... and found next-20250207 is somehow missing a call to free_pids() in release_task(). There was some fat-fingering in v5 and maybe previous versions which made the call land in the wrong commit, I presume there was further crappery elsewhere which concluded in the call not being present to begin with. I just confirmed the version is is intended to land has the call in the right place: https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git/commit/?h=kernel-6.15.tasklist_lock&id=7903f907a226058ed99f86e9924e082aea57fc45 As in this chunk fell out in -next: diff --git a/kernel/exit.c b/kernel/exit.c index b4fc3cc96ea4..0d6df671c8a8 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -289,6 +289,7 @@ void release_task(struct task_struct *p) put_pid(thread_pid); add_device_randomness(&p->se.sum_exec_runtime, sizeof(p->se.sum_exec_runtime)); + free_pids(post.pids); release_thread(p); put_task_struct_rcu_user(p); On Fri, Feb 7, 2025 at 7:31 PM Mark Brown <broonie@xxxxxxxxxx> wrote: > > On Wed, Feb 05, 2025 at 09:09:28PM +0100, Mateusz Guzik wrote: > > As the clone side already executes pid allocation with only pidmap_lock > > held, issuing free_pid() while still holding tasklist_lock exacerbates > > total hold time of the latter. > > > > The pid array is smuggled through newly added release_task_post struct > > so that any extra things want to get moved out have means to do it. > > We are seeing failures in -next with the clone3 clone3_set_tid selftest > on at least arm and arm64 systems which have been bisected to this > commit, in -next as 88dec855ce117f52bcf88748ddcbb25b10f4f2fc (same > bisect for both): > > For arm64 we're seeing a bunch of new failures including: > > # # [389] Trying clone3() with CLONE_SET_TID to 391 and 0x0 > # # File exists - Failed to create new process > # # [389] clone3() with CLONE_SET_TID 391 says: -17 - expected 0 > # not ok 19 reallocate child TID with 1 TIDs and flags 0x0 > > # # [389] Trying clone3() with CLONE_SET_TID to 1 and 0x20000000 > # # File exists - Failed to create new process > # # [389] clone3() with CLONE_SET_TID 1 says: -17 - expected 0 > # not ok 21 create PID 1 in new NS with 2 TIDs and flags 0x20000000 > > # # [1] Trying clone3() with CLONE_SET_TID to 43 and 0x0 > # # File exists - Failed to create new process > # # [1] clone3() with CLONE_SET_TID 43 says: -17 - expected 0 > # not ok 24 check leak on invalid specific TID with 2 TIDs and flags 0x0 > > but there's more, 32 bit only seems to see one new failure (at least on > Beaglebone Black which is where I have that test running). > > Full log for a run on arm64: > > https://lava.sirena.org.uk/scheduler/job/1102114 > > and arm: > > https://lava.sirena.org.uk/scheduler/job/1102088 > > Bisect log, the start is my tooling feeding in test results it already > has to hand in the commit range to seed the bisect: > > # bad: [ed58d103e6da15a442ff87567898768dc3a66987] Add linux-next specific files for 20250207 > # good: [653cd79f296fc6fa592cb9fa2f7b8494d5573a43] Merge branch 'for-linux-next-fixes' of https://gitlab.freedesktop.org/drm/misc/kernel.git > # good: [4c7518062d638837cea915e0ffe30f846780639a] ASoC: SOF: ipc4: Add support for split firmware releases > # good: [0a7c85b516830c0bb088b0bdb2f2c50c76fc531a] regulator: ad5398: Fix incorrect power down bit mask > # good: [215705db51eb23052c73126d2efb6acbc2db0424] spi: Replace custom fsleep() implementation > # good: [6603c5133daadbb3277fbd93be0d0d5b8ec928e8] ASoC: dt-bindings: atmel,at91-ssc: Convert to YAML format > # good: [25fac20edd09b60651eabcc57c187b1277f43d08] spi: gpio: Support a single always-selected device > # good: [652ffad172d089acb1a20e5fde1b66e687832b06] spi: fsi: Batch TX operations > # good: [6eab7034579917f207ca6d8e3f4e11e85e0ab7d5] ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties > # good: [f5aab0438ef17f01c5ecd25e61ae6a03f82a4586] regulator: pca9450: Fix enable register for LDO5 > # good: [c1ac98492d1584d31f335d233a5cd7a4d4116e5a] spi: realtek-rtl-snand: Drop unneeded assignment for cache_type > # good: [5a6a461079decea452fdcae955bccecf92e07e97] regulator: ad5398: Add device tree support > # good: [995cf0e014b0144edf1125668a97c252c5ab775e] regmap: Reorder 'struct regmap' > # good: [89785306453ce6d949e783f6936821a0b7649ee2] spi: zynqmp-gqspi: Always acknowledge interrupts > # good: [0e11f2076e7fa3efa3e0a694bc4d30ef185f0f7d] Merge branch 'for-5.19/cleanup' into for-next > git bisect start 'ed58d103e6da15a442ff87567898768dc3a66987' '653cd79f296fc6fa592cb9fa2f7b8494d5573a43' '4c7518062d638837cea915e0ffe30f846780639a' '0a7c85b516830c0bb088b0bdb2f2c50c76fc531a' '215705db51eb23052c73126d2efb6acbc2db0424' '6603c5133daadbb3277fbd93be0d0d5b8ec928e8' '25fac20edd09b60651eabcc57c187b1277f43d08' '652ffad172d089acb1a20e5fde1b66e687832b06' '6eab7034579917f207ca6d8e3f4e11e85e0ab7d5' 'f5aab0438ef17f01c5ecd25e61ae6a03f82a4586' 'c1ac98492d1584d31f335d233a5cd7a4d4116e5a' '5a6a461079decea452fdcae955bccecf92e07e97' '995cf0e014b0144edf1125668a97c252c5ab775e' '89785306453ce6d949e783f6936821a0b7649ee2' '0e11f2076e7fa3efa3e0a694bc4d30ef185f0f7d' > # bad: [ed58d103e6da15a442ff87567898768dc3a66987] Add linux-next specific files for 20250207 > git bisect bad ed58d103e6da15a442ff87567898768dc3a66987 > # bad: [5a44f71c6ba5b0a7623c25047ac61ed852afbd84] Merge branch 'for-linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos.git > git bisect bad 5a44f71c6ba5b0a7623c25047ac61ed852afbd84 > # bad: [953e43d94b2048d260774e9ddbfd3f378aa2c256] Merge branch 'fs-next' of linux-next > git bisect bad 953e43d94b2048d260774e9ddbfd3f378aa2c256 > # good: [2ab7baf7ebddff9faff6846648fd0753e5ee58c1] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux.git > git bisect good 2ab7baf7ebddff9faff6846648fd0753e5ee58c1 > # good: [09c7fd0d4465df7fd6cda5668bd32267884b6cbf] Merge branch '9p-next' of git://github.com/martinetd/linux > git bisect good 09c7fd0d4465df7fd6cda5668bd32267884b6cbf > # bad: [7a1f00b09c09aadbf33660a31f3f3d8ee6302c45] Merge branch 'vfs-6.15.iomap' into vfs.all > git bisect bad 7a1f00b09c09aadbf33660a31f3f3d8ee6302c45 > # good: [9bc19073026d0dce6b7d17d22e74643c80283f8f] Merge branch 'vfs-6.15.mount' into vfs.all > git bisect good 9bc19073026d0dce6b7d17d22e74643c80283f8f > # bad: [ba734a751d30f59e3b10d6792a1e1b50e7b1fc0c] Merge branch 'kernel-6.15.tasklist_lock' into vfs.all > git bisect bad ba734a751d30f59e3b10d6792a1e1b50e7b1fc0c > # good: [d7c340391cb0f0882bc8d5d9798ef32b577a89bc] Merge branch 'vfs-6.15.pipe' into vfs.all > git bisect good d7c340391cb0f0882bc8d5d9798ef32b577a89bc > # good: [e88fed94388f62a28acfef4954348abe79557d19] pid: sprinkle tasklist_lock asserts > git bisect good e88fed94388f62a28acfef4954348abe79557d19 > # bad: [5ca27e0557d722dd648f949dde6e4997f6255f18] pid: drop irq disablement around pidmap_lock > git bisect bad 5ca27e0557d722dd648f949dde6e4997f6255f18 > # bad: [88dec855ce117f52bcf88748ddcbb25b10f4f2fc] pid: perform free_pid() calls outside of tasklist_lock > git bisect bad 88dec855ce117f52bcf88748ddcbb25b10f4f2fc > # first bad commit: [88dec855ce117f52bcf88748ddcbb25b10f4f2fc] pid: perform free_pid() calls outside of tasklist_lock -- Mateusz Guzik <mjguzik gmail.com>
