Received: by 10.223.164.200 with SMTP id h8csp267196wrb; Sun, 5 Nov 2017 07:48:07 -0800 (PST) X-Google-Smtp-Source: ABhQp+Sm4gZjypT9FKK2b4mb+GRYfm1xn7I/2Mn4pbWNXBfsErFxNtVOO3CruTMtihwIish444yE X-Received: by 10.101.82.202 with SMTP id z10mr12710219pgp.404.1509896886966; Sun, 05 Nov 2017 07:48:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1509896886; cv=none; d=google.com; s=arc-20160816; b=MdzFW1V8hjVa/Sx6x52nenIsL8ADhfFMojMLaaKb9xM4XGTCBLz4oFmNkAOEeunWX6 rhQCMHsWTX52MJvfbuQ5xS4zdsTPiRa4piNr+/gEJa0NpWyUVs1vGZziiQdkPOa4CkC/ aQ+oGOWUVP8u95VZ191pxeOpcZimX8oFgXFrml/FXdZDWxS+oprJbEZl3nlat/1r+Y0v z2r++K98C3vbEQnSQMc8vew1x7LwdQD1hgYRbjUBkVBCbtfUkEY8C1qpEtYMb0Bfcrt6 kpXDjG+mS9QRANUSKIcuDWQNRM2G8lFxThl48p9Iet7TKPox6DcV7oS8OQUMtLf+F6RQ i7jA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=XOQdP0rvATC6bQqkH9CuGHtTt3VEq+GbrvmpKd7Gi1Y=; b=XydR4FCHcw49437HrlijhwSDaEMVHVRuP0W+Y+H19np974JJBjogRNufifHwVBFQhk D54E26eQORgeHF6eTQBOBu8SnIuTcz7LG2anhFcC8SGkIFLH02KkNvkyVJL5CIzqPOCL qfc3zjMEcK4pVjN8MD52nQ9FqpFy3s8ecDkGmUSp8YlvRDpoud7pKx3YP5ujH6w24VBu hNVB3N+/Gd0Q/1sXwTKpXxBekCMFPejpHiQyEUtZCIXI6j8sUZLR0EJhSPt7wC6AZNyj PsSs8ECb5aHVwuehsnOB+POro8gFjrYv/5XT3pXXRBzQibyBo81lNaB6envw99SEBH5T vHRw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel-dk.20150623.gappssmtp.com header.s=20150623 header.b=j7VvCp/1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p9si9032893plk.729.2017.11.05.07.47.53; Sun, 05 Nov 2017 07:48:06 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel-dk.20150623.gappssmtp.com header.s=20150623 header.b=j7VvCp/1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750821AbdKEPrT (ORCPT + 96 others); Sun, 5 Nov 2017 10:47:19 -0500 Received: from mail-pf0-f196.google.com ([209.85.192.196]:47723 "EHLO mail-pf0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750731AbdKEPrR (ORCPT ); Sun, 5 Nov 2017 10:47:17 -0500 Received: by mail-pf0-f196.google.com with SMTP id z11so5873618pfk.4 for ; Sun, 05 Nov 2017 07:47:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel-dk.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=XOQdP0rvATC6bQqkH9CuGHtTt3VEq+GbrvmpKd7Gi1Y=; b=j7VvCp/141fIUUsgshhmiu2vaCsWyrx9dPz4SFnN9WqnRZmSZMYZi1KLPQl+Gtfw/1 mKU14+8jr8QgdHAjS4pqzRSvkQsEH3LM87b5rJqx3YwDH4vxHiYh/aC2mffpYw+OTI1U 0ilSpS7GxGp7/gONeO+EGSxrHI6KoxgR0j1L7H6Fugcj77EE5CZXMSlQp1IE24Zz1Ul1 ZYJhES21zrBSaHeBeqW2rK9tK8iM9v5XiJvuBtDLjtjAbQYkbbaD+uEeMFcfR9Z5gUPz Lbm0VTf5a4xPY32jOIXsoKDxm01ObWNnogc1Gty9VM1wokGw4K7v7pgdop6JNbAFvPBE aKHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=XOQdP0rvATC6bQqkH9CuGHtTt3VEq+GbrvmpKd7Gi1Y=; b=OKPylg17ON3J0acYozpI5ylpZPiVZ4fg5zSrzlH6owTmEkevb7W/upQy49dgCJGJOK yWLl+YQVqORMo5TGvczMdS3WKs5KU/yOcSUiaRfpz6yLh0/RJbMiSp6h4JPiYe7IKBsa SqQMVt3Voh5AfpQHEN6+bXRWmXMI+DNN9OK4ovnZSoKOE5AP9ZgknX0vl8nZ9BirMp2q /sFhd+5AeDjmt9RuZkLDXDShVZgTbnboKfK+RQBvnS2FtHn1Ru4WC4o2/jLRX16pJXxh GOJk67C7N8DWGo9drOZk0ezJn+O6lqI/7YNYC9MOQNU+oACFciK7G5Mk95iU5a8G0zQw 38nA== X-Gm-Message-State: AMCzsaXSKgmxgjjnymg0UryJAGV7TR3J/HsnMCORqP407lLa5qCq1cK0 ucoG3ebDD3U48p4aSScGiNUL0w== X-Received: by 10.84.129.228 with SMTP id b91mr12052139plb.56.1509896837089; Sun, 05 Nov 2017 07:47:17 -0800 (PST) Received: from [192.168.1.12] (mobile-166-176-57-8.mycingular.net. [166.176.57.8]) by smtp.gmail.com with ESMTPSA id u9sm23729447pfa.40.2017.11.05.07.47.