Received: by 2002:a05:7412:31a9:b0:e2:908c:2ebd with SMTP id et41csp3436116rdb;
        Wed, 13 Sep 2023 11:58:01 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IE66xvSy41Qfaafh19FFN60T2UUxVLTrVZu2xgebgS6W+EVuf0f+Sr+e4b1QAZITHTT5rhP
X-Received: by 2002:a05:6a21:9994:b0:155:2359:e28c with SMTP id ve20-20020a056a21999400b001552359e28cmr4120600pzb.9.1694631480837;
        Wed, 13 Sep 2023 11:58:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1694631480; cv=none;
        d=google.com; s=arc-20160816;
        b=aJ1eUXvzcFiGCJme2mgcYClqJogGqiSWn2JoOjRdq1tpwKtZ4HXxuzRwEl5yQRxyNC
         Pa0uII8WZnKvG5A5QWDs07BAxV8rFlDicUXH0fhjYQ7//UTYIMjfwbqZ9AIAyVqJBENt
         4UwFN7CsEEEmFQUIyLE8+VYLEFdcJvma7sIOvx1Pd+esE+Lj2qs27CmP6GWimqL9s8EI
         KSgFZ0wSlUquq/4eM01oS+N9gAmv2NOpTwhjg7y508J1HnacYD3u6CSeyJikXrcrI2LB
         ahxMzyVrKwDJatSkXDNZKbQcHnH83JEsSv0AUGA6pKxoZ55FxXPqv7CiqcJeTGkbPIeG
         navw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:organization
         :message-id:user-agent:references:in-reply-to:subject:cc:to:from
         :date:mime-version;
        bh=oyntGZltT3fbkfMZRmcj3xXgPqRM4Yy1hsFCUry2YHI=;
        fh=Wp8y8fLe6i62bh/VlbSoAhR1wWtG/82N6+IJDIMjXw0=;
        b=supjv6zSPlXfmfdXKvdCiIEfNkTPlYZk4mmD24/uUXZQVViQcRpqrfqoCf7JvHF3xP
         NshJxBJCHG0nmkRGMSF2MY127f6aZVUmxnQXpiOUP9J/Fk2PpeAWKeKhR56MP5Nt9s4J
         HKf2ifSLMUvrJq0wKvl8iAakiUJaSAW8oBvlbFRDtOpxmIPxr3AliYidoJmA3Kgw85KO
         cA+vk/HDj7N4MBDyfnSZUpP8kYzyeTO2EuOqB/O9UB2xCb6Sovbzl8LTLFeChvK0/sXr
         GR2ho2WQdVOX/9XtJNJtFFzgZq1gMUxtUdKAHxDbx+zKqQV3xssePOYhloKxCi0rkave
         WLBg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from groat.vger.email (groat.vger.email. [23.128.96.35])
        by mx.google.com with ESMTPS id i64-20020a636d43000000b005775613e200si7530526pgc.100.2023.09.13.11.57.55
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 13 Sep 2023 11:58:00 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by groat.vger.email (Postfix) with ESMTP id 4FE848332347;
	Wed, 13 Sep 2023 11:50:37 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231963AbjIMSuS (ORCPT <rfc822;benbjiang@gmail.com> + 99 others);
        Wed, 13 Sep 2023 14:50:18 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45718 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231964AbjIMSuR (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 13 Sep 2023 14:50:17 -0400
X-Greylist: delayed 8052 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Wed, 13 Sep 2023 11:50:12 PDT
Received: from 2.mo583.mail-out.ovh.net (2.mo583.mail-out.ovh.net [178.33.109.111])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8DDE0170F
        for <linux-kernel@vger.kernel.org>; Wed, 13 Sep 2023 11:50:12 -0700 (PDT)
Received: from director10.ghost.mail-out.ovh.net (unknown [10.108.20.179])
        by mo583.mail-out.ovh.net (Postfix) with ESMTP id 846FA26A8A
        for <linux-kernel@vger.kernel.org>; Wed, 13 Sep 2023 14:01:41 +0000 (UTC)
Received: from ghost-submission-6684bf9d7b-4l8ct (unknown [10.110.103.155])
        by director10.ghost.mail-out.ovh.net (Postfix) with ESMTPS id C63AD1FE5E;
        Wed, 13 Sep 2023 14:01:40 +0000 (UTC)
Received: from RCM-web5.webmail.mail.ovh.net ([51.255.71.60])
        by ghost-submission-6684bf9d7b-4l8ct with ESMTPSA
        id b1tEL8TAAWUJJggAtgw5mw
        (envelope-from <jose.pekkarinen@foxhound.fi>); Wed, 13 Sep 2023 14:01:40 +0000
MIME-Version: 1.0
Date:   Wed, 13 Sep 2023 17:01:40 +0300
From:   =?UTF-8?Q?Jos=C3=A9_Pekkarinen?= <jose.pekkarinen@foxhound.fi>
To:     Maxime Ripard <mripard@kernel.org>
Cc:     airlied@gmail.com, daniel@ffwll.ch, christian.koenig@amd.com,
        dakr@redhat.com, boris.brezillon@collabora.com,
        alexander.deucher@amd.com, arthurgrillo@riseup.net,
        dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org,
        linux-kernel-mentees@lists.linuxfoundation.org
Subject: Re: [PATCH] drm/tests: provide exit function
In-Reply-To: <63yq44aikrrymqz5e5mg5mwwnaetud7sdxju2lgtsupq52b7hm@fydwmsm4yh54>
References: <20230913083223.28684-1-jose.pekkarinen@foxhound.fi>
 <63yq44aikrrymqz5e5mg5mwwnaetud7sdxju2lgtsupq52b7hm@fydwmsm4yh54>
User-Agent: Roundcube Webmail/1.4.13
Message-ID: <46d60d7e69c470e9550a2e7b7c750f12@foxhound.fi>
X-Sender: jose.pekkarinen@foxhound.fi
Organization: Foxhound Ltd.
X-Originating-IP: 162.247.72.199
X-Webmail-UserID: jose.pekkarinen@foxhound.fi
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: 8bit
X-Ovh-Tracer-Id: 13890508628495083174
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: -100
X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedviedrudeikedgjedvucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepggffhffvvefujghffgfkgihoihgtgfesthekjhdttderjeenucfhrhhomheplfhoshorucfrvghkkhgrrhhinhgvnhcuoehjohhsvgdrphgvkhhkrghrihhnvghnsehfohighhhouhhnugdrfhhiqeenucggtffrrghtthgvrhhnpeekhfeguddufeegvdelgedtvdffgeehvddtkeevkeejvedvgeeitdefleehtdeitdenucfkphepuddvjedrtddrtddruddpudeivddrvdegjedrjedvrdduleelpdehuddrvdehhedrjedurdeitdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeduvdejrddtrddtrddupdhmrghilhhfrhhomhepoehjohhsvgdrphgvkhhkrghrihhnvghnsehfohighhhouhhnugdrfhhiqedpnhgspghrtghpthhtohepuddprhgtphhtthhopehlihhnuhigqdhkvghrnhgvlhesvhhgvghrrdhkvghrnhgvlhdrohhrghdpoffvtefjohhsthepmhhoheekfedpmhhouggvpehsmhhtphhouhht
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Wed, 13 Sep 2023 11:50:37 -0700 (PDT)
X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable
	autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email

On 2023-09-13 12:50, Maxime Ripard wrote:
> Hi,
> 
> On Wed, Sep 13, 2023 at 11:32:23AM +0300, José Pekkarinen wrote:
>> Running drm_exec_test by modprobing the module I
>> observe the following output:
>> 
>> [  424.471936] KTAP version 1
>> [  424.471942] 1..1
>> [  424.472446]     KTAP version 1
>> [  424.472450]     # Subtest: drm_exec
>> [  424.472453]     # module: drm_exec_test
>> [  424.472459]     1..7
>> [  424.479082] 
>> ==================================================================
>> [  424.479095] BUG: KASAN: slab-use-after-free in 
>> drm_dev_put.part.0+0x4b/0x90 [drm]
>> [  424.479426] Read of size 8 at addr ffff888132d3e028 by task 
>> kunit_try_catch/1866
>> [  424.479436]
>> [  424.479442] CPU: 1 PID: 1866 Comm: kunit_try_catch Tainted: G       
>>           N 6.6.0-rc1-dirty #2
> 
> That's suspicious
> 
>> [  424.479446] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), 
>> BIOS 0.0.0 02/06/2015
>> [  424.479446] Call Trace:
>> [  424.479446]  <TASK>
>> [  424.479446]  dump_stack_lvl+0x43/0x60
>> [  424.479446]  print_report+0xcf/0x660
>> [  424.479446]  ? __virt_addr_valid+0xd9/0x160
>> [  424.479446]  ? drm_dev_put.part.0+0x4b/0x90 [drm]
>> [  424.479446]  kasan_report+0xda/0x110
>> [  424.479446]  ? drm_dev_put.part.0+0x4b/0x90 [drm]
>> [  424.479446]  drm_dev_put.part.0+0x4b/0x90 [drm]
>> [  424.479446]  release_nodes+0x83/0x160
>> [  424.479446]  devres_release_all+0xe6/0x130
>> [  424.479446]  ? __pfx_devres_release_all+0x10/0x10
>> [  424.479446]  ? mutex_unlock+0x80/0xd0
>> [  424.479446]  ? __pfx_mutex_unlock+0x10/0x10
>> [  424.479446]  device_unbind_cleanup+0x16/0xc0
>> [  424.479446]  device_release_driver_internal+0x28b/0x2e0
>> [  424.479446]  bus_remove_device+0x124/0x1d0
>> [  424.479446]  device_del+0x23d/0x580
>> [  424.479446]  ? __pfx_device_del+0x10/0x10
>> [  424.479446]  ? kasan_set_track+0x21/0x30
>> [  424.479446]  ? _raw_spin_lock_irqsave+0x98/0xf0
>> [  424.479446]  platform_device_del.part.0+0x19/0xe0
>> [  424.479446]  kunit_remove_resource+0xfa/0x140 [kunit]
>> [  424.479446]  kunit_cleanup+0x47/0xa0 [kunit]
>> [  424.479446]  ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [kunit]
>> [  424.479446]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 
>> [kunit]
>> [  424.479446]  kunit_generic_run_threadfn_adapter+0x29/0x50 [kunit]
>> [  424.479446]  kthread+0x184/0x1c0
>> [  424.479446]  ? __pfx_kthread+0x10/0x10
>> [  424.479446]  ret_from_fork+0x30/0x50
>> [  424.479446]  ? __pfx_kthread+0x10/0x10
>> [  424.479446]  ret_from_fork_asm+0x1b/0x30
>> [  424.479446]  </TASK>
>> [  424.479446]
>> [  424.479446] Allocated by task 1865:
>> [  424.479446]  kasan_save_stack+0x2f/0x50
>> [  424.479446]  kasan_set_track+0x21/0x30
>> [  424.479446]  __kasan_kmalloc+0xa6/0xb0
>> [  424.479446]  __kmalloc+0x5d/0x160
>> [  424.479446]  kunit_kmalloc_array+0x1c/0x50 [kunit]
>> [  424.479446]  drm_exec_test_init+0xef/0x260 [drm_exec_test]
>> [  424.479446]  kunit_try_run_case+0x6e/0x100 [kunit]
>> [  424.479446]  kunit_generic_run_threadfn_adapter+0x29/0x50 [kunit]
>> [  424.479446]  kthread+0x184/0x1c0
>> [  424.479446]  ret_from_fork+0x30/0x50
>> [  424.479446]  ret_from_fork_asm+0x1b/0x30
>> [  424.479446]
>> [  424.479446] Freed by task 1866:
>> [  424.479446]  kasan_save_stack+0x2f/0x50
>> [  424.479446]  kasan_set_track+0x21/0x30
>> [  424.479446]  kasan_save_free_info+0x27/0x40
>> [  424.479446]  ____kasan_slab_free+0x166/0x1c0
>> [  424.479446]  slab_free_freelist_hook+0x9f/0x1e0
>> [  424.479446]  __kmem_cache_free+0x187/0x2d0
>> [  424.479446]  kunit_remove_resource+0xfa/0x140 [kunit]
>> [  424.479446]  kunit_cleanup+0x47/0xa0 [kunit]
>> [  424.479446]  kunit_generic_run_threadfn_adapter+0x29/0x50 [kunit]
>> [  424.479446]  kthread+0x184/0x1c0
>> [  424.479446]  ret_from_fork+0x30/0x50
>> [  424.479446]  ret_from_fork_asm+0x1b/0x30
>> [  424.479446]
>> [  424.479446] The buggy address belongs to the object at 
>> ffff888132d3e000
>> [  424.479446]  which belongs to the cache kmalloc-256 of size 256
>> [  424.479446] The buggy address is located 40 bytes inside of
>> [  424.479446]  freed 256-byte region [ffff888132d3e000, 
>> ffff888132d3e100)
>> [  424.479446]
>> [  424.479446] The buggy address belongs to the physical page:
>> [  424.479446] page:0000000092ff6551 refcount:1 mapcount:0 
>> mapping:0000000000000000 index:0xffff888132d3f600 pfn:0x132d3c
>> [  424.479446] head:0000000092ff6551 order:2 entire_mapcount:0 
>> nr_pages_mapped:0 pincount:0
>> [  424.479446] ksm flags: 
>> 0x17ffffc0000840(slab|head|node=0|zone=2|lastcpupid=0x1fffff)
>> [  424.479446] page_type: 0xffffffff()
>> [  424.479446] raw: 0017ffffc0000840 ffff888100042b40 ffffea00042c8000 
>> dead000000000003
>> [  424.479446] raw: ffff888132d3f600 000000008020001f 00000001ffffffff 
>> 0000000000000000
>> [  424.479446] page dumped because: kasan: bad access detected
>> [  424.479446]
>> [  424.479446] Memory state around the buggy address:
>> [  424.479446]  ffff888132d3df00: fc fc fc fc fc fc fc fc fc fc fc fc 
>> fc fc fc fc
>> [  424.479446]  ffff888132d3df80: fc fc fc fc fc fc fc fc fc fc fc fc 
>> fc fc fc fc
>> [  424.479446] >ffff888132d3e000: fa fb fb fb fb fb fb fb fb fb fb fb 
>> fb fb fb fb
>> [  424.479446]                                   ^
>> [  424.479446]  ffff888132d3e080: fb fb fb fb fb fb fb fb fb fb fb fb 
>> fb fb fb fb
>> [  424.479446]  ffff888132d3e100: fc fc fc fc fc fc fc fc fc fc fc fc 
>> fc fc fc fc
>> [  424.479446] 
>> ==================================================================
>> [  424.481686] Disabling lock debugging due to kernel taint
>> [  424.484124]     not ok 1 sanitycheck
>> [  424.492981]     ok 2 test_lock
>> [  424.503610]     ok 3 test_lock_unlock
>> [  424.515058]     ok 4 test_duplicates
>> [  424.530453]     ok 5 test_prepare
>> [  424.539099]     ok 6 test_prepare_array
>> [  424.550730]     ok 7 test_multiple_loops
>> [  424.550743] # drm_exec: pass:6 fail:1 skip:0 total:7
>> [  424.550750] # Totals: pass:6 fail:1 skip:0 total:7
>> [  424.550756] not ok 5 drm_exec
>> 
>> The ouptut suggest the init function is allocating a drm_device
>> that is not being freed. This patch provides the function and
>> add it to the kunit_suite to produce the following result of
>> the test:
>> 
>> [ 3363.342560] KTAP version 1
>> [ 3363.342571] 1..1
>> [ 3363.343090]     KTAP version 1
>> [ 3363.343095]     # Subtest: drm_exec
>> [ 3363.343098]     # module: drm_exec_test
>> [ 3363.343103]     1..7
>> [ 3363.353659]     ok 1 sanitycheck
>> [ 3363.364281]     ok 2 test_lock
>> [ 3363.375616]     ok 3 test_lock_unlock
>> [ 3363.388741]     ok 4 test_duplicates
>> [ 3363.402544]     ok 5 test_prepare
>> [ 3363.413163]     ok 6 test_prepare_array
>> [ 3363.424614]     ok 7 test_multiple_loops
>> [ 3363.424630] # drm_exec: pass:7 fail:0 skip:0 total:7
>> [ 3363.424637] # Totals: pass:7 fail:0 skip:0 total:7
>> [ 3363.424643] ok 1 drm_exec
>> 
>> Signed-off-by: José Pekkarinen <jose.pekkarinen@foxhound.fi>
>> ---
>>  drivers/gpu/drm/tests/drm_exec_test.c | 14 ++++++++++++++
>>  1 file changed, 14 insertions(+)
>> 
>> diff --git a/drivers/gpu/drm/tests/drm_exec_test.c 
>> b/drivers/gpu/drm/tests/drm_exec_test.c
>> index 563949d777dd..7ff6bc6467d4 100644
>> --- a/drivers/gpu/drm/tests/drm_exec_test.c
>> +++ b/drivers/gpu/drm/tests/drm_exec_test.c
>> @@ -42,6 +42,19 @@ static int drm_exec_test_init(struct kunit *test)
>>  	return 0;
>>  }
>> 
>> +static void drm_exec_test_exit(struct kunit *test)
>> +{
>> +	struct drm_exec_priv *priv = test->priv;
>> +
>> +	drm_kunit_helper_free_device(test, priv->dev);
>> +	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, priv->dev);
> 
> This shouldn't be necessary at all since 4f2b0b583baa.

     Reading this suggested patch I see only references
to platform_driver_unregister, platform_device_put, and
platform_device_del, not the ones used in this patch.

     Thanks!

    José.