| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250831141426.2786-1-spasswolf@web.de>
Date: Sun, 31 Aug 2025 16:14:24 +0200
From: Bert Karwatzki <spasswolf@....de>
To: seanjc@...gle.com
Cc: Bert Karwatzki <spasswolf@....de>,
Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
linux-next@...r.kernel.org,
linux-kernel@...r.kernel.org,
linux-rt-devel@...ts.linux.dev,
Andrew Morton <akpm@...ux-foundation.org>,
linux-mm@...ck.org,
Jakub Kicinski <kuba@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
torvalds@...ux-foundation.org,
x86@...nel.org,
tglx@...utronix.de,
bp@...en8.de
Subject: (Re)boot hangs and refcount errors on next-20250829
I think I hit the the same error (and some more ...) when booting next-20250829
on my amd64 laptop (no VMs and no kexec were used here):
When I try booting next-20250829 on my debian stable(trixie) amd64 system the boot
process hangs every few attempts (without any log messages recorded). When the
boot process succeeds the following error message appears in dmesg:
[ 8.337248] [ T44] ------------[ cut here ]------------
[ 8.337250] [ T44] WARNING: kernel/futex/core.c:1604 at futex_ref_rcu+0xe8/0x100, CPU#6: rcuc/6/44
[ 8.337257] [ T44] Modules linked in: snd_seq_dummy snd_hrtimer snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device rfcomm bnep nls_ascii nls_cp437 vfat fat snd_hda_codec_generic snd_hda_codec_atihdmi snd_hda_codec_hdmi snd_hda_intel btusb snd_intel_dspcfg snd_soc_dmic snd_acp3x_pdm_dma snd_acp3x_rn snd_hda_codec btrtl uvcvideo snd_soc_core btintel snd_hda_core btbcm videobuf2_vmalloc btmtk videobuf2_memops snd_hwdep uvc videobuf2_v4l2 snd_pcm_oss bluetooth videodev snd_mixer_oss snd_pcm snd_rn_pci_acp3x snd_acp_config videobuf2_common snd_soc_acpi msi_wmi ecdh_generic ecc mc sparse_keymap snd_timer edac_mce_amd wmi_bmof snd snd_pci_acp3x k10temp ccp soundcore battery ac button joydev hid_sensor_gyro_3d hid_sensor_accel_3d hid_sensor_prox hid_sensor_als hid_sensor_magn_3d hid_sensor_trigger industrialio_triggered_buffer kfifo_buf industrialio amd_pmc hid_sensor_iio_common evdev mt7921e mt7921_common mt792x_lib mt76_connac_lib mt76 mac80211 libarc4 cfg80211 rfkill msr fuse nvme_fabrics efi_pstore configfs
[ 8.337310] [ T44] efivarfs autofs4 ext4 mbcache jbd2 usbhid amdgpu drm_client_lib i2c_algo_bit drm_ttm_helper ttm drm_panel_backlight_quirks drm_exec drm_suballoc_helper drm_buddy gpu_sched xhci_pci amdxcp xhci_hcd hid_sensor_hub psmouse drm_display_helper mfd_core hid_multitouch hid_generic drm_kms_helper i2c_hid_acpi serio_raw usbcore amd_sfh i2c_hid r8169 cec nvme hid crc16 nvme_core i2c_piix4 usb_common i2c_smbus i2c_designware_platform i2c_designware_core
[ 8.337337] [ T44] CPU: 6 UID: 0 PID: 44 Comm: rcuc/6 Not tainted 6.17.0-rc3-next-20250829-master #215 PREEMPT_{RT,(full)}
[ 8.337340] [ T44] Hardware name: Micro-Star International Co., Ltd. Alpha 15 B5EEK/MS-158L, BIOS E158LAMS.10F 11/11/2024
[ 8.337342] [ T44] RIP: 0010:futex_ref_rcu+0xe8/0x100
[ 8.337344] [ T44] Code: be ff ff ff ff ff ff ff 7f 48 89 b3 88 01 00 00 c7 00 01 00 00 00 48 8d bb 78 01 00 00 5b 48 c7 c6 70 d7 b4 a5 e9 78 7a fd ff <0f> 0b eb ab 0f 0b e9 31 ff ff ff 0f 0b eb c6 66 0f 1f 84 00 00 00
[ 8.337346] [ T44] RSP: 0018:ffffb438402dfdb0 EFLAGS: 00010286
[ 8.337348] [ T44] RAX: 7fffffffffffffff RBX: ffff8aab87fa1900 RCX: 0000000000000010
[ 8.337350] [ T44] RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: 000000000000000f
[ 8.337351] [ T44] RBP: ffff8aab80958000 R08: 0000000000000000 R09: 0000000000000006
[ 8.337352] [ T44] R10: 0000000000220021 R11: 0000000000000000 R12: ffff8aae5e7a2300
[ 8.337353] [ T44] R13: ffffb438402dfdf0 R14: 0000000000000016 R15: 0000000000000000
[ 8.337354] [ T44] FS: 0000000000000000(0000) GS:ffff8aaeb79bc000(0000) knlGS:0000000000000000
[ 8.337356] [ T44] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 8.337357] [ T44] CR2: 00007fbce40135f8 CR3: 0000000108b48000 CR4: 0000000000750ef0
[ 8.337358] [ T44] PKRU: 55555554
[ 8.337359] [ T44] Call Trace:
[ 8.337361] [ T44] <TASK>
[ 8.337363] [ T44] rcu_do_batch+0x1b6/0x540
[ 8.337366] [ T44] ? rcu_do_batch+0x156/0x540
[ 8.337369] [ T44] rcu_core+0x141/0x250
[ 8.337371] [ T44] ? rcu_cpu_kthread+0x22/0xe0
[ 8.337373] [ T44] rcu_cpu_kthread+0x85/0xe0
[ 8.337375] [ T44] ? sort_range+0x20/0x20
[ 8.337378] [ T44] smpboot_thread_fn+0xd8/0x1d0
[ 8.337381] [ T44] kthread+0xe9/0x1e0
[ 8.337383] [ T44] ? kthreads_online_cpu+0x100/0x100
[ 8.337385] [ T44] ? kthreads_online_cpu+0x100/0x100
[ 8.337387] [ T44] ret_from_fork+0x18e/0x1c0
[ 8.337391] [ T44] ? kthreads_online_cpu+0x100/0x100
[ 8.337392] [ T44] ret_from_fork_asm+0x11/0x20
[ 8.337398] [ T44] </TASK>
[ 8.337398] [ T44] ---[ end trace 0000000000000000 ]---
Rebooting (normal reboot no kexec) also hangs sometimes and using netconsole I could capture the following
error message:
T124;------------[ cut here ]------------
T124;percpu ref (css_release) <= 0 (-1) after switching to atomic
T124;WARNING: lib/percpu-refcount.c:197 at percpu_ref_switch_to_atomic_rcu+0x194/0x1a0, CPU#11: rcuc/11/124
T124,ncfrag=0/1022;Modules linked in: netconsole ccm snd_seq_dummy snd_hrtimer snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device rfcomm bnep nls_ascii nls_cp437 vfat fat snd_hda_codec_generic snd_hda_codec_atihdmi snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg snd_acp3x_pdm_dma snd_soc_dmic snd_acp3x_rn btusb snd_hda_codec btrtl uvcvideo snd_soc_core btintel snd_hda_core btbcm videobuf2_vmalloc btmtk snd_hwdep videobuf2_memops snd_pcm_oss uvc videobuf2_v4l2 bluetooth snd_mixer_oss videodev snd_pcm snd_rn_pci_acp3x snd_acp_config videobuf2_common snd_timer msi_wmi snd_soc_acpi ecdh_generic ecc sparse_keymap mc snd wmi_bmof edac_mce_amd soundcore k10temp snd_pci_acp3x ccp ac battery button joydev hid_sensor_gyro_3d hid_sensor_accel_3d hid_sensor_magn_3d hid_sensor_als hid_sensor_prox hid_sensor_trigger industrialio_triggered_buffer kfifo_buf industrialio amd_pmc hid_sensor_iio_common evdev mt7921e mt7921_common mt792x_lib mt76_connac_lib mt76
T124,ncfrag=956/1022;mac80211 libarc4 cfg80211 rfkill msr fuse nvme_fabrics efi_pstore
T124; configfs efivarfs autofs4 ext4 mbcache jbd2 usbhid amdgpu drm_client_lib i2c_algo_bit drm_ttm_helper ttm drm_panel_backlight_quirks drm_exec drm_suballoc_helper drm_buddy gpu_sched xhci_pci amdxcp drm_display_helper xhci_hcd hid_sensor_hub hid_multitouch mfd_core hid_generic usbcore i2c_hid_acpi psmouse amd_sfh drm_kms_helper nvme i2c_hid hid serio_raw nvme_core cec r8169 i2c_piix4 usb_common crc16 i2c_smbus i2c_designware_platform i2c_designware_core
T124;CPU: 11 UID: 0 PID: 124 Comm: rcuc/11 Tainted: G W 6.17.0-rc3-next-20250829-master #215 PREEMPT_{RT,(full)}
T124;Tainted: [W]=WARN
T124;Hardware name: Micro-Star International Co., Ltd. Alpha 15 B5EEK/MS-158L, BIOS E158LAMS.10F 11/11/2024
T124;RIP: 0010:percpu_ref_switch_to_atomic_rcu+0x194/0x1a0
T124;Code: c0 83 f8 03 0f 8f 12 ff ff ff e9 a8 25 ba ff 48 8b 53 e0 48 8b 73 e8 48 c7 c7 f0 1c 8c 8e c6 05 ec 7c a7 00 01 e8 3c a9 c1 ff <0f> 0b eb c4 0f 1f 84 00 00 00 00 00 41 55 41 54 55 48 89 fd 53 48
T124;RSP: 0018:ffffb86540587da0 EFLAGS: 00010282
Aug 31 12:01:07 localhost 4,1297,74466412,-,caller=T124;RAX: 0000000000000000 RBX: ffff893620a67c60 RCX: 0000000000000027
T124;RDX: ffff8938de8d6d48 RSI: 0000000000000001 RDI: ffff8938de8d6d40
T124;RBP: 8000000000000001 R08: 0000000000000f15 R09: 00000000ffffffff
T124;R10: 0000000000000001 R11: 0000000000000008 R12: ffff893620a67c40
T124;R13: ffffb86540587df0 R14: 000000000000001c R15: 0000000000000000
T124;FS: 0000000000000000(0000) GS:ffff89394f8fc000(0000) knlGS:0000000000000000
T124;CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
T124;CR2: 00007fa2fc9b8b60 CR3: 0000000107e89000 CR4: 0000000000750ef0
T124;PKRU: 55555554
T124;Call Trace:
T124; <TASK>
T124; rcu_do_batch+0x1b6/0x540
T124; ? rcu_do_batch+0x156/0x540
T124; rcu_core+0x141/0x250
T124; ? rcu_cpu_kthread+0x22/0xe0
T124; rcu_cpu_kthread+0x85/0xe0
T124; ? sort_range+0x20/0x20
T124; smpboot_thread_fn+0xd8/0x1d0
T124; kthread+0xe9/0x1e0
T124; ? kthreads_online_cpu+0x100/0x100
T124; ? kthreads_online_cpu+0x100/0x100
T124; ret_from_fork+0x18e/0x1c0
T124; ? kthreads_online_cpu+0x100/0x100
T124; ret_from_fork_asm+0x11/0x20
T124; </TASK>
T124;---[ end trace 0000000000000000 ]---
T124;percpu_ref_switch_to_atomic_rcu: percpu_ref_switch_to_atomic_rcu(): percpu_ref underflow slab kmalloc-64 start ffff893620a67c40 pointer offset 0 size 64
T153;unregister_netdevice: waiting for lo to become free. Usage count = -2
T153;unregister_netdevice: waiting for lo to become free. Usage count = -1
T153;unregister_netdevice: waiting for lo to become free. Usage count = -1
T153;unregister_netdevice: waiting for lo to become free. Usage count = -1
T153;unregister_netdevice: waiting for lo to become free. Usage count = -1
T153;unregister_netdevice: waiting for lo to become free. Usage count = -1
T153;unregister_netdevice: waiting for lo to become free. Usage count = -1
T153;unregister_netdevice: waiting for lo to become free. Usage count = -1
T153;unregister_netdevice: waiting for lo to become free. Usage count = -1
Both errors messages occur with and without PREEMPT_RT.
I bisected this (between v6.17-rc3 and next-20250829) using the first error
(WARNING: kernel/futex/core.c:1604) as signal for a bad commit. During the
bisection some additional and more severe errors occured, I do not know yet
if or how all these errors are linked:
At commit e255111fdcae a NULL pointer dereference happened:
[ 8.612505] [ T159] BUG: kernel NULL pointer dereference, address: 0000000000000020
[ 8.612508] [ T159] #PF: supervisor read access in kernel mode
[ 8.612509] [ T159] #PF: error_code(0x0000) - not-present page
[ 8.612511] [ T159] PGD 0 P4D 0
[ 8.612513] [ T159] Oops: Oops: 0000 [#1] SMP NOPTI
[ 8.612517] [ T159] CPU: 8 UID: 0 PID: 159 Comm: kworker/u64:14 Tainted: G W 6.17.0-rc3-bisect-00614-ge255111fdcae #219 PREEMPT_{RT,(full)}
[ 8.612521] [ T159] Tainted: [W]=WARN
[ 8.612522] [ T159] Hardware name: Micro-Star International Co., Ltd. Alpha 15 B5EEK/MS-158L, BIOS E158LAMS.10F 11/11/2024
[ 8.612523] [ T159] Workqueue: events_unbound flush_memcg_stats_dwork
[ 8.612528] [ T159] RIP: 0010:css_rstat_flush+0xe7/0x510
[ 8.612532] [ T159] Code: 48 01 d0 48 89 04 24 4d 63 fc 48 8b 3c 24 e8 00 02 31 00 48 89 c6 48 85 c0 74 69 48 89 00 48 8b 70 08 4a 8b 0c fd 80 2c 74 82 <48> 8b 46 20 48 8b 96 b8 00 00 00 48 83 7c 01 08 00 48 8d 3c 08 74
[ 8.612534] [ T159] RSP: 0018:ffffa8ef806abdf8 EFLAGS: 00010282
[ 8.612536] [ T159] RAX: ffffc8ef7fbde7b0 RBX: ffff9ce2c0261380 RCX: ffff9ce61ba00000
[ 8.612537] [ T159] RDX: ffffc8ef7fbde7b0 RSI: 0000000000000000 RDI: ffff9ce59e7e7488
[ 8.612538] [ T159] RBP: 0000000000000007 R08: ffff9ce59e7a7478 R09: ffff9ce2dbd30d00
[ 8.612539] [ T159] R10: 0000000000000028 R11: ffff9ce59e7a6e80 R12: 0000000000000007
[ 8.612540] [ T159] R13: ffff9ce59e7e7490 R14: ffffffffffffffff R15: 0000000000000007
[ 8.612541] [ T159] FS: 0000000000000000(0000) GS:ffff9ce61ba40000(0000) knlGS:0000000000000000
[ 8.612542] [ T159] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 8.612544] [ T159] CR2: 0000000000000020 CR3: 00000001d5e22000 CR4: 0000000000750ef0
[ 8.612545] [ T159] PKRU: 55555554
[ 8.612545] [ T159] Call Trace:
[ 8.612547] [ T159] <TASK>
[ 8.612550] [ T159] flush_memcg_stats_dwork+0x37/0x60
[ 8.612552] [ T159] process_one_work+0x17b/0x290
[ 8.612557] [ T159] worker_thread+0x2ca/0x400
[ 8.612560] [ T159] ? rescuer_thread+0x4f0/0x4f0
[ 8.612562] [ T159] kthread+0xe9/0x1e0
[ 8.612564] [ T159] ? kthreads_online_cpu+0x100/0x100
[ 8.612566] [ T159] ? kthreads_online_cpu+0x100/0x100
[ 8.612568] [ T159] ret_from_fork+0x18e/0x1c0
[ 8.612571] [ T159] ? kthreads_online_cpu+0x100/0x100
[ 8.612573] [ T159] ret_from_fork_asm+0x11/0x20
[ 8.612578] [ T159] </TASK>
[ 8.612579] [ T159] Modules linked in: snd_seq_dummy snd_hrtimer snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device rfcomm bnep nls_ascii nls_cp437 vfat fat snd_hda_codec_generic snd_hda_codec_atihdmi snd_hda_codec_hdmi btusb snd_hda_intel btrtl snd_intel_dspcfg btintel uvcvideo snd_hda_codec btbcm btmtk snd_soc_dmic snd_acp3x_pdm_dma snd_acp3x_rn videobuf2_vmalloc snd_soc_core snd_hda_core videobuf2_memops uvc snd_hwdep videobuf2_v4l2 bluetooth snd_pcm_oss videodev snd_mixer_oss snd_pcm snd_rn_pci_acp3x snd_acp_config videobuf2_common snd_timer snd_soc_acpi msi_wmi ecdh_generic ecc sparse_keymap mc snd wmi_bmof edac_mce_amd k10temp soundcore ccp snd_pci_acp3x battery ac button hid_sensor_gyro_3d hid_sensor_accel_3d hid_sensor_prox hid_sensor_magn_3d hid_sensor_als joydev hid_sensor_trigger industrialio_triggered_buffer kfifo_buf industrialio amd_pmc evdev hid_sensor_iio_common mt7921e mt7921_common mt792x_lib mt76_connac_lib mt76 mac80211 libarc4 cfg80211 rfkill msr nvme_fabrics fuse configfs efi_pstore
[ 8.612632] [ T159] efivarfs autofs4 ext4 mbcache jbd2 usbhid amdgpu drm_client_lib i2c_algo_bit drm_ttm_helper ttm drm_panel_backlight_quirks drm_exec drm_suballoc_helper amdxcp drm_buddy xhci_pci gpu_sched xhci_hcd drm_display_helper hid_sensor_hub hid_multitouch mfd_core hid_generic i2c_hid_acpi psmouse usbcore drm_kms_helper nvme amd_sfh i2c_hid hid serio_raw cec i2c_piix4 nvme_core r8169 i2c_smbus usb_common crc16 i2c_designware_platform i2c_designware_core
[ 8.612658] [ T159] CR2: 0000000000000020
[ 8.612660] [ T159] ---[ end trace 0000000000000000 ]---
[ 8.733174] [ T159] RIP: 0010:css_rstat_flush+0xe7/0x510
[ 8.733174] [ T159] Code: 48 01 d0 48 89 04 24 4d 63 fc 48 8b 3c 24 e8 00 02 31 00 48 89 c6 48 85 c0 74 69 48 89 00 48 8b 70 08 4a 8b 0c fd 80 2c 74 82 <48> 8b 46 20 48 8b 96 b8 00 00 00 48 83 7c 01 08 00 48 8d 3c 08 74
[ 8.733174] [ T159] RSP: 0018:ffffa8ef806abdf8 EFLAGS: 00010282
[ 8.733174] [ T159] RAX: ffffc8ef7fbde7b0 RBX: ffff9ce2c0261380 RCX: ffff9ce61ba00000
[ 8.733174] [ T159] RDX: ffffc8ef7fbde7b0 RSI: 0000000000000000 RDI: ffff9ce59e7e7488
[ 8.733174] [ T159] RBP: 0000000000000007 R08: ffff9ce59e7a7478 R09: ffff9ce2dbd30d00
[ 8.733174] [ T159] R10: 0000000000000028 R11: ffff9ce59e7a6e80 R12: 0000000000000007
[ 8.733174] [ T159] R13: ffff9ce59e7e7490 R14: ffffffffffffffff R15: 0000000000000007
[ 8.733174] [ T159] FS: 0000000000000000(0000) GS:ffff9ce61ba40000(0000) knlGS:0000000000000000
[ 8.739103] [ T159] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 8.739103] [ T159] CR2: 0000000000000020 CR3: 00000001d5e22000 CR4: 0000000000750ef0
[ 8.739103] [ T159] PKRU: 55555554
At commit 4d8bb6e8f4a2 a bad rss-counter state appeared (CCing akpm due to the rss-counter state):
[ 7.370238] [ T84] BUG: Bad rss-counter state mm:000000007094a157 type:MM_FILEPAGES val:-14 Comm:rcuc/1 Pid:84
[ 7.370244] [ T84] BUG: Bad rss-counter state mm:000000007094a157 type:MM_ANONPAGES val:1 Comm:rcuc/1 Pid:84
[ 7.384238] [ T100] BUG: Bad rss-counter state mm:000000007369ddda type:MM_FILEPAGES val:-11 Comm:rcuc/5 Pid:100
[ 7.384241] [ T100] BUG: Bad rss-counter state mm:000000007369ddda type:MM_ANONPAGES val:-28 Comm:rcuc/5 Pid:100
[ 7.396237] [ T76] BUG: Bad rss-counter state mm:0000000088a6974c type:MM_FILEPAGES val:-3 Comm:rcuc/14 Pid:76
[ 7.396241] [ T76] BUG: Bad rss-counter state mm:0000000088a6974c type:MM_SWAPENTS val:48 Comm:rcuc/14 Pid:76
[ 7.396243] [ T76] BUG: Bad rss-counter state mm:0000000088a6974c type:MM_SHMEMPAGES val:-1 Comm:rcuc/14 Pid:76
[ 7.414298] [ T108] ------------[ cut here ]------------
[ 7.414300] [ T108] percpu ref (cgroup_bpf_release_fn) <= 0 (-1) after switching to atomic
[ 7.414309] [ T108] WARNING: CPU: 7 PID: 108 at lib/percpu-refcount.c:197 percpu_ref_switch_to_atomic_rcu+0x194/0x1a0
[ 7.414315] [ T108] Modules linked in: rfcomm bnep nls_ascii nls_cp437 vfat fat snd_hda_codec_generic snd_hda_codec_atihdmi snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg btusb snd_hda_codec btrtl btintel uvcvideo btbcm snd_acp3x_pdm_dma snd_soc_dmic snd_acp3x_rn snd_hda_core btmtk snd_soc_core snd_hwdep videobuf2_vmalloc videobuf2_memops snd_pcm_oss uvc videobuf2_v4l2 bluetooth snd_mixer_oss videodev snd_pcm snd_rn_pci_acp3x snd_acp_config snd_timer videobuf2_common snd_soc_acpi msi_wmi ecdh_generic ecc sparse_keymap mc wmi_bmof edac_mce_amd snd snd_pci_acp3x k10temp soundcore ccp battery ac button joydev hid_sensor_accel_3d hid_sensor_gyro_3d hid_sensor_als hid_sensor_prox hid_sensor_magn_3d hid_sensor_trigger industrialio_triggered_buffer kfifo_buf amd_pmc industrialio hid_sensor_iio_common evdev mt7921e mt7921_common mt792x_lib mt76_connac_lib mt76 mac80211 libarc4 cfg80211 rfkill msr fuse nvme_fabrics efi_pstore configfs efivarfs autofs4 ext4 mbcache jbd2 usbhid amdgpu drm_client_lib i2c_algo_bit drm_ttm_helper ttm
[ 7.414370] [ T108] drm_panel_backlight_quirks drm_exec xhci_pci drm_suballoc_helper amdxcp xhci_hcd drm_buddy hid_multitouch gpu_sched hid_sensor_hub mfd_core hid_generic drm_display_helper i2c_hid_acpi nvme amd_sfh i2c_hid drm_kms_helper usbcore psmouse hid nvme_core r8169 cec serio_raw i2c_piix4 usb_common i2c_smbus crc16 i2c_designware_platform i2c_designware_core
[ 7.414390] [ T108] CPU: 7 UID: 0 PID: 108 Comm: rcuc/7 Not tainted 6.17.0-rc3-bisect-00368-g4d8bb6e8f4a2 #222 PREEMPT_{RT,(full)}
[ 7.414393] [ T108] Hardware name: Micro-Star International Co., Ltd. Alpha 15 B5EEK/MS-158L, BIOS E158LAMS.10F 11/11/2024
[ 7.414394] [ T108] RIP: 0010:percpu_ref_switch_to_atomic_rcu+0x194/0x1a0
[ 7.414397] [ T108] Code: c0 83 f8 03 0f 8f 12 ff ff ff e9 08 77 ba ff 48 8b 53 e0 48 8b 73 e8 48 c7 c7 a8 ef 2b b8 c6 05 0c cd a7 00 01 e8 fc eb c1 ff <0f> 0b eb c4 0f 1f 84 00 00 00 00 00 41 55 41 54 55 48 89 fd 53 48
[ 7.414399] [ T108] RSP: 0018:ffff9fff804ffda0 EFLAGS: 00010282
[ 7.414401] [ T108] RAX: 0000000000000000 RBX: ffff8df6a5583660 RCX: 0000000000000027
[ 7.414402] [ T108] RDX: ffff8df95e7d6d48 RSI: 0000000000000001 RDI: ffff8df95e7d6d40
[ 7.414403] [ T108] RBP: 7ffffffffffffffe R08: 0000000000000dcb R09: 00000000ffffffff
[ 7.414405] [ T108] R10: 0000000000000001 R11: 0000000000000008 R12: ffff8df6a5583640
[ 7.414406] [ T108] R13: ffff9fff804ffdf0 R14: 00000000000000b4 R15: 0000000000000000
[ 7.414407] [ T108] FS: 0000000000000000(0000) GS:ffff8df9a5e00000(0000) knlGS:0000000000000000
[ 7.414408] [ T108] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 7.414409] [ T108] CR2: 000055a8070e5908 CR3: 0000000101a48000 CR4: 0000000000750ef0
[ 7.414411] [ T108] PKRU: 55555554
[ 7.414411] [ T108] Call Trace:
[ 7.414413] [ T108] <TASK>
[ 7.414415] [ T108] rcu_do_batch+0x1b6/0x540
[ 7.414420] [ T108] ? rcu_do_batch+0x156/0x540
[ 7.414424] [ T108] rcu_core+0x141/0x250
[ 7.414426] [ T108] ? rcu_cpu_kthread+0x22/0xe0
[ 7.414428] [ T108] rcu_cpu_kthread+0x85/0xe0
[ 7.414431] [ T108] ? sort_range+0x20/0x20
[ 7.414432] [ T108] smpboot_thread_fn+0xd8/0x1d0
[ 7.414434] [ T108] kthread+0xe9/0x1e0
[ 7.414437] [ T108] ? kthreads_online_cpu+0x100/0x100
[ 7.414438] [ T108] ? kthreads_online_cpu+0x100/0x100
[ 7.414441] [ T108] ret_from_fork+0x18e/0x1c0
[ 7.414444] [ T108] ? kthreads_online_cpu+0x100/0x100
[ 7.414446] [ T108] ret_from_fork_asm+0x11/0x20
[ 7.414451] [ T108] </TASK>
[ 7.414452] [ T108] ---[ end trace 0000000000000000 ]---
[ 7.414453] [ T108] percpu_ref_switch_to_atomic_rcu: percpu_ref_switch_to_atomic_rcu(): percpu_ref underflow slab kmalloc-64 start ffff8df6a5583640 pointer offset 0 size 64
[ 8.255241] [ T124] ------------[ cut here ]------------
[ 8.255243] [ T124] WARNING: CPU: 11 PID: 124 at kernel/futex/core.c:1604 futex_ref_rcu+0xe8/0x100
[ 8.255249] [ T124] Modules linked in: snd_hrtimer snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device rfcomm bnep nls_ascii nls_cp437 vfat fat snd_hda_codec_generic snd_hda_codec_atihdmi snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg btusb snd_hda_codec btrtl btintel uvcvideo btbcm snd_acp3x_pdm_dma snd_soc_dmic snd_acp3x_rn snd_hda_core btmtk snd_soc_core snd_hwdep videobuf2_vmalloc videobuf2_memops snd_pcm_oss uvc videobuf2_v4l2 bluetooth snd_mixer_oss videodev snd_pcm snd_rn_pci_acp3x snd_acp_config snd_timer videobuf2_common snd_soc_acpi msi_wmi ecdh_generic ecc sparse_keymap mc wmi_bmof edac_mce_amd snd snd_pci_acp3x k10temp soundcore ccp battery ac button joydev hid_sensor_accel_3d hid_sensor_gyro_3d hid_sensor_als hid_sensor_prox hid_sensor_magn_3d hid_sensor_trigger industrialio_triggered_buffer kfifo_buf amd_pmc industrialio hid_sensor_iio_common evdev mt7921e mt7921_common mt792x_lib mt76_connac_lib mt76 mac80211 libarc4 cfg80211 rfkill msr fuse nvme_fabrics efi_pstore configfs efivarfs autofs4
[ 8.255293] [ T124] ext4 mbcache jbd2 usbhid amdgpu drm_client_lib i2c_algo_bit drm_ttm_helper ttm drm_panel_backlight_quirks drm_exec xhci_pci drm_suballoc_helper amdxcp xhci_hcd drm_buddy hid_multitouch gpu_sched hid_sensor_hub mfd_core hid_generic drm_display_helper i2c_hid_acpi nvme amd_sfh i2c_hid drm_kms_helper usbcore psmouse hid nvme_core r8169 cec serio_raw i2c_piix4 usb_common i2c_smbus crc16 i2c_designware_platform i2c_designware_core
[ 8.255314] [ T124] CPU: 11 UID: 0 PID: 124 Comm: rcuc/11 Tainted: G W 6.17.0-rc3-bisect-00368-g4d8bb6e8f4a2 #222 PREEMPT_{RT,(full)}
[ 8.255317] [ T124] Tainted: [W]=WARN
[ 8.255317] [ T124] Hardware name: Micro-Star International Co., Ltd. Alpha 15 B5EEK/MS-158L, BIOS E158LAMS.10F 11/11/2024
[ 8.255318] [ T124] RIP: 0010:futex_ref_rcu+0xe8/0x100
[ 8.255321] [ T124] Code: be ff ff ff ff ff ff ff 7f 48 89 b3 88 01 00 00 c7 00 01 00 00 00 48 8d bb 78 01 00 00 5b 48 c7 c6 f0 c5 74 b7 e9 f8 7a fd ff <0f> 0b eb ab 0f 0b e9 31 ff ff ff 0f 0b eb c6 66 0f 1f 84 00 00 00
[ 8.255322] [ T124] RSP: 0018:ffff9fff80587db0 EFLAGS: 00010286
[ 8.255324] [ T124] RAX: 7fffffffffffffff RBX: ffff8df6a02bbe80 RCX: 0000000000000010
[ 8.255325] [ T124] RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: 000000000000000f
[ 8.255326] [ T124] RBP: ffff8df680b4a000 R08: 0000000000000000 R09: 0000000000000005
[ 8.255327] [ T124] R10: 0000000000200017 R11: 0000000000000000 R12: ffff8df95e8e2300
[ 8.255327] [ T124] R13: ffff9fff80587df0 R14: 0000000000000007 R15: 0000000000000000
[ 8.255328] [ T124] FS: 0000000000000000(0000) GS:ffff8df9a5f00000(0000) knlGS:0000000000000000
[ 8.255330] [ T124] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 8.255331] [ T124] CR2: 0000561aa64a1020 CR3: 00000001209dd000 CR4: 0000000000750ef0
[ 8.255331] [ T124] PKRU: 55555554
[ 8.255332] [ T124] Call Trace:
[ 8.255334] [ T124] <TASK>
[ 8.255335] [ T124] rcu_do_batch+0x1b6/0x540
[ 8.255339] [ T124] ? rcu_do_batch+0x156/0x540
[ 8.255342] [ T124] rcu_core+0x141/0x250
[ 8.255344] [ T124] ? rcu_cpu_kthread+0x22/0xe0
[ 8.255345] [ T124] rcu_cpu_kthread+0x85/0xe0
[ 8.255347] [ T124] ? sort_range+0x20/0x20
[ 8.255349] [ T124] smpboot_thread_fn+0xd8/0x1d0
[ 8.255351] [ T124] kthread+0xe9/0x1e0
[ 8.255354] [ T124] ? kthreads_online_cpu+0x100/0x100
[ 8.255355] [ T124] ret_from_fork+0x18e/0x1c0
[ 8.255358] [ T124] ? kthreads_online_cpu+0x100/0x100
[ 8.255360] [ T124] ret_from_fork_asm+0x11/0x20
[ 8.255364] [ T124] </TASK>
[ 8.255365] [ T124] ---[ end trace 0000000000000000 ]---
The result of the bisection was this as the first bad commit:
1b708b38414d ("futex: Move futex_hash_free() back to __mmput()")
I reverted commit 1b708b38414d in next-20250829 and all the errors disappeared,
but do not know yet how all these errors are linked.
Bert Karwatzki
Powered by blists - more mailing lists