From: Bart Van Assche <bvanassche@acm.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: syzbot <syzbot+78923eea7cf44364f4fb@syzkaller.appspotmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
"Darrick J. Wong" <darrick.wong@oracle.com>,
dledford@redhat.com,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
Christoph Hellwig <hch@infradead.org>,
Jann Horn <jannh@google.com>, Jason Gunthorpe <jgg@ziepe.ca>,
johannes.berg@intel.com, leon@kernel.org,
Linux List Kernel Mailing <linux-kernel@vger.kernel.org>,
linux-rdma@vger.kernel.org, linux-xfs@vger.kernel.org,
Waiman Long <longman@redhat.com>, Ingo Molnar <mingo@kernel.org>,
Ingo Molnar <mingo@redhat.com>,
Paul McKenney <paulmck@linux.vnet.ibm.com>,
Peter Zijlstra <peterz@infradead.org>,
roland@purestorage.com, sean.hefty@intel.com,
shamir.rabinovitch@oracle.com, swise@opengridcomputing.com,
syzkaller-bugs@googl
Subject: Re: BUG: MAX_STACK_TRACE_ENTRIES too low!
Date: Mon, 11 Mar 2019 11:17:19 -0700 [thread overview]
Message-ID: <1552328239.45180.101.camel@acm.org> (raw)
In-Reply-To: <CAHk-=wh_H+Wce_n8vW68ZzoSs3m=exP+kKZZZRCxAfi6dG2_Mg@mail.gmail.com>
On Mon, 2019-03-11 at 10:48 -0700, Linus Torvalds wrote:
> On Mon, Mar 11, 2019 at 8:19 AM Bart Van Assche <bvanassche@acm.org> wrote:
> >
> > I think this issue has been fixed by a commit that went upstream yesterday. Hence:
> >
> > #syz fix: workqueue, lockdep: Fix an alloc_workqueue() error path
>
> Well, syzbot just reported a problem with that fix itself ("WARNING in
> lockdep_unregister_key").
>
> Looks like now the lockdep_unregister_key() cleanup might be called
> even when the lockdep map was never initialized at all in that error
> case. Hmm?
>
> I _think_ you need to split that "err_free_wq" label into "just free
> the wq" and "unregister lockdep and free wq".
>
> But I didn't look any more closely, I might be misreading things.
Hi Linus,
>From the console output of the syzbot bug report at the start of this
e-mail thread:
WARNING: CPU: 1 PID: 7649 at kernel/locking/lockdep.c:747 register_lock_class+0x10de/0x2220
On line 747 in lockdep.c there is the following warning statement:
WARN_ON_ONCE(class->name != lock->name);
My interpretation is that this means that a lockdep key got reregistered
without unregistration between the two registration calls. That's why I
posted my "#syz fix: workqueue, lockdep: Fix an alloc_workqueue() error
path" reply.
The latest syzbot complaint is different. In the console output of the latest
report I found the following:
WARNING: CPU: 1 PID: 6970 at kernel/locking/lockdep.c:4925 lockdep_unregister_key+0x21c/0x4e0
On line 4925 there is the following warning statement:
WARN_ON_ONCE(!found);
In other words, lockdep_unregister_key() got called for a key that was never
registered.
I agree with your conclusion that the err_free_wq label needs to be split. I
will post a patch that realizes this.
Bart.
WARNING: multiple messages have this Message-ID (diff)
From: Bart Van Assche <bvanassche@acm.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: syzbot <syzbot+78923eea7cf44364f4fb@syzkaller.appspotmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
"Darrick J. Wong" <darrick.wong@oracle.com>,
dledford@redhat.com,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
Christoph Hellwig <hch@infradead.org>,
Jann Horn <jannh@google.com>, Jason Gunthorpe <jgg@ziepe.ca>,
johannes.berg@intel.com, leon@kernel.org,
Linux List Kernel Mailing <linux-kernel@vger.kernel.org>,
linux-rdma@vger.kernel.org, linux-xfs@vger.kernel.org,
Waiman Long <longman@redhat.com>, Ingo Molnar <mingo@kernel.org>,
Ingo Molnar <mingo@redhat.com>,
Paul McKenney <paulmck@linux.vnet.ibm.com>,
Peter Zijlstra <peterz@infradead.org>,
roland@purestorage.com, sean.hefty@intel.com,
shamir.rabinovitch@oracle.com, swise@opengridcomputing.com,
syzkaller-bugs@googlegroups.com,
Thomas Gleixner <tglx@linutronix.de>, Tejun Heo <tj@kernel.org>,
Will Deacon <will.deacon@arm.com>,
Cong Wang <xiyou.wangcong@gmail.com>
Subject: Re: BUG: MAX_STACK_TRACE_ENTRIES too low!
Date: Mon, 11 Mar 2019 11:17:19 -0700 [thread overview]
Message-ID: <1552328239.45180.101.camel@acm.org> (raw)
In-Reply-To: <CAHk-=wh_H+Wce_n8vW68ZzoSs3m=exP+kKZZZRCxAfi6dG2_Mg@mail.gmail.com>
On Mon, 2019-03-11 at 10:48 -0700, Linus Torvalds wrote:
> On Mon, Mar 11, 2019 at 8:19 AM Bart Van Assche <bvanassche@acm.org> wrote:
> >
> > I think this issue has been fixed by a commit that went upstream yesterday. Hence:
> >
> > #syz fix: workqueue, lockdep: Fix an alloc_workqueue() error path
>
> Well, syzbot just reported a problem with that fix itself ("WARNING in
> lockdep_unregister_key").
>
> Looks like now the lockdep_unregister_key() cleanup might be called
> even when the lockdep map was never initialized at all in that error
> case. Hmm?
>
> I _think_ you need to split that "err_free_wq" label into "just free
> the wq" and "unregister lockdep and free wq".
>
> But I didn't look any more closely, I might be misreading things.
Hi Linus,
>From the console output of the syzbot bug report at the start of this
e-mail thread:
WARNING: CPU: 1 PID: 7649 at kernel/locking/lockdep.c:747 register_lock_class+0x10de/0x2220
On line 747 in lockdep.c there is the following warning statement:
WARN_ON_ONCE(class->name != lock->name);
My interpretation is that this means that a lockdep key got reregistered
without unregistration between the two registration calls. That's why I
posted my "#syz fix: workqueue, lockdep: Fix an alloc_workqueue() error
path" reply.
The latest syzbot complaint is different. In the console output of the latest
report I found the following:
WARNING: CPU: 1 PID: 6970 at kernel/locking/lockdep.c:4925 lockdep_unregister_key+0x21c/0x4e0
On line 4925 there is the following warning statement:
WARN_ON_ONCE(!found);
In other words, lockdep_unregister_key() got called for a key that was never
registered.
I agree with your conclusion that the err_free_wq label needs to be split. I
will post a patch that realizes this.
Bart.
WARNING: multiple messages have this Message-ID (diff)
From: Bart Van Assche <bvanassche@acm.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: syzbot <syzbot+78923eea7cf44364f4fb@syzkaller.appspotmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
"Darrick J. Wong" <darrick.wong@oracle.com>,
dledford@redhat.com,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
Christoph Hellwig <hch@infradead.org>,
Jann Horn <jannh@google.com>, Jason Gunthorpe <jgg@ziepe.ca>,
johannes.berg@intel.com, leon@kernel.org,
Linux List Kernel Mailing <linux-kernel@vger.kernel.org>,
linux-rdma@vger.kernel.org, linux-xfs@vger.kernel.org,
Waiman Long <longman@redhat.com>, Ingo Molnar <mingo@kernel.org>,
Ingo Molnar <mingo@redhat.com>,
Paul McKenney <paulmck@linux.vnet.ibm.com>,
Peter Zijlstra <peterz@infradead.org>,
roland@purestorage.com, sean.hefty@intel.com,
shamir.rabinovitch@oracle.com, swise@opengridcomputing.com,
syzkaller-bugs@googlegroups.com,
Thomas Gleixner <tglx@linutronix.de>, Tejun Heo <tj@kernel.org>,
Will Deacon <will.deacon@arm.com>,
Cong Wang <xiyou.wangcong@gmail.com>
Subject: Re: BUG: MAX_STACK_TRACE_ENTRIES too low!
Date: Mon, 11 Mar 2019 11:17:19 -0700 [thread overview]
Message-ID: <1552328239.45180.101.camel@acm.org> (raw)
In-Reply-To: <CAHk-=wh_H+Wce_n8vW68ZzoSs3m=exP+kKZZZRCxAfi6dG2_Mg@mail.gmail.com>
On Mon, 2019-03-11 at 10:48 -0700, Linus Torvalds wrote:
> On Mon, Mar 11, 2019 at 8:19 AM Bart Van Assche <bvanassche@acm.org> wrote:
> >
> > I think this issue has been fixed by a commit that went upstream yesterday. Hence:
> >
> > #syz fix: workqueue, lockdep: Fix an alloc_workqueue() error path
>
> Well, syzbot just reported a problem with that fix itself ("WARNING in
> lockdep_unregister_key").
>
> Looks like now the lockdep_unregister_key() cleanup might be called
> even when the lockdep map was never initialized at all in that error
> case. Hmm?
>
> I _think_ you need to split that "err_free_wq" label into "just free
> the wq" and "unregister lockdep and free wq".
>
> But I didn't look any more closely, I might be misreading things.
Hi Linus,
From the console output of the syzbot bug report at the start of this
e-mail thread:
WARNING: CPU: 1 PID: 7649 at kernel/locking/lockdep.c:747 register_lock_class+0x10de/0x2220
On line 747 in lockdep.c there is the following warning statement:
WARN_ON_ONCE(class->name != lock->name);
My interpretation is that this means that a lockdep key got reregistered
without unregistration between the two registration calls. That's why I
posted my "#syz fix: workqueue, lockdep: Fix an alloc_workqueue() error
path" reply.
The latest syzbot complaint is different. In the console output of the latest
report I found the following:
WARNING: CPU: 1 PID: 6970 at kernel/locking/lockdep.c:4925 lockdep_unregister_key+0x21c/0x4e0
On line 4925 there is the following warning statement:
WARN_ON_ONCE(!found);
In other words, lockdep_unregister_key() got called for a key that was never
registered.
I agree with your conclusion that the err_free_wq label needs to be split. I
will post a patch that realizes this.
Bart.
next prev parent reply other threads:[~2019-03-11 18:17 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-02 7:06 BUG: MAX_STACK_TRACE_ENTRIES too low! syzbot
2019-03-02 11:45 ` syzbot
2019-03-08 8:11 ` Christoph Hellwig
2019-03-11 13:26 ` syzbot
2019-03-11 15:19 ` Bart Van Assche
2019-03-11 17:48 ` Linus Torvalds
2019-03-11 17:48 ` Linus Torvalds
2019-03-11 18:17 ` Bart Van Assche [this message]
2019-03-11 18:17 ` Bart Van Assche
2019-03-11 18:17 ` Bart Van Assche
-- strict thread matches above, loose matches on Subject: below --
2009-02-19 12:37 Geert Uytterhoeven
2009-02-19 13:16 ` Gary Thomas
2008-04-17 22:01 Christian Kujau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1552328239.45180.101.camel@acm.org \
--to=bvanassche@acm.org \
--cc=akpm@linux-foundation.org \
--cc=darrick.wong@oracle.com \
--cc=dledford@redhat.com \
--cc=gustavo@embeddedor.com \
--cc=hch@infradead.org \
--cc=jannh@google.com \
--cc=jgg@ziepe.ca \
--cc=johannes.berg@intel.com \
--cc=leon@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=longman@redhat.com \
--cc=mingo@kernel.org \
--cc=mingo@redhat.com \
--cc=paulmck@linux.vnet.ibm.com \
--cc=peterz@infradead.org \
--cc=roland@purestorage.com \
--cc=sean.hefty@intel.com \
--cc=shamir.rabinovitch@oracle.com \
--cc=swise@opengridcomputing.com \
--cc=syzbot+78923eea7cf44364f4fb@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googl \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.