| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Apr 2020 23:39:48 -0400
From: Qian Cai <cai@....pw>
To: "paul E. McKenney" <paulmck@...nel.org>
Cc: LKML <linux-kernel@...r.kernel.org>, Tejun Heo <tj@...nel.org>,
"Peter Zijlstra (Intel)" <peterz@...radead.org>
Subject: Re: rcu_barrier() + membarrier() + scheduler deadlock?
> On Apr 29, 2020, at 11:22 PM, Paul E. McKenney <paulmck@...nel.org> wrote:
>
> On Wed, Apr 29, 2020 at 11:00:58PM -0400, Qian Cai wrote:
>> Doing some fuzzers on many CPUs triggers a deadlock really quickly. I can see that there were several tasks had been stuck for a while,
>>
>> CPUA:
>> slab_caches_to_rcu_destroy_workfn()
>> rcu_barrier()
>> wait_for_completion()
>>
>> CPUB:
>> sched_setaffinity()
>> __set_cpus_allowed_ptr()
>> stop_one_cpu()
>>
>> CPUC:
>> __x64_sys_membarrier
>> synchronize_rcu()
>> __wait_rcu_gp()
>> wait_for_completion()
>>
>> Lockdep did not flag anything useful at all. Any clue?
>
> CPUA and CPUC are most likely both waiting for a grace period to complete.
>
> CPUA will be blocking CPU hotplug (get_online_cpus()) in case that
> matters. I am not seeing any obvious wait for an RCU grace period
> in CPUB.
>
> But which task's affinity is being set? That of the grace-period kthread?
I am not sure. One of task's sched_setaffinity() can’t die, so here is the log from that task.
# grep setaffinity rootfs/tmp/trinity-child20.log
[child20:131] [313] sched_setaffinity(pid=0, len=0x13939393, user_mask_ptr=0x7fa3d7c37000) = -1 (Bad address)
[child20:131] [574] sched_setaffinity(pid=196, len=0xf000, user_mask_ptr=0x8) = -1 (Bad address)
[child20:131] [589] sched_setaffinity(pid=0, len=100, user_mask_ptr=0x1) = -1 (Bad address)
[child20:131] [615] sched_setaffinity(pid=0, len=1, user_mask_ptr=0x8) = -1 (Bad address)
[child20:589] [17] sched_setaffinity(pid=0, len=8, user_mask_ptr=0x7fa3d7c39000) = -1 (Invalid argument)
[child20:589] [346] sched_setaffinity(pid=0, len=167, user_mask_ptr=0x1) = -1 (Bad address)
[child20:926] [44] sched_setaffinity(pid=0, len=4096, user_mask_ptr=0x7fa3d7c3c000) = -1 (Invalid argument)
[child20:926] [124] sched_setaffinity(pid=0, len=1, user_mask_ptr=0x7fa3d7c38000) = 0
[child20:1007] [217] sched_setaffinity(pid=0, len=4096, user_mask_ptr=0x7fa3d7c38000) = 0
[child20:1007] [235] sched_setaffinity(pid=0, len=8, user_mask_ptr=0x0) = -1 (Bad address)
[child20:1122] [63] sched_setaffinity(pid=0, len=777, user_mask_ptr=0x4) = -1 (Bad address)
[child20:1122] [509] sched_setaffinity(pid=0, len=4096, user_mask_ptr=0x7fa3d803c000) = 0
[child20:1122] [902] sched_setaffinity(pid=1750, len=1, user_mask_ptr=0x8) = -1 (Bad address)
[child20:1824] [57] sched_setaffinity(pid=1723, len=0x1fa56, user_mask_ptr=0x1) = -1 (Bad address)
[child20:1853] [92] sched_setaffinity(pid=1741, len=4096, user_mask_ptr=0x7fa3d843c000) = 0
[child20:2058] [114] sched_setaffinity(pid=2019, len=23, user_mask_ptr=0x8) = -1 (Bad address)
> If not, are there rcuo kthreads present? Either way, preventing any of
I did not catch that. I might just be that workqueue was unable to handle fuzzers loads on many CPUs. I had another 32-CPU server stuck in flush_work(). Not sure if it is related.
> RCU's kthreads from running could block potentially both CPUA and CPUC.
> Though in the case of the grace-period kthread, I would expect to see
> an RCU CPU stall warning.
>
> Could you please share your .config?
https://raw.githubusercontent.com/cailca/linux-mm/master/x86.config
[53294.651754][T149877] futex_wake_op: trinity-c25 tries to shift op by -17; fix this program
[53323.947396][T150988] futex_wake_op: trinity-c6 tries to shift op by -5; fix this program
[53458.295837][ T215] INFO: task kworker/u64:0:8 blocked for more than 122 seconds.
[53458.304063][ T215] Tainted: G O L 5.7.0-rc3-next-20200429 #1
[53458.311568][ T215] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[53458.320190][ T215] kworker/u64:0 D10584 8 2 0x90004000
[53458.326668][ T215] Workqueue: netns cleanup_net
[53458.331330][ T215] Call Trace:
[53458.334510][ T215] __schedule+0x47b/0xa50
[53458.338765][ T215] ? wait_for_completion+0x80/0x120
[53458.343920][ T215] schedule+0x59/0xd0
[53458.348013][ T215] schedule_timeout+0x10a/0x150
[53458.352762][ T215] ? wait_for_completion+0x80/0x120
[53458.357881][ T215] ? _raw_spin_unlock_irq+0x30/0x40
[53458.362997][ T215] ? trace_hardirqs_on+0x22/0x100
[53458.367948][ T215] ? wait_for_completion+0x80/0x120
[53458.373195][ T215] wait_for_completion+0xb4/0x120
[53458.378149][ T215] __flush_work+0x3ff/0x6e0
[53458.382586][ T215] ? init_pwq+0x210/0x210
[53458.386840][ T215] flush_work+0x20/0x30
[53458.390891][ T215] rollback_registered_many+0x3d6/0x950
[53458.396438][ T215] ? mark_held_locks+0x4e/0x80
[53458.401339][ T215] unregister_netdevice_many+0x5d/0x200
[53458.406816][ T215] default_device_exit_batch+0x213/0x240
[53458.412348][ T215] ? do_wait_intr_irq+0xe0/0xe0
[53458.417225][ T215] ? dev_change_net_namespace+0x6d0/0x6d0
[53458.423000][ T215] ops_exit_list+0xa2/0xc0
[53458.427367][ T215] cleanup_net+0x3d0/0x600
[53458.431778][ T215] process_one_work+0x560/0xba0
[53458.436629][ T215] worker_thread+0x80/0x5f0
[53458.441078][ T215] ? process_scheduled_works+0x90/0x90
[53458.446485][ T215] kthread+0x1de/0x200
[53458.450600][ T215] ? kthread_unpark+0xd0/0xd0
[53458.455227][ T215] ret_from_fork+0x27/0x50
[53458.460332][ T215] INFO: task trinity-c17:150651 blocked for more than 123 seconds.
[53458.468180][ T215] Tainted: G O L 5.7.0-rc3-next-20200429 #1
[53458.475924][ T215] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[53458.484511][ T215] trinity-c17 D12312 150651 93301 0x10000004
[53458.490862][ T215] Call Trace:
[53458.494039][ T215] __schedule+0x47b/0xa50
[53458.498452][ T215] schedule+0x59/0xd0
[53458.502376][ T215] schedule_preempt_disabled+0x15/0x20
[53458.507809][ T215] __mutex_lock+0x6f2/0xbf0
[53458.512296][ T215] ? rtnl_lock+0x20/0x30
[53458.516484][ T215] mutex_lock_nested+0x31/0x40
[53458.521157][ T215] ? mutex_lock_nested+0x31/0x40
[53458.526195][ T215] rtnl_lock+0x20/0x30
[53458.530251][ T215] do_ip_setsockopt.isra.12+0xec/0x1b90
[53458.535875][ T215] ? find_held_lock+0x35/0xa0
[53458.540603][ T215] ? rb_insert_color+0x10f/0x390
[53458.545436][ T215] ? lock_acquire+0xcd/0x450
[53458.550126][ T215] ? find_held_lock+0x35/0xa0
[53458.554717][ T215] ? __cgroup_bpf_prog_array_is_empty+0x121/0x230
[53458.561127][ T215] ip_setsockopt+0x3e/0x90
[53458.565511][ T215] udp_setsockopt+0x49/0x80
[53458.570059][ T215] sock_common_setsockopt+0x6d/0x90
[53458.575303][ T215] __sys_setsockopt+0x194/0x2e0
[53458.580128][ T215] __x64_sys_setsockopt+0x70/0x90
[53458.585066][ T215] do_syscall_64+0x91/0xb10
[53458.589504][ T215] ? perf_call_bpf_enter+0x120/0x120
[53458.594741][ T215] ? trace_hardirqs_off_thunk+0x1a/0x1c
[53458.600467][ T215] entry_SYSCALL_64_after_hwframe+0x49/0xb3
[53458.606296][ T215] RIP: 0033:0x7f2cbe1b270d
[53458.610611][ T215] Code: Bad RIP value.
[53458.614570][ T215] RSP: 002b:00007ffe6a4b18d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[53458.623094][ T215] RAX: ffffffffffffffda RBX: 0000000000000036 RCX: 00007f2cbe1b270d
[53458.631024][ T215] RDX: 000000000000002a RSI: 0000000000000000 RDI: 0000000000000060
[53458.638954][ T215] RBP: 0000000000000036 R08: 0000000000000088 R09: 00000000000000f0
[53458.647044][ T215] R10: 00000000025557f0 R11: 0000000000000246 R12: 0000000000000002
[53458.654960][ T215] R13: 00007f2cbcaeb058 R14: 00007f2cbe0716c0 R15: 00007f2cbcaeb000
[53458.662899][ T215] INFO: task trinity-c10:150896 blocked for more than 123 seconds.
