LinuxLists.cc - [linus:master] [mm,page_owner] 217b2119b9: WARNING:at_lib/refcount.c:#refcount_warn

2024-03-29 09:19:53

Subject: [linus:master] [mm,page_owner] 217b2119b9: WARNING:at_lib/refcount.c:#refcount_warn_saturate

Hello,

kernel test robot noticed "WARNING:at_lib/refcount.c:#refcount_warn_saturate" on:

commit: 217b2119b9e260609958db413876f211038f00ee ("mm,page_owner: implement the tracking of the stacks count")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master

[test failed on linus/master 4cece764965020c22cff7665b18a012006359095]
[test failed on linux-next/master 13ee4a7161b6fd938aef6688ff43b163f6d83e37]

in testcase: rcutorture
version:
with following parameters:

runtime: 300s
test: cpuhotplug
torture_type: tasks-rude

compiler: clang-17
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)

+-----------------------------------------------------------------+------------+------------+
| | 4bedfb314b | 217b2119b9 |
+-----------------------------------------------------------------+------------+------------+
| WARNING:at_lib/refcount.c:#refcount_warn_saturate | 0 | 114 |
| EIP:refcount_warn_saturate | 0 | 114 |
+-----------------------------------------------------------------+------------+------------+

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <[email protected]>
| Closes: https://lore.kernel.org/oe-lkp/[email protected]

[ 1.321723][ T1] ------------[ cut here ]------------
[ 1.322406][ T1] refcount_t: decrement hit 0; leaking memory.
[ 1.323164][ T1] WARNING: CPU: 0 PID: 1 at lib/refcount.c:31 refcount_warn_saturate (lib/refcount.c:31)
[ 1.324262][ T1] Modules linked in:
[ 1.324770][ T1] CPU: 0 PID: 1 Comm: swapper Not tainted 6.8.0-rc5-00257-g217b2119b9e2 #1
[ 1.325884][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 1.327143][ T1] EIP: refcount_warn_saturate (lib/refcount.c:31)
[ 1.327824][ T1] Code: 83 c4 04 0f 0b eb 09 80 3d 40 5e 2a c3 00 74 06 5d 31 c0 31 d2 c3 c6 05 40 5e 2a c3 01 68 90 59 a8 c2 e8 db 91 a2 ff 83 c4 04 <0f> 0b eb e2 90 90 90 90 55 89 e5 89 c1 31 d2 b8 01 00 00 00 0f b1
All code
========
0: 83 c4 04 add $0x4,%esp
3: 0f 0b ud2
5: eb 09 jmp 0x10
7: 80 3d 40 5e 2a c3 00 cmpb $0x0,-0x3cd5a1c0(%rip) # 0xffffffffc32a5e4e
e: 74 06 je 0x16
10: 5d pop %rbp
11: 31 c0 xor %eax,%eax
13: 31 d2 xor %edx,%edx
15: c3 ret
16: c6 05 40 5e 2a c3 01 movb $0x1,-0x3cd5a1c0(%rip) # 0xffffffffc32a5e5d
1d: 68 90 59 a8 c2 push $0xffffffffc2a85990
22: e8 db 91 a2 ff call 0xffffffffffa29202
27: 83 c4 04 add $0x4,%esp
2a:* 0f 0b ud2 <-- trapping instruction
2c: eb e2 jmp 0x10
2e: 90 nop
2f: 90 nop
30: 90 nop
31: 90 nop
32: 55 push %rbp
33: 89 e5 mov %esp,%ebp
35: 89 c1 mov %eax,%ecx
37: 31 d2 xor %edx,%edx
39: b8 01 00 00 00 mov $0x1,%eax
3e: 0f .byte 0xf
3f: b1 .byte 0xb1

Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: eb e2 jmp 0xffffffffffffffe6
4: 90 nop
5: 90 nop
6: 90 nop
7: 90 nop
8: 55 push %rbp
9: 89 e5 mov %esp,%ebp
b: 89 c1 mov %eax,%ecx
d: 31 d2 xor %edx,%edx
f: b8 01 00 00 00 mov $0x1,%eax
14: 0f .byte 0xf
15: b1 .byte 0xb1
[ 1.330164][ T1] EAX: 00000000 EBX: ffffffff ECX: 00000000 EDX: 00000000
[ 1.331017][ T1] ESI: e43cf13c EDI: e43cf140 EBP: c42c7b3c ESP: c42c7b3c
[ 1.331861][ T1] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 EFLAGS: 00010286
[ 1.332806][ T1] CR0: 80050033 CR2: ffdeb000 CR3: 033f8000 CR4: 000406d0
[ 1.333731][ T1] Call Trace:
[ 1.334175][ T1] ? show_regs (arch/x86/kernel/dumpstack.c:478)
[ 1.334721][ T1] ? refcount_warn_saturate (lib/refcount.c:31)
[ 1.335390][ T1] ? __warn (kernel/panic.c:236 kernel/panic.c:677)
[ 1.335913][ T1] ? refcount_warn_saturate (lib/refcount.c:31)
[ 1.336577][ T1] ? refcount_warn_saturate (lib/refcount.c:31)
[ 1.337253][ T1] ? report_bug (lib/bug.c:199)
[ 1.337890][ T1] ? exc_overflow (arch/x86/kernel/traps.c:251)
[ 1.338464][ T1] ? handle_bug (arch/x86/kernel/traps.c:238)
[ 1.339014][ T1] ? exc_invalid_op (arch/x86/kernel/traps.c:259)
[ 1.339612][ T1] ? handle_exception (arch/x86/entry/entry_32.S:1049)
[ 1.340246][ T1] ? exc_overflow (arch/x86/kernel/traps.c:251)
[ 1.340819][ T1] ? refcount_warn_saturate (lib/refcount.c:31)
[ 1.341496][ T1] ? exc_overflow (arch/x86/kernel/traps.c:251)
[ 1.342130][ T1] ? refcount_warn_saturate (lib/refcount.c:31)
[ 1.342796][ T1] __reset_page_owner (include/linux/refcount.h:?)
[ 1.343423][ T1] __free_pages_ok (include/linux/page_owner.h:?)
[ 1.344021][ T1] make_alloc_exact (mm/page_alloc.c:4811)
[ 1.344621][ T1] alloc_pages_exact (mm/page_alloc.c:4840)
[ 1.345228][ T1] alloc_large_system_hash (mm/mm_init.c:2530)
[ 1.345973][ T1] inet_hashinfo2_init (net/ipv4/inet_hashtables.c:1171)
[ 1.346595][ T1] tcp_init (net/ipv4/tcp.c:4707)
[ 1.347117][ T1] inet_init (net/ipv4/af_inet.c:2031)
[ 1.347657][ T1] do_one_initcall (init/main.c:1237)
[ 1.348259][ T1] ? ipv4_offload_init (net/ipv4/af_inet.c:1954)
[ 1.348879][ T1] ? blake2s_final (lib/crypto/blake2s.c:58)
[ 1.349467][ T1] ? extract_entropy (include/linux/string.h:276 drivers/char/random.c:697)
[ 1.350154][ T1] ? __lock_acquire (kernel/locking/lockdep.c:4599)
[ 1.350777][ T1] ? __lock_acquire (kernel/locking/lockdep.c:4599)
[ 1.351397][ T1] ? look_up_lock_class (kernel/locking/lockdep.c:926)
[ 1.352036][ T1] ? register_lock_class (kernel/locking/lockdep.c:1284)
[ 1.352682][ T1] ? __lock_acquire (kernel/locking/lockdep.c:4599)
[ 1.353315][ T1] ? __lock_acquire (kernel/locking/lockdep.c:4599)
[ 1.354002][ T1] ? lock_acquire (kernel/locking/lockdep.c:5754)
[ 1.354583][ T1] ? stack_depot_save_flags (lib/stackdepot.c:?)
[ 1.355268][ T1] ? stack_depot_save_flags (lib/stackdepot.c:671)
[ 1.355955][ T1] ? lock_acquire (kernel/locking/lockdep.c:5754)
[ 1.356534][ T1] ? __create_object (mm/kmemleak.c:?)
[ 1.357147][ T1] ? kmemleak_alloc (mm/kmemleak.c:764 mm/kmemleak.c:1044)
[ 1.357789][ T1] ? __create_object (mm/kmemleak.c:756)
[ 1.358387][ T1] ? next_arg (lib/cmdline.c:273)
[ 1.358938][ T1] ? parse_args (kernel/params.c:153)
[ 1.359515][ T1] do_initcall_level (init/main.c:1298)
[ 1.360114][ T1] ? rest_init (init/main.c:1435)
[ 1.360655][ T1] do_initcalls (init/main.c:1312)
[ 1.361218][ T1] ? rest_init (init/main.c:1435)
[ 1.361842][ T1] do_basic_setup (init/main.c:1335)
[ 1.362417][ T1] kernel_init_freeable (init/main.c:1555)
[ 1.363039][ T1] kernel_init (init/main.c:1445)
[ 1.363590][ T1] ret_from_fork (arch/x86/kernel/process.c:153)
[ 1.364154][ T1] ret_from_fork_asm (arch/x86/entry/entry_32.S:741)
[ 1.364745][ T1] entry_INT80_32 (arch/x86/entry/entry_32.S:947)
[ 1.365365][ T1] irq event stamp: 392969
[ 1.365990][ T1] hardirqs last enabled at (392981): console_unlock (arch/x86/include/asm/irqflags.h:19 arch/x86/include/asm/irqflags.h:67 arch/x86/include/asm/irqflags.h:127 kernel/printk/printk.c:341 kernel/printk/printk.c:2706 kernel/printk/printk.c:3038)
[ 1.367067][ T1] hardirqs last disabled at (392990): console_unlock (kernel/printk/printk.c:339)
[ 1.368145][ T1] softirqs last enabled at (392390): do_softirq_own_stack (arch/x86/kernel/irq_32.c:57 arch/x86/kernel/irq_32.c:147)
[ 1.369283][ T1] softirqs last disabled at (392381): do_softirq_own_stack (arch/x86/kernel/irq_32.c:57 arch/x86/kernel/irq_32.c:147)
[ 1.370465][ T1] ---[ end trace 0000000000000000 ]---

The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240329/[email protected]

--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki