Greeting, FYI, we noticed the following commit (built with gcc-9): commit: 991e40396dad0de6baa37dfc55ac620e1af7c271 ("atomic,x86: Alternative atomic_*_overflow() scheme") https://git.kernel.org/cgit/linux/kernel/git/peterz/queue.git locking/wip.refcount.crazy in testcase: kernel-selftests version: kernel-selftests-x86_64-a1616593-1_20211225 with following parameters: group: lkdtm ucode: 0xe2 test-description: The kernel contains a set of "self tests" under the tools/testing/selftests/ directory. These are intended to be small unit tests to exercise individual code paths in the kernel. test-url: https://www.kernel.org/doc/Documentation/kselftest.txt on test machine: 4 threads Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz with 32G memory caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): If you fix the issue, kindly add following tag Reported-by: kernel test robot <oliver.sang(a)intel.com&gt; # selftests: lkdtm: REFCOUNT_DEC_AND_TEST_SATURATED.sh # [ 103.660022] lkdtm: Performing direct entry REFCOUNT_DEC_AND_TEST_SATURATED # [ 103.667601] lkdtm: attempting bad refcount_dec_and_test() from saturated # [ 103.675411] ------------[ cut here ]------------ # [ 103.680968] refcount_t: underflow; use-after-free. # [ 103.686814] WARNING: CPU: 2 PID: 3577 at lib/refcount.c:33 refcount_warn_saturate+0x132/0x1c0 # [ 103.696254] Modules linked in: btrfs blake2b_generic xor raid6_pq zstd_compress libcrc32c intel_rapl_msr intel_rapl_common sd_mod t10_pi sg x86_pkg_temp_thermal ipmi_devintf intel_powerclamp i915 ipmi_msghandler mei_wdt wmi_bmof coretemp crct10dif_pclmul crc32_pclmul crc32c_intel intel_gtt ttm ghash_clmulni_intel rapl drm_kms_helper intel_cstate syscopyarea sysfillrect ahci sysimgblt fb_sys_fops mei_me libahci intel_uncore mei i2c_i801 libata intel_pch_thermal i2c_smbus wmi video intel_pmc_core acpi_pad ip_tables # [ 103.742590] CPU: 2 PID: 3577 Comm: cat Tainted: G B D W 5.16.0-rc6-00009-g991e40396dad #1 # [ 103.752622] Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.8.1 12/05/2017 # [ 103.760885] RIP: 0010:refcount_warn_saturate+0x132/0x1c0 # [ 103.767052] Code: 01 e8 d4 a9 6c 01 0f 0b eb 82 80 3d 0b 0b c1 03 00 0f 85 75 ff ff ff 48 c7 c7 80 37 28 84 c6 05 f7 0a c1 03 01 e8 b0 a9 6c 01 <0f> 0b e9 5b ff ff ff 80 3d e2 0a c1 03 00 0f 85 4e ff ff ff 48 c7 # [ 103.786637] RSP: 0018:ffffc9000ba3fc40 EFLAGS: 00010282 # [ 103.792569] RAX: 0000000000000000 RBX: ffffc9000ba3fc90 RCX: 0000000000000000 # [ 103.800400] RDX: 0000000000000001 RSI: ffffffff81567f36 RDI: fffff52001747f7a # [ 103.808216] RBP: 0000000000000003 R08: 0000000000000001 R09: ffffed10d5de6921 # [ 103.816094] R10: ffff8886aef34907 R11: ffffed10d5de6920 R12: 00000000bfffffff # [ 103.823930] R13: dffffc0000000000 R14: 00000000000003f0 R15: ffff888127b88000 # [ 103.831746] FS: 00007f9baed14540(0000) GS:ffff8886aef00000(0000) knlGS:0000000000000000 # [ 103.840541] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 # [ 103.847048] CR2: 00007f47acbe9000 CR3: 00000001277fc002 CR4: 00000000003706e0 # [ 103.854930] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 # [ 103.862792] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 # [ 103.870655] Call Trace: # [ 103.873951] <TASK> # [ 103.876809] refcount_dec_and_test+0x28/0x40 # [ 103.881854] lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED+0x72/0xb8 # [ 103.888251] ? lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED+0xbf/0xbf # [ 103.894778] direct_entry.cold+0x2f/0x6f # [ 103.899462] full_proxy_write+0xfd/0x180 # [ 103.904073] vfs_write+0x184/0x8c0 # [ 103.908209] ksys_write+0xf9/0x200 # [ 103.912314] ? __ia32_sys_read+0xc0/0xc0 # [ 103.917010] ? syscall_enter_from_user_mode+0x21/0x80 # [ 103.922801] ? syscall_enter_from_user_mode+0x21/0x80 # [ 103.928638] do_syscall_64+0x5c/0x80 # [ 103.932952] ? rcu_read_lock_bh_held+0xc0/0xc0 # [ 103.938126] ? syscall_exit_to_user_mode+0x1e/0x80 # [ 103.943615] ? trace_hardirqs_on_prepare+0x27/0x180 # [ 103.949261] ? do_syscall_64+0x69/0x80 # [ 103.953711] ? rcu_read_lock_bh_held+0xc0/0xc0 # [ 103.958853] ? irqentry_exit_to_user_mode+0xa/0x40 # [ 103.964343] ? asm_exc_page_fault+0x8/0x30 # [ 103.969139] ? trace_hardirqs_on_prepare+0x27/0x180 # [ 103.974715] entry_SYSCALL_64_after_hwframe+0x44/0xae # [ 103.980543] RIP: 0033:0x7f9baec3c504 # [ 103.984822] Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 48 8d 05 f9 61 0d 00 8b 00 85 c0 75 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 41 54 49 89 d4 55 48 89 f5 53 # [ 104.004387] RSP: 002b:00007ffdfbc66728 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 # [ 104.012686] RAX: ffffffffffffffda RBX: 0000000000000020 RCX: 00007f9baec3c504 # [ 104.020503] RDX: 0000000000000020 RSI: 00007f9bae98b000 RDI: 0000000000000001 # [ 104.028400] RBP: 00007f9bae98b000 R08: 00000000ffffffff R09: 0000000000000000 # [ 104.036262] R10: fffffffffffffb9c R11: 0000000000000246 R12: 00007f9bae98b000 # [ 104.044177] R13: 0000000000000001 R14: 0000000000000020 R15: 0000000000020000 # [ 104.052003] </TASK> # [ 104.054915] irq event stamp: 0 # [ 104.058661] hardirqs last enabled at (0): [<0000000000000000>] 0x0 # [ 104.065665] hardirqs last disabled at (0): [<ffffffff813b9467>] copy_process+0x1467/0x6140 # [ 104.074713] softirqs last enabled at (0): [<ffffffff813b94a6>] copy_process+0x14a6/0x6140 # [ 104.083649] softirqs last disabled at (0): [<0000000000000000>] 0x0 # [ 104.090649] ---[ end trace c0cc800c0010a0d1 ]--- # [ 104.096032] lkdtm: Fail: refcount went crazy: -1073741823 # REFCOUNT_DEC_AND_TEST_SATURATED: missing 'Saturation detected: still saturated': [FAIL] not ok 62 selftests: lkdtm: REFCOUNT_DEC_AND_TEST_SATURATED.sh # exit=1 also found below cases failed on this commit but pass on parent: 94848f91b243e426 991e40396dad0de6baa37dfc55a ---------------- --------------------------- fail:runs %reproduction fail:runs | | | :8 75% 6:6 kernel-selftests.lkdtm.REFCOUNT_ADD_SATURATED.sh.fail :8 75% 6:6 kernel-selftests.lkdtm.REFCOUNT_ADD_ZERO.sh.fail :8 75% 6:6 kernel-selftests.lkdtm.REFCOUNT_DEC_AND_TEST_NEGATIVE.sh.fail :8 75% 6:6 kernel-selftests.lkdtm.REFCOUNT_DEC_NEGATIVE.sh.fail :8 75% 6:6 kernel-selftests.lkdtm.REFCOUNT_DEC_SATURATED.sh.fail :8 75% 6:6 kernel-selftests.lkdtm.REFCOUNT_DEC_ZERO.sh.fail :8 75% 6:6 kernel-selftests.lkdtm.REFCOUNT_INC_SATURATED.sh.fail :8 75% 6:6 kernel-selftests.lkdtm.REFCOUNT_INC_ZERO.sh.fail :8 75% 6:6 kernel-selftests.lkdtm.REFCOUNT_SUB_AND_TEST_NEGATIVE.sh.fail :8 75% 6:6 kernel-selftests.lkdtm.REFCOUNT_SUB_AND_TEST_SATURATED.sh.fail To reproduce: git clone https://github.com/intel/lkp-tests.git cd lkp-tests sudo bin/lkp install job.yaml # job file is attached in this email bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run sudo bin/lkp run generated-yaml-file # if come across any failure that blocks the test, # please remove ~/.lkp and /lkp dir to run from a clean state. --- 0DAY/LKP+ Test Infrastructure Open Source Technology Center https://lists.01.org/hyperkitty/list/[email protected] Intel Corporation Thanks, Oliver Sang