Greeting,

FYI, we noticed the following commit (built with gcc-11):

commit: c20f7bacef67af52980742f564d2ddb9519e6b18 ("[PATCH v2 1/5] mm: add a new parameter `node` to `get/add/inc/dec_mm_counter`")
url: https://github.com/intel-lab-lkp/linux/commits/Gang-Li/mm-oom-Introduce-per-numa-node-oom-for-CONSTRAINT_-MEMORY_POLICY-CPUSET/20220708-162505
base: https://git.kernel.org/cgit/linux/kernel/git/akpm/mm.git mm-everything
patch link: https://lore.kernel.org/lkml/20220708082129.80115-2-ligang.bdlg@bytedance.com

in testcase: trinity
version: trinity-i386-4d2343bd-1_20200320
with following parameters:

	runtime: 300s
	group: group-00

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):



If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@intel.com>


[  153.358510][ T3796] WARNING: possible circular locking dependency detected
[  153.362349][ T3796] 5.19.0-rc4-00459-gc20f7bacef67 #1 Tainted: G                 N
[  153.366427][ T3796] ------------------------------------------------------
[  153.370459][ T3796] trinity-c0/3796 is trying to acquire lock:
[ 153.374381][ T3796] ffffffff90b85a80 (fs_reclaim){+.+.}-{0:0}, at: __kmalloc (include/linux/sched/mm.h:272 mm/slab.h:723 mm/slub.c:3157 mm/slub.c:3251 mm/slub.c:4442) 
[  153.378606][ T3796]
[  153.378606][ T3796] but task is already holding lock:
[ 153.385910][ T3796] ffff88817b7adbe8 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: unmap_mapping_range (mm/memory.c:3616 mm/memory.c:3654) 
[  153.390178][ T3796]
[  153.390178][ T3796] which lock already depends on the new lock.
[  153.390178][ T3796]
[  153.400120][ T3796]
[  153.400120][ T3796] the existing dependency chain (in reverse order) is:
[  153.406931][ T3796]
[  153.406931][ T3796] -> #1 (&mapping->i_mmap_rwsem){++++}-{3:3}:
[ 153.413287][ T3796] __lock_acquire (kernel/locking/lockdep.c:5053) 
[ 153.416541][ T3796] lock_acquire (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5667 kernel/locking/lockdep.c:5630) 
[ 153.419765][ T3796] down_write (include/linux/instrumented.h:101 include/linux/atomic/atomic-instrumented.h:1779 kernel/locking/rwsem.c:255 kernel/locking/rwsem.c:1286 kernel/locking/rwsem.c:1296 kernel/locking/rwsem.c:1543) 
[ 153.422840][ T3796] dma_resv_lockdep (include/linux/fs.h:462 drivers/dma-buf/dma-resv.c:755) 
[ 153.430008][ T3796] do_one_initcall (init/main.c:1300) 
[ 153.433077][ T3796] do_initcalls (init/main.c:1374 init/main.c:1391) 
[ 153.436058][ T3796] kernel_init_freeable (init/main.c:1621) 
[ 153.438917][ T3796] kernel_init (init/main.c:1508) 
[ 153.441729][ T3796] ret_from_fork (arch/x86/entry/entry_64.S:308) 
[  153.444438][ T3796]
[  153.444438][ T3796] -> #0 (fs_reclaim){+.+.}-{0:0}:
[ 153.449538][ T3796] check_prev_add (kernel/locking/lockdep.c:3096) 
[ 153.452347][ T3796] validate_chain (kernel/locking/lockdep.c:3215 kernel/locking/lockdep.c:3829) 
[ 153.455054][ T3796] __lock_acquire (kernel/locking/lockdep.c:5053) 
[ 153.460465][ T3796] lock_acquire (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5667 kernel/locking/lockdep.c:5630) 
[ 153.463055][ T3796] fs_reclaim_acquire (mm/page_alloc.c:4674 mm/page_alloc.c:4687) 
[ 153.465635][ T3796] __kmalloc (include/linux/sched/mm.h:272 mm/slab.h:723 mm/slub.c:3157 mm/slub.c:3251 mm/slub.c:4442) 
[ 153.468003][ T3796] zap_pte_range (include/linux/slab.h:640 include/linux/slab.h:671 mm/memory.c:1443) 
[ 153.470465][ T3796] zap_pmd_range+0x218/0x600 
[ 153.472982][ T3796] unmap_page_range (mm/memory.c:1642 mm/memory.c:1663 mm/memory.c:1684) 
[ 153.475441][ T3796] zap_page_range_single (include/linux/mmu_notifier.h:481 mm/memory.c:1828) 
[ 153.477934][ T3796] unmap_mapping_range (mm/memory.c:3545 mm/memory.c:3617 mm/memory.c:3654) 
[ 153.480478][ T3796] shmem_fallocate (mm/shmem.c:2696) 
[ 153.482951][ T3796] vfs_fallocate (fs/open.c:323) 
[ 153.485354][ T3796] madvise_vma_behavior (mm/madvise.c:979 mm/madvise.c:1000) 
[ 153.487881][ T3796] do_madvise (mm/page_io.c:401 (discriminator 3)) 
[ 153.490238][ T3796] __ia32_sys_madvise (mm/madvise.c:1421) 
[ 153.492660][ T3796] __do_fast_syscall_32 (arch/x86/entry/common.c:112 arch/x86/entry/common.c:178) 
[ 153.495107][ T3796] do_fast_syscall_32 (arch/x86/entry/common.c:203) 
[ 153.499080][ T3796] entry_SYSENTER_compat_after_hwframe (arch/x86/entry/entry_64_compat.S:117) 
[  153.501696][ T3796]
[  153.501696][ T3796] other info that might help us debug this:
[  153.501696][ T3796]
[  153.508293][ T3796]  Possible unsafe locking scenario:
[  153.508293][ T3796]
[  153.512679][ T3796]        CPU0                    CPU1
[  153.515107][ T3796]        ----                    ----
[  153.517452][ T3796]   lock(&mapping->i_mmap_rwsem);
[  153.519875][ T3796]                                lock(fs_reclaim);
[  153.522376][ T3796]                                lock(&mapping->i_mmap_rwsem);
[  153.524846][ T3796]   lock(fs_reclaim);
[  153.527244][ T3796]
[  153.527244][ T3796]  *** DEADLOCK ***
[  153.527244][ T3796]
[  153.539913][ T3796] 3 locks held by trinity-c0/3796:
[ 153.542060][ T3796] #0: ffff888100198448 (sb_writers#6){.+.+}-{0:0}, at: madvise_vma_behavior (mm/madvise.c:979 mm/madvise.c:1000) 
[ 153.544779][ T3796] #1: ffff88817b7ad998 (&sb->s_type->i_mutex_key#9){+.+.}-{3:3}, at: shmem_fallocate (mm/shmem.c:2679) 
[ 153.550190][ T3796] #2: ffff88817b7adbe8 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: unmap_mapping_range (mm/memory.c:3616 mm/memory.c:3654) 
[  153.553014][ T3796]
[  153.553014][ T3796] stack backtrace:
[  153.556815][ T3796] CPU: 0 PID: 3796 Comm: trinity-c0 Tainted: G                 N 5.19.0-rc4-00459-gc20f7bacef67 #1
[  153.559828][ T3796] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
[  153.562943][ T3796] Call Trace:
[  153.565082][ T3796]  <TASK>
[ 153.567138][ T3796] dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4)) 
[ 153.571950][ T3796] check_noncircular (kernel/locking/lockdep.c:2175) 
[ 153.574391][ T3796] ? print_circular_bug (kernel/locking/lockdep.c:2154) 
[ 153.576822][ T3796] ? perf_output_begin (kernel/events/ring_buffer.c:261 kernel/events/ring_buffer.c:283) 
[ 153.579355][ T3796] ? perf_event_update_userpage (include/linux/rcupdate.h:274 include/linux/rcupdate.h:728 kernel/events/core.c:5860) 
[ 153.582038][ T3796] check_prev_add (kernel/locking/lockdep.c:3096) 
[ 153.584430][ T3796] ? unwind_next_frame (arch/x86/kernel/unwind_orc.c:355 arch/x86/kernel/unwind_orc.c:600) 
[ 153.586886][ T3796] validate_chain (kernel/locking/lockdep.c:3215 kernel/locking/lockdep.c:3829) 
[ 153.589168][ T3796] ? check_prev_add (kernel/locking/lockdep.c:3785) 
[ 153.591576][ T3796] ? unwind_get_return_address (arch/x86/kernel/unwind_orc.c:318 arch/x86/kernel/unwind_orc.c:313) 
[ 153.594073][ T3796] ? create_prof_cpu_mask (kernel/stacktrace.c:83) 
[ 153.596534][ T3796] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:26) 
[ 153.599822][ T3796] __lock_acquire (kernel/locking/lockdep.c:5053) 
[ 153.602354][ T3796] lock_acquire (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5667 kernel/locking/lockdep.c:5630) 
[ 153.604750][ T3796] ? __kmalloc (include/linux/sched/mm.h:272 mm/slab.h:723 mm/slub.c:3157 mm/slub.c:3251 mm/slub.c:4442) 
[ 153.607125][ T3796] ? rcu_read_unlock (include/linux/rcupdate.h:724 (discriminator 5)) 
[ 153.613644][ T3796] ? check_prev_add (kernel/locking/lockdep.c:3175) 
[ 153.616210][ T3796] fs_reclaim_acquire (mm/page_alloc.c:4674 mm/page_alloc.c:4687) 
[ 153.618603][ T3796] ? __kmalloc (include/linux/sched/mm.h:272 mm/slab.h:723 mm/slub.c:3157 mm/slub.c:3251 mm/slub.c:4442) 
[ 153.620990][ T3796] ? zap_pte_range (include/linux/slab.h:640 include/linux/slab.h:671 mm/memory.c:1443) 
[ 153.623423][ T3796] __kmalloc (include/linux/sched/mm.h:272 mm/slab.h:723 mm/slub.c:3157 mm/slub.c:3251 mm/slub.c:4442) 
[ 153.625784][ T3796] zap_pte_range (include/linux/slab.h:640 include/linux/slab.h:671 mm/memory.c:1443) 
[ 153.628074][ T3796] ? trace_hardirqs_on (kernel/trace/trace_preemptirq.c:50 (discriminator 22)) 
[ 153.630495][ T3796] ? copy_pte_range (mm/memory.c:1434) 
[ 153.632873][ T3796] zap_pmd_range+0x218/0x600 
[ 153.635329][ T3796] ? __lock_release (kernel/locking/lockdep.c:5341) 
[ 153.637622][ T3796] unmap_page_range (mm/memory.c:1642 mm/memory.c:1663 mm/memory.c:1684) 
[ 153.639995][ T3796] zap_page_range_single (include/linux/mmu_notifier.h:481 mm/memory.c:1828) 
[ 153.642445][ T3796] ? unmap_single_vma (mm/memory.c:1817) 
[ 153.644839][ T3796] ? lock_is_held_type (kernel/locking/lockdep.c:5406 kernel/locking/lockdep.c:5708) 
[ 153.647197][ T3796] ? down_read (arch/x86/include/asm/atomic64_64.h:34 include/linux/atomic/atomic-long.h:41 include/linux/atomic/atomic-instrumented.h:1280 kernel/locking/rwsem.c:171 kernel/locking/rwsem.c:176 kernel/locking/rwsem.c:244 kernel/locking/rwsem.c:1241 kernel/locking/rwsem.c:1251 kernel/locking/rwsem.c:1491) 
[ 153.649549][ T3796] ? rwsem_down_read_slowpath (kernel/locking/rwsem.c:1487) 
[ 153.652052][ T3796] ? shmem_fallocate (mm/shmem.c:2679) 
[ 153.654434][ T3796] ? __lock_release (kernel/locking/lockdep.c:5341) 
[ 153.656767][ T3796] unmap_mapping_range (mm/memory.c:3545 mm/memory.c:3617 mm/memory.c:3654) 
[ 153.659179][ T3796] ? do_raw_spin_lock (arch/x86/include/asm/atomic.h:202 include/linux/atomic/atomic-instrumented.h:543 include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:115) 
[ 153.661589][ T3796] ? __do_fault (mm/memory.c:3642) 
[ 153.663943][ T3796] ? shmem_fallocate (mm/shmem.c:2679) 
[ 153.666368][ T3796] shmem_fallocate (mm/shmem.c:2696) 
[ 153.668748][ T3796] ? check_prev_add (kernel/locking/lockdep.c:3785) 
[ 153.671195][ T3796] ? shmem_get_link (mm/shmem.c:2663) 
[ 153.673509][ T3796] ? __lock_acquire (kernel/locking/lockdep.c:5053) 
[ 153.675897][ T3796] ? lock_is_held_type (kernel/locking/lockdep.c:5406 kernel/locking/lockdep.c:5708) 
[ 153.678193][ T3796] vfs_fallocate (fs/open.c:323) 
[ 153.680381][ T3796] madvise_vma_behavior (mm/madvise.c:979 mm/madvise.c:1000) 
[ 153.682707][ T3796] ? force_shm_swapin_readahead (mm/madvise.c:993) 
[ 153.685060][ T3796] ? vm_unmapped_area (mm/mmap.c:1873) 
[ 153.687235][ T3796] ? find_held_lock (kernel/locking/lockdep.c:5156) 
[ 153.689312][ T3796] ? __task_pid_nr_ns (include/linux/rcupdate.h:274 include/linux/rcupdate.h:728 kernel/pid.c:501) 
[ 153.691439][ T3796] do_madvise (mm/page_io.c:401 (discriminator 3)) 
[ 153.693571][ T3796] ? madvise_vma_behavior (mm/madvise.c:1368) 
[ 153.695803][ T3796] ? lock_is_held_type (kernel/locking/lockdep.c:5406 kernel/locking/lockdep.c:5708) 
[ 153.697942][ T3796] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4526) 
[ 153.700274][ T3796] __ia32_sys_madvise (mm/madvise.c:1421) 
[ 153.702357][ T3796] ? trace_hardirqs_on (kernel/trace/trace_preemptirq.c:50 (discriminator 22)) 
[ 153.704454][ T3796] __do_fast_syscall_32 (arch/x86/entry/common.c:112 arch/x86/entry/common.c:178) 
[ 153.706651][ T3796] ? __do_fast_syscall_32 (arch/x86/entry/common.c:183) 
[ 153.708853][ T3796] ? __do_fast_syscall_32 (arch/x86/entry/common.c:183) 
[ 153.715186][ T3796] ? __do_fast_syscall_32 (arch/x86/entry/common.c:183) 
[ 153.717275][ T3796] ? __do_fast_syscall_32 (arch/x86/entry/common.c:183) 
[ 153.719353][ T3796] ? __do_fast_syscall_32 (arch/x86/entry/common.c:183) 
[ 153.721475][ T3796] ? __do_fast_syscall_32 (arch/x86/entry/common.c:183) 
[ 153.723630][ T3796] do_fast_syscall_32 (arch/x86/entry/common.c:203) 
[ 153.725671][ T3796] entry_SYSENTER_compat_after_hwframe (arch/x86/entry/entry_64_compat.S:117) 
[  153.727911][ T3796] RIP: 0023:0xf7f40549
[ 153.729935][ T3796] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
All code
========
   0:	03 74 c0 01          	add    0x1(%rax,%rax,8),%esi
   4:	10 05 03 74 b8 01    	adc    %al,0x1b87403(%rip)        # 0x1b8740d
   a:	10 06                	adc    %al,(%rsi)
   c:	03 74 b4 01          	add    0x1(%rsp,%rsi,4),%esi
  10:	10 07                	adc    %al,(%rdi)
  12:	03 74 b0 01          	add    0x1(%rax,%rsi,4),%esi
  16:	10 08                	adc    %cl,(%rax)
  18:	03 74 d8 01          	add    0x1(%rax,%rbx,8),%esi
  1c:	00 00                	add    %al,(%rax)
  1e:	00 00                	add    %al,(%rax)
  20:	00 51 52             	add    %dl,0x52(%rcx)
  23:	55                   	push   %rbp
  24:	89 e5                	mov    %esp,%ebp
  26:	0f 34                	sysenter 


To reproduce:

        # build kernel
	cd linux
	cp config-5.19.0-rc4-00459-gc20f7bacef67 .config
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
	cd <mod-install-dir>
	find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz


        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.



-- 
0-DAY CI Kernel Test Service
https://01.org/lkp