Re: [RFC PATCH bpf-next v2 1/9] cgroup: Make operations on the cgroup root_list RCU safe

kernel test robot <oliver.sang@xxxxxxxxx> · Wed, 25 Oct 2023 16:06:27 +0800

Hello,

kernel test robot noticed "WARNING:suspicious_RCU_usage" on:

commit: bf652e038501425f21e30c78c210ce892b9747c5 ("[RFC PATCH bpf-next v2 1/9] cgroup: Make operations on the cgroup root_list RCU safe")
url: https://github.com/intel-lab-lkp/linux/commits/Yafang-Shao/cgroup-Make-operations-on-the-cgroup-root_list-RCU-safe/20231017-204729
base: https://git.kernel.org/cgit/linux/kernel/git/bpf/bpf-next.git master
patch link: https://lore.kernel.org/all/20231017124546.24608-2-laoar.shao@xxxxxxxxx/
patch subject: [RFC PATCH bpf-next v2 1/9] cgroup: Make operations on the cgroup root_list RCU safe

in testcase: boot

compiler: gcc-12
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)

+------------------------------------------------------------------+------------+------------+
|                                                                  | 137df1189d | bf652e0385 |
+------------------------------------------------------------------+------------+------------+
| WARNING:suspicious_RCU_usage                                     | 0          | 6          |
| kernel/cgroup/cgroup#c:#RCU-list_traversed_in_non-reader_section | 0          | 6          |
+------------------------------------------------------------------+------------+------------+

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-lkp/202310251500.9683d034-oliver.sang@xxxxxxxxx

