lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20200917012433.GE28738@shao2-debian>
Date:   Thu, 17 Sep 2020 09:24:33 +0800
From:   kernel test robot <rong.a.chen@...el.com>
To:     Jens Axboe <axboe@...nel.dk>
Cc:     LKML <linux-kernel@...r.kernel.org>, lkp@...ts.01.org,
        lkp@...el.com
Subject: [io_uring] 3d2f5519f3: WARNING:possible_recursive_locking_detected

Greeting,

FYI, we noticed the following commit (built with gcc-9):

commit: 3d2f5519f3bd904bd8ac25278daef33e9919b142 ("io_uring: stash ctx task reference instead of task files")
https://git.kernel.org/cgit/linux/kernel/git/axboe/linux-block.git io_uring-files_struct


in testcase: trinity
version: trinity-static-x86_64-x86_64-1c734c75-1_2020-01-06
with following parameters:

	runtime: 300s

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 8G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+------------------------------------------------+------------+------------+
|                                                | d057c3cdaf | 3d2f5519f3 |
+------------------------------------------------+------------+------------+
| boot_successes                                 | 31         | 31         |
| boot_failures                                  | 3          | 7          |
| IP-Config:Auto-configuration_of_network_failed | 3          | 1          |
| WARNING:possible_recursive_locking_detected    | 0          | 6          |
+------------------------------------------------+------------+------------+


If you fix the issue, kindly add following tag
Reported-by: kernel test robot <rong.a.chen@...el.com>


