Unable to build in WSL ubuntu #6
Comments
thehajime
pushed a commit
that referenced
this issue
Feb 23, 2017
The ucounts_lock is being used to protect various ucounts lifecycle management functionalities. However, those services can also be invoked when a pidns is being freed in an RCU callback (e.g. softirq context). This can lead to deadlocks. There were already efforts trying to prevent similar deadlocks in add7c65 ("pid: fix lockdep deadlock warning due to ucount_lock"), however they just moved the context from hardirq to softrq. Fix this issue once and for all by explictly making the lock disable irqs altogether. Dmitry Vyukov <[email protected]> reported: > I've got the following deadlock report while running syzkaller fuzzer > on eec0d3d of linux-next (on odroid > device if it matters): > > ================================= > [ INFO: inconsistent lock state ] > 4.10.0-rc3-next-20170112-xc2-dirty #6 Not tainted > --------------------------------- > inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. > swapper/2/0 [HC0[0]:SC1[1]:HE1:SE0] takes: > (ucounts_lock){+.?...}, at: [< inline >] spin_lock > ./include/linux/spinlock.h:302 > (ucounts_lock){+.?...}, at: [<ffff2000081678c8>] > put_ucounts+0x60/0x138 kernel/ucount.c:162 > {SOFTIRQ-ON-W} state was registered at: > [<ffff2000081c82d8>] mark_lock+0x220/0xb60 kernel/locking/lockdep.c:3054 > [< inline >] mark_irqflags kernel/locking/lockdep.c:2941 > [<ffff2000081c97a8>] __lock_acquire+0x388/0x3260 kernel/locking/lockdep.c:3295 > [<ffff2000081cce24>] lock_acquire+0xa4/0x138 kernel/locking/lockdep.c:3753 > [< inline >] __raw_spin_lock ./include/linux/spinlock_api_smp.h:144 > [<ffff200009798128>] _raw_spin_lock+0x90/0xd0 kernel/locking/spinlock.c:151 > [< inline >] spin_lock ./include/linux/spinlock.h:302 > [< inline >] get_ucounts kernel/ucount.c:131 > [<ffff200008167c28>] inc_ucount+0x80/0x6c8 kernel/ucount.c:189 > [< inline >] inc_mnt_namespaces fs/namespace.c:2818 > [<ffff200008481850>] alloc_mnt_ns+0x78/0x3a8 fs/namespace.c:2849 > [<ffff200008487298>] create_mnt_ns+0x28/0x200 fs/namespace.c:2959 > [< inline >] init_mount_tree fs/namespace.c:3199 > [<ffff200009bd6674>] mnt_init+0x258/0x384 fs/namespace.c:3251 > [<ffff200009bd60bc>] vfs_caches_init+0x6c/0x80 fs/dcache.c:3626 > [<ffff200009bb1114>] start_kernel+0x414/0x460 init/main.c:648 > [<ffff200009bb01e8>] __primary_switched+0x6c/0x70 arch/arm64/kernel/head.S:456 > irq event stamp: 2316924 > hardirqs last enabled at (2316924): [< inline >] rcu_do_batch > kernel/rcu/tree.c:2911 > hardirqs last enabled at (2316924): [< inline >] > invoke_rcu_callbacks kernel/rcu/tree.c:3182 > hardirqs last enabled at (2316924): [< inline >] > __rcu_process_callbacks kernel/rcu/tree.c:3149 > hardirqs last enabled at (2316924): [<ffff200008210414>] > rcu_process_callbacks+0x7a4/0xc28 kernel/rcu/tree.c:3166 > hardirqs last disabled at (2316923): [< inline >] rcu_do_batch > kernel/rcu/tree.c:2900 > hardirqs last disabled at (2316923): [< inline >] > invoke_rcu_callbacks kernel/rcu/tree.c:3182 > hardirqs last disabled at (2316923): [< inline >] > __rcu_process_callbacks kernel/rcu/tree.c:3149 > hardirqs last disabled at (2316923): [<ffff20000820fe80>] > rcu_process_callbacks+0x210/0xc28 kernel/rcu/tree.c:3166 > softirqs last enabled at (2316912): [<ffff20000811b4c4>] > _local_bh_enable+0x4c/0x80 kernel/softirq.c:155 > softirqs last disabled at (2316913): [< inline >] > do_softirq_own_stack ./include/linux/interrupt.h:488 > softirqs last disabled at (2316913): [< inline >] > invoke_softirq kernel/softirq.c:371 > softirqs last disabled at (2316913): [<ffff20000811c994>] > irq_exit+0x264/0x308 kernel/softirq.c:405 > > other info that might help us debug this: > Possible unsafe locking scenario: > > CPU0 > ---- > lock(ucounts_lock); > <Interrupt> > lock(ucounts_lock); > > *** DEADLOCK *** > > 1 lock held by swapper/2/0: > #0: (rcu_callback){......}, at: [< inline >] __rcu_reclaim > kernel/rcu/rcu.h:108 > #0: (rcu_callback){......}, at: [< inline >] rcu_do_batch > kernel/rcu/tree.c:2919 > #0: (rcu_callback){......}, at: [< inline >] > invoke_rcu_callbacks kernel/rcu/tree.c:3182 > #0: (rcu_callback){......}, at: [< inline >] > __rcu_process_callbacks kernel/rcu/tree.c:3149 > #0: (rcu_callback){......}, at: [<ffff200008210390>] > rcu_process_callbacks+0x720/0xc28 kernel/rcu/tree.c:3166 > > stack backtrace: > CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.10.0-rc3-next-20170112-xc2-dirty #6 > Hardware name: Hardkernel ODROID-C2 (DT) > Call trace: > [<ffff20000808fa60>] dump_backtrace+0x0/0x440 arch/arm64/kernel/traps.c:500 > [<ffff20000808fec0>] show_stack+0x20/0x30 arch/arm64/kernel/traps.c:225 > [<ffff2000088a99e0>] dump_stack+0x110/0x168 > [<ffff2000082fa2b4>] print_usage_bug.part.27+0x49c/0x4bc > kernel/locking/lockdep.c:2387 > [< inline >] print_usage_bug kernel/locking/lockdep.c:2357 > [< inline >] valid_state kernel/locking/lockdep.c:2400 > [< inline >] mark_lock_irq kernel/locking/lockdep.c:2617 > [<ffff2000081c89ec>] mark_lock+0x934/0xb60 kernel/locking/lockdep.c:3065 > [< inline >] mark_irqflags kernel/locking/lockdep.c:2923 > [<ffff2000081c9a60>] __lock_acquire+0x640/0x3260 kernel/locking/lockdep.c:3295 > [<ffff2000081cce24>] lock_acquire+0xa4/0x138 kernel/locking/lockdep.c:3753 > [< inline >] __raw_spin_lock ./include/linux/spinlock_api_smp.h:144 > [<ffff200009798128>] _raw_spin_lock+0x90/0xd0 kernel/locking/spinlock.c:151 > [< inline >] spin_lock ./include/linux/spinlock.h:302 > [<ffff2000081678c8>] put_ucounts+0x60/0x138 kernel/ucount.c:162 > [<ffff200008168364>] dec_ucount+0xf4/0x158 kernel/ucount.c:214 > [< inline >] dec_pid_namespaces kernel/pid_namespace.c:89 > [<ffff200008293dc8>] delayed_free_pidns+0x40/0xe0 kernel/pid_namespace.c:156 > [< inline >] __rcu_reclaim kernel/rcu/rcu.h:118 > [< inline >] rcu_do_batch kernel/rcu/tree.c:2919 > [< inline >] invoke_rcu_callbacks kernel/rcu/tree.c:3182 > [< inline >] __rcu_process_callbacks kernel/rcu/tree.c:3149 > [<ffff2000082103d8>] rcu_process_callbacks+0x768/0xc28 kernel/rcu/tree.c:3166 > [<ffff2000080821dc>] __do_softirq+0x324/0x6e0 kernel/softirq.c:284 > [< inline >] do_softirq_own_stack ./include/linux/interrupt.h:488 > [< inline >] invoke_softirq kernel/softirq.c:371 > [<ffff20000811c994>] irq_exit+0x264/0x308 kernel/softirq.c:405 > [<ffff2000081ecc28>] __handle_domain_irq+0xc0/0x150 kernel/irq/irqdesc.c:636 > [<ffff200008081c80>] gic_handle_irq+0x68/0xd8 > Exception stack(0xffff8000648e7dd0 to 0xffff8000648e7f00) > 7dc0: ffff8000648d4b3c 0000000000000007 > 7de0: 0000000000000000 1ffff0000c91a967 1ffff0000c91a967 1ffff0000c91a967 > 7e00: ffff20000a4b6b68 0000000000000001 0000000000000007 0000000000000001 > 7e20: 1fffe4000149ae90 ffff200009d35000 0000000000000000 0000000000000002 > 7e40: 0000000000000000 0000000000000000 0000000002624a1a 0000000000000000 > 7e60: 0000000000000000 ffff200009cbcd88 000060006d2ed000 0000000000000140 > 7e80: ffff200009cff000 ffff200009cb6000 ffff200009cc2020 ffff200009d2159d > 7ea0: 0000000000000000 ffff8000648d4380 0000000000000000 ffff8000648e7f00 > 7ec0: ffff20000820a478 ffff8000648e7f00 ffff20000820a47c 0000000010000145 > 7ee0: 0000000000000140 dfff200000000000 ffffffffffffffff ffff20000820a478 > [<ffff2000080837f8>] el1_irq+0xb8/0x130 arch/arm64/kernel/entry.S:486 > [< inline >] arch_local_irq_restore > ./arch/arm64/include/asm/irqflags.h:81 > [<ffff20000820a47c>] rcu_idle_exit+0x64/0xa8 kernel/rcu/tree.c:1030 > [< inline >] cpuidle_idle_call kernel/sched/idle.c:200 > [<ffff2000081bcbfc>] do_idle+0x1dc/0x2d0 kernel/sched/idle.c:243 > [<ffff2000081bd1cc>] cpu_startup_entry+0x24/0x28 kernel/sched/idle.c:345 > [<ffff200008099f8c>] secondary_start_kernel+0x2cc/0x358 > arch/arm64/kernel/smp.c:276 > [<000000000279f1a4>] 0x279f1a4 Reported-by: Dmitry Vyukov <[email protected]> Tested-by: Dmitry Vyukov <[email protected]> Fixes: add7c65 ("pid: fix lockdep deadlock warning due to ucount_lock") Fixes: f333c70 ("pidns: Add a limit on the number of pid namespaces") Cc: [email protected] Link: https://www.spinics.net/lists/kernel/msg2426637.html Signed-off-by: Nikolay Borisov <[email protected]> Signed-off-by: Eric W. Biederman <[email protected]>
thehajime
pushed a commit
that referenced
this issue
Oct 10, 2017
[ Upstream commit 9745e36 ] The register_vlan_device would invoke free_netdev directly, when register_vlan_dev failed. It would trigger the BUG_ON in free_netdev if the dev was already registered. In this case, the netdev would be freed in netdev_run_todo later. So add one condition check now. Only when dev is not registered, then free it directly. The following is the part coredump when netdev_upper_dev_link failed in register_vlan_dev. I removed the lines which are too long. [ 411.237457] ------------[ cut here ]------------ [ 411.237458] kernel BUG at net/core/dev.c:7998! [ 411.237484] invalid opcode: 0000 [#1] SMP [ 411.237705] [last unloaded: 8021q] [ 411.237718] CPU: 1 PID: 12845 Comm: vconfig Tainted: G E 4.12.0-rc5+ #6 [ 411.237737] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015 [ 411.237764] task: ffff9cbeb6685580 task.stack: ffffa7d2807d8000 [ 411.237782] RIP: 0010:free_netdev+0x116/0x120 [ 411.237794] RSP: 0018:ffffa7d2807dbdb0 EFLAGS: 00010297 [ 411.237808] RAX: 0000000000000002 RBX: ffff9cbeb6ba8fd8 RCX: 0000000000001878 [ 411.237826] RDX: 0000000000000001 RSI: 0000000000000282 RDI: 0000000000000000 [ 411.237844] RBP: ffffa7d2807dbdc8 R08: 0002986100029841 R09: 0002982100029801 [ 411.237861] R10: 0004000100029980 R11: 0004000100029980 R12: ffff9cbeb6ba9000 [ 411.238761] R13: ffff9cbeb6ba9060 R14: ffff9cbe60f1a000 R15: ffff9cbeb6ba9000 [ 411.239518] FS: 00007fb690d81700(0000) GS:ffff9cbebb640000(0000) knlGS:0000000000000000 [ 411.239949] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 411.240454] CR2: 00007f7115624000 CR3: 0000000077cdf000 CR4: 00000000003406e0 [ 411.240936] Call Trace: [ 411.241462] vlan_ioctl_handler+0x3f1/0x400 [8021q] [ 411.241910] sock_ioctl+0x18b/0x2c0 [ 411.242394] do_vfs_ioctl+0xa1/0x5d0 [ 411.242853] ? sock_alloc_file+0xa6/0x130 [ 411.243465] SyS_ioctl+0x79/0x90 [ 411.243900] entry_SYSCALL_64_fastpath+0x1e/0xa9 [ 411.244425] RIP: 0033:0x7fb69089a357 [ 411.244863] RSP: 002b:00007ffcd04e0fc8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 [ 411.245445] RAX: ffffffffffffffda RBX: 00007ffcd04e2884 RCX: 00007fb69089a357 [ 411.245903] RDX: 00007ffcd04e0fd0 RSI: 0000000000008983 RDI: 0000000000000003 [ 411.246527] RBP: 00007ffcd04e0fd0 R08: 0000000000000000 R09: 1999999999999999 [ 411.246976] R10: 000000000000053f R11: 0000000000000202 R12: 0000000000000004 [ 411.247414] R13: 00007ffcd04e1128 R14: 00007ffcd04e2888 R15: 0000000000000001 [ 411.249129] RIP: free_netdev+0x116/0x120 RSP: ffffa7d2807dbdb0 Signed-off-by: Gao Feng <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
thehajime
pushed a commit
that referenced
this issue
Oct 10, 2017
commit cdea465 upstream. A vendor with a system having more than 128 CPUs occasionally encounters the following crash during shutdown. This is not an easily reproduceable event, but the vendor was able to provide the following analysis of the crash, which exhibits the same footprint each time. crash> bt PID: 0 TASK: ffff88017c70ce70 CPU: 5 COMMAND: "swapper/5" #0 [ffff88085c143ac8] machine_kexec at ffffffff81059c8b #1 [ffff88085c143b28] __crash_kexec at ffffffff811052e2 #2 [ffff88085c143bf8] crash_kexec at ffffffff811053d0 #3 [ffff88085c143c10] oops_end at ffffffff8168ef88 #4 [ffff88085c143c38] no_context at ffffffff8167ebb3 #5 [ffff88085c143c88] __bad_area_nosemaphore at ffffffff8167ec49 #6 [ffff88085c143cd0] bad_area_nosemaphore at ffffffff8167edb3 #7 [ffff88085c143ce0] __do_page_fault at ffffffff81691d1e #8 [ffff88085c143d40] do_page_fault at ffffffff81691ec5 #9 [ffff88085c143d70] page_fault at ffffffff8168e188 [exception RIP: unknown or invalid address] RIP: ffffffffa053c800 RSP: ffff88085c143e28 RFLAGS: 00010206 RAX: ffff88017c72bfd8 RBX: ffff88017a8dc000 RCX: ffff8810588b5ac8 RDX: ffff8810588b5a00 RSI: ffffffffa053c800 RDI: ffff8810588b5a00 RBP: ffff88085c143e58 R8: ffff88017c70d408 R9: ffff88017a8dc000 R10: 0000000000000002 R11: ffff88085c143da0 R12: ffff8810588b5ac8 R13: 0000000000000100 R14: ffffffffa053c800 R15: ffff8810588b5a00 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 <IRQ stack> [exception RIP: cpuidle_enter_state+82] RIP: ffffffff81514192 RSP: ffff88017c72be50 RFLAGS: 00000202 RAX: 0000001e4c3c6f16 RBX: 000000000000f8a0 RCX: 0000000000000018 RDX: 0000000225c17d03 RSI: ffff88017c72bfd8 RDI: 0000001e4c3c6f16 RBP: ffff88017c72be78 R8: 000000000000237e R9: 0000000000000018 R10: 0000000000002494 R11: 0000000000000001 R12: ffff88017c72be20 R13: ffff88085c14f8e0 R14: 0000000000000082 R15: 0000001e4c3bb400 ORIG_RAX: ffffffffffffff10 CS: 0010 SS: 0018 This is the corresponding stack trace It has crashed because the area pointed with RIP extracted from timer element is already removed during a shutdown process. The function is smi_timeout(). And we think ffff8810588b5a00 in RDX is a parameter struct smi_info crash> rd ffff8810588b5a00 20 ffff8810588b5a00: ffff8810588b6000 0000000000000000 .`.X............ ffff8810588b5a10: ffff880853264400 ffffffffa05417e0 .D&S......T..... ffff8810588b5a20: 24a024a000000000 0000000000000000 .....$.$........ ffff8810588b5a30: 0000000000000000 0000000000000000 ................ ffff8810588b5a30: 0000000000000000 0000000000000000 ................ ffff8810588b5a40: ffffffffa053a040 ffffffffa053a060 @.S.....`.S..... ffff8810588b5a50: 0000000000000000 0000000100000001 ................ ffff8810588b5a60: 0000000000000000 0000000000000e00 ................ ffff8810588b5a70: ffffffffa053a580 ffffffffa053a6e0 ..S.......S..... ffff8810588b5a80: ffffffffa053a4a0 ffffffffa053a250 ..S.....P.S..... ffff8810588b5a90: 0000000500000002 0000000000000000 ................ Unfortunately the top of this area is already detroyed by someone. But because of two reasonns we think this is struct smi_info 1) The address included in between ffff8810588b5a70 and ffff8810588b5a80: are inside of ipmi_si_intf.c see crash> module ffff88085779d2c0 2) We've found the area which point this. It is offset 0x68 of ffff880859df4000 crash> rd ffff880859df4000 100 ffff880859df4000: 0000000000000000 0000000000000001 ................ ffff880859df4010: ffffffffa0535290 dead000000000200 .RS............. ffff880859df4020: ffff880859df4020 ffff880859df4020 @.Y.... @.Y.... ffff880859df4030: 0000000000000002 0000000000100010 ................ ffff880859df4040: ffff880859df4040 ffff880859df4040 @@.Y....@@.Y.... ffff880859df4050: 0000000000000000 0000000000000000 ................ ffff880859df4060: 0000000000000000 ffff8810588b5a00 .........Z.X.... ffff880859df4070: 0000000000000001 ffff880859df4078 [email protected].... If we regards it as struct ipmi_smi in shutdown process it looks consistent. The remedy for this apparent race is affixed below. Signed-off-by: Tony Camuso <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> This was first introduced in 7ea0ed2 ipmi: Make the message handler easier to use for SMI interfaces where some code was moved outside of the rcu_read_lock() and the lock was not added. Signed-off-by: Corey Minyard <[email protected]>
thehajime
pushed a commit
that referenced
this issue
Oct 11, 2017
Dmitry reported a lockdep splat [1] (false positive) that we can fix by releasing the spinlock before calling icmp_send() from ip_expire() This is a false positive because sending an ICMP message can not possibly re-enter the IP frag engine. [1] [ INFO: possible circular locking dependency detected ] 4.10.0+ lkl#29 Not tainted ------------------------------------------------------- modprobe/12392 is trying to acquire lock: (_xmit_ETHER#2){+.-...}, at: [<ffffffff837a8182>] spin_lock include/linux/spinlock.h:299 [inline] (_xmit_ETHER#2){+.-...}, at: [<ffffffff837a8182>] __netif_tx_lock include/linux/netdevice.h:3486 [inline] (_xmit_ETHER#2){+.-...}, at: [<ffffffff837a8182>] sch_direct_xmit+0x282/0x6d0 net/sched/sch_generic.c:180 but task is already holding lock: (&(&q->lock)->rlock){+.-...}, at: [<ffffffff8389a4d1>] spin_lock include/linux/spinlock.h:299 [inline] (&(&q->lock)->rlock){+.-...}, at: [<ffffffff8389a4d1>] ip_expire+0x51/0x6c0 net/ipv4/ip_fragment.c:201 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&(&q->lock)->rlock){+.-...}: validate_chain kernel/locking/lockdep.c:2267 [inline] __lock_acquire+0x2149/0x3430 kernel/locking/lockdep.c:3340 lock_acquire+0x2a1/0x630 kernel/locking/lockdep.c:3755 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x33/0x50 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:299 [inline] ip_defrag+0x3a2/0x4130 net/ipv4/ip_fragment.c:669 ip_check_defrag+0x4e3/0x8b0 net/ipv4/ip_fragment.c:713 packet_rcv_fanout+0x282/0x800 net/packet/af_packet.c:1459 deliver_skb net/core/dev.c:1834 [inline] dev_queue_xmit_nit+0x294/0xa90 net/core/dev.c:1890 xmit_one net/core/dev.c:2903 [inline] dev_hard_start_xmit+0x16b/0xab0 net/core/dev.c:2923 sch_direct_xmit+0x31f/0x6d0 net/sched/sch_generic.c:182 __dev_xmit_skb net/core/dev.c:3092 [inline] __dev_queue_xmit+0x13e5/0x1e60 net/core/dev.c:3358 dev_queue_xmit+0x17/0x20 net/core/dev.c:3423 neigh_resolve_output+0x6b9/0xb10 net/core/neighbour.c:1308 neigh_output include/net/neighbour.h:478 [inline] ip_finish_output2+0x8b8/0x15a0 net/ipv4/ip_output.c:228 ip_do_fragment+0x1d93/0x2720 net/ipv4/ip_output.c:672 ip_fragment.constprop.54+0x145/0x200 net/ipv4/ip_output.c:545 ip_finish_output+0x82d/0xe10 net/ipv4/ip_output.c:314 NF_HOOK_COND include/linux/netfilter.h:246 [inline] ip_output+0x1f0/0x7a0 net/ipv4/ip_output.c:404 dst_output include/net/dst.h:486 [inline] ip_local_out+0x95/0x170 net/ipv4/ip_output.c:124 ip_send_skb+0x3c/0xc0 net/ipv4/ip_output.c:1492 ip_push_pending_frames+0x64/0x80 net/ipv4/ip_output.c:1512 raw_sendmsg+0x26de/0x3a00 net/ipv4/raw.c:655 inet_sendmsg+0x164/0x5b0 net/ipv4/af_inet.c:761 sock_sendmsg_nosec net/socket.c:633 [inline] sock_sendmsg+0xca/0x110 net/socket.c:643 ___sys_sendmsg+0x4a3/0x9f0 net/socket.c:1985 __sys_sendmmsg+0x25c/0x750 net/socket.c:2075 SYSC_sendmmsg net/socket.c:2106 [inline] SyS_sendmmsg+0x35/0x60 net/socket.c:2101 do_syscall_64+0x2e8/0x930 arch/x86/entry/common.c:281 return_from_SYSCALL_64+0x0/0x7a -> #0 (_xmit_ETHER#2){+.-...}: check_prev_add kernel/locking/lockdep.c:1830 [inline] check_prevs_add+0xa8f/0x19f0 kernel/locking/lockdep.c:1940 validate_chain kernel/locking/lockdep.c:2267 [inline] __lock_acquire+0x2149/0x3430 kernel/locking/lockdep.c:3340 lock_acquire+0x2a1/0x630 kernel/locking/lockdep.c:3755 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x33/0x50 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:299 [inline] __netif_tx_lock include/linux/netdevice.h:3486 [inline] sch_direct_xmit+0x282/0x6d0 net/sched/sch_generic.c:180 __dev_xmit_skb net/core/dev.c:3092 [inline] __dev_queue_xmit+0x13e5/0x1e60 net/core/dev.c:3358 dev_queue_xmit+0x17/0x20 net/core/dev.c:3423 neigh_hh_output include/net/neighbour.h:468 [inline] neigh_output include/net/neighbour.h:476 [inline] ip_finish_output2+0xf6c/0x15a0 net/ipv4/ip_output.c:228 ip_finish_output+0xa29/0xe10 net/ipv4/ip_output.c:316 NF_HOOK_COND include/linux/netfilter.h:246 [inline] ip_output+0x1f0/0x7a0 net/ipv4/ip_output.c:404 dst_output include/net/dst.h:486 [inline] ip_local_out+0x95/0x170 net/ipv4/ip_output.c:124 ip_send_skb+0x3c/0xc0 net/ipv4/ip_output.c:1492 ip_push_pending_frames+0x64/0x80 net/ipv4/ip_output.c:1512 icmp_push_reply+0x372/0x4d0 net/ipv4/icmp.c:394 icmp_send+0x156c/0x1c80 net/ipv4/icmp.c:754 ip_expire+0x40e/0x6c0 net/ipv4/ip_fragment.c:239 call_timer_fn+0x241/0x820 kernel/time/timer.c:1268 expire_timers