Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp561281imu; Wed, 2 Jan 2019 11:56:51 -0800 (PST) X-Google-Smtp-Source: AFSGD/XX8R7PJv/Zhzx2+XKaow7umY7l47BDQT/76OYeVvvDGDYrGl75ujjIg+NBTNJMtEJLKKO9 X-Received: by 2002:aa7:83c6:: with SMTP id j6mr45776636pfn.91.1546459011399; Wed, 02 Jan 2019 11:56:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546459011; cv=none; d=google.com; s=arc-20160816; b=vbnalSGQ4moiAgf3uiXtUzeuCwfiTMYtGYlILHy6rMjxhlJWfQMcelqb2o+cBdWxdT BciVtvkOYPKo7eRoj02vJw3etR7TKgAhMGVtaTkvQ5+s2P4Soj7tzp1ugG4ckvHstIVm 4H1Dpq230IOz74d5XcEx2pJySmMTeqJDPZKAnfw8y9Df3zc83LAPsIYmgCF4syzGkx9U rFW3OUC7YUazo/gaK2Jm+iFQpP+/FYXSaCfBIRY4RDQoNgJAN/6PGCGnUoe7m8+IRXRN 28fUSddByNn82m/ytYT6k8eiHhrpokdbbhlCEnUortWzcgVFSzjf86rP8F0ibRWtSGeH Gsvw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=Jlcaw+6/QuDGRgdGf9NlKugDDyuT2MzNg1Ku0/Ay52g=; b=Sk8gucccnCYb7Sca5ywX93BUEYpLfV/+0eMHDwPn6pLmfSxxidxM11HJS8eUJZVYpL Xq4fDooNwg6oPud3ytsxDf/ovybtCqyY+GSDyFTwF3FCek8TAKHq/Ro/tbNp2CVirpAM 2BJXk8pON+zg6nOnPbSmM+ENqoRb7b7D3k2aYr9njx/qC3Ap/j8w7HIyr2ouPLp68MUy UZu0yzi0DGUCIMfEMaMVNxoXtu8zZyoEby09twtr5EyvKuFgBGg55eWECRwQaqpzg3hl R8dV6tUwwh4jB9DjQQvlB87sso0cvmXhvtv4exWAE/VOwyWgrVJTzfenBbU0drXQu1nW Ld7A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w7si11363518pgh.560.2019.01.02.11.56.36; Wed, 02 Jan 2019 11:56:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727081AbfABSGR (ORCPT + 99 others); Wed, 2 Jan 2019 13:06:17 -0500 Received: from outbound-smtp11.blacknight.com ([46.22.139.106]:53542 "EHLO outbound-smtp11.blacknight.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726756AbfABSGR (ORCPT ); Wed, 2 Jan 2019 13:06:17 -0500 Received: from mail.blacknight.com (pemlinmail04.blacknight.ie [81.17.254.17]) by outbound-smtp11.blacknight.com (Postfix) with ESMTPS id 4DB541C3549 for ; Wed, 2 Jan 2019 18:06:13 +0000 (GMT) Received: (qmail 1287 invoked from network); 2 Jan 2019 18:06:13 -0000 Received: from unknown (HELO techsingularity.net) (mgorman@techsingularity.net@[37.228.229.96]) by 81.17.254.9 with ESMTPSA (AES256-SHA encrypted, authenticated); 2 Jan 2019 18:06:13 -0000 Date: Wed, 2 Jan 2019 18:06:11 +0000 From: Mel Gorman To: Vlastimil Babka Cc: syzbot , aarcange@redhat.com, akpm@linux-foundation.org, kirill.shutemov@linux.intel.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux@dominikbrodowski.net, mhocko@suse.com, rientjes@google.com, syzkaller-bugs@googlegroups.com, xieyisheng1@huawei.com, zhongjiang@huawei.com, Peter Zijlstra , Ingo Molnar Subject: Re: possible deadlock in __wake_up_common_lock Message-ID: <20190102180611.GE31517@techsingularity.net> References: <000000000000f67ca2057e75bec3@google.com> <1194004c-f176-6253-a5fd-682472dccacc@suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline In-Reply-To: <1194004c-f176-6253-a5fd-682472dccacc@suse.cz> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jan 02, 2019 at 01:51:01PM +0100, Vlastimil Babka wrote: > On 1/2/19 9:51 AM, syzbot wrote: > > Hello, > > > > syzbot found the following crash on: > > > > HEAD commit: f346b0becb1b Merge branch 'akpm' (patches from Andrew) > > git tree: upstream > > console output: https://syzkaller.appspot.com/x/log.txt?x=1510cefd400000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=c255c77ba370fe7c > > dashboard link: https://syzkaller.appspot.com/bug?extid=93d94a001cfbce9e60e1 > > compiler: gcc (GCC) 8.0.1 20180413 (experimental) > > userspace arch: i386 > > > > Unfortunately, I don't have any reproducer for this crash yet. > > > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > > Reported-by: syzbot+93d94a001cfbce9e60e1@syzkaller.appspotmail.com > > > > > > ====================================================== > > WARNING: possible circular locking dependency detected > > 4.20.0+ #297 Not tainted > > ------------------------------------------------------ > > syz-executor0/8529 is trying to acquire lock: > > 000000005e7fb829 (&pgdat->kswapd_wait){....}, at: > > __wake_up_common_lock+0x19e/0x330 kernel/sched/wait.c:120 > > From the backtrace at the end of report I see it's coming from > > > wakeup_kswapd+0x5f0/0x930 mm/vmscan.c:3982 > > steal_suitable_fallback+0x538/0x830 mm/page_alloc.c:2217 > > This wakeup_kswapd is new due to Mel's 1c30844d2dfe ("mm: reclaim small > amounts of memory when an external fragmentation event occurs") so CC Mel. > New year new bugs :( > > but task is already holding lock: > > 000000009bb7bae0 (&(&zone->lock)->rlock){-.-.}, at: spin_lock > > include/linux/spinlock.h:329 [inline] > > 000000009bb7bae0 (&(&zone->lock)->rlock){-.-.}, at: rmqueue_bulk > > mm/page_alloc.c:2548 [inline] > > 000000009bb7bae0 (&(&zone->lock)->rlock){-.-.}, at: __rmqueue_pcplist > > mm/page_alloc.c:3021 [inline] > > 000000009bb7bae0 (&(&zone->lock)->rlock){-.-.}, at: rmqueue_pcplist > > mm/page_alloc.c:3050 [inline] > > 000000009bb7bae0 (&(&zone->lock)->rlock){-.-.}, at: rmqueue > > mm/page_alloc.c:3072 [inline] > > 000000009bb7bae0 (&(&zone->lock)->rlock){-.-.}, at: > > get_page_from_freelist+0x1bae/0x52a0 mm/page_alloc.c:3491 > > > > which lock already depends on the new lock. > > However, I don't understand why lockdep thinks it's a problem. IIRC it > doesn't like that we are locking pgdat->kswapd_wait.lock while holding > zone->lock. That means it has learned that the opposite order also > exists, e.g. somebody would take zone->lock while manipulating the wait > queue? I don't see where but I admit I'm not good at reading lockdep > splats, so CCing Peterz and Ingo as well. Keeping rest of mail for > reference. > I'm not sure I'm reading the output correctly because I'm having trouble seeing the exact pattern that allows lockdep to conclude the lock ordering is problematic. I think it's hungup on the fact that mod_timer can allocate debug objects for KASAN and somehow concludes that the waking of kswapd is problematic because potentially a lock ordering exists that would trip. I don't see how it's actually possible though due to either a lack of imagination or maybe lockdep is being cautious as something could change in the future that allows the lockup. There are a few options I guess in order of preference. 1. Drop zone->lock for the call. It's not necessarily to keep track of the IRQ flags as callers into that path already do things like treat IRQ disabling and the spin lock separately. 2. Use another alloc_flag in steal_suitable_fallback that is set when a wakeup is required but do the actual wakeup in rmqueue() after the zone locks are dropped and the allocation request is completed 3. Always wakeup kswapd if watermarks are boosted. I like this the least because it means doing wakeups that are unrelated to fragmentation that occurred in the current context. Any particular preference? While I recognise there is no test case available, how often does this trigger in syzbot as it would be nice to have some confirmation any patch is really fixing the problem. -- Mel Gorman SUSE Labs