While running selftests binderfs_test on stable rc 5.4 and 5.5 branches the following warning on arm64, arm, x86_64 and i386.
This warning was noticed on Linus's tree and reported [1] and then Christian Brauner investigated this problem.
FYI, We are running selftests source from stable rc 5.5 branch.
[ 224.520090] ------------[ cut here ]------------ [ 224.521202] refcount_t: underflow; use-after-free. [ 224.522284] WARNING: CPU: 3 PID: 2548 at /usr/src/kernel/lib/refcount.c:28 refcount_warn_saturate+0x93/0x100 [ 224.523215] Modules linked in: cls_bpf sch_fq sch_ingress algif_hash af_alg fuse [last unloaded: test_bpf] [ 224.523215] CPU: 3 PID: 2548 Comm: binderfs_test Not tainted 5.5.10-rc1 #1 [ 224.526771] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 224.526771] RIP: 0010:refcount_warn_saturate+0x93/0x100 [ 224.526771] Code: 38 73 62 01 01 e8 3d c2 b6 ff 0f 0b 5d c3 80 3d 2a 73 62 01 00 75 ab 48 c7 c7 70 b0 00 92 c6 05 1a 73 62 01 01 e8 1d c2 b6 ff <0f> 0b 5d c3 80 3d 0d 73 62 01 00 75 8b 48 c7 c7 f8 af 00 92 c6 05 [ 224.526771] RSP: 0018:ffffaaa081417c58 EFLAGS: 00010286 [ 224.526771] RAX: 0000000000000000 RBX: ffff9e77f1ed2c40 RCX: 0000000000000000 [ 224.526771] RDX: 0000000000000001 RSI: ffff9e77fbd98d48 RDI: ffff9e77fbd98d48 [ 224.526771] RBP: ffffaaa081417c58 R08: 0000000000000000 R09: 0000000000000000 [ 224.526771] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9e77fa99f400 [ 224.526771] R13: ffff9e77ee42bbc0 R14: ffff9e77f1ed2cc8 R15: ffffffff92400300 [ 224.526771] FS: 00007f9e5d8824c0(0000) GS:ffff9e77fbd80000(0000) knlGS:0000000000000000 [ 224.526771] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 224.526771] CR2: 00007f9e5d41ff7c CR3: 000000012cbc2000 CR4: 00000000003406e0 [ 224.526771] Call Trace: [ 224.526771] binderfs_evict_inode+0x9b/0xc0 [ 224.526771] evict+0xc8/0x190 [ 224.526771] iput+0x19c/0x2a0 [ 224.526771] ? shrink_dentry_list+0x29/0x210 [ 224.526771] dentry_unlink_inode+0x104/0x110 [ 224.526771] __dentry_kill+0xda/0x180 [ 224.526771] shrink_dentry_list+0xe3/0x210 [ 224.526771] shrink_dcache_parent+0x11c/0x200 [ 224.526771] do_one_tree+0x12/0x40 [ 224.526771] shrink_dcache_for_umount+0x2d/0x90 [ 224.526771] generic_shutdown_super+0x1f/0x120 [ 224.526771] kill_anon_super+0x12/0x30 [ 224.526771] kill_litter_super+0x23/0x30 [ 224.526771] binderfs_kill_super+0x16/0x40 [ 224.526771] deactivate_locked_super+0x43/0x70 [ 224.526771] deactivate_super+0x40/0x60 [ 224.526771] cleanup_mnt+0xbd/0x150 [ 224.526771] __cleanup_mnt+0x12/0x20 [ 224.526771] task_work_run+0x90/0xc0 [ 224.526771] exit_to_usermode_loop+0xf0/0x100 [ 224.526771] do_syscall_64+0x1bf/0x200 [ 224.526771] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 224.526771] RIP: 0033:0x7f9e5d3a30c7 [ 224.526771] Code: ad 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a1 ad 2b 00 f7 d8 64 89 01 48 [ 224.526771] RSP: 002b:00007ffc35189ee8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 224.526771] RAX: 0000000000000000 RBX: 00007f9e5d882440 RCX: 00007f9e5d3a30c7 [ 224.526771] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000000000040192c [ 224.526771] RBP: 0000000000000002 R08: 0000000000000001 R09: 00007f9e5d3e23e0 [ 224.526771] R10: 000000000000079a R11: 0000000000000206 R12: 0000000000000001 [ 224.526771] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 224.526771] irq event stamp: 1776 [ 224.526771] hardirqs last enabled at (1775): [<ffffffff909751b8>] console_unlock+0x458/0x5c0 [ 224.526771] hardirqs last disabled at (1776): [<ffffffff90801e9b>] trace_hardirqs_off_thunk+0x1a/0x1c [ 224.526771] softirqs last enabled at (1772): [<ffffffff91a00338>] __do_softirq+0x338/0x43a [ 224.526771] softirqs last disabled at (1761): [<ffffffff90902b28>] irq_exit+0xb8/0xc0 [ 224.526771] ---[ end trace a9ce2ef5cd0b3086 ]---
ref: https://lkft.validation.linaro.org/scheduler/job/1294041#L8703 https://lkft.validation.linaro.org/scheduler/job/1294145#L9569 https://lkft.validation.linaro.org/scheduler/job/1294086#L11063 https://lkft.validation.linaro.org/scheduler/job/1293967#L9551
[1] https://lore.kernel.org/linux-kselftest/CA+G9fYusdfg7PMfC9Xce-xLT7NiyKSbgojp... -- Linaro LKFT https://lkft.linaro.org