kernel/time/timer.c:1307 [inline] __run_timers+0x960/0xcf0 kernel/time/timer.c:1601 run_timer_softirq+0x21/0x80 kernel/time/timer.c:1614 __do_softirq+0x31f/0xbe7 kernel/softirq.c:284 invoke_softirq kernel/softirq.c:364 [inline] irq_exit+0x1cc/0x200 kernel/softirq.c:405 exiting_irq arch/x86/include/asm/apic.h:657 [inline] smp_apic_timer_interrupt+0x76/0xa0 arch/x86/kernel/apic/apic.c:962 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:707 __read_once_size include/linux/compiler.h:254 [inline] atomic_read arch/x86/include/asm/atomic.h:26 [inline] rcu_dynticks_curr_cpu_in_eqs kernel/rcu/tree.c:350 [inline] __rcu_is_watching kernel/rcu/tree.c:1133 [inline] rcu_is_watching+0x83/0x110 kernel/rcu/tree.c:1147 rcu_read_lock_held+0x87/0xc0 kernel/rcu/update.c:293 radix_tree_deref_slot include/linux/radix-tree.h:238 [inline] filemap_map_pages+0x6d4/0x1570 mm/filemap.c:2335 do_fault_around mm/memory.c:3231 [inline] do_read_fault mm/memory.c:3265 [inline] do_fault+0xbd5/0x2080 mm/memory.c:3370 handle_pte_fault mm/memory.c:3600 [inline] __handle_mm_fault+0x1062/0x2cb0 mm/memory.c:3714 handle_mm_fault+0x1e2/0x480 mm/memory.c:3751 __do_page_fault+0x4f6/0xb60 arch/x86/mm/fault.c:1397 do_page_fault+0x54/0x70 arch/x86/mm/fault.c:1460 page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1011 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&(&q->lock)->rlock); lock(_xmit_ETHER#2); lock(&(&q->lock)->rlock); lock(_xmit_ETHER#2); *** DEADLOCK *** 10 locks held by modprobe/12392: #0: (&mm->mmap_sem){++++++}, at: [<ffffffff81329758>] __do_page_fault+0x2b8/0xb60 arch/x86/mm/fault.c:1336 #1: (rcu_read_lock){......}, at: [<ffffffff8188cab6>] filemap_map_pages+0x1e6/0x1570 mm/filemap.c:2324 #2: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<ffffffff81984a78>] spin_lock include/linux/spinlock.h:299 [inline] #2: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<ffffffff81984a78>] pte_alloc_one_map mm/memory.c:2944 [inline] #2: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<ffffffff81984a78>] alloc_set_pte+0x13b8/0x1b90 mm/memory.c:3072 #3: (((&q->timer))){+.-...}, at: [<ffffffff81627e72>] lockdep_copy_map include/linux/lockdep.h:175 [inline] #3: (((&q->timer))){+.-...}, at: [<ffffffff81627e72>] call_timer_fn+0x1c2/0x820 kernel/time/timer.c:1258 #4: (&(&q->lock)->rlock){+.-...}, at: [<ffffffff8389a4d1>] spin_lock include/linux/spinlock.h:299 [inline] #4: (&(&q->lock)->rlock){+.-...}, at: [<ffffffff8389a4d1>] ip_expire+0x51/0x6c0 net/ipv4/ip_fragment.c:201 #5: (rcu_read_lock){......}, at: [<ffffffff8389a633>] ip_expire+0x1b3/0x6c0 net/ipv4/ip_fragment.c:216 #6: (slock-AF_INET){+.-...}, at: [<ffffffff839b3313>] spin_trylock include/linux/spinlock.h:309 [inline] #6: (slock-AF_INET){+.-...}, at: [<ffffffff839b3313>] icmp_xmit_lock net/ipv4/icmp.c:219 [inline] #6: (slock-AF_INET){+.-...}, at: [<ffffffff839b3313>] icmp_send+0x803/0x1c80 net/ipv4/icmp.c:681 #7: (rcu_read_lock_bh){......}, at: [<ffffffff838ab9a1>] ip_finish_output2+0x2c1/0x15a0 net/ipv4/ip_output.c:198 #8: (rcu_read_lock_bh){......}, at: [<ffffffff836d1dee>] __dev_queue_xmit+0x23e/0x1e60 net/core/dev.c:3324 #9: (dev->qdisc_running_key ?: &qdisc_running_key){+.....}, at: [<ffffffff836d3a27>] dev_queue_xmit+0x17/0x20 net/core/dev.c:3423 stack backtrace: CPU: 0 PID: 12392 Comm: modprobe Not tainted 4.10.0+ lkl#29 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x2ee/0x3ef lib/dump_stack.c:52 print_circular_bug+0x307/0x3b0 kernel/locking/lockdep.c:1204 check_prev_add kernel/locking/lockdep.c:1830 [inline] check_prevs_add+0xa8f/0x19f0 kernel/locking/lockdep.c:1940 validate_chain kernel/locking/lockdep.c:2267 [inline] __lock_acquire+0x2149/0x3430 kernel/locking/lockdep.c:3340 lock_acquire+0x2a1/0x630 kernel/locking/lockdep.c:3755 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x33/0x50 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:299 [inline] __netif_tx_lock include/linux/netdevice.h:3486 [inline] sch_direct_xmit+0x282/0x6d0 net/sched/sch_generic.c:180 __dev_xmit_skb net/core/dev.c:3092 [inline] __dev_queue_xmit+0x13e5/0x1e60 net/core/dev.c:3358 dev_queue_xmit+0x17/0x20 net/core/dev.c:3423 neigh_hh_output include/net/neighbour.h:468 [inline] neigh_output include/net/neighbour.h:476 [inline] ip_finish_output2+0xf6c/0x15a0 net/ipv4/ip_output.c:228 ip_finish_output+0xa29/0xe10 net/ipv4/ip_output.c:316 NF_HOOK_COND include/linux/netfilter.h:246 [inline] ip_output+0x1f0/0x7a0 net/ipv4/ip_output.c:404 dst_output include/net/dst.h:486 [inline] ip_local_out+0x95/0x170 net/ipv4/ip_output.c:124 ip_send_skb+0x3c/0xc0 net/ipv4/ip_output.c:1492 ip_push_pending_frames+0x64/0x80 net/ipv4/ip_output.c:1512 icmp_push_reply+0x372/0x4d0 net/ipv4/icmp.c:394 icmp_send+0x156c/0x1c80 net/ipv4/icmp.c:754 ip_expire+0x40e/0x6c0 net/ipv4/ip_fragment.c:239 call_timer_fn+0x241/0x820 kernel/time/timer.c:1268 expire_timers kernel/time/timer.c:1307 [inline] __run_timers+0x960/0xcf0 kernel/time/timer.c:1601 run_timer_softirq+0x21/0x80 kernel/time/timer.c:1614 __do_softirq+0x31f/0xbe7 kernel/softirq.c:284 invoke_softirq kernel/softirq.c:364 [inline] irq_exit+0x1cc/0x200 kernel/softirq.c:405 exiting_irq arch/x86/include/asm/apic.h:657 [inline] smp_apic_timer_interrupt+0x76/0xa0 arch/x86/kernel/apic/apic.c:962 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:707 RIP: 0010:__read_once_size include/linux/compiler.h:254 [inline] RIP: 0010:atomic_read arch/x86/include/asm/atomic.h:26 [inline] RIP: 0010:rcu_dynticks_curr_cpu_in_eqs kernel/rcu/tree.c:350 [inline] RIP: 0010:__rcu_is_watching kernel/rcu/tree.c:1133 [inline] RIP: 0010:rcu_is_watching+0x83/0x110 kernel/rcu/tree.c:1147 RSP: 0000:ffff8801c391f120 EFLAGS: 00000a03 ORIG_RAX: ffffffffffffff10 RAX: dffffc0000000000 RBX: ffff8801c391f148 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 000055edd4374000 RDI: ffff8801dbe1ae0c RBP: ffff8801c391f1a0 R08: 0000000000000002 R09: 0000000000000000 R10: dffffc0000000000 R11: 0000000000000002 R12: 1ffff10038723e25 R13: ffff8801dbe1ae00 R14: ffff8801c391f680 R15: dffffc0000000000 </IRQ> rcu_read_lock_held+0x87/0xc0 kernel/rcu/update.c:293 radix_tree_deref_slot include/linux/radix-tree.h:238 [inline] filemap_map_pages+0x6d4/0x1570 mm/filemap.c:2335 do_fault_around mm/memory.c:3231 [inline] do_read_fault mm/memory.c:3265 [inline] do_fault+0xbd5/0x2080 mm/memory.c:3370 handle_pte_fault mm/memory.c:3600 [inline] __handle_mm_fault+0x1062/0x2cb0 mm/memory.c:3714 handle_mm_fault+0x1e2/0x480 mm/memory.c:3751 __do_page_fault+0x4f6/0xb60 arch/x86/mm/fault.c:1397 do_page_fault+0x54/0x70 arch/x86/mm/fault.c:1460 page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1011 RIP: 0033:0x7f83172f2786 RSP: 002b:00007fffe859ae80 EFLAGS: 00010293 RAX: 000055edd4373040 RBX: 00007f83175111c8 RCX: 000055edd4373238 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f8317510970 RBP: 00007fffe859afd0 R08: 0000000000000009 R09: 0000000000000000 R10: 0000000000000064 R11: 0000000000000000 R12: 000055edd4373040 R13: 0000000000000000 R14: 00007fffe859afe8 R15: 0000000000000000 Signed-off-by: Eric Dumazet <[email protected]> Reported-by: Dmitry Vyukov <[email protected]> Signed-off-by: David S. Miller <[email protected]>
thehajime
pushed a commit
that referenced
this issue
Oct 11, 2017
mipsxx_pmu_handle_shared_irq() calls irq_work_run() while holding the pmuint_rwlock for read. irq_work_run() can, via perf_pending_event(), call try_to_wake_up() which can try to take rq->lock. However, perf can also call perf_pmu_enable() (and thus take the pmuint_rwlock for write) while holding the rq->lock, from finish_task_switch() via perf_event_context_sched_in(). This leads to an ABBA deadlock: PID: 3855 TASK: 8f7ce288 CPU: 2 COMMAND: "process" #0 [89c39ac8] __delay at 803b5be4 #1 [89c39ac8] do_raw_spin_lock at 8008fdcc #2 [89c39af8] try_to_wake_up at 8006e47c #3 [89c39b38] pollwake at 8018eab0 #4 [89c39b68] __wake_up_common at 800879f4 #5 [89c39b98] __wake_up at 800880e4 #6 [89c39bc8] perf_event_wakeup at 8012109c #7 [89c39be8] perf_pending_event at 80121184 #8 [89c39c08] irq_work_run_list at 801151f0 #9 [89c39c38] irq_work_run at 80115274 #10 [89c39c50] mipsxx_pmu_handle_shared_irq at 8002cc7c PID: 1481 TASK: 8eaac6a8 CPU: 3 COMMAND: "process" #0 [8de7f900] do_raw_write_lock at 800900e0 #1 [8de7f918] perf_event_context_sched_in at 80122310 #2 [8de7f938] __perf_event_task_sched_in at 80122608 #3 [8de7f958] finish_task_switch at 8006b8a4 #4 [8de7f998] __schedule at 805e4dc4 #5 [8de7f9f8] schedule at 805e5558 #6 [8de7fa10] schedule_hrtimeout_range_clock at 805e9984 #7 [8de7fa70] poll_schedule_timeout at 8018e8f8 #8 [8de7fa88] do_select at 8018f338 #9 [8de7fd88] core_sys_select at 8018f5cc #10 [8de7fee0] sys_select at 8018f854 #11 [8de7ff28] syscall_common at 80028fc8 The lock seems to be there to protect the hardware counters so there is no need to hold it across irq_work_run(). Signed-off-by: Rabin Vincent <[email protected]> Signed-off-by: Ralf Baechle <[email protected]>
thehajime
pushed a commit
that referenced
this issue
Oct 11, 2017
keep tty driver until usb driver is unregistered rmmod hso produces traces like this without that: [40261.645904] usb 2-2: new high-speed USB device number 2 using ehci-omap [40261.854644] usb 2-2: New USB device found, idVendor=0af0, idProduct=8800 [40261.862609] usb 2-2: New USB device strings: Mfr=3, Product=2, SerialNumber=0 [40261.872772] usb 2-2: Product: Globetrotter HSUPA Modem [40261.880279] usb 2-2: Manufacturer: Option N.V. [40262.021270] hso 2-2:1.5: Not our interface [40265.556945] hso: unloaded [40265.559875] usbcore: deregistering interface driver hso [40265.595947] Unable to handle kernel NULL pointer dereference at virtual address 00000033 [40265.604522] pgd = ecb14000 [40265.611877] [00000033] *pgd=00000000 [40265.617034] Internal error: Oops: 5 [#1] PREEMPT SMP ARM [40265.622650] Modules linked in: hso(-) bnep bluetooth ipv6 arc4 twl4030_madc_hwmon wl18xx wlcore mac80211 cfg80211 snd_soc_simple_card snd_soc_simple_card_utils snd_soc_omap_twl4030 snd_soc_gtm601 generic_adc_battery extcon_gpio omap3_isp videobuf2_dma_contig videobuf2_memops wlcore_sdio videobuf2_v4l2 videobuf2_core ov9650 bmp280_i2c v4l2_common bmp280 bmg160_i2c bmg160_core at24 nvmem_core videodev bmc150_accel_i2c bmc150_magn_i2c media bmc150_accel_core tsc2007 bmc150_magn leds_tca6507 bno055 snd_soc_omap_mcbsp industrialio_triggered_buffer snd_soc_omap kfifo_buf snd_pcm_dmaengine gpio_twl4030 snd_soc_twl4030 twl4030_vibra twl4030_madc wwan_on_off ehci_omap pwm_bl pwm_omap_dmtimer panel_tpo_td028ttec1 encoder_opa362 connector_analog_tv omapdrm drm_kms_helper cfbfillrect syscopyarea cfbimgblt sysfillrect [40265.698211] sysimgblt fb_sys_fops cfbcopyarea drm omapdss usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap2430 phy_twl4030_usb musb_hdrc twl4030_charger industrialio w2sg0004 twl4030_pwrbutton bq27xxx_battery w1_bq27000 omap_hdq [last unloaded: hso] [40265.723175] CPU: 0 PID: 2701 Comm: rmmod Not tainted 4.11.0-rc6-letux+ #6 [40265.730346] Hardware name: Generic OMAP36xx (Flattened Device Tree) [40265.736938] task: ecb81100 task.stack: ecb82000 [40265.741729] PC is at cdev_del+0xc/0x2c [40265.745666] LR is at tty_unregister_device+0x40/0x50 [40265.750915] pc : [<c027472c>] lr : [<c04b3ecc>] psr: 600b0113 sp : ecb83ea8 ip : eca4f898 fp : 00000000 [40265.763000] r10: 00000000 r9 : 00000000 r8 : 00000001 [40265.768493] r7 : eca4f800 r6 : 00000003 r5 : 00000000 r4 : ffffffff [40265.775360] r3 : c1458d54 r2 : 00000000 r1 : 00000004 r0 : ffffffff [40265.782257] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [40265.789764] Control: 10c5387d Table: acb14019 DAC: 00000051 [40265.795806] Process rmmod (pid: 2701, stack limit = 0xecb82218) [40265.802062] Stack: (0xecb83ea8 to 0xecb84000) [40265.806640] 3ea0: ec9e8100 c04b3ecc bf737378 ed5b7c00 00000003 bf7327ec [40265.815277] 3ec0: eca4f800 00000000 ec9fd800 eca4f800 bf737070 bf7328bc eca4f820 c05a9a04 [40265.823883] 3ee0: eca4f820 00000000 00000001 eca4f820 ec9fd870 bf737070 eca4f854 ec9fd8a4 [40265.832519] 3f00: ecb82000 00000000 00000000 c04e6960 eca4f820 bf737070 bf737048 00000081 [40265.841125] 3f20: c01071e4 c04e6a60 ecb81100 bf737070 bf737070 c04e5d94 bf737020 c05a8f88 [40265.849731] 3f40: bf737100 00000800 7f5fa254 00000081 c01071e4 c01c4afc 00000000 006f7368 [40265.858367] 3f60: ecb815f4 00000000 c0cac9c4 c01071e4 ecb82000 00000000 00000000 c01512f4 [40265.866973] 3f80: ed5b3200 c01071e4 7f5fa220 7f5fa220 bea78ec9 0010711c 7f5fa220 7f5fa220 [40265.875579] 3fa0: bea78ec9 c0107040 7f5fa220 7f5fa220 7f5fa254 00000800 dd35b800 dd35b800 [40265.884216] 3fc0: 7f5fa220 7f5fa220 bea78ec9 00000081 bea78dcc 00000000 bea78bd8 00000000 [40265.892822] 3fe0: b6f70521 bea78b6c 7f5dd613 b6f70526 80070030 7f5fa254 ffffffff ffffffff [40265.901458] [<c027472c>] (cdev_del) from [<c04b3ecc>] (tty_unregister_device+0x40/0x50) [40265.909942] [<c04b3ecc>] (tty_unregister_device) from [<bf7327ec>] (hso_free_interface+0x80/0x144 [hso]) [40265.919982] [<bf7327ec>] (hso_free_interface [hso]) from [<bf7328bc>] (hso_disconnect+0xc/0x18 [hso]) [40265.929718] [<bf7328bc>] (hso_disconnect [hso]) from [<c05a9a04>] (usb_unbind_interface+0x84/0x200) [40265.939239] [<c05a9a04>] (usb_unbind_interface) from [<c04e6960>] (device_release_driver_internal+0x138/0x1cc) [40265.949798] [<c04e6960>] (device_release_driver_internal) from [<c04e6a60>] (driver_detach+0x60/0x6c) [40265.959503] [<c04e6a60>] (driver_detach) from [<c04e5d94>] (bus_remove_driver+0x64/0x8c) [40265.968017] [<c04e5d94>] (bus_remove_driver) from [<c05a8f88>] (usb_deregister+0x5c/0xb8) [40265.976654] [<c05a8f88>] (usb_deregister) from [<c01c4afc>] (SyS_delete_module+0x160/0x1dc) [40265.985443] [<c01c4afc>] (SyS_delete_module) from [<c0107040>] (ret_fast_syscall+0x0/0x1c) [40265.994171] Code: c1458d54 e59f3020 e92d4010 e1a04000 (e5941034) [40266.016693] ---[ end trace 9d5ac43c7e41075c ]--- Signed-off-by: Andreas Kemnade <[email protected]> Reviewed-by: Johan Hovold <[email protected]> Signed-off-by: David S. Miller <[email protected]>