[53458.670757][ T215] Tainted: G O L 5.7.0-rc3-next-20200429 #1
[53458.678380][ T215] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[53458.687007][ T215] trinity-c10 D11512 150896 93301 0x10000004
[53458.693334][ T215] Call Trace:
[53458.696545][ T215] __schedule+0x47b/0xa50
[53458.700944][ T215] schedule+0x59/0xd0
[53458.704817][ T215] schedule_preempt_disabled+0x15/0x20
[53458.710246][ T215] __mutex_lock+0x6f2/0xbf0
[53458.714686][ T215] ? rtnl_lock+0x20/0x30
[53458.718851][ T215] mutex_lock_nested+0x31/0x40
[53458.723649][ T215] ? mutex_lock_nested+0x31/0x40
[53458.728556][ T215] rtnl_lock+0x20/0x30
[53458.732520][ T215] do_ip_setsockopt.isra.12+0xec/0x1b90
[53458.737998][ T215] ? find_held_lock+0x35/0xa0
[53458.742646][ T215] ? rb_insert_color+0x10f/0x390
[53458.747672][ T215] ? lock_acquire+0xcd/0x450
[53458.752236][ T215] ? find_held_lock+0x35/0xa0
[53458.756847][ T215] ? __cgroup_bpf_prog_array_is_empty+0x121/0x230
[53458.763169][ T215] ip_setsockopt+0x3e/0x90
[53458.767509][ T215] udp_setsockopt+0x49/0x80
[53458.772061][ T215] sock_common_setsockopt+0x6d/0x90
[53458.777192][ T215] __sys_setsockopt+0x194/0x2e0
[53458.781976][ T215] __x64_sys_setsockopt+0x70/0x90
[53458.786994][ T215] do_syscall_64+0x91/0xb10
[53458.791460][ T215] ? perf_call_bpf_enter+0x120/0x120
[53458.797008][ T215] ? trace_hardirqs_off_thunk+0x1a/0x1c
[53458.802523][ T215] entry_SYSCALL_64_after_hwframe+0x49/0xb3
[53458.808368][ T215] RIP: 0033:0x7f2cbe1b270d
[53458.812678][ T215] Code: Bad RIP value.
[53458.816669][ T215] RSP: 002b:00007ffe6a4b18d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[53458.825143][ T215] RAX: ffffffffffffffda RBX: 0000000000000036 RCX: 00007f2cbe1b270d
[53458.833070][ T215] RDX: 000000000000002c RSI: 0000000000000000 RDI: 000000000000005c
[53458.840997][ T215] RBP: 0000000000000036 R08: 0000000000000108 R09: 00000000b5b5b5b5
[53458.849155][ T215] R10: 000000000255b5a0 R11: 0000000000000246 R12: 0000000000000002
[53458.857072][ T215] R13: 00007f2cbcb1c058 R14: 00007f2cbe0716c0 R15: 00007f2cbcb1c000
[53458.865076][ T215]
[53458.865076][ T215] Showing all locks held in the system:
[53458.872936][ T215] 5 locks held by kworker/u64:0/8:
[53458.878066][ T215] #0: ffff95b4734e4538 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x454/0xba0
[53458.888191][ T215] #1: ffffa459431abe18 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x454/0xba0
[53458.898177][ T215] #2: ffffffff955917b0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x6d/0x600
[53458.907469][ T215] #3: ffffffff955975a8 (rtnl_mutexl_mutex){+.+.}-{3:3}, at: rtnl_lock_killable+0x21/0x30
[53459.304598][ T215] 1 lock held by trinity-c17/150651:
[53459.309827][ T215] #0: ffffffff955975a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock+0x20/0x30
[53459.318343][ T215] 2 locks held by trinity-c11/150712:
[53459.323744][ T215] #0: ffffffff955917b0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x15c/0x26e
[53459.333092][ T215] #1: ffffffff955975a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock_killable+0x21/0x30
[53459.342364][ T215] 2 locks held by trinity-c7/150739:
[53459.347768][ T215] #0: ffffffff955917b0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x15c/0x26e
[53459.357179][ T215] #1: ffffffff955975a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock_killable+0x21/0x30
[53459.366479][ T215] 2 locks held by trinity-c15/150758:
[53459.372006][ T215] #0: ffffffff955917b0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x15c/0x26e
[53459.381398][ T215] #1: ffffffff955975a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock_killable+0x21/0x30
Powered by blists - more mailing lists