lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <06ed7c15-cd37-a0ce-b75e-b0c8d3188f3a@gmail.com>
Date:   Wed, 18 Jan 2023 01:38:06 -0600
From:   Frank Rowand <frowand.list@...il.com>
To:     "Rafael J. Wysocki" <rafael@...nel.org>,
        Daniel Lezcano <daniel.lezcano@...aro.org>,
        linux-pm@...r.kernel.org
Cc:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: WARNING in __thermal_cooling_device_register()

I am getting two new warning traces in v6.2-rc1 on boot that are not present in v6.1-rc1.

I have not done a bisect yet, but wanted to report the issue without further delay.

The configuration is qcom_defconfig

The system is a Qualcomm Dragon 8074

I have not done any debugging, but noted some changes to the file that contains
__thermal_cooling_device_register() since 6.1-rc1:

linux--6.2-rc> git log --oneline v6.1-rc1.. -- drivers/thermal/thermal_core.c
4748f9687caa thermal: core: fix some possible name leaks in error paths
b778b4d782d4 thermal/core: Protect thermal device operations against thermal device removal
05eeee2b51b4 thermal/core: Protect sysfs accesses to thermal operations with thermal zone mutex
1c439dec359c thermal/core: Introduce locked version of thermal_zone_device_update
30b2ae07d3d6 thermal/core: Delete device under thermal device zone lock
d35f29ed9d11 thermal/core: Destroy thermal zone device mutex in release function
e49a1e1ee078 thermal/core: fix error code in __thermal_cooling_device_register()
c408b3d1d9bb thermal: Validate new state in cur_state_store()



The stack traces are:

-----------[ cut here ]------------
WARNING: CPU: 0 PID: 31 at lib/kobject.c:718 kobject_put+0x114/0x29c
kobject: '(null)' ((ptrval)): is not initialized, yet kobject_put() is being called.
Modules linked in:
CPU: 0 PID: 31 Comm: kworker/u8:2 Not tainted 6.2.0-rc1 #1
Hardware name: Generic DT based system
Workqueue: events_unbound deferred_probe_work_func
 unwind_backtrace from show_stack+0x10/0x14
 show_stack from dump_stack_lvl+0x40/0x4c
 dump_stack_lvl from __warn+0x7c/0x15c
 __warn from warn_slowpath_fmt+0x98/0xcc
 warn_slowpath_fmt from kobject_put+0x114/0x29c
 kobject_put from __thermal_cooling_device_register+0x11c/0x388
 __thermal_cooling_device_register from __power_supply_register+0x49c/0x5dc
 __power_supply_register from devm_power_supply_register+0x54/0x90
 devm_power_supply_register from smbb_charger_probe+0x358/0x61c
 smbb_charger_probe from platform_probe+0x5c/0xb8
 platform_probe from really_probe+0xe0/0x3dc
 really_probe from __driver_probe_device+0x9c/0x208
 __driver_probe_device from driver_probe_device+0x30/0xcc
 driver_probe_device from __device_attach_driver+0xa8/0x120
 __device_attach_driver from bus_for_each_drv+0x84/0xd4
 bus_for_each_drv from __device_attach+0x108/0x1d8
 __device_attach from bus_probe_device+0x84/0x8c
 bus_probe_device from deferred_probe_work_func+0x9c/0xdc
 deferred_probe_work_func from process_one_work+0x1d4/0x510
 process_one_work from worker_thread+0x1fc/0x4d0
 worker_thread from kthread+0xf4/0x124
 kthread from ret_from_fork+0x14/0x2c
Exception stack(0xf0901fb0 to 0xf0901ff8)
1fa0:                                     00000000 00000000 00000000 00000000
1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1fe0: 00000000 00000000 00000000 00000000 00000013 00000000
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 31 at lib/refcount.c:28 __thermal_cooling_device_register+0x11c/0x388
refcount_t: underflow; use-after-free.
Modules linked in:
CPU: 0 PID: 31 Comm: kworker/u8:2 Tainted: G        W          6.2.0-rc1 #1
Hardware name: Generic DT based system
Workqueue: events_unbound deferred_probe_work_func
 unwind_backtrace from show_stack+0x10/0x14
 show_stack from dump_stack_lvl+0x40/0x4c
 dump_stack_lvl from __warn+0x7c/0x15c
 __warn from warn_slowpath_fmt+0x98/0xcc
 warn_slowpath_fmt from __thermal_cooling_device_register+0x11c/0x388
 __thermal_cooling_device_register from __power_supply_register+0x49c/0x5dc
 __power_supply_register from devm_power_supply_register+0x54/0x90
 devm_power_supply_register from smbb_charger_probe+0x358/0x61c
 smbb_charger_probe from platform_probe+0x5c/0xb8
 platform_probe from really_probe+0xe0/0x3dc
 really_probe from __driver_probe_device+0x9c/0x208
 __driver_probe_device from driver_probe_device+0x30/0xcc
 driver_probe_device from __device_attach_driver+0xa8/0x120
 __device_attach_driver from bus_for_each_drv+0x84/0xd4
 bus_for_each_drv from __device_attach+0x108/0x1d8
 __device_attach from bus_probe_device+0x84/0x8c
 bus_probe_device from deferred_probe_work_func+0x9c/0xdc
 deferred_probe_work_func from process_one_work+0x1d4/0x510
 process_one_work from worker_thread+0x1fc/0x4d0
 worker_thread from kthread+0xf4/0x124
 kthread from ret_from_fork+0x14/0x2c
Exception stack(0xf0901fb0 to 0xf0901ff8)
1fa0:                                     00000000 00000000 00000000 00000000
1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1fe0: 00000000 00000000 00000000 00000000 00000013 00000000
---[ end trace 0000000000000000 ]---


-Frank

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