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 05 Nov 2017 07:47:16 -0800 (PST) Subject: Re: WARNING in tracepoint_probe_unregister To: Dmitry Vyukov , syzbot , Steven Rostedt , Mathieu Desnoyers Cc: LKML , Ingo Molnar , syzkaller-bugs@googlegroups.com References: <001a114089d6731471055d37cb25@google.com> From: Jens Axboe Message-ID: Date: Sun, 5 Nov 2017 08:47:14 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/05/2017 01:09 AM, Dmitry Vyukov wrote: > On Sun, Nov 5, 2017 at 11:05 AM, syzbot > > wrote: >> Hello, >> >> syzkaller hit the following crash on >> 36ef71cae353f88fd6e095e2aaa3e5953af1685d >> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master >> compiler: gcc (GCC) 7.1.1 20170620 >> .config is attached >> Raw console output is attached. >> C reproducer is attached >> syzkaller reproducer is attached. See https://goo.gl/kgGztJ >> for information about syzkaller reproducers >> >> >> WARNING: CPU: 1 PID: 2992 at kernel/tracepoint.c:243 tracepoint_remove_func >> kernel/tracepoint.c:243 [inline] >> WARNING: CPU: 1 PID: 2992 at kernel/tracepoint.c:243 >> tracepoint_probe_unregister+0x6b3/0x870 kernel/tracepoint.c:324 >> Kernel panic - not syncing: panic_on_warn set ... >> >> CPU: 1 PID: 2992 Comm: syzkaller812809 Not tainted 4.14.0-rc5-next-20171018+ >> #8 >> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 >> Call Trace: >> __dump_stack lib/dump_stack.c:16 [inline] >> dump_stack+0x194/0x257 lib/dump_stack.c:52 >> panic+0x1e4/0x41c kernel/panic.c:183 >> __warn+0x1c4/0x1e0 kernel/panic.c:546 >> report_bug+0x211/0x2d0 lib/bug.c:183 >> fixup_bug+0x40/0x90 arch/x86/kernel/traps.c:177 >> do_trap_no_signal arch/x86/kernel/traps.c:211 [inline] >> do_trap+0x260/0x390 arch/x86/kernel/traps.c:260 >> do_error_trap+0x120/0x390 arch/x86/kernel/traps.c:297 >> do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:310 >> invalid_op+0x18/0x20 arch/x86/entry/entry_64.S:905 >> RIP: 0010:tracepoint_remove_func kernel/tracepoint.c:243 [inline] >> RIP: 0010:tracepoint_probe_unregister+0x6b3/0x870 kernel/tracepoint.c:324 >> RSP: 0018:ffff8800397df890 EFLAGS: 00010293 >> RAX: ffff88003982e8c0 RBX: 00000000fffffffe RCX: ffffffff81710233 >> RDX: 0000000000000000 RSI: ffffffff85b679c0 RDI: 0000000000000282 >> RBP: ffff8800397df9a8 R08: 0000000000000001 R09: 1ffff100072fbe6e >> R10: ffff8800397df880 R11: 0000000000000001 R12: ffffffff8175b5e0 >> R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8800397df980 >> unregister_trace_block_rq_remap include/trace/events/block.h:602 [inline] >> blk_unregister_tracepoints+0x1e/0x160 kernel/trace/blktrace.c:1079 >> blk_trace_cleanup+0x28/0x30 kernel/trace/blktrace.c:336 >> blk_trace_remove+0x55/0x80 kernel/trace/blktrace.c:348 >> sg_ioctl+0x5eb/0x2d90 drivers/scsi/sg.c:1098 >> vfs_ioctl fs/ioctl.c:45 [inline] >> do_vfs_ioctl+0x1b1/0x1520 fs/ioctl.c:685 >> SYSC_ioctl fs/ioctl.c:700 [inline] >> SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691 >> entry_SYSCALL_64_fastpath+0x1f/0xbe >> RIP: 0033:0x4396a9 >> RSP: 002b:00007ffd4d3facb8 EFLAGS: 00000206 ORIG_RAX: 0000000000000010 >> RAX: ffffffffffffffda RBX: 00000000006ccac0 RCX: 00000000004396a9 >> RDX: 000000002002d000 RSI: 4000000000001276 RDI: 0000000000000004 >> RBP: 0000000000000082 R08: 00000000000000fe R09: 0000000000000000 >> R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000038 >> R13: ffffffffffffffff R14: 0000000000401eb0 R15: 0000000000000000 >> Dumping ftrace buffer: >> (ftrace buffer empty) >> Kernel Offset: disabled >> Rebooting in 86400 seconds.. > > > Jens, this has the same root cause as "WARNING in > tracepoint_probe_register_prio": > https://groups.google.com/forum/#!msg/syzkaller-bugs/9IolqTA_NUk/LgLFZ6hQAQAJ > right? Yep, it is - can/did you check the patch I sent out yesterday for this? Here it is again. diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c index 45a3928544ce..206e0e2ace53 100644 --- a/kernel/trace/blktrace.c +++ b/kernel/trace/blktrace.c @@ -66,7 +66,8 @@ static struct tracer_flags blk_tracer_flags = { }; /* Global reference count of probes */ -static atomic_t blk_probes_ref = ATOMIC_INIT(0); +static DEFINE_MUTEX(blk_probe_mutex); +static int blk_probes_ref; static void blk_register_tracepoints(void); static void blk_unregister_tracepoints(void); @@ -329,14 +330,29 @@ static void blk_trace_free(struct blk_trace *bt) kfree(bt); } +static void get_probe_ref(void) +{ + mutex_lock(&blk_probe_mutex); + if (++blk_probes_ref == 1) + blk_register_tracepoints(); + mutex_unlock(&blk_probe_mutex); +} + +static void put_probe_ref(void) +{ + mutex_lock(&blk_probe_mutex); + if (!--blk_probes_ref) + blk_unregister_tracepoints(); + mutex_unlock(&blk_probe_mutex); +} + static void blk_trace_cleanup(struct blk_trace *bt) { blk_trace_free(bt); - if (atomic_dec_and_test(&blk_probes_ref)) - blk_unregister_tracepoints(); + put_probe_ref(); } -int blk_trace_remove(struct request_queue *q) +static int __blk_trace_remove(struct request_queue *q) { struct blk_trace *bt; @@ -349,6 +365,17 @@ int blk_trace_remove(struct request_queue *q) return 0; } + +int blk_trace_remove(struct request_queue *q) +{ + int ret; + + mutex_lock(&q->blk_trace_mutex); + ret = __blk_trace_remove(q); + mutex_unlock(&q->blk_trace_mutex); + + return ret; +} EXPORT_SYMBOL_GPL(blk_trace_remove); static ssize_t blk_dropped_read(struct file *filp, char __user *buffer, @@ -538,8 +565,7 @@ static int do_blk_trace_setup(struct request_queue *q, char *name, dev_t dev, if (cmpxchg(&q->blk_trace, NULL, bt)) goto err; - if (atomic_inc_return(&blk_probes_ref) == 1) - blk_register_tracepoints(); + get_probe_ref(); ret = 0; err: @@ -550,9 +576,8 @@ static int do_blk_trace_setup(struct request_queue *q, char *name, dev_t dev, return ret; } -int blk_trace_setup(struct request_queue *q, char *name, dev_t dev, - struct block_device *bdev, - char __user *arg) +static int __blk_trace_setup(struct request_queue *q, char *name, dev_t dev, + struct block_device *bdev, char __user *arg) { struct blk_user_trace_setup buts; int ret; @@ -571,6 +596,19 @@ int blk_trace_setup(struct request_queue *q, char *name, dev_t dev, } return 0; } + +int blk_trace_setup(struct request_queue *q, char *name, dev_t dev, + struct block_device *bdev, + char __user *arg) +{ + int ret; + + mutex_lock(&q->blk_trace_mutex); + ret = __blk_trace_setup(q, name, dev, bdev, arg); + mutex_unlock(&q->blk_trace_mutex); + + return ret; +} EXPORT_SYMBOL_GPL(blk_trace_setup); #if defined(CONFIG_COMPAT) && defined(CONFIG_X86_64) @@ -607,7 +645,7 @@ static int compat_blk_trace_setup(struct request_queue *q, char *name, } #endif -int blk_trace_startstop(struct request_queue *q, int start) +static int __blk_trace_startstop(struct request_queue *q, int start) { int ret; struct blk_trace *bt = q->blk_trace; @@ -646,6 +684,17 @@ int blk_trace_startstop(struct request_queue *q, int start) return ret; } + +int blk_trace_startstop(struct request_queue *q, int start) +{ + int ret; + + mutex_lock(&q->blk_trace_mutex); + ret = __blk_trace_startstop(q, start); + mutex_unlock(&q->blk_trace_mutex); + + return ret; +} EXPORT_SYMBOL_GPL(blk_trace_startstop); /* @@ -676,7 +725,7 @@ int blk_trace_ioctl(struct block_device *bdev, unsigned cmd, char __user *arg) switch (cmd) { case BLKTRACESETUP: bdevname(bdev, b); - ret = blk_trace_setup(q, b, bdev->bd_dev, bdev, arg); + ret = __blk_trace_setup(q, b, bdev->bd_dev, bdev, arg); break; #if defined(CONFIG_COMPAT) && defined(CONFIG_X86_64) case BLKTRACESETUP32: @@ -687,10 +736,10 @@ int blk_trace_ioctl(struct block_device *bdev, unsigned cmd, char __user *arg) case BLKTRACESTART: start = 1; case BLKTRACESTOP: - ret = blk_trace_startstop(q, start); + ret = __blk_trace_startstop(q, start); break; case BLKTRACETEARDOWN: - ret = blk_trace_remove(q); + ret = __blk_trace_remove(q); break; default: ret = -ENOTTY; @@ -708,10 +757,14 @@ int blk_trace_ioctl(struct block_device *bdev, unsigned cmd, char __user *arg) **/ void blk_trace_shutdown(struct request_queue *q) { + mutex_lock(&q->blk_trace_mutex); + if (q->blk_trace) { - blk_trace_startstop(q, 0); - blk_trace_remove(q); + __blk_trace_startstop(q, 0); + __blk_trace_remove(q); } + + mutex_unlock(&q->blk_trace_mutex); } #ifdef CONFIG_BLK_CGROUP @@ -1558,9 +1611,7 @@ static int blk_trace_remove_queue(struct request_queue *q) if (bt == NULL) return -EINVAL; - if (atomic_dec_and_test(&blk_probes_ref)) - blk_unregister_tracepoints(); - + put_probe_ref(); blk_trace_free(bt); return 0; } @@ -1591,8 +1642,7 @@ static int blk_trace_setup_queue(struct request_queue *q, if (cmpxchg(&q->blk_trace, NULL, bt)) goto free_bt; - if (atomic_inc_return(&blk_probes_ref) == 1) - blk_register_tracepoints(); + get_probe_ref(); return 0; free_bt: -- Jens Axboe From 1583212879986440186@xxx Sun Nov 05 08:11:01 +0000 2017 X-GM-THRID: 1583212569083978762 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread