Backtraces with a log of kernel debug options turned on, including KASAN: [ 16.078426] sysfs: cannot create duplicate filename '/devices/pci0000:00/0000:00:1f.3/hdaudioC0D2/widgets' [ 16.078459] ------------[ cut here ]------------ [ 16.078472] WARNING: CPU: 2 PID: 465 at fs/sysfs/dir.c:31 sysfs_warn_dup+0x5d/0x70 [ 16.078479] Modules linked in: snd_hda_codec_hdmi(+) intel_cstate(+) snd_hda_codec_generic snd_hda_intel snd_hda_codec intel_uncore(-) snd_hwdep intel_rapl_perf snd_hda_core snd_pcm mei_me snd_timer serio_raw mei snd soundcore intel_pch_thermal acpi_pad i915 r8169 mii video [ 16.078630] CPU: 2 PID: 465 Comm: modprobe Tainted: G U 4.14.0-rc5+ #516 [ 16.078638] Hardware name: LENOVO 80MX/Lenovo E31-80, BIOS DCCN34WW(V2.03) 12/01/2015 [ 16.078645] task: ffff8801365f4040 task.stack: ffff8801372b0000 [ 16.078655] RIP: 0010:sysfs_warn_dup+0x5d/0x70 [ 16.078662] RSP: 0018:ffff8801372b7600 EFLAGS: 00010282 [ 16.078676] RAX: 000000000000005e RBX: ffff88013791e848 RCX: 0000000000000000 [ 16.078684] RDX: 000000000000005e RSI: ffff88014ddd5da8 RDI: ffffed0026e56eb6 [ 16.078691] RBP: ffff880139934710 R08: ffff88014dc16120 R09: 0000000000000000 [ 16.078699] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88013ab4cc98 [ 16.078705] R13: 0000000000000000 R14: ffff8801380356f8 R15: ffff8801372b7768 [ 16.078713] FS: 00007f1edc3b1700(0000) GS:ffff88014dc00000(0000) knlGS:0000000000000000 [ 16.078720] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 16.078727] CR2: 00007f00189c5000 CR3: 000000013f542002 CR4: 00000000003606e0 [ 16.078734] Call Trace: [ 16.078745] sysfs_create_dir_ns+0xb1/0xc0 [ 16.078755] kobject_add_internal+0x17a/0x450 [ 16.078765] kobject_add+0xeb/0x160 [ 16.078774] ? kobject_add_internal+0x450/0x450 [ 16.078783] ? kasan_unpoison_shadow+0x30/0x40 [ 16.078792] ? kmem_cache_alloc_trace+0x1c7/0x340 [ 16.078801] ? kobject_create+0x23/0x40 [ 16.078811] kobject_create_and_add+0x2c/0x60 [ 16.078833] hda_widget_sysfs_init+0x8d/0x1e0 [snd_hda_core] [ 16.078853] ? widget_tree_free.isra.2+0xd9/0xf0 [snd_hda_core] [ 16.078872] snd_hdac_refresh_widget_sysfs+0x52/0xa0 [snd_hda_core] [ 16.078898] snd_hda_codec_update_widgets+0xe/0x50 [snd_hda_codec] [ 16.078918] intel_hsw_common_init.part.25+0x6e/0x120 [snd_hda_codec_hdmi] [ 16.078940] hda_codec_driver_probe+0xb4/0x180 [snd_hda_codec] [ 16.078948] driver_probe_device+0x400/0x690 [ 16.078954] ? driver_probe_device+0x690/0x690 [ 16.078960] __driver_attach+0x126/0x130 [ 16.078965] bus_for_each_dev+0xdb/0x130 [ 16.078971] ? subsys_dev_iter_exit+0x10/0x10 [ 16.078978] ? __list_add_valid+0x29/0xa0 [ 16.078985] bus_add_driver+0x25c/0x390 [ 16.078993] driver_register+0xc6/0x170 [ 16.078999] ? 