From: Shaohua Li <shli@kernel.org>
To: Andrei Vagin <avagin@gmail.com>
Cc: linux-raid@vger.kernel.org, elena.reshetova@intel.com
Subject: Re: linux-next: WARNING: CPU: 0 PID: 1 at lib/refcount.c:114 refcount_inc+0x37/0x40
Date: Fri, 10 Mar 2017 12:54:13 -0800 [thread overview]
Message-ID: <20170310205413.wjs64c4zvrqvswg7@kernel.org> (raw)
In-Reply-To: <CANaxB-xDKh+_0eR2p4rODObQPVFwNM1-vK=fmCV-jaBYpGkPAw@mail.gmail.com>
On Fri, Mar 10, 2017 at 12:01:06PM -0800, Andrei Vagin wrote:
> Hello,
>
> We run CRIU tests for linux-next kernels and here is a new issue:
>
> All logs are here: https://api.travis-ci.org/jobs/209680974/log.txt?deansi=true
> The kernel version is 4.11.0-rc1-next-20170310
Thanks for the reporting. It caused by 731d126(drivers, md: convert
mddev.active from atomic_t to refcount_t). It turns out the count doesn't match
the refcount usage. I'll drop the patch temporarily.
Thanks,
Shaohua
>
> [ 2.324763] md: Waiting for all devices to be available before autodetect
> [ 2.331707] md: If you don't use raid, use raid=noautodetect
> [ 2.338189] ------------[ cut here ]------------
> [ 2.342965] WARNING: CPU: 0 PID: 1 at lib/refcount.c:114
> refcount_inc+0x37/0x40
> [ 2.350427] refcount_t: increment on 0; use-after-free.
> [ 2.355794] Modules linked in:
> [ 2.358979] CPU: 0 PID: 1 Comm: swapper/0 Not tainted
> 4.11.0-rc1-next-20170310 #1
> [ 2.362966] Hardware name: Google Google Compute Engine/Google
> Compute Engine, BIOS Google 01/01/2011
> [ 2.362966] Call Trace:
> [ 2.362966] dump_stack+0x85/0xc9
> [ 2.362966] __warn+0xd1/0xf0
> [ 2.362966] warn_slowpath_fmt+0x4f/0x60
> [ 2.362966] refcount_inc+0x37/0x40
> [ 2.362966] mddev_find+0x1f1/0x2b0
> [ 2.362966] md_open+0x1a/0xd0
> [ 2.362966] __blkdev_get+0x85/0x4c0
> [ 2.362966] blkdev_get+0x1d3/0x340
> [ 2.362966] ? _raw_spin_unlock+0x27/0x40
> [ 2.362966] blkdev_open+0x5b/0x70
> [ 2.362966] do_dentry_open+0x213/0x330
> [ 2.362966] ? bd_acquire+0xd0/0xd0
> [ 2.362966] vfs_open+0x4f/0x80
> [ 2.362966] ? may_open+0x9b/0x100
> [ 2.362966] path_openat+0x48a/0xd50
> [ 2.362966] ? console_unlock+0x2f9/0x560
> [ 2.362966] do_filp_open+0x7e/0xd0
> [ 2.362966] ? _raw_spin_unlock+0x27/0x40
> [ 2.362966] ? __alloc_fd+0xf7/0x210
> [ 2.362966] do_sys_open+0x115/0x1f0
> [ 2.362966] SyS_open+0x1e/0x20
> [ 2.362966] md_run_setup+0x71/0x9a
> [ 2.362966] prepare_namespace+0x36/0x1a4
> [ 2.362966] kernel_init_freeable+0x254/0x269
> [ 2.362966] ? set_debug_rodata+0x12/0x12
> [ 2.362966] ? rest_init+0x140/0x140
> [ 2.362966] kernel_init+0xe/0x100
> [ 2.362966] ret_from_fork+0x31/0x40
> [ 2.482465] ---[ end trace a822b43a79b1f9f5 ]---
> [ 2.487353] md: Autodetecting RAID arrays.
> [ 2.491647] md: autorun ...
> [ 2.494592] md: ... autorun DONE.
> [ 2.503263] EXT4-fs (sda1): couldn't mount as ext3 due to feature
> incompatibilities
> [ 2.511467] ------------[ cut here ]------------
> [ 2.511477] WARNING: CPU: 0 PID: 21 at lib/refcount.c:207
> refcount_dec_not_one+0x75/0x80
> [ 2.511478] refcount_t: underflow; use-after-free.
> [ 2.511480] Modules linked in:
> [ 2.511485] CPU: 0 PID: 21 Comm: kworker/0:1 Tainted: G W
> 4.11.0-rc1-next-20170310 #1
> [ 2.511486] Hardware name: Google Google Compute Engine/Google
> Compute Engine, BIOS Google 01/01/2011
> [ 2.511490] Workqueue: events delayed_fput
> [ 2.511492] Call Trace:
> [ 2.511496] dump_stack+0x85/0xc9
> [ 2.511501] __warn+0xd1/0xf0
> [ 2.511505] warn_slowpath_fmt+0x4f/0x60
> [ 2.511509] refcount_dec_not_one+0x75/0x80
> [ 2.511511] refcount_dec_and_lock+0x16/0x50
> [ 2.511515] mddev_put+0x22/0x150
> [ 2.511517] md_release+0x21/0x30
> [ 2.511521] __blkdev_put+0x2df/0x340
> [ 2.511526] blkdev_put+0x50/0x150
> [ 2.511529] blkdev_close+0x25/0x30
> [ 2.511531] __fput+0xfa/0x230
> [ 2.511535] delayed_fput+0x25/0x30
> [ 2.511538] process_one_work+0x1e1/0x670
> [ 2.511539] ? process_one_work+0x162/0x670
> [ 2.511544] worker_thread+0x137/0x4b0
> [ 2.511546] ? trace_hardirqs_on+0xd/0x10
> [ 2.511551] kthread+0x10c/0x140
> [ 2.511552] ? process_one_work+0x670/0x670
> [ 2.511554] ? kthread_create_on_node+0x40/0x40
> [ 2.511558] ret_from_fork+0x31/0x40
> [ 2.511566] ---[ end trace a822b43a79b1f9f6 ]---
next prev parent reply other threads:[~2017-03-10 20:54 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-10 20:01 linux-next: WARNING: CPU: 0 PID: 1 at lib/refcount.c:114 refcount_inc+0x37/0x40 Andrei Vagin
2017-03-10 20:54 ` Shaohua Li [this message]
2017-03-13 10:04 ` Reshetova, Elena
2017-03-14 16:31 ` Shaohua Li
2017-03-16 18:00 ` Reshetova, Elena
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170310205413.wjs64c4zvrqvswg7@kernel.org \
--to=shli@kernel.org \
--cc=avagin@gmail.com \
--cc=elena.reshetova@intel.com \
--cc=linux-raid@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).