Re: next: runtime warning after 'locking/refcounts: Out-of-line everything'

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Peter Zijlstra <peterz@infradead.org>
To: Guenter Roeck <linux@roeck-us.net>
Cc: Ingo Molnar <mingo@kernel.org>, linux-kernel@vger.kernel.org
Subject: Re: next: runtime warning after 'locking/refcounts: Out-of-line everything'
Date: Tue, 28 Feb 2017 08:52:10 +0100	[thread overview]
Message-ID: <20170228075210.GE6500@twins.programming.kicks-ass.net> (raw)
In-Reply-To: <20170227214747.GA30307@roeck-us.net>

On Mon, Feb 27, 2017 at 01:47:47PM -0800, Guenter Roeck wrote:
> Hi Peter,
> 
> I see the following runtime warning when running a 44x/virtex5_defconfig
> image in qemu (virtex-ml507).
> 
> refcount_t: underflow; use-after-free.
> ------------[ cut here ]------------
> WARNING: CPU: 0 PID: 1 at lib/refcount.c:128 refcount_sub_and_test+0x90/0xd0
> Modules linked in:
> CPU: 0 PID: 1 Comm: swapper Not tainted 4.10.0-next-20170227 #1
> task: cf81d5a0 task.stack: cf81e000
> NIP: c02100e0 LR: c02100e0 CTR: c0279970
> REGS: cf81fc90 TRAP: 0700   Not tainted  (4.10.0-next-20170227)
> MSR: 00029000 <CE,EE,ME>
> CR: 24000022  XER: 00000000
> 
> GPR00: c02100e0 cf81fd40 cf81d5a0 00000026 00000000 00000000 c027a3d0 00000000 
> GPR08: c05403bc 00000800 00000000 00000000 24000024 00000000 c0001ad0 00000000 
> GPR16: 00000000 00000000 00000000 00000000 00000000 00000000 c054b3c0 c0550000 
> GPR24: 00000000 00000000 cf948010 00000015 00000000 00000000 cf948000 cfb1c0e8 
> NIP [c02100e0] refcount_sub_and_test+0x90/0xd0
> LR [c02100e0] refcount_sub_and_test+0x90/0xd0
> Call Trace:
> [cf81fd40] [c02100e0] refcount_sub_and_test+0x90/0xd0 (unreliable)
> [cf81fd50] [c01f6564] kobject_put+0x34/0x90
> [cf81fd60] [c02ac240] ace_probe+0x410/0x450
> [cf81fda0] [c0293684] platform_drv_probe+0x44/0xc0
> [cf81fdc0] [c0291494] driver_probe_device+0x234/0x340
> [cf81fdf0] [c029166c] __driver_attach+0xcc/0xd0
> [cf81fe10] [c028eff8] bus_for_each_dev+0x68/0xc0
> [cf81fe40] [c0290838] bus_add_driver+0x208/0x280
> [cf81fe60] [c0292198] driver_register+0x88/0x140
> [cf81fe70] [c050be10] ace_init+0x48/0xa4
> [cf81fe90] [c0001350] do_one_initcall+0x40/0x180
> [cf81fef0] [c04f2ae0] kernel_init_freeable+0x134/0x1cc
> [cf81ff30] [c0001ae4] kernel_init+0x14/0x110
> [cf81ff40] [c000c3d0] ret_from_kernel_thread+0x5c/0x64
> Instruction dump:
> 40a2fff0 7f884840 7d094378 419e0044 2f89ffff 7d434850 7f0a4840 419e0018 
> 4099ffd0 3c60c04b 386393f0 4820e99d <0fe00000> 80010014 38600000 38210010 
> ---[ end trace 17bd7014e44a5b26 ]---
> xsysace 83600000.sysace: xsysace: error initializing device at 0x83600000
> xsysace 83600000.sysace: could not initialize device, err=-12
> xsysace: probe of 83600000.sysace failed with error -12
> Xilinx SystemACE device driver, major=254
> 
> The complete log is available at
> http://kerneltests.org/builders/qemu-ppc-next/builds/590/steps/qemubuildcommand/logs/stdio
> 
> Bisect points to commit 29dee3c03abc ("locking/refcounts: Out-of-line
> everything'); bisect log is attached. Reverting this commit fixes the problem.
> 
> Please let me know if there is anything I can do to help tracking down the
> problem.
> 
> [ Maybe there is a bug in the ace driver's error handler, but why is it only
>   seen with your patch applied ? ]

Because it unconditionally enables the WARNs, if you revert but enable
CONFIG_DEBUG_REFCOUNT it should show up as well.

next prev parent reply	other threads:[~2017-02-28  7:52 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-27 21:47 next: runtime warning after 'locking/refcounts: Out-of-line everything' Guenter Roeck
2017-02-28  7:52 ` Peter Zijlstra [this message]
2017-02-28 15:05   ` Guenter Roeck

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170228075210.GE6500@twins.programming.kicks-ass.net \
    --to=peterz@infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux@roeck-us.net \
    --cc=mingo@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.