0xffffffffc0590000 [ 16.079045] do_one_initcall+0x91/0x1ee [ 16.079051] ? initcall_blacklisted+0x140/0x140 [ 16.079057] ? kasan_unpoison_shadow+0x30/0x40 [ 16.079063] ? kasan_kmalloc+0xa0/0xd0 [ 16.079069] ? kasan_unpoison_shadow+0x30/0x40 [ 16.079075] ? __asan_register_globals+0x77/0x90 [ 16.079082] do_init_module+0xe7/0x2ff [ 16.079089] load_module+0x3e1f/0x4a50 [ 16.079096] ? iov_iter_init+0x77/0xb0 [ 16.079111] ? module_frob_arch_sections+0x20/0x20 [ 16.079117] ? map_vm_area+0x5a/0x70 [ 16.079123] ? vfs_read+0x170/0x200 [ 16.079130] ? kernel_read+0x74/0xa0 [ 16.079138] ? get_user_arg_ptr.isra.21+0x70/0x70 [ 16.079145] ? SYSC_finit_module+0x14d/0x180 [ 16.079151] SYSC_finit_module+0x14d/0x180 [ 16.079157] ? SYSC_init_module+0x1b0/0x1b0 [ 16.079164] ? __fget+0x172/0x250 [ 16.079171] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 16.079179] entry_SYSCALL_64_fastpath+0x18/0xad [ 16.079184] RIP: 0033:0x7f1edbedd9f9 [ 16.079188] RSP: 002b:00007ffdebfd0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 16.079195] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1edbedd9f9 [ 16.079199] RDX: 0000000000000000 RSI: 000055dad14faf8b RDI: 0000000000000000 [ 16.079203] RBP: 00007ffdebfcfc80 R08: 0000000000000000 R09: 0000000000000000 [ 16.079207] R10: 0000000000000000 R11: 0000000000000246 R12: 000055dad2074bb0 [ 16.079211] R13: 00007ffdebfcfc60 R14: 0000000000000005 R15: 0000000000040000 [ 16.079216] Code: 85 c0 48 89 c3 74 12 b9 00 10 00 00 48 89 c2 31 f6 4c 89 e7 e8 c5 a3 ff ff 48 89 ea 48 89 de 48 c7 c7 60 2f cf 9e e8 2c 1a d4 ff <0f> ff 48 89 df 5b 5d 41 5c e9 55 1d ef ff 0f 1f 44 00 00 0f 1f [ 16.079396] ---[ end trace 018f3b7ecd051158 ]--- [ 16.079419] kobject_add_internal failed for widgets with -EEXIST, don't try to register things with the same name in the same directory. [ 16.079500] ------------[ cut here ]------------ [ 16.079508] WARNING: CPU: 2 PID: 465 at lib/kobject.c:240 kobject_add_internal+0x403/0x450 [ 16.079510] Modules linked in: snd_hda_codec_hdmi(+) intel_cstate(+) snd_hda_codec_generic snd_hda_intel snd_hda_codec intel_uncore(-) snd_hwdep intel_rapl_perf snd_hda_core snd_pcm mei_me snd_timer serio_raw mei snd soundcore intel_pch_thermal acpi_pad i915 r8169 mii video [ 16.079581] CPU: 2 PID: 465 Comm: modprobe Tainted: G U W 4.14.0-rc5+ #516 [ 16.079584] Hardware name: LENOVO 80MX/Lenovo E31-80, BIOS DCCN34WW(V2.03) 12/01/2015 [ 16.079592] task: ffff8801365f4040 task.stack: ffff8801372b0000 [ 16.079601] RIP: 0010:kobject_add_internal+0x403/0x450 [ 16.079608] RSP: 0018:ffff8801372b7648 EFLAGS: 00010286 [ 16.079617] RAX: 000000000000007c RBX: ffff8801492ac368 RCX: 0000000000000000 [ 16.079621] RDX: 000000000000007c RSI: dffffc0000000000 RDI: ffffed0026e56ebf [ 16.079625] RBP: ffff8801377a5148 R08: ffff88014dc16200 R09: 0000000000000000 [ 16.079629] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801380356f8 [ 16.079633] R13: ffffffff9ef97480 R14: 00000000ffffffef R15: ffff8801372b7768 [ 16.079638] FS: 00007f1edc3b1700(0000) GS:ffff88014dc00000(0000) knlGS:0000000000000000 [ 16.079642] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 16.079649] CR2: 00007f00189c5000 CR3: 000000013f542002 CR4: 00000000003606e0 [ 16.079656] Call Trace: [ 16.079666] kobject_add+0xeb/0x160 [ 16.079676] ? kobject_add_internal+0x450/0x450 [ 16.079682] ? kasan_unpoison_shadow+0x30/0x40 [ 16.079689] ? kmem_cache_alloc_trace+0x1c7/0x340 [ 16.079695] ? kobject_create+0x23/0x40 [ 16.079702] kobject_create_and_add+0x2c/0x60 [ 16.079719] hda_widget_sysfs_init+0x8d/0x1e0 [snd_hda_core] [ 16.079737] ? widget_tree_free.isra.2+0xd9/0xf0 [snd_hda_core] [ 16.079753] snd_hdac_refresh_widget_sysfs+0x52/0xa0 [snd_hda_core] [ 16.079776] snd_hda_codec_update_widgets+0xe/0x50 [snd_hda_codec] [ 16.079792] intel_hsw_common_init.part.25+0x6e/0x120 [snd_hda_codec_hdmi] [ 16.079814] hda_codec_driver_probe+0xb4/0x180 [snd_hda_codec] [ 16.079822] driver_probe_device+0x400/0x690 [ 16.079829] ? driver_probe_device+0x690/0x690 [ 16.079834] __driver_attach+0x126/0x130 [ 16.079840] bus_for_each_dev+0xdb/0x130 [ 16.079846] ? subsys_dev_iter_exit+0x10/0x10 [ 16.079853] ? __list_add_valid+0x29/0xa0 [ 16.079860] bus_add_driver+0x25c/0x390 [ 16.079869] driver_register+0xc6/0x170 [ 16.079874] ? 0xffffffffc0590000 [ 16.079879] do_one_initcall+0x91/0x1ee [ 16.079885] ? initcall_blacklisted+0x140/0x140 [ 16.079891] ? kasan_unpoison_shadow+0x30/0x40 [ 16.079897] ? kasan_kmalloc+0xa0/0xd0 [ 16.079903] ? kasan_unpoison_shadow+0x30/0x40 [ 16.079909] ? __asan_register_globals+0x77/0x90 [ 16.079916] do_init_module+0xe7/0x2ff [ 16.079924] load_module+0x3e1f/0x4a50 [ 16.079930] ? iov_iter_init+0x77/0xb0 [ 16.079945] ? module_frob_arch_sections+0x20/0x20 [ 16.079951] ? map_vm_area+0x5a/0x70 [ 16.079958] ? vfs_read+0x170/0x200 [ 16.079964] ? kernel_read+0x74/0xa0 [ 16.079972] ? get_user_arg_ptr.isra.21+0x70/0x70 [ 16.079980] ? SYSC_finit_module+0x14d/0x180 [ 16.079986] SYSC_finit_module+0x14d/0x180 [ 16.079992] ? SYSC_init_module+0x1b0/0x1b0 [ 16.079999] ? __fget+0x172/0x250 [ 16.080032] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 16.080039] entry_SYSCALL_64_fastpath+0x18/0xad [ 16.080044] RIP: 0033:0x7f1edbedd9f9 [ 16.080047] RSP: 002b:00007ffdebfd0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 16.080055] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1edbedd9f9 [ 16.080059] RDX: 0000000000000000 RSI: 000055dad14faf8b RDI: 0000000000000000 [ 16.080063] RBP: 00007ffdebfcfc80 R08: 0000000000000000 R09: 0000000000000000 [ 16.080067] R10: 0000000000000000 R11: 0000000000000246 R12: 000055dad2074bb0 [ 16.080071] R13: 00007ffdebfcfc60 R14: 0000000000000005 R15: 0000000000040000 [ 16.080076] Code: 85 ff 0f 84 09 fd ff ff e9 97 fc ff ff 48 89 df e8 e3 eb 76 ff 48 8b 13 48 c7 c6 a0 79 f9 9e 48 c7 c7 00 76 f9 9e e8 86 ac 5b ff <0f> ff e9 e5 fd ff ff 0f 0b 0f 0b 0f 0b 0f ff e9 7c ff ff ff 0f [ 16.080257] ---[ end trace 018f3b7ecd051159 ]--- [ 16.080262] kobject_create_and_add: kobject_add error: -17 [ 16.080268] kobject: 'widgets' (ffff8801492ac368): kobject_release, parent (null) (delayed 3000) [ 16.080301] snd_hda_codec_hdmi hdaudioC0D2: failed to init sysfs: -12 [ 16.090030] ================================================================== [ 16.095399] BUG: KASAN: slab-out-of-bounds in hdmi_parse_codec+0x169/0x780 [snd_hda_codec_hdmi] [ 16.100329] Read of size 4 at addr ffff8801490602e0 by task modprobe/465 [ 16.110067] CPU: 2 PID: 465 Comm: modprobe Tainted: G U W 4.14.0-rc5+ #516 [ 16.110075] Hardware name: LENOVO 80MX/Lenovo E31-80, BIOS DCCN34WW(V2.03) 12/01/2015 [ 16.110089] Call Trace: [ 16.110128] dump_stack+0x5f/0x90 [ 16.110140] print_address_description+0xd0/0x270 [ 16.110161] ? hdmi_parse_codec+0x169/0x780 [snd_hda_codec_hdmi] [ 16.110170] kasan_report+0x227/0x340 [ 16.110188] hdmi_parse_codec+0x169/0x780 [snd_hda_codec_hdmi] [ 16.110200] ? trace_hardirqs_on_caller+0x17a/0x250 [ 16.110210] ? regmap_format_4_12_write+0x50/0x50 [ 16.110226] ? hdmi_pin_hbr_setup+0x140/0x140 [snd_hda_codec_hdmi] [ 16.110235] ? wait_for_completion+0x250/0x250 [ 16.110256] ? hda_reg_write+0x14f/0x2f0 [snd_hda_core] [ 16.110266] ? regmap_format_4_12_write+0x50/0x50 [ 16.110274] ? regmap_write+0x95/0xa0 [ 16.110293] parse_intel_hdmi+0x15/0xb0 [snd_hda_codec_hdmi] [ 16.110317] hda_codec_driver_probe+0xb4/0x180 [snd_hda_codec] [ 16.110329] driver_probe_device+0x400/0x690 [ 16.110339] ? driver_probe_device+0x690/0x690 [ 16.110347] __driver_attach+0x126/0x130 [ 16.110356] bus_for_each_dev+0xdb/0x130 [ 16.110365] ? subsys_dev_iter_exit+0x10/0x10 [ 16.110375] ? __list_add_valid+0x29/0xa0 [ 16.110385] bus_add_driver+0x25c/0x390 [ 16.110396] driver_register+0xc6/0x170 [ 16.110405] ? 0xffffffffc0590000 [ 16.110413] do_one_initcall+0x91/0x1ee [ 16.110422] ? initcall_blacklisted+0x140/0x140 [ 16.110431] ? kasan_unpoison_shadow+0x30/0x40 [ 16.110439] ? kasan_kmalloc+0xa0/0xd0 [ 16.110449] ? kasan_unpoison_shadow+0x30/0x40 [ 16.110457] ? __asan_register_globals+0x77/0x90 [ 16.110467] do_init_module+0xe7/0x2ff [ 16.110477] load_module+0x3e1f/0x4a50 [ 16.110487] ? iov_iter_init+0x77/0xb0 [ 16.110504] ? module_frob_arch_sections+0x20/0x20 [ 16.110512] ? map_vm_area+0x5a/0x70 [ 16.110522] ? vfs_read+0x170/0x200 [ 16.110531] ? kernel_read+0x74/0xa0 [ 16.110542] ? get_user_arg_ptr.isra.21+0x70/0x70 [ 16.110553] ? SYSC_finit_module+0x14d/0x180 [ 16.110561] SYSC_finit_module+0x14d/0x180 [ 16.110569] ? SYSC_init_module+0x1b0/0x1b0 [ 16.110578] ? __fget+0x172/0x250 [ 16.110588] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 16.110598] entry_SYSCALL_64_fastpath+0x18/0xad [ 16.110606] RIP: 0033:0x7f1edbedd9f9 [ 16.110612] RSP: 002b:00007ffdebfd0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 16.110624] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1edbedd9f9 [ 16.110631] RDX: 0000000000000000 RSI: 000055dad14faf8b RDI: 0000000000000000 [ 16.110639] RBP: 00007ffdebfcfc80 R08: 0000000000000000 R09: 0000000000000000 [ 16.110646] R10: 0000000000000000 R11: 0000000000000246 R12: 000055dad2074bb0 [ 16.110652] R13: 00007ffdebfcfc60 R14: 0000000000000005 R15: 0000000000040000 [ 16.115290] Allocated by task 34: [ 16.119146] kobject: 'cstate_pkg' (ffff880148338018): kobject_uevent_env [ 16.119213] kobject: 'cstate_pkg' (ffff880148338018): fill_kobj_path: path = '/devices/cstate_pkg' [ 16.119954] save_stack+0x33/0xa0 [ 16.119963] kasan_kmalloc+0xa0/0xd0 [ 16.119971] __kmalloc+0x177/0x390 [ 16.119996] read_widget_caps.constprop.28+0x3c/0x100 [snd_hda_codec] [ 16.120017] snd_hda_codec_new+0x4e6/0x630 [snd_hda_codec] [ 16.120039] azx_probe_codecs+0x214/0x500 [snd_hda_codec] [ 16.120052] azx_probe_continue+0x669/0xe60 [snd_hda_intel] [ 16.120060] process_one_work+0x4c7/0xa80 [ 16.120068] worker_thread+0x8c/0x610 [ 16.120076] kthread+0x19f/0x1f0 [ 16.120085] ret_from_fork+0x27/0x40 [ 16.124659] Freed by task 293: [ 16.129161] save_stack+0x33/0xa0 [ 16.129170] kasan_slab_free+0x72/0xc0 [ 16.129177] kfree+0xe6/0x2e0 [ 16.129186] SyS_mount+0x98/0xd0 [ 16.129195] entry_SYSCALL_64_fastpath+0x18/0xad [ 16.133691] The buggy address belongs to the object at ffff8801490602d8 which belongs to the cache kmalloc-8 of size 8 [ 16.140671] The buggy address is located 0 bytes to the right of 8-byte region [ffff8801490602d8, ffff8801490602e0) [ 16.147656] The buggy address belongs to the page: [ 16.151407] page:ffffea0005241800 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 16.151414] flags: 0x2ffe000000008100(slab|head) [ 16.151419] raw: 2ffe000000008100 0000000000000000 0000000000000000 0000000100160016 [ 16.151423] raw: ffffea0005240f20 ffffea0005276620 ffff88014d410480 0000000000000000 [ 16.151425] page dumped because: kasan: bad access detected [ 16.151429] Memory state around the buggy address: [ 16.151432] ffff880149060180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.151435] ffff880149060200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.151438] >ffff880149060280: fc fc fc fc fc fc fc fc fc fc fc 00 fc fc fc fc [ 16.151440] ^ [ 16.151443] ffff880149060300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.151446] ffff880149060380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.151448] ==================================================================
Created attachment 260263 [details] alsa-info output
How is the procedure to reproduce? Does it happen always even at the first load of modules?
This happened on boot with a lot of the debug options turned on. Afterwards I turned off kobject debugging and I think it did not happen afterwards. Not sure if that is feasible or not, that kobject debugging would affect it. Hm.. I can try again when I get some free time.
Could you check whether forcibly re-initializing like below changes the behavior? --- a/sound/hda/hdac_device.c +++ b/sound/hda/hdac_device.c @@ -420,14 +420,14 @@ int snd_hdac_refresh_widget_sysfs(struct hdac_device *cod\ ec) { int ret; - if (device_is_registered(&codec->dev)) + if (1) hda_widget_sysfs_exit(codec); ret = snd_hdac_refresh_widgets(codec); if (ret) { dev_err(&codec->dev, "failed to refresh widget: %d\n", ret); return ret; } - if (device_is_registered(&codec->dev)) { + if (1) { ret = hda_widget_sysfs_init(codec); if (ret) { dev_err(&codec->dev, "failed to init sysfs: %d\n", ret);
Ah wait, this might be the side-effect of CONFIG_DEBUG_KOBJECT_RELEASE. It delays the release of kobject while the current code believes it's been already released (that's a valid assumption since it's never used yet, so not referenced). Please check whether the issue is reproduced even without that kconfig.
I can't get it to trigger without CONFIG_DEBUG_KOBJECT_RELEASE. I tried two times in both configs and it is 2/2 with it, and 0/2 without it.
OK, could you try the patch below? This should work around the issue with CONFIG_DEBUG_KOBJECT_RELEASE.
Created attachment 260271 [details] Fix patch
I'll try but at the moment busy with other stuff. Please feel free to ping me if no news from me in a week.