| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Ys0Vym5SyBA5wqQj@xsang-OptiPlex-9020>
Date: Tue, 12 Jul 2022 14:33:46 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Gang Li <ligang.bdlg@...edance.com>
Cc: 0day robot <lkp@...el.com>, LKML <linux-kernel@...r.kernel.org>,
linux-s390@...r.kernel.org, linux-mm@...ck.org,
linux-fsdevel@...r.kernel.org, linux-perf-users@...r.kernel.org,
lkp@...ts.01.org, mhocko@...e.com, akpm@...ux-foundation.org,
surenb@...gle.com, Heiko Carstens <hca@...ux.ibm.com>,
Vasily Gorbik <gor@...ux.ibm.com>,
Alexander Gordeev <agordeev@...ux.ibm.com>,
Christian Borntraeger <borntraeger@...ux.ibm.com>,
Sven Schnelle <svens@...ux.ibm.com>,
Eric Biederman <ebiederm@...ssion.com>,
Kees Cook <keescook@...omium.org>,
Alexander Viro <viro@...iv.linux.org.uk>,
Peter Zijlstra <peterz@...radead.org>,
Ingo Molnar <mingo@...hat.com>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Jiri Olsa <jolsa@...nel.org>,
Namhyung Kim <namhyung@...nel.org>, rostedt@...dmis.org,
david@...hat.com, imbrenda@...ux.ibm.com, adobriyan@...il.com,
yang.yang29@....com.cn, brauner@...nel.org,
stephen.s.brennan@...cle.com, zhengqi.arch@...edance.com,
haolee.swjtu@...il.com, xu.xin16@....com.cn,
Liam.Howlett@...cle.com, ohoono.kwon@...sung.com,
peterx@...hat.com, arnd@...db.de, shy828301@...il.com,
alex.sierra@....com, xianting.tian@...ux.alibaba.com,
willy@...radead.org, ccross@...gle.com, vbabka@...e.cz,
sujiaxun@...ontech.com, sfr@...b.auug.org.au,
vasily.averin@...ux.dev, mgorman@...e.de, vvghjk1234@...il.com,
tglx@...utronix.de, luto@...nel.org, bigeasy@...utronix.de,
fenghua.yu@...el.com, Gang Li <ligang.bdlg@...edance.com>
Subject: [mm] c20f7bacef:
WARNING:possible_circular_locking_dependency_detected
Greeting,
FYI, we noticed the following commit (built with gcc-11):
commit: c20f7bacef67af52980742f564d2ddb9519e6b18 ("[PATCH v2 1/5] mm: add a new parameter `node` to `get/add/inc/dec_mm_counter`")
url: https://github.com/intel-lab-lkp/linux/commits/Gang-Li/mm-oom-Introduce-per-numa-node-oom-for-CONSTRAINT_-MEMORY_POLICY-CPUSET/20220708-162505
base: https://git.kernel.org/cgit/linux/kernel/git/akpm/mm.git mm-everything
patch link: https://lore.kernel.org/lkml/20220708082129.80115-2-ligang.bdlg@bytedance.com
in testcase: trinity
version: trinity-i386-4d2343bd-1_20200320
with following parameters:
runtime: 300s
group: group-00
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 153.358510][ T3796] WARNING: possible circular locking dependency detected
[ 153.362349][ T3796] 5.19.0-rc4-00459-gc20f7bacef67 #1 Tainted: G N
[ 153.366427][ T3796] ------------------------------------------------------
[ 153.370459][ T3796] trinity-c0/3796 is trying to acquire lock:
[ 153.374381][ T3796] ffffffff90b85a80 (fs_reclaim){+.+.}-{0:0}, at: __kmalloc (include/linux/sched/mm.h:272 mm/slab.h:723 mm/slub.c:3157 mm/slub.c:3251 mm/slub.c:4442)
[ 153.378606][ T3796]
[ 153.378606][ T3796] but task is already holding lock:
[ 153.385910][ T3796] ffff88817b7adbe8 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: unmap_mapping_range (mm/memory.c:3616 mm/memory.c:3654)
[ 153.390178][ T3796]
[ 153.390178][ T3796] which lock already depends on the new lock.
[ 153.390178][ T3796]
[ 153.400120][ T3796]
[ 153.400120][ T3796] the existing dependency chain (in reverse order) is:
[ 153.406931][ T3796]
[ 153.406931][ T3796] -> #1 (&mapping->i_mmap_rwsem){++++}-{3:3}:
[ 153.413287][ T3796] __lock_acquire (kernel/locking/lockdep.c:5053)
[ 153.416541][ T3796] lock_acquire (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5667 kernel/locking/lockdep.c:5630)
[ 153.419765][ T3796] down_write (include/linux/instrumented.h:101 include/linux/atomic/atomic-instrumented.h:1779 kernel/locking/rwsem.c:255 kernel/locking/rwsem.c:1286 kernel/locking/rwsem.c:1296 kernel/locking/rwsem.c:1543)
[ 153.422840][ T3796] dma_resv_lockdep (include/linux/fs.h:462 drivers/dma-buf/dma-resv.c:755)
[ 153.430008][ T3796] do_one_initcall (init/main.c:1300)
[ 153.433077][ T3796] do_initcalls (init/main.c:1374 init/main.c:1391)
[ 153.436058][ T3796] kernel_init_freeable (init/main.c:1621)
[ 153.438917][ T3796] kernel_init (init/main.c:1508)
[ 153.441729][ T3796] ret_from_fork (arch/x86/entry/entry_64.S:308)
[ 153.444438][ T3796]
[ 153.444438][ T3796] -> #0 (fs_reclaim){+.+.}-{0:0}:
[ 153.449538][ T3796] check_prev_add (kernel/locking/lockdep.c:3096)
[ 153.452347][ T3796] validate_chain (kernel/locking/lockdep.c:3215 kernel/locking/lockdep.c:3829)
[ 153.455054][ T3796] __lock_acquire (kernel/locking/lockdep.c:5053)
[ 153.460465][ T3796] lock_acquire (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5667 kernel/locking/lockdep.c:5630)
[ 153.463055][ T3796] fs_reclaim_acquire (mm/page_alloc.c:4674 mm/page_alloc.c:4687)
[ 153.465635][ T3796] __kmalloc (include/linux/sched/mm.h:272 mm/slab.h:723 mm/slub.c:3157 mm/slub.c:3251 mm/slub.c:4442)
[ 153.468003][ T3796] zap_pte_range (include/linux/slab.h:640 include/linux/slab.h:671 mm/memory.c:1443)
[ 153.470465][ T3796] zap_pmd_range+0x218/0x600
[ 153.472982][ T3796] unmap_page_range (mm/memory.c:1642 mm/memory.c:1663 mm/memory.c:1684)
[ 153.475441][ T3796] zap_page_range_single (include/linux/mmu_notifier.h:481 mm/memory.c:1828)
[ 153.477934][ T3796] unmap_mapping_range (mm/memory.c:3545 mm/memory.c:3617 mm/memory.c:3654)
[ 153.480478][ T3796] shmem_fallocate (mm/shmem.c:2696)
[ 153.482951][ T3796] vfs_fallocate (fs/open.c:323)
[ 153.485354][ T3796] madvise_vma_behavior (mm/madvise.c:979 mm/madvise.c:1000)
[ 153.487881][ T3796] do_madvise (mm/page_io.c:401 (discriminator 3))
[ 153.490238][ T3796] __ia32_sys_madvise (mm/madvise.c:1421)
[ 153.492660][ T3796] __do_fast_syscall_32 (arch/x86/entry/common.c:112 arch/x86/entry/common.c:178)
[ 153.495107][ T3796] do_fast_syscall_32 (arch/x86/entry/common.c:203)
[ 153.499080][ T3796] entry_SYSENTER_compat_after_hwframe (arch/x86/entry/entry_64_compat.S:117)
[ 153.501696][ T3796]
[ 153.501696][ T3796] other info that might help us debug this:
[ 153.501696][ T3796]
[ 153.508293][ T3796] Possible unsafe locking scenario:
[ 153.508293][ T3796]
[ 153.512679][ T3796] CPU0 CPU1
[ 153.515107][ T3796] ---- ----
[ 153.517452][ T3796] lock(&mapping->i_mmap_rwsem);
[ 153.519875][ T3796] lock(fs_reclaim);
[ 153.522376][ T3796] lock(&mapping->i_mmap_rwsem);
[ 153.524846][ T3796] lock(fs_reclaim);
[ 153.527244][ T3796]
[ 153.527244][ T3796] *** DEADLOCK ***
[ 153.527244][ T3796]
[ 153.539913][ T3796] 3 locks held by trinity-c0/3796:
[ 153.542060][ T3796] #0: ffff888100198448 (sb_writers#6){.+.+}-{0:0}, at: madvise_vma_behavior (mm/madvise.c:979 mm/madvise.c:1000)
[ 153.544779][ T3796] #1: ffff88817b7ad998 (&sb->s_type->i_mutex_key#9){+.+.}-{3:3}, at: shmem_fallocate (mm/shmem.c:2679)
[ 153.550190][ T3796] #2: ffff88817b7adbe8 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: unmap_mapping_range (mm/memory.c:3616 mm/memory.c:3654)
[ 153.553014][ T3796]
[ 153.553014][ T3796] stack backtrace:
[ 153.556815][ T3796] CPU: 0 PID: 3796 Comm: trinity-c0 Tainted: G N 5.19.0-rc4-00459-gc20f7bacef67 #1
[ 153.559828][ T3796] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
[ 153.562943][ T3796] Call Trace:
[ 153.565082][ T3796] <TASK>
[ 153.567138][ T3796] dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4))
[ 153.571950][ T3796] check_noncircular (kernel/locking/lockdep.c:2175)
[ 153.574391][ T3796] ? print_circular_bug (kernel/locking/lockdep.c:2154)
[ 153.576822][ T3796] ? perf_output_begin (kernel/events/ring_buffer.c:261 kernel/events/ring_buffer.c:283)
[ 153.579355][ T3796] ? perf_event_update_userpage (include/linux/rcupdate.h:274 include/linux/rcupdate.h:728 kernel/events/core.c:5860)
[ 153.582038][ T3796] check_prev_add (kernel/locking/lockdep.c:3096)
[ 153.584430][ T3796] ? unwind_next_frame (arch/x86/kernel/unwind_orc.c:355 arch/x86/kernel/unwind_orc.c:600)
[ 153.586886][ T3796] validate_chain (kernel/locking/lockdep.c:3215 kernel/locking/lockdep.c:3829)
[ 153.589168][ T3796] ? check_prev_add (kernel/locking/lockdep.c:3785)
[ 153.591576][ T3796] ? unwind_get_return_address (arch/x86/kernel/unwind_orc.c:318 arch/x86/kernel/unwind_orc.c:313)
[ 153.594073][ T3796] ? create_prof_cpu_mask (kernel/stacktrace.c:83)
[ 153.596534][ T3796] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:26)
[ 153.599822][ T3796] __lock_acquire (kernel/locking/lockdep.c:5053)
[ 153.602354][ T3796] lock_acquire (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5667 kernel/locking/lockdep.c:5630)
[ 153.604750][ T3796] ? __kmalloc (include/linux/sched/mm.h:272 mm/slab.h:723 mm/slub.c:3157 mm/slub.c:3251 mm/slub.c:4442)
[ 153.607125][ T3796] ? rcu_read_unlock (include/linux/rcupdate.h:724 (discriminator 5))
[ 153.613644][ T3796] ? check_prev_add (kernel/locking/lockdep.c:3175)
[ 153.616210][ T3796] fs_reclaim_acquire (mm/page_alloc.c:4674 mm/page_alloc.c:4687)
[ 153.618603][ T3796] ? __kmalloc (include/linux/sched/mm.h:272 mm/slab.h:723 mm/slub.c:3157 mm/slub.c:3251 mm/slub.c:4442)
[ 153.620990][ T3796] ? zap_pte_range (include/linux/slab.h:640 include/linux/slab.h:671 mm/memory.c:1443)
[ 153.623423][ T3796] __kmalloc (include/linux/sched/mm.h:272 mm/slab.h:723 mm/slub.c:3157 mm/slub.c:3251 mm/slub.c:4442)
[ 153.625784][ T3796] zap_pte_range (include/linux/slab.h:640 include/linux/slab.h:671 mm/memory.c:1443)
[ 153.628074][ T3796] ? trace_hardirqs_on (kernel/trace/trace_preemptirq.c:50 (discriminator 22))
[ 153.630495][ T3796] ? copy_pte_range (mm/memory.c:1434)
[ 153.632873][ T3796] zap_pmd_range+0x218/0x600
[ 153.635329][ T3796] ? __lock_release (kernel/locking/lockdep.c:5341)
[ 153.637622][ T3796] unmap_page_range (mm/memory.c:1642 mm/memory.c:1663 mm/memory.c:1684)
[ 153.639995][ T3796] zap_page_range_single (include/linux/mmu_notifier.h:481 mm/memory.c:1828)
[ 153.642445][ T3796] ? unmap_single_vma (mm/memory.c:1817)
[ 153.644839][ T3796] ? lock_is_held_type (kernel/locking/lockdep.c:5406 kernel/locking/lockdep.c:5708)
[ 153.647197][ T3796] ? down_read (arch/x86/include/asm/atomic64_64.h:34 include/linux/atomic/atomic-long.h:41 include/linux/atomic/atomic-instrumented.h:1280 kernel/locking/rwsem.c:171 kernel/locking/rwsem.c:176 kernel/locking/rwsem.c:244 kernel/locking/rwsem.c:1241 kernel/locking/rwsem.c:1251 kernel/locking/rwsem.c:1491)
[ 153.649549][ T3796] ? rwsem_down_read_slowpath (kernel/locking/rwsem.c:1487)
[ 153.652052][ T3796] ? shmem_fallocate (mm/shmem.c:2679)
[ 153.654434][ T3796] ? __lock_release (kernel/locking/lockdep.c:5341)
[ 153.656767][ T3796] unmap_mapping_range (mm/memory.c:3545 mm/memory.c:3617 mm/memory.c:3654)
[ 153.659179][ T3796] ? do_raw_spin_lock (arch/x86/include/asm/atomic.h:202 include/linux/atomic/atomic-instrumented.h:543 include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:115)
[ 153.661589][ T3796] ? __do_fault (mm/memory.c:3642)
[ 153.663943][ T3796] ? shmem_fallocate (mm/shmem.c:2679)
[ 153.666368][ T3796] shmem_fallocate (mm/shmem.c:2696)
[ 153.668748][ T3796] ? check_prev_add (kernel/locking/lockdep.c:3785)
[ 153.671195][ T3796] ? shmem_get_link (mm/shmem.c:2663)
[ 153.673509][ T3796] ? __lock_acquire (kernel/locking/lockdep.c:5053)
[ 153.675897][ T3796] ? lock_is_held_type (kernel/locking/lockdep.c:5406 kernel/locking/lockdep.c:5708)
[ 153.678193][ T3796] vfs_fallocate (fs/open.c:323)
[ 153.680381][ T3796] madvise_vma_behavior (mm/madvise.c:979 mm/madvise.c:1000)
[ 153.682707][ T3796] ? force_shm_swapin_readahead (mm/madvise.c:993)
[ 153.685060][ T3796] ? vm_unmapped_area (mm/mmap.c:1873)
[ 153.687235][ T3796] ? find_held_lock (kernel/locking/lockdep.c:5156)
[ 153.689312][ T3796] ? __task_pid_nr_ns (include/linux/rcupdate.h:274 include/linux/rcupdate.h:728 kernel/pid.c:501)
[ 153.691439][ T3796] do_madvise (mm/page_io.c:401 (discriminator 3))
[ 153.693571][ T3796] ? madvise_vma_behavior (mm/madvise.c:1368)
[ 153.695803][ T3796] ? lock_is_held_type (kernel/locking/lockdep.c:5406 kernel/locking/lockdep.c:5708)
[ 153.697942][ T3796] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4526)
[ 153.700274][ T3796] __ia32_sys_madvise (mm/madvise.c:1421)
[ 153.702357][ T3796] ? trace_hardirqs_on (kernel/trace/trace_preemptirq.c:50 (discriminator 22))
[ 153.704454][ T3796] __do_fast_syscall_32 (arch/x86/entry/common.c:112 arch/x86/entry/common.c:178)
[ 153.706651][ T3796] ? __do_fast_syscall_32 (arch/x86/entry/common.c:183)
[ 153.708853][ T3796] ? __do_fast_syscall_32 (arch/x86/entry/common.c:183)
[ 153.715186][ T3796] ? __do_fast_syscall_32 (arch/x86/entry/common.c:183)
[ 153.717275][ T3796] ? __do_fast_syscall_32 (arch/x86/entry/common.c:183)
[ 153.719353][ T3796] ? __do_fast_syscall_32 (arch/x86/entry/common.c:183)
[ 153.721475][ T3796] ? __do_fast_syscall_32 (arch/x86/entry/common.c:183)
[ 153.723630][ T3796] do_fast_syscall_32 (arch/x86/entry/common.c:203)
[ 153.725671][ T3796] entry_SYSENTER_compat_after_hwframe (arch/x86/entry/entry_64_compat.S:117)
[ 153.727911][ T3796] RIP: 0023:0xf7f40549
[ 153.729935][ T3796] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
All code
========
0: 03 74 c0 01 add 0x1(%rax,%rax,8),%esi
4: 10 05 03 74 b8 01 adc %al,0x1b87403(%rip) # 0x1b8740d
a: 10 06 adc %al,(%rsi)
c: 03 74 b4 01 add 0x1(%rsp,%rsi,4),%esi
10: 10 07 adc %al,(%rdi)
12: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi
16: 10 08 adc %cl,(%rax)
18: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi
1c: 00 00 add %al,(%rax)
1e: 00 00 add %al,(%rax)
20: 00 51 52 add %dl,0x52(%rcx)
23: 55 push %rbp
24: 89 e5 mov %esp,%ebp
26: 0f 34 sysenter
To reproduce:
# build kernel
cd linux
cp config-5.19.0-rc4-00459-gc20f7bacef67 .config
make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config-5.19.0-rc4-00459-gc20f7bacef67" of type "text/plain" (168499 bytes)
View attachment "job-script" of type "text/plain" (4708 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (20828 bytes)
View attachment "trinity" of type "text/plain" (7534 bytes)
Powered by blists - more mailing lists