[  245.792697][    T1] WARNING: suspicious RCU usage
[  245.793945][    T1] 6.6.0-rc5-01395-gbf652e038501 #1 Not tainted
[  245.795294][    T1] -----------------------------
[  245.796458][    T1] kernel/cgroup/cgroup-v1.c:1171 RCU-list traversed in non-reader section!!
[  245.798005][    T1]
[  245.798005][    T1] other info that might help us debug this:
[  245.798005][    T1]
[  245.800905][    T1]
[  245.800905][    T1] rcu_scheduler_active = 2, debug_locks = 1
[  245.815563][    T1] 1 lock held by init/1:
[ 245.816666][ T1] #0: c3bfffb8 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_lock_and_drain_offline (kernel/cgroup/cgroup.c:3066) 
[  245.818306][    T1]
[  245.818306][    T1] stack backtrace:
[  245.820360][    T1] CPU: 0 PID: 1 Comm: init Not tainted 6.6.0-rc5-01395-gbf652e038501 #1
[  245.821860][    T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  245.823506][    T1] Call Trace:
[ 245.824459][ T1] dump_stack_lvl (lib/dump_stack.c:107) 
[ 245.825654][ T1] dump_stack (lib/dump_stack.c:114) 
[ 245.826665][ T1] lockdep_rcu_suspicious (include/linux/context_tracking.h:153 kernel/locking/lockdep.c:6712) 
[ 245.827845][ T1] cgroup1_root_to_use (kernel/cgroup/cgroup-v1.c:1171 (discriminator 9)) 
[ 245.828999][ T1] cgroup1_get_tree (kernel/cgroup/cgroup-v1.c:1245) 
[ 245.830101][ T1] vfs_get_tree (fs/super.c:1750) 
[ 245.831172][ T1] do_new_mount (fs/namespace.c:3335) 
[ 245.832199][ T1] path_mount (fs/namespace.c:3662) 
[ 245.833147][ T1] ? user_path_at_empty (fs/namei.c:2914) 
[ 245.834198][ T1] __ia32_sys_mount (fs/namespace.c:3675 fs/namespace.c:3884 fs/namespace.c:3861 fs/namespace.c:3861) 
[ 245.835242][ T1] do_int80_syscall_32 (arch/x86/entry/common.c:112 arch/x86/entry/common.c:132) 
[ 245.836343][ T1] ? kfree (mm/slab_common.c:1073) 
[ 245.837335][ T1] ? __ia32_sys_mount (fs/namespace.c:3861) 
[ 245.838404][ T1] ? do_int80_syscall_32 (arch/x86/entry/common.c:136) 
[ 245.839479][ T1] ? syscall_exit_to_user_mode (kernel/entry/common.c:131 kernel/entry/common.c:298) 
[ 245.840593][ T1] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4565) 
[ 245.841824][ T1] ? syscall_exit_to_user_mode (kernel/entry/common.c:299) 
[ 245.842967][ T1] ? do_int80_syscall_32 (arch/x86/entry/common.c:136) 
[ 245.843964][ T1] ? __ia32_sys_mount (fs/namespace.c:3861) 
[ 245.844935][ T1] ? do_int80_syscall_32 (arch/x86/entry/common.c:136) 
[ 245.845958][ T1] ? syscall_exit_to_user_mode (kernel/entry/common.c:131 kernel/entry/common.c:298) 
[ 245.847004][ T1] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4565) 
[ 245.848103][ T1] ? syscall_exit_to_user_mode (kernel/entry/common.c:299) 
[ 245.849159][ T1] ? do_int80_syscall_32 (arch/x86/entry/common.c:136) 
[ 245.850163][ T1] ? syscall_exit_to_user_mode (kernel/entry/common.c:299) 
[ 245.851209][ T1] ? do_int80_syscall_32 (arch/x86/entry/common.c:136) 
[ 245.852179][ T1] ? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5775) 
[ 245.853126][ T1] ? irqentry_exit (kernel/entry/common.c:445) 
[ 245.858431][ T1] ? irqentry_exit_to_user_mode (kernel/entry/common.c:131 kernel/entry/common.c:311) 
[ 245.859731][ T1] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4565) 
[ 245.860985][ T1] ? irqentry_exit_to_user_mode (kernel/entry/common.c:312) 
[ 245.862110][ T1] ? irqentry_exit (kernel/entry/common.c:445) 
[ 245.863099][ T1] ? exc_page_fault (arch/x86/mm/fault.c:1565) 
[ 245.864073][ T1] entry_INT80_32 (arch/x86/entry/entry_32.S:947) 
[  245.865070][    T1] EIP: 0xb7f895ed
[ 245.865966][ T1] Code: 8b 7c 24 0c 50 e8 06 00 00 00 89 da 5b 5b 5f c3 8b 04 24 05 77 ec 04 00 8b 00 85 c0 74 06 50 8b 44 24 08 c3 8b 44 24 04 cd 80 <c3> 55 50 8b 6c 24 0c 8b 45 00 8b 6d 04 50 8b 44 24 04 e8 b9 ff ff
All code
========
   0:	8b 7c 24 0c          	mov    0xc(%rsp),%edi
   4:	50                   	push   %rax
   5:	e8 06 00 00 00       	call   0x10
   a:	89 da                	mov    %ebx,%edx
   c:	5b                   	pop    %rbx
   d:	5b                   	pop    %rbx
   e:	5f                   	pop    %rdi
   f:	c3                   	ret
  10:	8b 04 24             	mov    (%rsp),%eax
  13:	05 77 ec 04 00       	add    $0x4ec77,%eax
  18:	8b 00                	mov    (%rax),%eax
  1a:	85 c0                	test   %eax,%eax
  1c:	74 06                	je     0x24
  1e:	50                   	push   %rax
  1f:	8b 44 24 08          	mov    0x8(%rsp),%eax
  23:	c3                   	ret
  24:	8b 44 24 04          	mov    0x4(%rsp),%eax
  28:	cd 80                	int    $0x80
  2a:*	c3                   	ret		<-- trapping instruction
  2b:	55                   	push   %rbp
  2c:	50                   	push   %rax
  2d:	8b 6c 24 0c          	mov    0xc(%rsp),%ebp
  31:	8b 45 00             	mov    0x0(%rbp),%eax
  34:	8b 6d 04             	mov    0x4(%rbp),%ebp
  37:	50                   	push   %rax
  38:	8b 44 24 04          	mov    0x4(%rsp),%eax
  3c:	e8                   	.byte 0xe8
  3d:	b9                   	.byte 0xb9
  3e:	ff                   	(bad)
  3f:	ff                   	.byte 0xff

Code starting with the faulting instruction
===========================================
   0:	c3                   	ret
   1:	55                   	push   %rbp
   2:	50                   	push   %rax
   3:	8b 6c 24 0c          	mov    0xc(%rsp),%ebp
   7:	8b 45 00             	mov    0x0(%rbp),%eax
   a:	8b 6d 04             	mov    0x4(%rbp),%ebp
   d:	50                   	push   %rax
   e:	8b 44 24 04          	mov    0x4(%rsp),%eax
  12:	e8                   	.byte 0xe8
  13:	b9                   	.byte 0xb9
  14:	ff                   	(bad)
  15:	ff                   	.byte 0xff
[  245.868936][    T1] EAX: ffffffda EBX: 0804a431 ECX: 0804a429 EDX: 0804a431
[  245.870279][    T1] ESI: 0000000e EDI: 00000000 EBP: bffa7bd8 ESP: bffa7bb8
[  245.871623][    T1] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000246
[  245.935209][    T1] init: Console is alive

The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20231025/202310251500.9683d034-oliver.sang@xxxxxxxxx

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki