lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <YyGrVxN8HD9Bks0/@google.com>
Date:   Wed, 14 Sep 2022 19:22:15 +0900
From:   Sergey Senozhatsky <senozhatsky@...omium.org>
To:     Petr Mladek <pmladek@...e.com>,
        Steven Rostedt <rostedt@...dmis.org>,
        John Ogness <john.ogness@...utronix.de>,
        Peter Zijlstra <peterz@...radead.org>
Cc:     linux-kernel@...r.kernel.org, linux-perf-users@...r.kernel.org
Subject: next: possible circular locking dependency: perf vs printk

Hello folks,

The lockdep splat below is pretty interesting. If I understand it
correctly:

 a) perf invokes printk() under ctx lock. printk invokes up() on the
    semapthore, calls into the scheduler, which takes rq and pi locks.

Then we have a reverse path:

 b) scheduler takes rq lock and then invokes perf, which takes ctx lock.


[   14.301661] WARNING: possible circular locking dependency detected
[   14.301662] 6.0.0-rc5-next-20220914+ #79 Tainted: G                 N
[   14.301666] ------------------------------------------------------
[   14.301667] perf-exec/281 is trying to acquire lock:
[   14.301669] ffffffff82340cf8 ((console_sem).lock){-.-.}-{2:2}, at: down_trylock+0xf/0x30
[   14.301696] 
[   14.301696] but task is already holding lock:
[   14.301697] ffff888100b43020 (&ctx->lock){....}-{2:2}, at: perf_event_exec+0xa9/0x590
[   14.301714] 
[   14.301714] which lock already depends on the new lock.
[   14.301714] 
[   14.301715] 
[   14.301715] the existing dependency chain (in reverse order) is:
[   14.301717] 
[   14.301717] -> #3 (&ctx->lock){....}-{2:2}:
[   14.301722]        __lock_acquire+0x4b7/0xa00
[   14.301728]        lock_acquire+0xb1/0x290
[   14.301733]        _raw_spin_lock+0x2c/0x40
[   14.301743]        perf_event_context_sched_out+0x143/0x720
[   14.301750]        __perf_event_task_sched_out+0x50/0x140
[   14.301757]        prepare_task_switch+0x8a/0x1a0
[   14.301765]        __schedule+0x168/0x640
[   14.301770]        schedule+0x57/0xa0
[   14.301775]        io_schedule+0x42/0x70
[   14.301781]        folio_wait_bit_common+0x127/0x300
[   14.301787]        filemap_update_page+0x23b/0x260
[   14.301793]        filemap_get_pages+0x20a/0x340
[   14.301799]        filemap_read+0xc6/0x340
[   14.301805]        __kernel_read+0xe8/0x240
[   14.301813]        search_binary_handler+0x71/0x240
[   14.301821]        exec_binprm+0xac/0x2e0
[   14.301827]        bprm_execve+0x1ac/0x330
[   14.301833]        do_execveat_common.isra.0+0x1ad/0x220
[   14.301839]        __x64_sys_execve+0x32/0x40
[   14.301846]        do_syscall_64+0x34/0x80
[   14.301854]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   14.301859] 
[   14.301859] -> #2 (&rq->__lock){-.-.}-{2:2}:
[   14.301865]        __lock_acquire+0x4b7/0xa00
[   14.301869]        lock_acquire+0xb1/0x290
[   14.301873]        _raw_spin_lock_nested+0x2a/0x40
[   14.301880]        raw_spin_rq_lock_nested+0x11/0x20
[   14.301886]        task_fork_fair+0x43/0x150
[   14.301890]        sched_cgroup_fork+0xe3/0x100
[   14.301897]        copy_process+0xf42/0x1730
[   14.301905]        kernel_clone+0x9b/0x410
[   14.301910]        user_mode_thread+0x5b/0x80
[   14.301915]        rest_init+0x1e/0x160
[   14.301920]        arch_call_rest_init+0xa/0x10
[   14.301938]        start_kernel+0x5f9/0x61e
[   14.301943]        secondary_startup_64_no_verify+0xce/0xdb
[   14.301948] 
[   14.301948] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[   14.301954]        __lock_acquire+0x4b7/0xa00
[   14.301958]        lock_acquire+0xb1/0x290
[   14.301962]        _raw_spin_lock_irqsave+0x38/0x50
[   14.301969]        try_to_wake_up+0x53/0x4a0
[   14.301976]        up+0x40/0x60
[   14.301982]        __up_console_sem+0x48/0x60
[   14.301988]        console_unlock+0x132/0x210
[   14.301994]        vprintk_emit+0x12e/0x310
[   14.301999]        _printk+0x58/0x6f
[   14.302006]        addrconf_notify.cold+0x21/0x26
[   14.302014]        raw_notifier_call_chain+0x41/0x60
[   14.302021]        netdev_state_change+0x67/0x90
[   14.302028]        linkwatch_do_dev+0x54/0x70
[   14.302038]        __linkwatch_run_queue+0xe9/0x200
[   14.302043]        linkwatch_event+0x21/0x30
[   14.302047]        process_one_work+0x294/0x560
[   14.302052]        worker_thread+0x4c/0x3c0
[   14.302056]        kthread+0xd4/0x100
[   14.302063]        ret_from_fork+0x1f/0x30
[   14.302067] 
[   14.302067] -> #0 ((console_sem).lock){-.-.}-{2:2}:
[   14.302072]        check_prev_add+0x8f/0xbd0
[   14.302076]        validate_chain+0x571/0x830
[   14.302080]        __lock_acquire+0x4b7/0xa00
[   14.302084]        lock_acquire+0xb1/0x290
[   14.302088]        _raw_spin_lock_irqsave+0x38/0x50
[   14.302095]        down_trylock+0xf/0x30
[   14.302102]        __down_trylock_console_sem+0x23/0x90
[   14.302108]        vprintk_emit+0x107/0x310
[   14.302114]        _printk+0x58/0x6f
[   14.302119]        report_bug.cold+0x10/0x4b
[   14.302126]        handle_bug+0x3c/0x60
[   14.302133]        exc_invalid_op+0x13/0x60
[   14.302137]        asm_exc_invalid_op+0x16/0x20
[   14.302141]        perf_event_update_sibling_time+0x2d/0x100
[   14.302147]        perf_event_set_state+0x8e/0xa0
[   14.302152]        perf_event_exec+0x101/0x590
[   14.302159]        begin_new_exec+0x2d8/0x410
[   14.302165]        load_elf_binary+0x6c4/0xec0
[   14.302171]        search_binary_handler+0xbb/0x240
[   14.302176]        exec_binprm+0xac/0x2e0
[   14.302183]        bprm_execve+0x1ac/0x330
[   14.302188]        do_execveat_common.isra.0+0x1ad/0x220
[   14.302195]        __x64_sys_execve+0x32/0x40
[   14.302201]        do_syscall_64+0x34/0x80
[   14.302208]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   14.302217] 
[   14.302217] other info that might help us debug this:
[   14.302217] 
[   14.302218] Chain exists of:
[   14.302218]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[   14.302218] 
[   14.302224]  Possible unsafe locking scenario:
[   14.302224] 
[   14.302225]        CPU0                    CPU1
[   14.302226]        ----                    ----
[   14.302227]   lock(&ctx->lock);
[   14.302229]                                lock(&rq->__lock);
[   14.302232]                                lock(&ctx->lock);
[   14.302234]   lock((console_sem).lock);
[   14.302236] 
[   14.302236]  *** DEADLOCK ***
[   14.302236] 
[   14.302237] 4 locks held by perf-exec/281:
[   14.302241]  #0: ffff888105179808 (&sig->cred_guard_mutex){+.+.}-{3:3}, at: bprm_execve+0x38/0x330
[   14.302253]  #1: ffff8881051798a0 (&sig->exec_update_lock){++++}-{3:3}, at: exec_mmap+0x55/0x220
[   14.302264]  #2: ffff88813bbf0a78 (&cpuctx_lock){....}-{2:2}, at: perf_event_exec+0x98/0x590
[   14.302276]  #3: ffff888100b43020 (&ctx->lock){....}-{2:2}, at: perf_event_exec+0xa9/0x590
[   14.302287] 
[   14.302287] stack backtrace:
[   14.302289] CPU: 7 PID: 281 Comm: perf-exec Tainted: G                 N 6.0.0-rc5-next-20220914+ #79
[   14.302296] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
[   14.302303] Call Trace:
[   14.302306]  <TASK>
[   14.302309]  dump_stack_lvl+0x4c/0x5f
[   14.302318]  check_noncircular+0xfe/0x110
[   14.302325]  ? lock_acquire+0xb1/0x290
[   14.302332]  check_prev_add+0x8f/0xbd0
[   14.302336]  ? rcu_read_lock_sched_held+0x3b/0x70
[   14.302346]  validate_chain+0x571/0x830
[   14.302353]  __lock_acquire+0x4b7/0xa00
[   14.302361]  lock_acquire+0xb1/0x290
[   14.302366]  ? down_trylock+0xf/0x30
[   14.302377]  _raw_spin_lock_irqsave+0x38/0x50
[   14.302385]  ? down_trylock+0xf/0x30
[   14.302392]  down_trylock+0xf/0x30
[   14.302399]  ? _printk+0x58/0x6f
[   14.302404]  __down_trylock_console_sem+0x23/0x90
[   14.302411]  vprintk_emit+0x107/0x310
[   14.302418]  ? perf_event_update_sibling_time+0x2d/0x100
[   14.302425]  _printk+0x58/0x6f
[   14.302432]  ? restore_regs_and_return_to_kernel+0x22/0x22
[   14.302439]  report_bug.cold+0x10/0x4b
[   14.302448]  handle_bug+0x3c/0x60
[   14.302456]  exc_invalid_op+0x13/0x60
[   14.302461]  asm_exc_invalid_op+0x16/0x20
[   14.302466] RIP: 0010:perf_event_update_sibling_time+0x2d/0x100
[   14.302472] Code: 00 00 8b 0d 61 25 2c 01 53 48 89 fb 85 c9 74 1c 65 8b 05 16 92 e8 7e 85 c0 75 11 65 8b 05 27 90 e8 7e 85 c0 0f 84 a0 00 00 00 <0f> 0b 48 39 9b 90 00 00 00 74 02 5b c3 48 8b 43 10 48 83 e8 10 48
[   14.302477] RSP: 0018:ffffc90000defca8 EFLAGS: 00010097
[   14.302482] RAX: 0000000000000000 RBX: ffff888109602fb0 RCX: 0000000000000000
[   14.302486] RDX: 0000000000000000 RSI: ffff888100b430b0 RDI: ffff888105174688
[   14.302489] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000002
[   14.302492] R10: ffffc90000defb28 R11: 0000000000033c20 R12: ffff888109602fb0
[   14.302495] R13: 0000000000000000 R14: ffff888100b43108 R15: ffff888105173e00
[   14.302505]  ? perf_event_update_sibling_time+0xe5/0x100
[   14.302511]  perf_event_set_state+0x8e/0xa0
[   14.302517]  perf_event_exec+0x101/0x590
[   14.302529]  begin_new_exec+0x2d8/0x410
[   14.302535]  ? load_elf_phdrs+0x6c/0xb0
[   14.302541]  load_elf_binary+0x6c4/0xec0
[   14.302547]  ? find_held_lock+0x2b/0x80
[   14.302555]  ? search_binary_handler+0xb5/0x240
[   14.302561]  ? __lock_release.isra.0+0x61/0x150
[   14.302566]  ? search_binary_handler+0xb5/0x240
[   14.302572]  ? search_binary_handler+0xb5/0x240
[   14.302581]  search_binary_handler+0xbb/0x240
[   14.302588]  exec_binprm+0xac/0x2e0
[   14.302596]  bprm_execve+0x1ac/0x330
[   14.302604]  do_execveat_common.isra.0+0x1ad/0x220
[   14.302613]  __x64_sys_execve+0x32/0x40
[   14.302621]  do_syscall_64+0x34/0x80
[   14.302629]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   14.302633] RIP: 0033:0x7f3d4310c3c7
[   14.302663] Code: Unable to access opcode bytes at RIP 0x7f3d4310c39d.
[   14.302665] RSP: 002b:00007ffd90454038 EFLAGS: 00000202 ORIG_RAX: 000000000000003b
[   14.302671] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f3d4310c3c7
[   14.302674] RDX: 00005644b06bfc70 RSI: 00007ffd904592c0 RDI: 00007ffd90454040
[   14.302677] RBP: 00007ffd90454120 R08: 0000000000000fff R09: 00005644b06c00ce
[   14.302680] R10: 00007f3d430466d0 R11: 0000000000000202 R12: 00007ffd904592c0
[   14.302683] R13: 00005644b06bfc70 R14: 00007ffd9045ae4e R15: 00005644b06c00c6
[   14.302693]  </TASK>
[   14.512851] WARNING: CPU: 7 PID: 281 at kernel/events/core.c:655 perf_event_update_sibling_time+0x2d/0x100
[   14.515326] Modules linked in:
[   14.516128] CPU: 7 PID: 281 Comm: perf-exec Tainted: G                 N 6.0.0-rc5-next-20220914+ #79
[   14.518499] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
[   14.520964] RIP: 0010:perf_event_update_sibling_time+0x2d/0x100
[   14.522497] Code: 00 00 8b 0d 61 25 2c 01 53 48 89 fb 85 c9 74 1c 65 8b 05 16 92 e8 7e 85 c0 75 11 65 8b 05 27 90 e8 7e 85 c0 0f 84 a0 00 00 00 <0f> 0b 48 39 9b 90 00 00 00 74 02 5b c3 48 8b 43 10 48 83 e8 10 48
[   14.527303] RSP: 0018:ffffc90000defca8 EFLAGS: 00010097
[   14.528668] RAX: 0000000000000000 RBX: ffff888109602fb0 RCX: 0000000000000000
[   14.530499] RDX: 0000000000000000 RSI: ffff888100b430b0 RDI: ffff888105174688
[   14.532345] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000002
[   14.534168] R10: ffffc90000defb28 R11: 0000000000033c20 R12: ffff888109602fb0
[   14.536021] R13: 0000000000000000 R14: ffff888100b43108 R15: ffff888105173e00
[   14.537858] FS:  0000000000000000(0000) GS:ffff88813bbc0000(0000) knlGS:0000000000000000
[   14.539950] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   14.541429] CR2: 00007f3d4310c39d CR3: 0000000106080002 CR4: 0000000000770ee0
[   14.543269] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   14.545097] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   14.546927] PKRU: 55555554
[   14.547668] Call Trace:
[   14.548291]  <TASK>
[   14.548851]  perf_event_set_state+0x8e/0xa0
[   14.549939]  perf_event_exec+0x101/0x590
[   14.550953]  begin_new_exec+0x2d8/0x410
[   14.551968]  ? load_elf_phdrs+0x6c/0xb0
[   14.552975]  load_elf_binary+0x6c4/0xec0
[   14.553997]  ? find_held_lock+0x2b/0x80
[   14.555000]  ? search_binary_handler+0xb5/0x240
[   14.556188]  ? __lock_release.isra.0+0x61/0x150
[   14.557371]  ? search_binary_handler+0xb5/0x240
[   14.558540]  ? search_binary_handler+0xb5/0x240
[   14.559725]  search_binary_handler+0xbb/0x240
[   14.560869]  exec_binprm+0xac/0x2e0
[   14.561778]  bprm_execve+0x1ac/0x330
[   14.562705]  do_execveat_common.isra.0+0x1ad/0x220
[   14.563973]  __x64_sys_execve+0x32/0x40
[   14.564964]  do_syscall_64+0x34/0x80
[   14.565902]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   14.567214] RIP: 0033:0x7f3d4310c3c7
[   14.568168] Code: Unable to access opcode bytes at RIP 0x7f3d4310c39d.
[   14.569857] RSP: 002b:00007ffd90454038 EFLAGS: 00000202 ORIG_RAX: 000000000000003b
[   14.571817] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f3d4310c3c7
[   14.573656] RDX: 00005644b06bfc70 RSI: 00007ffd904592c0 RDI: 00007ffd90454040
[   14.575510] RBP: 00007ffd90454120 R08: 0000000000000fff R09: 00005644b06c00ce
[   14.577334] R10: 00007f3d430466d0 R11: 0000000000000202 R12: 00007ffd904592c0
[   14.579152] R13: 00005644b06bfc70 R14: 00007ffd9045ae4e R15: 00005644b06c00c6
[   14.580994]  </TASK>
[   14.581573] irq event stamp: 692
[   14.582416] hardirqs last  enabled at (691): [<ffffffff8106e474>] __local_bh_enable_ip+0x74/0xc0
[   14.584704] hardirqs last disabled at (692): [<ffffffff811a120e>] perf_event_exec+0x3fe/0x590
[   14.586886] softirqs last  enabled at (690): [<ffffffff8103018b>] fpu_flush_thread+0xbb/0x100
[   14.589082] softirqs last disabled at (688): [<ffffffff810300d5>] fpu_flush_thread+0x5/0x100
[   14.591246] ---[ end trace 0000000000000000 ]---

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