+ lockdep-add-debug-printk-for-downgrade_write-warning.patch added to -mm tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The patch titled
     Subject: lockdep: Add debug printk() for downgrade_write() warning.
has been added to the -mm tree.  Its filename is
     lockdep-add-debug-printk-for-downgrade_write-warning.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/lockdep-add-debug-printk-for-downgrade_write-warning.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/lockdep-add-debug-printk-for-downgrade_write-warning.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
Subject: lockdep: Add debug printk() for downgrade_write() warning.

syzbot is frequently hitting downgrade_write(&mm->mmap_sem) warning from
munmap() request, but I don't know why it is happening.  Since lockdep is
not printing enough information, let's print more.  This patch is meant
for linux-next.git only and will be removed after the problem is solved.

[  310.065615][T12227] ------------[ cut here ]------------
[  310.075104][T12227] downgrading a read lock
[  310.075198][T12227] WARNING: CPU: 1 PID: 12227 at kernel/locking/lockdep.c:3553 lock_downgrade+0x4d2/0x910
[  310.084251][T12227] Kernel panic - not syncing: panic_on_warn set ...
[  310.587742][T12227] CPU: 1 PID: 12227 Comm: blkid Not tainted 4.20.0-next-20190103 #5
[  310.595732][T12227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  310.605783][T12227] Call Trace:
[  310.609071][T12227]  dump_stack+0x1db/0x2d0
[  310.613400][T12227]  ? dump_stack_print_info.cold+0x20/0x20
[  310.619116][T12227]  ? lock_downgrade+0x450/0x910
[  310.624035][T12227]  panic+0x2cb/0x65c
[  310.627926][T12227]  ? add_taint.cold+0x16/0x16
[  310.632591][T12227]  ? lock_downgrade+0x4d2/0x910
[  310.637437][T12227]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  310.643662][T12227]  ? __probe_kernel_read+0x1f4/0x250
[  310.648945][T12227]  ? __warn.cold+0x5/0x48
[  310.653266][T12227]  ? __warn+0xe8/0x1d0
[  310.657322][T12227]  ? lock_downgrade+0x4d2/0x910
[  310.662160][T12227]  __warn.cold+0x20/0x48
[  310.666394][T12227]  ? lock_downgrade+0x4d2/0x910
[  310.671240][T12227]  report_bug+0x263/0x2b0
[  310.675638][T12227]  do_error_trap+0x11b/0x200
[  310.680248][T12227]  do_invalid_op+0x37/0x50
[  310.684651][T12227]  ? lock_downgrade+0x4d2/0x910
[  310.689499][T12227]  invalid_op+0x14/0x20
[  310.693643][T12227] RIP: 0010:lock_downgrade+0x4d2/0x910
[  310.699099][T12227] Code: 00 00 00 fc ff df 41 c6 04 06 f8 e9 1f ff ff ff 48 c7 c7 80 a7 4b 88 4c 89 8d 58 ff ff ff 48 89 85 60 ff ff ff e8 ee 14 e7 ff <0f> 0b 48 8b 85 60 ff ff ff 4c 8d 5d d8 4c 89 f1 48 ba 00 00 00 00
[  310.718702][T12227] RSP: 0018:ffff88804ebe7bb8 EFLAGS: 00010082
[  310.724791][T12227] RAX: 0000000000000000 RBX: 1ffff11009d7cf7d RCX: 0000000000000000
[  310.732763][T12227] RDX: 0000000000000000 RSI: ffffffff81685116 RDI: 0000000000000006
[  310.740723][T12227] RBP: ffff88804ebe7c70 R08: ffff88809fee0340 R09: fffffbfff1333291
[  310.748702][T12227] R10: fffffbfff1333290 R11: ffffffff89999483 R12: ffff88809fee0340
[  310.756676][T12227] R13: ffffffff8b56ca20 R14: ffff88804ebe7c08 R15: 0000000000000001
[  310.764676][T12227]  ? vprintk_func+0x86/0x189
[  310.769284][T12227]  ? lock_downgrade+0x4d2/0x910
[  310.774213][T12227]  ? __do_munmap+0xc5a/0xef0
[  310.778796][T12227]  ? lock_set_class+0x820/0x820
[  310.783632][T12227]  ? lock_acquire+0x1db/0x570
[  310.788297][T12227]  ? __vm_munmap+0xfa/0x1f0
[  310.792807][T12227]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  310.798573][T12227]  ? userfaultfd_unmap_prep+0x456/0x5e0
[  310.804112][T12227]  downgrade_write+0x76/0x270
[  310.808787][T12227]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  310.815012][T12227]  ? up_read+0x2b0/0x2b0
[  310.819246][T12227]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  310.824954][T12227]  ? vma_compute_subtree_gap+0x158/0x230
[  310.830578][T12227]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  310.836294][T12227]  __do_munmap+0xc5a/0xef0
[  310.840720][T12227]  __vm_munmap+0x139/0x1f0
[  310.845130][T12227]  ? __do_munmap+0xef0/0xef0
[  310.849717][T12227]  ? __ia32_sys_fallocate+0xf0/0xf0
[  310.854918][T12227]  ? trace_hardirqs_off_caller+0x300/0x300
[  310.860720][T12227]  __x64_sys_munmap+0x67/0x80
[  310.865404][T12227]  do_syscall_64+0x1a3/0x800
[  310.869992][T12227]  ? syscall_return_slowpath+0x5f0/0x5f0
[  310.875610][T12227]  ? lockdep_sys_exit+0x49/0x5c
[  310.880449][T12227]  ? prepare_exit_to_usermode+0x232/0x3b0
[  310.886162][T12227]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  310.891710][T12227]  entry_SYSCALL_64_after_hwframe+0x49/0xbe

Link: http://lkml.kernel.org/r/e1a38e21-d5fe-dee3-7081-bc1a12965a68@xxxxxxxxxxxxxxxxxxx
Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxxxxx>
Cc: Will Deacon <will.deacon@xxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---


--- a/kernel/locking/lockdep.c~lockdep-add-debug-printk-for-downgrade_write-warning
+++ a/kernel/locking/lockdep.c
@@ -50,6 +50,7 @@
 #include <linux/random.h>
 #include <linux/jhash.h>
 #include <linux/nmi.h>
+#include <linux/rwsem.h>
 
 #include <asm/sections.h>
 
@@ -3550,6 +3551,24 @@ static int __lock_downgrade(struct lockd
 	curr->lockdep_depth = i;
 	curr->curr_chain_key = hlock->prev_chain_key;
 
+#if defined(CONFIG_RWSEM_XCHGADD_ALGORITHM) && defined(CONFIG_DEBUG_AID_FOR_SYZBOT)
+	if (hlock->read && curr->mm) {
+		struct rw_semaphore *sem = container_of(lock,
+							struct rw_semaphore,
+							dep_map);
+
+		if (sem == &curr->mm->mmap_sem) {
+#if defined(CONFIG_RWSEM_SPIN_ON_OWNER)
+			pr_warn("mmap_sem: hlock->read=%d count=%ld current=%px, owner=%px\n",
+				hlock->read, atomic_long_read(&sem->count),
+				curr, READ_ONCE(sem->owner));
+#else
+			pr_warn("mmap_sem: hlock->read=%d count=%ld\n",
+				hlock->read, atomic_long_read(&sem->count));
+#endif
+		}
+	}
+#endif
 	WARN(hlock->read, "downgrading a read lock");
 	hlock->read = 1;
 	hlock->acquire_ip = ip;
_

Patches currently in -mm which might be from penguin-kernel@xxxxxxxxxxxxxxxxxxx are

info-task-hung-in-generic_file_write_iter.patch
info-task-hung-in-generic_file_write-fix.patch
lockdep-add-debug-printk-for-downgrade_write-warning.patch
[Index of Archives]     [Kernel Archive]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]

  Powered by Linux