[stable-rc-5.4 and 5.5 ] WARNING: CPU: 3 PID: 2548 at /usr/src/kernel/lib/refcount.c:28 refcount_warn_saturate

From: Naresh Kamboju
Date: Tue Mar 17 2020 - 03:45:56 EST

Next message: Enric Balletbo i Serra: "Re: [PATCH v2 0/3] platform/chrome: notify: Use PD_HOST_EVENT_STATUS"
Previous message: Kishon Vijay Abraham I: "[PATCH] PCI: endpoint: functions/pci-epf-test: Fix compiler error"
Next in thread: Christian Brauner: "Re: [stable-rc-5.4 and 5.5 ] WARNING: CPU: 3 PID: 2548 at /usr/src/kernel/lib/refcount.c:28 refcount_warn_saturate"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

While running selftests binderfs_test on stable rc 5.4 and 5.5
branches the following
warning on arm64, arm, x86_64 and i386.

This warning was noticed on Linus's tree and reported [1] and then
Christian Brauner investigated this problem.

FYI, We are running selftests source from stable rc 5.5 branch.

[ 224.520090] ------------[ cut here ]------------
[ 224.521202] refcount_t: underflow; use-after-free.
[ 224.522284] WARNING: CPU: 3 PID: 2548 at
/usr/src/kernel/lib/refcount.c:28 refcount_warn_saturate+0x93/0x100
[ 224.523215] Modules linked in: cls_bpf sch_fq sch_ingress
algif_hash af_alg fuse [last unloaded: test_bpf]
[ 224.523215] CPU: 3 PID: 2548 Comm: binderfs_test Not tainted 5.5.10-rc1 #1
[ 224.526771] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.12.0-1 04/01/2014
[ 224.526771] RIP: 0010:refcount_warn_saturate+0x93/0x100
[ 224.526771] Code: 38 73 62 01 01 e8 3d c2 b6 ff 0f 0b 5d c3 80 3d
2a 73 62 01 00 75 ab 48 c7 c7 70 b0 00 92 c6 05 1a 73 62 01 01 e8 1d
c2 b6 ff <0f> 0b 5d c3 80 3d 0d 73 62 01 00 75 8b 48 c7 c7 f8 af 00 92
c6 05
[ 224.526771] RSP: 0018:ffffaaa081417c58 EFLAGS: 00010286
[ 224.526771] RAX: 0000000000000000 RBX: ffff9e77f1ed2c40 RCX: 0000000000000000
[ 224.526771] RDX: 0000000000000001 RSI: ffff9e77fbd98d48 RDI: ffff9e77fbd98d48
[ 224.526771] RBP: ffffaaa081417c58 R08: 0000000000000000 R09: 0000000000000000
[ 224.526771] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9e77fa99f400
[ 224.526771] R13: ffff9e77ee42bbc0 R14: ffff9e77f1ed2cc8 R15: ffffffff92400300
[ 224.526771] FS: 00007f9e5d8824c0(0000) GS:ffff9e77fbd80000(0000)
knlGS:0000000000000000
[ 224.526771] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 224.526771] CR2: 00007f9e5d41ff7c CR3: 000000012cbc2000 CR4: 00000000003406e0
[ 224.526771] Call Trace:
[ 224.526771] binderfs_evict_inode+0x9b/0xc0
[ 224.526771] evict+0xc8/0x190
[ 224.526771] iput+0x19c/0x2a0
[ 224.526771] ? shrink_dentry_list+0x29/0x210
[ 224.526771] dentry_unlink_inode+0x104/0x110
[ 224.526771] __dentry_kill+0xda/0x180
[ 224.526771] shrink_dentry_list+0xe3/0x210
[ 224.526771] shrink_dcache_parent+0x11c/0x200
[ 224.526771] do_one_tree+0x12/0x40
[ 224.526771] shrink_dcache_for_umount+0x2d/0x90
[ 224.526771] generic_shutdown_super+0x1f/0x120
[ 224.526771] kill_anon_super+0x12/0x30
[ 224.526771] kill_litter_super+0x23/0x30
[ 224.526771] binderfs_kill_super+0x16/0x40
[ 224.526771] deactivate_locked_super+0x43/0x70
[ 224.526771] deactivate_super+0x40/0x60
[ 224.526771] cleanup_mnt+0xbd/0x150
[ 224.526771] __cleanup_mnt+0x12/0x20
[ 224.526771] task_work_run+0x90/0xc0
[ 224.526771] exit_to_usermode_loop+0xf0/0x100
[ 224.526771] do_syscall_64+0x1bf/0x200
[ 224.526771] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 224.526771] RIP: 0033:0x7f9e5d3a30c7
[ 224.526771] Code: ad 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f
44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00
00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a1 ad 2b 00 f7 d8 64 89
01 48
[ 224.526771] RSP: 002b:00007ffc35189ee8 EFLAGS: 00000206 ORIG_RAX:
00000000000000a6
[ 224.526771] RAX: 0000000000000000 RBX: 00007f9e5d882440 RCX: 00007f9e5d3a30c7
[ 224.526771] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000000000040192c
[ 224.526771] RBP: 0000000000000002 R08: 0000000000000001 R09: 00007f9e5d3e23e0
[ 224.526771] R10: 000000000000079a R11: 0000000000000206 R12: 0000000000000001
[ 224.526771] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 224.526771] irq event stamp: 1776
[ 224.526771] hardirqs last enabled at (1775): [<ffffffff909751b8>]
console_unlock+0x458/0x5c0
[ 224.526771] hardirqs last disabled at (1776): [<ffffffff90801e9b>]
trace_hardirqs_off_thunk+0x1a/0x1c
[ 224.526771] softirqs last enabled at (1772): [<ffffffff91a00338>]
__do_softirq+0x338/0x43a
[ 224.526771] softirqs last disabled at (1761): [<ffffffff90902b28>]
irq_exit+0xb8/0xc0
[ 224.526771] ---[ end trace a9ce2ef5cd0b3086 ]---

ref:
https://lkft.validation.linaro.org/scheduler/job/1294041#L8703
https://lkft.validation.linaro.org/scheduler/job/1294145#L9569
https://lkft.validation.linaro.org/scheduler/job/1294086#L11063
https://lkft.validation.linaro.org/scheduler/job/1293967#L9551

[1] https://lore.kernel.org/linux-kselftest/CA+G9fYusdfg7PMfC9Xce-xLT7NiyKSbgojpK35GOm=Pf9jXXrA@xxxxxxxxxxxxxx/
--
Linaro LKFT
https://lkft.linaro.org

Next message: Enric Balletbo i Serra: "Re: [PATCH v2 0/3] platform/chrome: notify: Use PD_HOST_EVENT_STATUS"
Previous message: Kishon Vijay Abraham I: "[PATCH] PCI: endpoint: functions/pci-epf-test: Fix compiler error"
Next in thread: Christian Brauner: "Re: [stable-rc-5.4 and 5.5 ] WARNING: CPU: 3 PID: 2548 at /usr/src/kernel/lib/refcount.c:28 refcount_warn_saturate"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]