lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20220106135223.GB3163@xsang-OptiPlex-9020>
Date:   Thu, 6 Jan 2022 21:52:23 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     Qinghua Jin <qhjin.dev@...il.com>
Cc:     0day robot <lkp@...el.com>,
        Colin Ian King <colin.king@...onical.com>,
        LKML <linux-kernel@...r.kernel.org>, lkp@...ts.01.org,
        qhjin.dev@...il.com, Alexander Viro <viro@...iv.linux.org.uk>,
        linux-fsdevel@...r.kernel.org
Subject: [vfs]  bf75e8b684: WARNING:possible_recursive_locking_detected



Greeting,

FYI, we noticed the following commit (built with gcc-9):

commit: bf75e8b6842a7dba690263318503c228c1fb93b2 ("[PATCH v2] vfs: fix bug when opening a file with O_DIRECT on a file system that does not support it will leave an empty file")
url: https://github.com/0day-ci/linux/commits/Qinghua-Jin/vfs-fix-bug-when-opening-a-file-with-O_DIRECT-on-a-file-system-that-does-not-support-it-will-leave-an-empty-file/20220104-174321
base: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git c9e6606c7fe92b50a02ce51dda82586ebdf99b48
patch link: https://lore.kernel.org/linux-fsdevel/20220104094217.99187-1-qhjin.dev@gmail.com

in testcase: trinity
version: trinity-static-i386-x86_64-1c734c75-1_2020-01-06
with following parameters:

	runtime: 300s
	group: group-02

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):



If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>


[  305.785680][ T3724] WARNING: possible recursive locking detected
[  305.792683][ T3724] 5.16.0-rc8-00001-gbf75e8b6842a #1 Not tainted
[  305.799629][ T3724] --------------------------------------------
[  305.805972][ T3724] trinity-main/3724 is trying to acquire lock:
[ 305.829352][ T3724] ffff8881bc402448 (sb_writers#5){.+.+}-{0:0}, at: do_unlinkat (fs/namei.c:4152) 
[  305.836035][ T3724]
[  305.836035][ T3724] but task is already holding lock:
[ 305.847224][ T3724] ffff8881bc402448 (sb_writers#5){.+.+}-{0:0}, at: do_open (fs/nfs/dir.c:998) 
[  305.853885][ T3724]
[  305.853885][ T3724] other info that might help us debug this:
[  305.865444][ T3724]  Possible unsafe locking scenario:
[  305.865444][ T3724]
[  305.876999][ T3724]        CPU0
[  305.882412][ T3724]        ----
[  305.888119][ T3724]   lock(sb_writers#5);
[  305.893721][ T3724]   lock(sb_writers#5);
[  305.899301][ T3724]
[  305.899301][ T3724]  *** DEADLOCK ***
[  305.899301][ T3724]
[  305.914974][ T3724]  May be due to missing lock nesting notation
[  305.914974][ T3724]
[  305.926124][ T3724] 1 lock held by trinity-main/3724:
[ 305.931835][ T3724] #0: ffff8881bc402448 (sb_writers#5){.+.+}-{0:0}, at: do_open (fs/nfs/dir.c:998) 
[  305.938387][ T3724]
[  305.938387][ T3724] stack backtrace:
[  305.948298][ T3724] CPU: 0 PID: 3724 Comm: trinity-main Not tainted 5.16.0-rc8-00001-gbf75e8b6842a #1
[  305.954179][ T3724] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  305.960312][ T3724] Call Trace:
[  305.965171][ T3724]  <TASK>
[ 305.979438][ T3724] dump_stack_lvl (lib/dump_stack.c:107) 
[ 305.984394][ T3724] __lock_acquire.cold (kernel/locking/lockdep.c:2956 kernel/locking/lockdep.c:2999 kernel/locking/lockdep.c:3788 kernel/locking/lockdep.c:5027) 
[ 305.989632][ T3724] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4885) 
[ 305.994509][ T3724] ? lock_is_held_type (kernel/locking/lockdep.c:438 kernel/locking/lockdep.c:5681) 
[ 305.999423][ T3724] ? rcu_read_lock_sched_held (include/linux/lockdep.h:283 kernel/rcu/update.c:125) 
[ 306.004326][ T3724] lock_acquire (kernel/locking/lockdep.c:438 kernel/locking/lockdep.c:5639 kernel/locking/lockdep.c:5602) 
[ 306.008945][ T3724] ? do_unlinkat (fs/namei.c:4152) 
[ 306.034198][ T3724] ? rcu_read_unlock (include/linux/rcupdate.h:717 (discriminator 5)) 
[ 306.040394][ T3724] ? lock_is_held_type (kernel/locking/lockdep.c:438 kernel/locking/lockdep.c:5681) 
[ 306.045137][ T3724] ? lock_is_held_type (kernel/locking/lockdep.c:438 kernel/locking/lockdep.c:5681) 
[ 306.049566][ T3724] mnt_want_write (include/linux/percpu-rwsem.h:53 include/linux/fs.h:1810 include/linux/fs.h:1880 fs/namespace.c:376) 
[ 306.053945][ T3724] ? do_unlinkat (fs/namei.c:4152) 
[ 306.058228][ T3724] do_unlinkat (fs/namei.c:4152) 
[ 306.061922][ T3724] ? __x64_sys_rmdir (fs/namei.c:4134) 
[ 306.065653][ T3724] ? rcu_read_lock_bh_held (kernel/rcu/update.c:120) 
[ 306.069157][ T3724] ? __kasan_slab_alloc (mm/kasan/common.c:46 mm/kasan/common.c:434 mm/kasan/common.c:467) 
[ 306.072498][ T3724] ? kmem_cache_alloc (include/trace/events/kmem.h:54 mm/slub.c:3249) 
[ 306.075899][ T3724] ? process_measurement (security/integrity/ima/ima_main.c:512) 
[ 306.079195][ T3724] ? memcpy (mm/kasan/shadow.c:65 (discriminator 1)) 
[ 306.082202][ T3724] do_open (fs/nfs/dir.c:1006) 
[ 306.085397][ T3724] path_openat (fs/namei.c:3566) 
[ 306.088636][ T3724] ? do_open (fs/nfs/dir.c:2048) 
[ 306.091782][ T3724] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4885) 
[ 306.094996][ T3724] ? lock_is_held_type (kernel/locking/lockdep.c:438 kernel/locking/lockdep.c:5681) 
[ 306.098025][ T3724] ? lock_is_held_type (kernel/locking/lockdep.c:438 kernel/locking/lockdep.c:5681) 
[ 306.101057][ T3724] do_filp_open (fs/namei.c:3592) 
[ 306.104074][ T3724] ? expand_files (fs/file.c:206 (discriminator 2)) 
[ 306.106969][ T3724] ? path_openat (fs/namei.c:3586) 
[ 306.109934][ T3724] ? do_raw_spin_lock (arch/x86/include/asm/atomic.h:202 include/linux/atomic/atomic-instrumented.h:513 include/asm-generic/qspinlock.h:82 kernel/locking/spinlock_debug.c:115) 
[ 306.112940][ T3724] ? rwlock_bug+0xc0/0xc0 
[ 306.115909][ T3724] ? _raw_spin_unlock (arch/x86/include/asm/preempt.h:103 include/linux/spinlock_api_smp.h:143 kernel/locking/spinlock.c:186) 
[ 306.118948][ T3724] ? alloc_fd (fs/file.c:526 (discriminator 10)) 
[ 306.122085][ T3724] do_sys_openat2 (fs/open.c:1206) 
[ 306.125414][ T3724] ? file_open_root (fs/open.c:1192) 
[ 306.128632][ T3724] ? lock_is_held_type (kernel/locking/lockdep.c:438 kernel/locking/lockdep.c:5681) 
[ 306.131859][ T3724] do_sys_open (fs/open.c:1220) 
[ 306.134832][ T3724] ? filp_open (fs/open.c:1220) 
[ 306.137880][ T3724] ? __ia32_compat_sys_ia32_stat64 (arch/x86/kernel/sys_ia32.c:177) 
[ 306.141081][ T3724] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:438 kernel/locking/lockdep.c:4293 kernel/locking/lockdep.c:4244) 
[ 306.144229][ T3724] ? syscall_enter_from_user_mode_prepare (arch/x86/include/asm/irqflags.h:45 arch/x86/include/asm/irqflags.h:80 kernel/entry/common.c:118) 
[ 306.147464][ T3724] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4356) 
[ 306.150356][ T3724] __do_fast_syscall_32 (arch/x86/entry/common.c:112 arch/x86/entry/common.c:178) 
[ 306.153198][ T3724] ? rcu_read_lock_sched_held (include/linux/lockdep.h:283 kernel/rcu/update.c:125) 
[ 306.156313][ T3724] ? rcu_read_lock_bh_held (kernel/rcu/update.c:120) 
[ 306.159209][ T3724] ? __do_fast_syscall_32 (arch/x86/entry/common.c:183) 
[ 306.162071][ T3724] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4356) 
[ 306.164820][ T3724] ? __do_fast_syscall_32 (arch/x86/entry/common.c:183) 
[ 306.167728][ T3724] ? __do_fast_syscall_32 (arch/x86/entry/common.c:183) 
[ 306.170564][ T3724] ? __do_fast_syscall_32 (arch/x86/entry/common.c:183) 
[ 306.173390][ T3724] ? __do_fast_syscall_32 (arch/x86/entry/common.c:183) 
[ 306.176149][ T3724] do_fast_syscall_32 (arch/x86/entry/common.c:203) 
[ 306.178775][ T3724] entry_SYSENTER_compat_after_hwframe (arch/x86/entry/entry_64_compat.S:141) 
[  306.181608][ T3724] RIP: 0023:0xf7f9b549
[ 306.184195][ T3724] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
All code
========
   0:	03 74 c0 01          	add    0x1(%rax,%rax,8),%esi
   4:	10 05 03 74 b8 01    	adc    %al,0x1b87403(%rip)        # 0x1b8740d
   a:	10 06                	adc    %al,(%rsi)
   c:	03 74 b4 01          	add    0x1(%rsp,%rsi,4),%esi
  10:	10 07                	adc    %al,(%rdi)
  12:	03 74 b0 01          	add    0x1(%rax,%rsi,4),%esi
  16:	10 08                	adc    %cl,(%rax)
  18:	03 74 d8 01          	add    0x1(%rax,%rbx,8),%esi
  1c:	00 00                	add    %al,(%rax)
  1e:	00 00                	add    %al,(%rax)
  20:	00 51 52             	add    %dl,0x52(%rcx)
  23:	55                   	push   %rbp
  24:	89 e5                	mov    %esp,%ebp
  26:	0f 34                	sysenter 
  28:	cd 80                	int    $0x80
  2a:*	5d                   	pop    %rbp		<-- trapping instruction
  2b:	5a                   	pop    %rdx
  2c:	59                   	pop    %rcx
  2d:	c3                   	retq   
  2e:	90                   	nop
  2f:	90                   	nop
  30:	90                   	nop
  31:	90                   	nop
  32:	8d b4 26 00 00 00 00 	lea    0x0(%rsi,%riz,1),%esi
  39:	8d b4 26 00 00 00 00 	lea    0x0(%rsi,%riz,1),%esi

Code starting with the faulting instruction
===========================================
   0:	5d                   	pop    %rbp
   1:	5a                   	pop    %rdx
   2:	59                   	pop    %rcx
   3:	c3                   	retq   
   4:	90                   	nop
   5:	90                   	nop
   6:	90                   	nop
   7:	90                   	nop
   8:	8d b4 26 00 00 00 00 	lea    0x0(%rsi,%riz,1),%esi
   f:	8d b4 26 00 00 00 00 	lea    0x0(%rsi,%riz,1),%esi


To reproduce:

        # build kernel
	cd linux
	cp config-5.16.0-rc8-00001-gbf75e8b6842a .config
	make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
	make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
	cd <mod-install-dir>
	find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz


        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.



---
0DAY/LKP+ Test Infrastructure                   Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org       Intel Corporation

Thanks,
Oliver Sang


View attachment "config-5.16.0-rc8-00001-gbf75e8b6842a" of type "text/plain" (177596 bytes)

View attachment "job-script" of type "text/plain" (4662 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (16068 bytes)

View attachment "trinity" of type "text/plain" (7214 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