invalid ([bus
00-00]), reconfiguring
[    2.877468] pci 0000:01:00.0: [111d:8090] type 01 class 0x060400
[    2.883811] pci 0000:01:00.0: enabling Extended Tags
[    2.889300] pci 0000:01:00.0: PME# supported from D0 D3hot D3cold
[    2.912035] pci 0000:01:00.0: bridge configuration invalid ([bus
00-00]), reconfiguring
[    2.921096] pci 0000:02:01.0: [111d:8090] type 01 class 0x060400
[    2.927464] pci 0000:02:01.0: enabling Extended Tags
[    2.933019] pci 0000:02:01.0: PME# supported from D0 D3hot D3cold
[    2.940888] pci 0000:02:02.0: [111d:8090] type 01 class 0x060400
[    2.947239] pci 0000:02:02.0: enabling Extended Tags
[    2.952800] pci 0000:02:02.0: PME# supported from D0 D3hot D3cold
[    2.960528] pci 0000:02:03.0: [111d:8090] type 01 class 0x060400
[    2.966878] pci 0000:02:03.0: enabling Extended Tags
[    2.972510] pci 0000:02:03.0: PME# supported from D0 D3hot D3cold
[    2.981398] pci 0000:02:0c.0: [111d:8090] type 01 class 0x060400
[    2.987748] pci 0000:02:0c.0: enabling Extended Tags
[    2.993290] pci 0000:02:0c.0: PME# supported from D0 D3hot D3cold
[    3.001459] pci 0000:02:10.0: [111d:8090] type 01 class 0x060400
[    3.007800] pci 0000:02:10.0: enabling Extended Tags
[    3.013328] pci 0000:02:10.0: PME# supported from D0 D3hot D3cold
[    3.023092] pci 0000:02:1f.0: [111d:8090] type 01 class 0x060400
[    3.029441] pci 0000:02:1f.0: enabling Extended Tags
[    3.035006] pci 0000:02:1f.0: PME# supported from D0 D3hot D3cold
[    3.042616] pci 0000:02:01.0: bridge configuration invalid ([bus
00-00]), reconfiguring
[    3.050758] pci 0000:02:02.0: bridge configuration invalid ([bus
00-00]), reconfiguring
[    3.058875] pci 0000:02:03.0: bridge configuration invalid ([bus
00-00]), reconfiguring
[    3.066990] pci 0000:02:0c.0: bridge configuration invalid ([bus
00-00]), reconfiguring
[    3.075105] pci 0000:02:10.0: bridge configuration invalid ([bus
00-00]), reconfiguring
[    3.083220] pci 0000:02:1f.0: bridge configuration invalid ([bus
00-00]), reconfiguring
[    3.092250] pci 0000:03:00.0: [1095:3132] type 00 class 0x018000
[    3.098460] pci 0000:03:00.0: reg 0x10: [mem 0x00000000-0x0000007f 64bit]
[    3.105387] pci 0000:03:00.0: reg 0x18: [mem 0x00000000-0x00003fff 64bit]
[    3.112282] pci 0000:03:00.0: reg 0x20: [io  0x0000-0x007f]
[    3.117995] pci 0000:03:00.0: reg 0x30: [mem 0x00000000-0x0007ffff pref]
[    3.125153] pci 0000:03:00.0: supports D1 D2
[    3.130712] pci 0000:03:00.0: disabling ASPM on pre-1.1 PCIe
device.  You can enable it with 'pcie_aspm=force'
[    3.145388] pci_bus 0000:03: busn_res: [bus 03-ff] end is updated to 03
[    3.157318] pci_bus 0000:04: busn_res: [bus 04-ff] end is updated to 04
[    3.169246] pci_bus 0000:05: busn_res: [bus 05-ff] end is updated to 05
[    3.181213] pci_bus 0000:06: busn_res: [bus 06-ff] end is updated to 06
[    3.193081] pci_bus 0000:07: busn_res: [bus 07-ff] end is updated to 07
[    3.200561] pci 0000:08:00.0: [11ab:4380] type 00 class 0x020000
[    3.206755] pci 0000:08:00.0: reg 0x10: [mem 0x00000000-0x00003fff 64bit]
[    3.213669] pci 0000:08:00.0: reg 0x18: [io  0x0000-0x00ff]
[    3.219884] pci 0000:08:00.0: supports D1 D2
[    3.224209] pci 0000:08:00.0: PME# supported from D0 D1 D2 D3hot D3cold
[    3.237040] pci_bus 0000:08: busn_res: [bus 08-ff] end is updated to 08
[    3.243744] pci_bus 0000:02: busn_res: [bus 02-ff] end is updated to 08
[    3.250445] pci_bus 0000:01: busn_res: [bus 01-ff] end is updated to 08
[    3.257237] pci 0000:00:00.0: BAR 14: assigned [mem 0x50000000-0x501fffff]
[    3.264190] pci 0000:00:00.0: BAR 0: assigned [mem
0x4000000000-0x4000003fff 64bit pref]
[    3.272421] pci 0000:00:00.0: BAR 13: assigned [io  0x1000-0x2fff]
[    3.278807] pci 0000:01:00.0: BAR 14: assigned [mem 0x50000000-0x501fffff]
[    3.285768] pci 0000:01:00.0: BAR 13: assigned [io  0x1000-0x2fff]
[    3.292159] pci 0000:02:01.0: BAR 14: assigned [mem 0x50000000-0x500fffff]
[    3.299105] pci 0000:02:1f.0: BAR 14: assigned [mem 0x50100000-0x501fffff]
[    3.306048] pci 0000:02:01.0: BAR 13: assigned [io  0x1000-0x1fff]
[    3.312295] pci 0000:02:1f.0: BAR 13: assigned [io  0x2000-0x2fff]
[    3.318657] pci 0000:03:00.0: BAR 6: assigned [mem
0x50000000-0x5007ffff pref]
[    3.325957] pci 0000:03:00.0: BAR 2: assigned [mem
0x50080000-0x50083fff 64bit]
[    3.333419] pci 0000:03:00.0: BAR 0: assigned [mem
0x50084000-0x5008407f 64bit]
[    3.340857] pci 0000:03:00.0: BAR 4: assigned [io  0x1000-0x107f]
[    3.347089] pci 0000:02:01.0: PCI bridge to [bus 03]
[    3.352118] pci 0000:02:01.0:   bridge window [io  0x1000-0x1fff]
[    3.358296] pci 0000:02:01.0:   bridge window [mem 0x50000000-0x500fffff]
[    3.365221] pci 0000:02:02.0: PCI bridge to [bus 04]
[    3.370319] pci 0000:02:03.0: PCI bridge to [bus 05]
[    3.375415] pci 0000:02:0c.0: PCI bridge to [bus 06]
[    3.380514] pci 0000:02:10.0: PCI bridge to [bus 07]
[    3.385703] pci 0000:08:00.0: BAR 0: assigned [mem
0x50100000-0x50103fff 64bit]
[    3.393160] pci 0000:08:00.0: BAR 2: assigned [io  0x2000-0x20ff]
[    3.399426] pci 0000:02:1f.0: PCI bridge to [bus 08]
[    3.404456] pci 0000:02:1f.0:   bridge window [io  0x2000-0x2fff]
[    3.410634] pci 0000:02:1f.0:   bridge window [mem 0x50100000-0x501fffff]
[    3.417533] pci 0000:01:00.0: PCI bridge to [bus 02-08]
[    3.422824] pci 0000:01:00.0:   bridge window [io  0x1000-0x2fff]
[    3.429001] pci 0000:01:00.0:   bridge window [mem 0x50000000-0x501fffff]
[    3.435901] pci 0000:00:00.0: PCI bridge to [bus 01-08]
[    3.441190] pci 0000:00:00.0:   bridge window [io  0x1000-0x2fff]
[    3.447362] pci 0000:00:00.0:   bridge window [mem 0x50000000-0x501fffff]
[    3.476228] EINJ: ACPI disabled.
[    3.623896] Serial: 8250/16550 driver, 16 ports, IRQ sharing enabled
[    3.665227] SuperH (H)SCI(F) driver initialized
[    3.673416] msm_serial: driver initialized
[    3.686482] arm-smmu 2b500000.iommu: probing hardware configuration...
[    3.693103] arm-smmu 2b500000.iommu: SMMUv1 with:
[    3.697866] arm-smmu 2b500000.iommu: stage 2 translation
[    3.703321] arm-smmu 2b500000.iommu: coherent table walk
[    3.708856] arm-smmu 2b500000.iommu: stream matching with 32 register groups
[    3.716063] arm-smmu 2b500000.iommu: 4 context banks (4 stage-2 only)
[    3.722660] arm-smmu 2b500000.iommu: Supported page sizes: 0x60211000
[    3.729248] arm-smmu 2b500000.iommu: Stage-2: 40-bit IPA -> 40-bit PA
[    3.739538] arm-smmu 7fb00000.iommu: probing hardware configuration...
[    3.746128] arm-smmu 7fb00000.iommu: SMMUv1 with:
[    3.750887] arm-smmu 7fb00000.iommu: stage 2 translation
[    3.756361] arm-smmu 7fb00000.iommu: coherent table walk
[    3.761824] arm-smmu 7fb00000.iommu: stream matching with 16 register groups
[    3.769028] arm-smmu 7fb00000.iommu: 4 context banks (4 stage-2 only)
[    3.775623] arm-smmu 7fb00000.iommu: Supported page sizes: 0x60211000
[    3.782233] arm-smmu 7fb00000.iommu: Stage-2: 40-bit IPA -> 40-bit PA
[    3.790366] arm-smmu 7fb10000.iommu: probing hardware configuration...
[    3.796958] arm-smmu 7fb10000.iommu: SMMUv1 with:
[    3.801717] arm-smmu 7fb10000.iommu: stage 2 translation
[    3.807170] arm-smmu 7fb10000.iommu: non-coherent table walk
[    3.812972] arm-smmu 7fb10000.iommu: (IDR0.CTTW overridden by FW
configuration)
[    3.820529] arm-smmu 7fb10000.iommu: stream matching with 2 register groups
[    3.827647] arm-smmu 7fb10000.iommu: 1 context banks (1 stage-2 only)
[    3.834326] arm-smmu 7fb10000.iommu: Supported page sizes: 0x60211000
[    3.840917] arm-smmu 7fb10000.iommu: Stage-2: 40-bit IPA -> 40-bit PA
[    3.849014] arm-smmu 7fb20000.iommu: probing hardware configuration...
[    3.855605] arm-smmu 7fb20000.iommu: SMMUv1 with:
[    3.860365] arm-smmu 7fb20000.iommu: stage 2 translation
[    3.865818] arm-smmu 7fb20000.iommu: non-coherent table walk
[    3.871620] arm-smmu 7fb20000.iommu: (IDR0.CTTW overridden by FW
configuration)
[    3.879099] arm-smmu 7fb20000.iommu: stream matching with 2 register groups
[    3.886253] arm-smmu 7fb20000.iommu: 1 context banks (1 stage-2 only)
[    3.892849] arm-smmu 7fb20000.iommu: Supported page sizes: 0x60211000
[    3.899436] arm-smmu 7fb20000.iommu: Stage-2: 40-bit IPA -> 40-bit PA
[    3.907530] arm-smmu 7fb30000.iommu: probing hardware configuration...
[    3.914119] arm-smmu 7fb30000.iommu: SMMUv1 with:
[    3.918878] arm-smmu 7fb30000.iommu: stage 2 translation
[    3.924331] arm-smmu 7fb30000.iommu: coherent table walk
[    3.929792] arm-smmu 7fb30000.iommu: stream matching with 2 register groups
[    3.936908] arm-smmu 7fb30000.iommu: 1 context banks (1 stage-2 only)
[    3.943523] arm-smmu 7fb30000.iommu: Supported page sizes: 0x60211000
[    3.950111] arm-smmu 7fb30000.iommu: Stage-2: 40-bit IPA -> 40-bit PA
[    4.004593] loop: module loaded
[    4.016062] megasas: 07.719.03.00-rc1
[    4.029694] sata_sil24 0000:03:00.0: Adding to iommu group 0
[    4.037159] pci 0000:00:00.0: enabling device (0000 -> 0003)
[    4.042945] pci 0000:01:00.0: enabling device (0000 -> 0003)
[    4.048726] pci 0000:02:01.0: enabling device (0000 -> 0003)
[    4.054489] sata_sil24 0000:03:00.0: enabling device (0000 -> 0003)
[    4.069542] scsi host0: sata_sil24
[    4.077595] scsi host1: sata_sil24
[    4.082454] ata1: SATA max UDMA/100 host m128 at 0x50084000 port
0x50080000 irq 53
[    4.089834] ata2: SATA max UDMA/100 host m128 at 0x50084000 port
0x50082000 irq 53
[    4.127375] libphy: Fixed MDIO Bus: probed
[    4.147584] thunder_xcv, ver 1.0
[    4.151216] thunder_bgx, ver 1.0
[    4.154892] nicpf, ver 1.0
[    4.167502] hclge is initializing
[    4.170980] hns3: Hisilicon Ethernet Network Driver for Hip08
Family - version
[    4.178262] hns3: Copyright (c) 2017 Huawei Corporation.
[    4.184055] e1000: Intel(R) PRO/1000 Network Driver
[    4.188985] e1000: Copyright (c) 1999-2006 Intel Corporation.
[    4.195196] e1000e: Intel(R) PRO/1000 Network Driver
[    4.200212] e1000e: Copyright(c) 1999 - 2015 Intel Corporation.
[    4.206602] igb: Intel(R) Gigabit Ethernet Network Driver
[    4.212079] igb: Copyright (c) 2007-2014 Intel Corporation.
[    4.218093] igbvf: Intel(R) Gigabit Virtual Function Network Driver
[    4.224416] igbvf: Copyright (c) 2009 - 2012 Intel Corporation.
[    4.232850] sky2: driver version 1.30
[    4.238276] sky2 0000:08:00.0: Adding to iommu group 0
[    4.244144] pci 0000:02:1f.0: enabling device (0000 -> 0003)
[    4.249918] sky2 0000:08:00.0: enabling device (0000 -> 0003)
[    4.256092] sky2 0000:08:00.0: Yukon-2 UL 2 chip revision 0
[    4.261855] sky2 0000:08:00.0: Invalid MAC address, defaulting to random
[    4.272572] sky2 0000:08:00.0 eth0: addr ba:6d:65:73:db:e5
[    4.278606] QLogic FastLinQ 4xxxx Core Module qed
[    4.283375] qede init: QLogic FastLinQ 4xxxx Ethernet Driver qede
[    4.326539] libphy: smsc911x-mdio: probed
[    4.333293] smsc911x 18000000.ethernet eth1: MAC Address: 00:02:f7:00:66:df
[    4.344531] usbcore: registered new interface driver asix
[    4.350213] usbcore: registered new interface driver ax88179_178a
[    4.357666] VFIO - User Level meta-driver version: 0.3
[    4.376743] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[    4.383410] ehci-pci: EHCI PCI platform driver
[    4.388190] ehci-platform: EHCI generic platform driver
[    4.395070] ehci-platform 7ffc0000.usb: Adding to iommu group 1
[    4.402738] ehci-platform 7ffc0000.usb: EHCI Host Controller
[    4.408554] ehci-platform 7ffc0000.usb: new USB bus registered,
assigned bus number 1
[    4.417545] ehci-platform 7ffc0000.usb: irq 44, io mem 0x7ffc0000
[    4.439375] ehci-platform 7ffc0000.usb: USB 2.0 started, EHCI 1.00
[    4.451188] hub 1-0:1.0: USB hub found
[    4.455356] hub 1-0:1.0: 1 port detected
[    4.462281] ehci-orion: EHCI orion driver
[    4.467189] ehci-exynos: EHCI Exynos driver
[    4.472157] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[    4.478454] ohci-pci: OHCI PCI platform driver
[    4.483333] ohci-platform: OHCI generic platform driver
[    4.490060] ohci-platform 7ffb0000.usb: Adding to iommu group 1
[    4.496683] ohci-platform 7ffb0000.usb: Generic Platform OHCI controller
[    4.503532] ohci-platform 7ffb0000.usb: new USB bus registered,
assigned bus number 2
[    4.512246] ohci-platform 7ffb0000.usb: irq 43, io mem 0x7ffb0000
[    4.600271] hub 2-0:1.0: USB hub found
[    4.604395] hub 2-0:1.0: 1 port detected
[    4.611427] ohci-exynos: OHCI Exynos driver
[    4.619443] usbcore: registered new interface driver usb-storage
[    4.649441] rtc-pl031 1c170000.rtc: registered as rtc0
[    4.654710] rtc-pl031 1c170000.rtc: setting system clock to
2021-12-18T15:25:29 UTC (1639841129)
[    4.668155] i2c_dev: i2c /dev entries driver
[    4.705169] sp805-wdt 1c0f0000.watchdog: registration successful
[    4.715487] usb 1-1: new high-speed USB device number 2 using ehci-platform
[    4.739832] mmci-pl18x 1c050000.mmc: mmc0: PL180 manf 41 rev0 at
0x1c050000 irq 17,0 (pio)
[    4.775015] sdhci: Secure Digital Host Controller Interface driver
[    4.781367] sdhci: Copyright(c) Pierre Ossman
[    4.791511] Synopsys Designware Multimedia Card Interface Driver
[    4.805011] sdhci-pltfm: SDHCI platform and OF driver helper
[    4.822209] leds-syscon 1c010008.0.led: registered LED (null)
[    4.829674] leds-syscon 1c010008.1.led: registered LED (null)
[    4.836726] leds-syscon 1c010008.2.led: registered LED (null)
[    4.843752] leds-syscon 1c010008.3.led: registered LED (null)
[    4.850854] leds-syscon 1c010008.4.led: registered LED (null)
[    4.858314] leds-syscon 1c010008.5.led: registered LED (null)
[    4.865509] leds-syscon 1c010008.6.led: registered LED (null)
[    4.872520] leds-syscon 1c010008.7.led: registered LED (null)
[    4.882523] ledtrig-cpu: registered to indicate activity on CPUs
[    4.891915] hub 1-1:1.0: USB hub found
[    4.896529] hub 1-1:1.0: 4 ports detected
[    4.906827] usbcore: registered new interface driver usbhid
[    4.912467] usbhid: USB HID core driver
[    4.920845] mhu 2b1f0000.mhu: ARM MHU Mailbox registered
[    4.943934]  cs_system_cfg: CoreSight Configuration manager initialised
[    4.981366] NET: Registered PF_INET6 protocol family
[    4.995703] Segment Routing with IPv6
[    4.999593] In-situ OAM (IOAM) with IPv6
[    5.003834] NET: Registered PF_PACKET protocol family
[    5.009800] 9pnet: Installing 9P2000 support
[    5.014476] Key type dns_resolver registered
[    5.026562] registered taskstats version 1
[    5.030906] Loading compiled-in X.509 certificates
[    5.233983] pcieport 0000:00:00.0: Adding to iommu group 0
[    5.262137] sysfs: cannot create duplicate filename
'/devices/platform/40000000.pcie/pci0000:00/0000:00:00.0/msi_irqs/57'
[    5.273266] CPU: 0 PID: 81 Comm: kworker/u12:4 Not tainted
5.16.0-rc5-next-20211217 #1
[    5.281255] Hardware name: ARM Juno development board (r2) (DT)
[    5.287225] Workqueue: events_unbound deferred_probe_work_func
[    5.293171] Call trace:
[    5.295646]  dump_backtrace+0x228/0x240
[    5.299545]  show_stack+0x24/0x80
[    5.302913]  dump_stack_lvl+0x8c/0xb8
[    5.306650]  dump_stack+0x1c/0x38
[    5.310032]  sysfs_warn_dup+0x7c/0xa0
[    5.313765]  sysfs_add_file_mode_ns+0x1ac/0x1b4
[    5.318369]  sysfs_add_file_to_group+0xf0/0x160
[    5.322972]  __msi_domain_alloc_irqs+0x3f0/0x554
[    5.327662]  msi_domain_alloc_irqs_descs_locked+0x78/0x130
[    5.333225]  pci_msi_setup_msi_irqs+0x58/0x80
[    5.337656]  __pci_enable_msi_range+0x428/0x5f0
[    5.342257]  pci_alloc_irq_vectors_affinity+0x15c/0x1c0
[    5.347559]  pcie_port_device_register+0x1e0/0x564
[    5.352426]  pcie_portdrv_probe+0x5c/0x130
[    5.356593]  local_pci_probe+0x84/0x10c
[    5.360501]  pci_device_probe+0x284/0x300
[    5.364584]  really_probe+0x11c/0x684
[    5.368322]  __driver_probe_device+0x194/0x22c
[    5.372845]  driver_probe_device+0x68/0x150
[    5.377106]  __device_attach_driver+0xf8/0x180
[    5.381631]  bus_for_each_drv+0xf8/0x160
[    5.385625]  __device_attach+0x170/0x294
[    5.389624]  device_initial_probe+0x20/0x30
[    5.393886]  bus_probe_device+0xf4/0x104
[    5.397882]  deferred_probe_work_func+0x108/0x160
[    5.402667]  process_one_work+0x3c8/0x850
[    5.406745]  worker_thread+0x3d8/0x734
[    5.410559]  kthread+0x1fc/0x214
[    5.413861]  ret_from_fork+0x10/0x20
[    5.427632] ==================================================================
[    5.434888] BUG: KASAN: use-after-free in __pci_enable_msi_range+0x208/0x5f0
[    5.441983] Read of size 2 at addr ffff000826404554 by task kworker/u12:4/81
[    5.449059]
[    5.450557] CPU: 1 PID: 81 Comm: kworker/u12:4 Not tainted
5.16.0-rc5-next-20211217 #1
[    5.458507] Hardware name: ARM Juno development board (r2) (DT)
[    5.464446] Workqueue: events_unbound deferred_probe_work_func
[    5.470322] Call trace:
[    5.472776]  dump_backtrace+0x228/0x240
[    5.476635]  show_stack+0x24/0x80
[    5.479967]  dump_stack_lvl+0x8c/0xb8
[    5.483656]  print_address_description.constprop.0+0x74/0x2b8
[    5.489433]  kasan_report+0x1e8/0x250
[    5.493119]  __asan_load2+0x9c/0xc4
[    5.496629]  __pci_enable_msi_range+0x208/0x5f0
[    5.501184]  pci_alloc_irq_vectors_affinity+0x15c/0x1c0
[    5.506438]  pcie_port_device_register+0x1e0/0x564
[    5.511255]  pcie_portdrv_probe+0x5c/0x130
[    5.515376]  local_pci_probe+0x84/0x10c
[    5.519235]  pci_device_probe+0x284/0x300
[    5.523270]  really_probe+0x11c/0x684
[    5.526956]  __driver_probe_device+0x194/0x22c
[    5.531427]  driver_probe_device+0x68/0x150
[    5.535637]  __device_attach_driver+0xf8/0x180
[    5.540108]  bus_for_each_drv+0xf8/0x160
[    5.544054]  __device_attach+0x170/0x294
[    5.548002]  device_initial_probe+0x20/0x30
[    5.552212]  bus_probe_device+0xf4/0x104
[    5.556159]  deferred_probe_work_func+0x108/0x160
[    5.560890]  process_one_work+0x3c8/0x850
[    5.564923]  worker_thread+0x3d8/0x734
[    5.568693]  kthread+0x1fc/0x214
[    5.571944]  ret_from_fork+0x10/0x20
[    5.575543]
[    5.577038] Allocated by task 81:
[    5.580364]  kasan_save_stack+0x2c/0x54
[    5.584223]  __kasan_kmalloc+0xac/0x10c
[    5.588080]  kmem_cache_alloc_trace+0x220/0x3e0
[    5.592633]  msi_add_msi_desc+0x64/0x1a0
[    5.596577]  msi_setup_msi_desc+0x1b8/0x210
[    5.600782]  __pci_enable_msi_range+0x3c8/0x5f0
[    5.605337]  pci_alloc_irq_vectors_affinity+0x15c/0x1c0
[    5.610588]  pcie_port_device_register+0x1e0/0x564
[    5.615405]  pcie_portdrv_probe+0x5c/0x130
[    5.619524]  local_pci_probe+0x84/0x10c
[    5.623382]  pci_device_probe+0x284/0x300
[    5.627415]  really_probe+0x11c/0x684
[    5.631100]  __driver_probe_device+0x194/0x22c
[    5.635571]  driver_probe_device+0x68/0x150
[    5.639779]  __device_attach_driver+0xf8/0x180
[    5.644249]  bus_for_each_drv+0xf8/0x160
[    5.648194]  __device_attach+0x170/0x294
[    5.652141]  device_initial_probe+0x20/0x30
[    5.655485] atkbd serio0: keyboard reset failed on 1c060000.kmi
[    5.656348]  bus_probe_device+0xf4/0x104
[    5.666210]  deferred_probe_work_func+0x108/0x160
[    5.670941]  process_one_work+0x3c8/0x850
[    5.674971]  worker_thread+0x3d8/0x734
[    5.678740]  kthread+0x1fc/0x214
[    5.681991]  ret_from_fork+0x10/0x20
[    5.685586]
[    5.687081] Freed by task 81:
[    5.690058]  kasan_save_stack+0x2c/0x54
[    5.693915]  kasan_set_track+0x2c/0x40
[    5.697684]  kasan_set_free_info+0x28/0x50
[    5.701804]  __kasan_slab_free+0x108/0x15c
[    5.705923]  slab_free_freelist_hook+0xc0/0x220
[    5.710475]  kfree+0xe8/0x3e0
[    5.713459]  msi_free_msi_descs_range+0x12c/0x1a0
[    5.718186]  msi_domain_alloc_irqs_descs_locked+0xf0/0x130
[    5.723700]  pci_msi_setup_msi_irqs+0x58/0x80
[    5.728080]  __pci_enable_msi_range+0x428/0x5f0
[    5.732634]  pci_alloc_irq_vectors_affinity+0x15c/0x1c0
[    5.737885]  pcie_port_device_register+0x1e0/0x564
[    5.742702]  pcie_portdrv_probe+0x5c/0x130
[    5.746821]  local_pci_probe+0x84/0x10c
[    5.750679]  pci_device_probe+0x284/0x300
[    5.754712]  really_probe+0x11c/0x684
[    5.758397]  __driver_probe_device+0x194/0x22c
[    5.762867]  driver_probe_device+0x68/0x150
[    5.767076]  __device_attach_driver+0xf8/0x180
[    5.771545]  bus_for_each_drv+0xf8/0x160
[    5.775491]  __device_attach+0x170/0x294
[    5.779437]  device_initial_probe+0x20/0x30
[    5.783646]  bus_probe_device+0xf4/0x104
[    5.787592]  deferred_probe_work_func+0x108/0x160
[    5.792323]  process_one_work+0x3c8/0x850
[    5.796354]  worker_thread+0x3d8/0x734
[    5.800123]  kthread+0x1fc/0x214
[    5.803373]  ret_from_fork+0x10/0x20
[    5.806968]
[    5.808462] The buggy address belongs to the object at ffff000826404500
[    5.808462]  which belongs to the cache kmalloc-128 of size 128
[    5.821018] The buggy address is located 84 bytes inside of
[    5.821018]  128-byte region [ffff000826404500, ffff000826404580)
[    5.832708] The buggy address belongs to the page:
[    5.837513] page:(____ptrval____) refcount:1 mapcount:0
mapping:0000000000000000 index:0x0 pfn:0x8a6404
[    5.846939] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff)
[    5.853852] raw: 0bfffc0000000200 0000000000000000 dead000000000122
ffff000800002300
[    5.861625] raw: 0000000000000000 0000000000100010 00000001ffffffff
0000000000000000
[    5.869390] page dumped because: kasan: bad access detected
[    5.874978]
[    5.876472] Memory state around the buggy address:
[    5.881279]  ffff000826404400: 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00
[    5.888525]  ffff000826404480: fc fc fc fc fc fc fc fc fc fc fc fc
fc fc fc fc
[    5.895771] >ffff000826404500: fa fb fb fb fb fb fb fb fb fb fb fb
fb fb fb fb
[    5.903014]                                                  ^
[    5.908866]  ffff000826404580: fc fc fc fc fc fc fc fc fc fc fc fc
fc fc fc fc
[    5.916112]  ffff000826404600: 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00
[    5.923356] ==================================================================
[    5.930596] Disabling lock debugging due to kernel taint


Reported-by: Linux Kernel Functional Testing <lkft at linaro.org>

Test log link,
https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20211217/testrun/6919678/suite/ltp-syscalls-tests/test/add_key05/log

Test results comparison:
https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20211217/testrun/6919678/suite/ltp-syscalls-tests/test/add_key05/history/


meta data:
-----------
    git describe: next-20211215 and next-20211217
    git_repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
    git_sha: 93bf6eee76c0e716f6b32de690b1c52991547bb4
    git_short_log: 93bf6eee76c0 (\"Add linux-next specific files for 20211215\")
    target_arch: arm64
    toolchain: gcc-10
    Kconfig: https://builds.tuxbuild.com/22LCvyVwJ8E7fRfLPA2BgPKnWiR/config
    vmlinux: https://builds.tuxbuild.com/22PqZcj0pMjg0qWW8Ilyx0MhKOH/vmlinux.xz
    System.map :
https://builds.tuxbuild.com/22PqZcj0pMjg0qWW8Ilyx0MhKOH/System.map
    build log: https://builds.tuxbuild.com/22LCvyVwJ8E7fRfLPA2BgPKnWiR/


--
Linaro LKFT
https://lkft.linaro.org



More information about the linux-arm-kernel mailing list