octaviansoldea
pushed a commit
to octaviansoldea/lkl-linux
that referenced
this issue
Nov 10, 2017
No matter whether a request is inserted into workqueue as a work item to cancel a subscription or to delete a subscription's subscriber asynchronously, the work items may be executed in different workers. As a result, it doesn't mean that one request which is raised prior to another request is definitely handled before the latter. By contrast, if the latter request is executed before the former request, below error may happen: [ 656.183644] BUG: spinlock bad magic on CPU#0, kworker/u8:0/12117 [ 656.184487] general protection fault: 0000 [libos-nuse#1] SMP [ 656.185160] Modules linked in: tipc ip6_udp_tunnel udp_tunnel 9pnet_virtio 9p 9pnet virtio_net virtio_pci virtio_ring virtio [last unloaded: ip6_udp_tunnel] [ 656.187003] CPU: 0 PID: 12117 Comm: kworker/u8:0 Not tainted 4.11.0-rc7+ libos-nuse#6 [ 656.187920] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 656.188690] Workqueue: tipc_rcv tipc_recv_work [tipc] [ 656.189371] task: ffff88003f5cec40 task.stack: ffffc90004448000 [ 656.190157] RIP: 0010:spin_bug+0xdd/0xf0 [ 656.190678] RSP: 0018:ffffc9000444bcb8 EFLAGS: 00010202 [ 656.191375] RAX: 0000000000000034 RBX: ffff88003f8d1388 RCX: 0000000000000000 [ 656.192321] RDX: ffff88003ba13708 RSI: ffff88003ba0cd08 RDI: ffff88003ba0cd08 [ 656.193265] RBP: ffffc9000444bcd0 R08: 0000000000000030 R09: 000000006b6b6b6b [ 656.194208] R10: ffff8800bde3e000 R11: 00000000000001b4 R12: 6b6b6b6b6b6b6b6b [ 656.195157] R13: ffffffff81a3ca64 R14: ffff88003f8d1388 R15: ffff88003f8d13a0 [ 656.196101] FS: 0000000000000000(0000) GS:ffff88003ba00000(0000) knlGS:0000000000000000 [ 656.197172] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 656.197935] CR2: 00007f0b3d2e6000 CR3: 000000003ef9e000 CR4: 00000000000006f0 [ 656.198873] Call Trace: [ 656.199210] do_raw_spin_lock+0x66/0xa0 [ 656.199735] _raw_spin_lock_bh+0x19/0x20 [ 656.200258] tipc_subscrb_subscrp_delete+0x28/0xf0 [tipc] [ 656.200990] tipc_subscrb_rcv_cb+0x45/0x260 [tipc] [ 656.201632] tipc_receive_from_sock+0xaf/0x100 [tipc] [ 656.202299] tipc_recv_work+0x2b/0x60 [tipc] [ 656.202872] process_one_work+0x157/0x420 [ 656.203404] worker_thread+0x69/0x4c0 [ 656.203898] kthread+0x138/0x170 [ 656.204328] ? process_one_work+0x420/0x420 [ 656.204889] ? kthread_create_on_node+0x40/0x40 [ 656.205527] ret_from_fork+0x29/0x40 [ 656.206012] Code: 48 8b 0c 25 00 c5 00 00 48 c7 c7 f0 24 a3 81 48 81 c1 f0 05 00 00 65 8b 15 61 ef f5 7e e8 9a 4c 09 00 4d 85 e4 44 8b 4b 08 74 92 <45> 8b 84 24 40 04 00 00 49 8d 8c 24 f0 05 00 00 eb 8d 90 0f 1f [ 656.208504] RIP: spin_bug+0xdd/0xf0 RSP: ffffc9000444bcb8 [ 656.209798] ---[ end trace e2a800e6eb0770be ]--- In above scenario, the request of deleting subscriber was performed earlier than the request of canceling a subscription although the latter was issued before the former, which means tipc_subscrb_delete() was called before tipc_subscrp_cancel(). As a result, when tipc_subscrb_subscrp_delete() called by tipc_subscrp_cancel() was executed to cancel a subscription, the subscription's subscriber refcnt had been decreased to 1. After tipc_subscrp_delete() where the subscriber was freed because its refcnt was decremented to zero, but the subscriber's lock had to be released, as a consequence, panic happened. By contrast, if we increase subscriber's refcnt before tipc_subscrb_subscrp_delete() is called in tipc_subscrp_cancel(), the panic issue can be avoided. Fixes: d094c4d ("tipc: add subscription refcount to avoid invalid delete") Reported-by: Parthasarathy Bhuvaragan <[email protected]> Signed-off-by: Ying Xue <[email protected]> Signed-off-by: David S. Miller <[email protected]>
octaviansoldea
pushed a commit
to octaviansoldea/lkl-linux
that referenced
this issue
Nov 10, 2017
…oc() Work queues cannot be allocated when a mutex is held because the mutex may be in use and that would make it sleep. Doing so generates the following splat with 4.13+: [ 19.513298] ====================================================== [ 19.513429] WARNING: possible circular locking dependency detected [ 19.513557] 4.13.0-rc5+ libos-nuse#6 Not tainted [ 19.513638] ------------------------------------------------------ [ 19.513767] cpuhp/0/12 is trying to acquire lock: [ 19.513867] (&tz->lock){+.+.+.}, at: [<ffffffff924afebb>] thermal_zone_get_temp+0x5b/0xb0 [ 19.514047] [ 19.514047] but task is already holding lock: [ 19.514166] (cpuhp_state){+.+.+.}, at: [<ffffffff91cc4baa>] cpuhp_thread_fun+0x3a/0x210 [ 19.514338] [ 19.514338] which lock already depends on the new lock. This lock dependency already existed with previous kernel versions, but it was not detected until commit 49dfe2a ("cpuhotplug: Link lock stacks for hotplug callbacks") was introduced. Reported-by: David Weinehall <[email protected]> Reported-by: Jiri Kosina <[email protected]> Signed-off-by: Luca Coelho <[email protected]> Signed-off-by: Kalle Valo <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am unable to cross compile in Windows 10 WSL. Any idea what the problem could be? This is the last part of the build log
CC /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/iomem.o
CC /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/net.o
CC /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/jmp_buf.o
CC /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/nt-host.o
CC /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/utils.o
CC /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/virtio_blk.o
CC /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/virtio.o
CC /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/dbg.o
CC /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/dbg_handler.o
LD /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl-in.o
AR /home/edisonmcastro/src/lkl-linux/tools/lkl/liblkl.a
LINK /home/edisonmcastro/src/lkl-linux/tools/lkl/liblkl.dll
/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o: In function
timekeeping_init': /home/edisonmcastro/src/lkl-linux/kernel/time/timekeeping.c:1496: undefined reference toclocksource_default_clock'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o: In function
clocksource_done_booting': /home/edisonmcastro/src/lkl-linux/kernel/time/clocksource.c:661: undefined reference toclocksource_default_clock'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o: In function
alloc_large_system_hash': /home/edisonmcastro/src/lkl-linux/mm/page_alloc.c:6964: undefined reference to__div64_32'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o: In function
cubictcp_register': /home/edisonmcastro/src/lkl-linux/net/ipv4/tcp_cubic.c:510: undefined reference to__div64_32'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o: In function
sys32_fadvise64_64': /home/edisonmcastro/src/lkl-linux/arch/lkl/kernel/syscalls_32.c:123: undefined reference tosys_fadvise64_64'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o: In function
lkl_idle_tail_schedule': /home/edisonmcastro/src/lkl-linux/arch/lkl/kernel/cpu.c:283: undefined reference toarch_cpu_idle_exit'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o: In function
mm_release': /home/edisonmcastro/src/lkl-linux/kernel/fork.c:1100: undefined reference tosys_futex'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o: In function
task_rcu_dereference': /home/edisonmcastro/src/lkl-linux/kernel/exit.c:233: undefined reference toprobe_kernel_read'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o: In function
print_worker_info': /home/edisonmcastro/src/lkl-linux/kernel/workqueue.c:4270: undefined reference toprobe_kernel_read'/home/edisonmcastro/src/lkl-linux/kernel/workqueue.c:4271: undefined reference to
probe_kernel_read' /home/edisonmcastro/src/lkl-linux/kernel/workqueue.c:4272: undefined reference toprobe_kernel_read'/home/edisonmcastro/src/lkl-linux/kernel/workqueue.c:4273: undefined reference to
probe_kernel_read' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:/home/edisonmcastro/src/lkl-linux/kernel/workqueue.c:4276: more undefined references toprobe_kernel_read' follow/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o: In function
register_die_notifier': /home/edisonmcastro/src/lkl-linux/kernel/notifier.c:555: undefined reference tovmalloc_sync_all'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o: In function
div_u64_rem': /home/edisonmcastro/src/lkl-linux/./include/linux/math64.h:66: undefined reference to__div64_32'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o: In function
cpu_idle_loop': /home/edisonmcastro/src/lkl-linux/kernel/sched/idle.c:249: undefined reference toarch_cpu_idle_exit'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o: In function
_ktime_divns': /home/edisonmcastro/src/lkl-linux/kernel/time/hrtimer.c:299: undefined reference to__div64_32'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o: In function
scale64_check_overflow': /home/edisonmcastro/src/lkl-linux/kernel/time/timekeeping.c:934: undefined reference to__div64_32'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o: In function
tk_setup_internals': /home/edisonmcastro/src/lkl-linux/kernel/time/timekeeping.c:253: undefined reference to__div64_32'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o: In function
mul_u64_u32_div': /home/edisonmcastro/src/lkl-linux/./include/linux/math64.h:236: undefined reference to__div64_32'/home/edisonmcastro/src/lkl-linux/./include/linux/math64.h:239: undefined reference to
__div64_32' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:/home/edisonmcastro/src/lkl-linux/kernel/time/timekeeping.c:1658: more undefined references to__div64_32' follow/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o: In function
panic': /home/edisonmcastro/src/lkl-linux/kernel/panic.c:169: undefined reference tobust_spinlocks'/home/edisonmcastro/src/lkl-linux/kernel/panic.c:231: undefined reference to
bust_spinlocks' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o: In function_setup_per_zone_wmarks':/home/edisonmcastro/src/lkl-linux/mm/page_alloc.c:6623: undefined reference to
__div64_32' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o: In function_wb_calc_thresh':/home/edisonmcastro/src/lkl-linux/mm/page-writeback.c:781: undefined reference to
__div64_32' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o: In functionwb_update_dirty_ratelimit':/home/edisonmcastro/src/lkl-linux/./include/linux/math64.h:66: undefined reference to
__div64_32' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o: In functionwb_update_write_bandwidth':/home/edisonmcastro/src/lkl-linux/mm/page-writeback.c:1106: undefined reference to
__div64_32' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o: In functiondiv_u64_rem':/home/edisonmcastro/src/lkl-linux/./include/linux/math64.h:66: undefined reference to
__div64_32' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:/home/edisonmcastro/src/lkl-linux/./include/linux/math64.h:66: more undefined references to__div64_32' follow/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2620): undefined reference to
sys_io_setup' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2624): undefined reference tosys_io_destroy'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2628): undefined reference to
sys_io_submit' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x262c): undefined reference tosys_io_cancel'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2630): undefined reference to
sys_io_getevents' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2668): undefined reference tosys_lookup_dcookie'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2688): undefined reference to
sys_inotify_init1' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x268c): undefined reference tosys_inotify_add_watch'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2690): undefined reference to
sys_inotify_rm_watch' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x26a0): undefined reference tosys_flock'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2710): undefined reference to
sys_quotactl' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2748): undefined reference tosys_signalfd4'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2774): undefined reference to