[  218.207959] WARNING: possible recursive locking detected
[  218.209316] 5.9.0-rc3-00047-g3d2f5519f3bd9 #1 Not tainted
[  218.210667] --------------------------------------------
[  218.212045] io_uring-sq/3223 is trying to acquire lock:
[  218.213434] ffff888226190af8 (&p->alloc_lock){+.+.}-{2:2}, at: io_sq_thread+0x13e/0x770
[  218.215601] 
[  218.215601] but task is already holding lock:
[  218.217204] ffff88821af18af8 (&p->alloc_lock){+.+.}-{2:2}, at: io_sq_thread+0x12e/0x770
[  218.219268] 
[  218.219268] other info that might help us debug this:
[  218.221090]  Possible unsafe locking scenario:
[  218.221090] 
[  218.222807]        CPU0
[  218.223617]        ----
[  218.224391]   lock(&p->alloc_lock);
[  218.225385]   lock(&p->alloc_lock);
[  218.226362] 
[  218.226362]  *** DEADLOCK ***
[  218.226362] 
[  218.232252]  May be due to missing lock nesting notation
[  218.232252] 
[  218.234082] 1 lock held by io_uring-sq/3223:
[  218.235219]  #0: ffff88821af18af8 (&p->alloc_lock){+.+.}-{2:2}, at: io_sq_thread+0x12e/0x770
[  218.237438] 
[  218.237438] stack backtrace:
[  218.238824] CPU: 0 PID: 3223 Comm: io_uring-sq Not tainted 5.9.0-rc3-00047-g3d2f5519f3bd9 #1
[  218.241069] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  218.243290] Call Trace:
[  218.244061]  ? dump_stack+0xe5/0x12f
[  218.245068]  ? validate_chain.cold+0x237/0x2d7
[  218.246240]  ? __lock_acquire+0x6d2/0x11b0
[  218.247354]  ? lock_acquire+0xed/0x3a0
[  218.248412]  ? io_sq_thread+0x13e/0x770
[  218.249512]  ? _raw_spin_unlock_irqrestore+0x7c/0x90
[  218.250787]  ? trace_hardirqs_on+0x4e/0x1fd
[  218.251933]  ? _raw_spin_lock+0x47/0x70
[  218.253011]  ? io_sq_thread+0x13e/0x770
[  218.254093]  ? io_sq_thread+0x13e/0x770
[  218.255174]  ? __io_sq_thread+0x520/0x520
[  218.256272]  ? kthread+0x232/0x260
[  218.257244]  ? kthread_create_worker+0x60/0x60
[  218.258429]  ? ret_from_fork+0x1f/0x30
[  220.580826] futex_wake_op: trinity-c1 tries to shift op by -1; fix this program
[  223.004391] VFS: "mand" mount option not supported
[  223.695456] VFS: "mand" mount option not supported
[  226.555582] rcu-torture: rcu_torture_read_exit: Start of episode
[  226.631796] rcu-torture: rcu_torture_read_exit: End of episode
[  228.893809] futex_wake_op: trinity-c6 tries to shift op by -193; fix this program
[  236.887521] futex_wake_op: trinity-c3 tries to shift op by -1; fix this program
[  239.995121] rcu-torture: rcu_torture_read_exit: Start of episode
[  240.960177] rcu-torture: rcu_torture_read_exit: End of episode
[  241.463225] rcu_torture_fwd_prog_nr: Duration 67061 cver 6366 gps 18107
[  241.744514] rcu_torture_fwd_prog_cr Duration 65 barrier: 81 pending 677 n_launders: 1774 n_launders_sa: 25 n_max_gps: 100 n_max_cbs: 1243 cver 9 gps 11
[  241.755182] rcu_torture_fwd_cb_hist: Callback-invocation histogram (duration 157 jiffies): 1s/10: 3017:13
[  253.741209] Unable to find swap-space signature
[  254.269734] rcu-torture: rcu_torture_read_exit: Start of episode
[  254.413760] rcu-torture: rcu_torture_read_exit: End of episode
[  260.411130] rcu-torture: rtc: 00000000dd13ba79 ver: 16579 tfle: 0 rta: 16580 rtaf: 0 rtf: 16569 rtmbe: 0 rtbe: 0 rtbke: 0 rtbre: 0 rtbf: 0 rtb: 0 nt: 47077 onoff: 0/0:0/0 -1,0:-1,0 0:0 (HZ=1000) barrier: 0/0:0 read-exits: 305
[  260.415899] rcu-torture: Reader Pipe:  10905679 936 0 0 0 0 0 0 0 0 0
[  260.417637] rcu-torture: Reader Batch:  10900739 5876 0 0 0 0 0 0 0 0 0
[  260.419215] rcu-torture: Free-Block Circulation:  16579 16578 16577 16576 16575 16574 16573 16571 16570 16569 0
[  266.511596] futex_wake_op: trinity-c1 tries to shift op by -1; fix this program
[  267.771705] rcu-torture: rcu_torture_read_exit: Start of episode
[  267.822100] rcu-torture: rcu_torture_read_exit: End of episode
[  276.837715] sysfs_service_op_show: Client not running :-5:
[  278.117771] futex_wake_op: trinity-c7 tries to shift op by -1543; fix this program
[  279.457501] scsi_nl_rcv_msg: discarding partial skb
[  281.339152] rcu-torture: rcu_torture_read_exit: Start of episode
[  281.385098] rcu-torture: rcu_torture_read_exit: End of episode
[  282.706654] futex_wake_op: trinity-c4 tries to shift op by -1; fix this program
[  293.928997] seq_file: buggy .next function lec_seq_next did not update position index
[  294.972675] rcu-torture: rcu_torture_read_exit: Start of episode
[  295.017702] rcu-torture: rcu_torture_read_exit: End of episode
[  295.568410] Unable to find swap-space signature
[  296.154982] seq_file: buggy .next function lec_seq_next did not update position index
[  307.889197] Unable to find swap-space signature
[  308.348207] rcu-torture: rcu_torture_read_exit: Start of episode
[  308.522344] rcu-torture: rcu_torture_read_exit: End of episode
[  321.853697] rcu-torture: rcu_torture_read_exit: Start of episode
[  321.854082] rcu-torture: rtc: 00000000894a3063 ver: 22885 tfle: 0 rta: 22885 rtaf: 0 rtf: 22876 rtmbe: 0 rtbe: 0 rtbke: 0 rtbre: 0 rtbf: 0 rtb: 0 nt: 60821 onoff: 0/0:0/0 -1,0:-1,0 0:0 (HZ=1000) barrier: 0/0:0 read-exits: 373
[  321.864756] rcu-torture: Reader Pipe:  15102214 1455 0 0 0 0 0 0 0 0 0
[  321.866434] rcu-torture: Reader Batch:  15094058 9611 0 0 0 0 0 0 0 0 0
[  321.870398] rcu-torture: Free-Block Circulation:  22885 22884 22883 22882 22881 22880 22879 22878 22877 22876 0
[  321.898748] rcu-torture: rcu_torture_read_exit: End of episode
[  323.458767] futex_wake_op: trinity-c3 tries to shift op by -1; fix this program
[  323.943601] VFS: "mand" mount option not supported
[  326.202546] futex_wake_op: trinity-c3 tries to shift op by -1; fix this program
[  328.708285] scsi_nl_rcv_msg: discarding partial skb
[  335.291539] rcu-torture: rcu_torture_read_exit: Start of episode
[  335.434972] rcu-torture: rcu_torture_read_exit: End of episode
[  348.988067] rcu-torture: rcu_torture_read_exit: Start of episode
[  350.868677] futex_wake_op: trinity-c0 tries to shift op by 2047; fix this program
[  351.602065] rcu-torture: rcu_torture_read_exit: End of episode
[  355.945431] futex_wake_op: trinity-c0 tries to shift op by 1188; fix this program
[  359.968857] sysfs_service_op_show: Client not running :-5:
[  364.923443] rcu-torture: rcu_torture_read_exit: Start of episode
[  364.965346] rcu-torture: rcu_torture_read_exit: End of episode
[  370.023554] seq_file: buggy .next function lec_seq_next did not update position index
[  371.285878] can: request_module (can-proto-6) failed.
[  378.299016] rcu-torture: rcu_torture_read_exit: Start of episode
[  378.370962] rcu-torture: rcu_torture_read_exit: End of episode


To reproduce:

        # build kernel
	cd linux
	cp config-5.9.0-rc3-00047-g3d2f5519f3bd9 .config
	make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email



Thanks,
Rong Chen


View attachment "config-5.9.0-rc3-00047-g3d2f5519f3bd9" of type "text/plain" (143455 bytes)

View attachment "job-script" of type "text/plain" (4320 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (21116 bytes)

View attachment "trinity" of type "text/plain" (14585 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