sys_timerfd_create' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2778): undefined reference tosys_timerfd_settime'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x277c): undefined reference to
sys_timerfd_gettime' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2784): undefined reference tosys_acct'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x27a8): undefined reference to
sys_futex' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x27ac): undefined reference tosys_set_robust_list'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x27b0): undefined reference to
sys_get_robust_list' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x27c0): undefined reference tosys_kexec_load'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x27c4): undefined reference to
sys_init_module' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x27c8): undefined reference tosys_delete_module'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x28f0): undefined reference to
sys_mq_open' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x28f4): undefined reference tosys_mq_unlink'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x28f8): undefined reference to
sys_mq_timedsend' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x28fc): undefined reference tosys_mq_timedreceive'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2900): undefined reference to
sys_mq_notify' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2904): undefined reference tosys_mq_getsetattr'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2908): undefined reference to
sys_msgget' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x290c): undefined reference tosys_msgctl'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2910): undefined reference to
sys_msgrcv' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2914): undefined reference tosys_msgsnd'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2918): undefined reference to
sys_semget' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x291c): undefined reference tosys_semctl'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2920): undefined reference to
sys_semtimedop' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2924): undefined reference tosys_semop'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2928): undefined reference to
sys_shmget' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x292c): undefined reference tosys_shmctl'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2930): undefined reference to
sys_shmat' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2934): undefined reference tosys_shmdt'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2984): undefined reference to
sys_add_key' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2988): undefined reference tosys_request_key'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x298c): undefined reference to
sys_keyctl' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x29a0): undefined reference tosys_swapon'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x29a4): undefined reference to
sys_swapoff' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x29a8): undefined reference tosys_mprotect'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x29ac): undefined reference to
sys_msync' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x29b0): undefined reference tosys_mlock'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x29b4): undefined reference to
sys_munlock' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x29b8): undefined reference tosys_mlockall'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x29bc): undefined reference to
sys_munlockall' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x29c0): undefined reference tosys_mincore'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x29c4): undefined reference to
sys_madvise' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x29c8): undefined reference tosys_remap_file_pages'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x29cc): undefined reference to
sys_mbind' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x29d0): undefined reference tosys_get_mempolicy'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x29d4): undefined reference to
sys_set_mempolicy' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x29d8): undefined reference tosys_migrate_pages'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x29dc): undefined reference to
sys_move_pages' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x29e4): undefined reference tosys_perf_event_open'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2a38): undefined reference to
sys_fanotify_init' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2a3c): undefined reference tosys_fanotify_mark'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2a58): undefined reference to
sys_process_vm_readv' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2a5c): undefined reference tosys_process_vm_writev'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2a60): undefined reference to
sys_kcmp' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2a64): undefined reference tosys_finit_module'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2a74): undefined reference to
sys_seccomp' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2a7c): undefined reference tosys_memfd_create'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2a80): undefined reference to
sys_bpf' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2a88): undefined reference tosys_userfaultfd'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2a90): undefined reference to
sys_mlock2' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2aa0): undefined reference tosys_pkey_mprotect'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2aa4): undefined reference to
sys_pkey_alloc' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x2aa8): undefined reference tosys_pkey_free'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x366c): undefined reference to
sys_inotify_init' /home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x3674): undefined reference tosys_signalfd'/home/edisonmcastro/src/lkl-linux/tools/lkl/lib/lkl.o:syscalls.c:(.data+0x36f4): undefined reference to
sys_uselib' collect2: error: ld returned 1 exit status make: *** [/home/edisonmcastro/src/lkl-linux/tools/lkl/liblkl.dll] Error 1 make: Leaving directory/home/edisonmcastro/src/lkl-linux/tools/lkl'The text was updated successfully, but these errors were encountered: