| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220131131122.GB16385@xsang-OptiPlex-9020>
Date: Mon, 31 Jan 2022 21:11:22 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Jens Axboe <axboe@...nel.dk>
Cc: lkp@...ts.01.org, lkp@...el.com,
LKML <linux-kernel@...r.kernel.org>
Subject: [io_uring] 811b398582: WARNING:possible_recursive_locking_detected
Greeting,
FYI, we noticed the following commit (built with clang-14):
commit: 811b3985828e422a3759cf07a848fa75c17c1db4 ("io_uring: support for user allocated memory for rings/sqes")
https://github.com/ammarfaizi2/linux-block axboe/linux-block/perf-wip
in testcase: trinity
version: trinity-static-x86_64-x86_64-1c734c75-1_2020-01-06
with following parameters:
runtime: 300s
group: group-02
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 411.985606][ T3987] WARNING: possible recursive locking detected
[ 411.986603][ T3987] 5.17.0-rc1-00119-g811b3985828e #1 Not tainted
[ 411.987466][ T3987] --------------------------------------------
[ 411.988512][ T3987] trinity-c2/3987 is trying to acquire lock:
[ 411.989352][ T3987] ffff888103bc1160 (&mm->mmap_lock#2){++++}-{3:3}, at: internal_get_user_pages_fast (gup.c:?)
[ 411.991790][ T3987]
[ 411.991790][ T3987] but task is already holding lock:
[ 411.992859][ T3987] ffff888103bc1160 (&mm->mmap_lock#2){++++}-{3:3}, at: __io_uaddr_map (io_uring.c:?)
[ 411.994141][ T3987]
[ 411.994141][ T3987] other info that might help us debug this:
[ 411.995262][ T3987] Possible unsafe locking scenario:
[ 411.995262][ T3987]
[ 411.996391][ T3987] CPU0
[ 411.996947][ T3987] ----
[ 411.997487][ T3987] lock(&mm->mmap_lock#2);
[ 411.998169][ T3987] lock(&mm->mmap_lock#2);
[ 411.998857][ T3987]
[ 411.998857][ T3987] *** DEADLOCK ***
[ 411.998857][ T3987]
[ 412.000128][ T3987] May be due to missing lock nesting notation
[ 412.000128][ T3987]
[ 412.001283][ T3987] 1 lock held by trinity-c2/3987:
[ 412.002016][ T3987] #0: ffff888103bc1160 (&mm->mmap_lock#2){++++}-{3:3}, at: __io_uaddr_map (io_uring.c:?)
[ 412.003336][ T3987]
[ 412.003336][ T3987] stack backtrace:
[ 412.004261][ T3987] CPU: 0 PID: 3987 Comm: trinity-c2 Not tainted 5.17.0-rc1-00119-g811b3985828e #1
[ 412.005522][ T3987] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 412.006766][ T3987] Call Trace:
[ 412.007338][ T3987] <TASK>
[ 412.007880][ T3987] validate_chain (lockdep.c:?)
[ 412.008646][ T3987] ? validate_chain (lockdep.c:?)
[ 412.009361][ T3987] ? __io_uaddr_map (io_uring.c:?)
[ 412.012103][ T3987] ? __se_sys_io_uring_setup (io_uring.c:?)
[ 412.012912][ T3987] ? do_syscall_64 (??:?)
[ 412.013651][ T3987] ? entry_SYSCALL_64_after_hwframe (??:?)
[ 412.014519][ T3987] ? mark_lock (lockdep.c:?)
[ 412.015181][ T3987] __lock_acquire (lockdep.c:?)
[ 412.015875][ T3987] lock_acquire (??:?)
[ 412.016538][ T3987] ? internal_get_user_pages_fast (gup.c:?)
[ 412.017441][ T3987] internal_get_user_pages_fast (gup.c:?)
[ 412.018272][ T3987] ? internal_get_user_pages_fast (gup.c:?)
[ 412.019119][ T3987] ? pin_user_pages_fast (??:?)
[ 412.019856][ T3987] __io_uaddr_map (io_uring.c:?)
[ 412.020561][ T3987] io_allocate_scq_urings (io_uring.c:?)
[ 412.021346][ T3987] io_uring_create (io_uring.c:?)
[ 412.022084][ T3987] __se_sys_io_uring_setup (io_uring.c:?)
[ 412.022885][ T3987] do_syscall_64 (??:?)
[ 412.023559][ T3987] entry_SYSCALL_64_after_hwframe (??:?)
[ 412.024393][ T3987] RIP: 0033:0x463519
[ 412.025011][ T3987] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 59 00 00 c3 66 2e 0f 1f 84 00 00 00 00
All code
========
0: 00 f3 add %dh,%bl
2: c3 retq
3: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
a: 00 00 00
d: 0f 1f 40 00 nopl 0x0(%rax)
11: 48 89 f8 mov %rdi,%rax
14: 48 89 f7 mov %rsi,%rdi
17: 48 89 d6 mov %rdx,%rsi
1a: 48 89 ca mov %rcx,%rdx
1d: 4d 89 c2 mov %r8,%r10
20: 4d 89 c8 mov %r9,%r8
23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9
28: 0f 05 syscall
2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
30: 0f 83 db 59 00 00 jae 0x5a11
36: c3 retq
37: 66 data16
38: 2e cs
39: 0f .byte 0xf
3a: 1f (bad)
3b: 84 00 test %al,(%rax)
3d: 00 00 add %al,(%rax)
...
Code starting with the faulting instruction
===========================================
0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
6: 0f 83 db 59 00 00 jae 0x59e7
c: c3 retq
d: 66 data16
e: 2e cs
f: 0f .byte 0xf
10: 1f (bad)
11: 84 00 test %al,(%rax)
13: 00 00 add %al,(%rax)
...
[ 412.027422][ T3987] RSP: 002b:00007fff36077c88 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[ 412.028649][ T3987] RAX: ffffffffffffffda RBX: 00000000000001a9 RCX: 0000000000463519
[ 412.029783][ T3987] RDX: 000000a437863b79 RSI: 0000000000000004 RDI: 00000000a4a4a4a4
[ 412.030907][ T3987] RBP: 00007faea05c0000 R08: fffffffffffffff6 R09: 004af9db521a5050
[ 412.032066][ T3987] R10: 00000000fafafafa R11: 0000000000000246 R12: 0000000000000002
[ 412.033184][ T3987] R13: 00007faea05c0058 R14: 000000000109a850 R15: 00007faea05c0000
[ 412.034309][ T3987] </TASK>
[ 624.729797][ T417] sysrq: Emergency Sync
[ 624.730827][ T10] Emergency Sync complete
[ 624.731705][ T417] sysrq: Resetting
Kboot worker: lkp-worker53
Elapsed time: 660
kvm=(
qemu-system-x86_64
-enable-kvm
-cpu SandyBridge
-kernel $kernel
-initrd initrd-vm-snb-45.cgz
-m 16384
-smp 2
-device e1000,netdev=net0
-netdev user,id=net0,hostfwd=tcp::32032-:22
-boot order=nc
-no-reboot
-watchdog i6300esb
-watchdog-action debug
-rtc base=localtime
-serial stdio
-display none
-monitor null
)
append=(
ip=::::vm-snb-45::dhcp
root=/dev/ram0
RESULT_ROOT=/result/trinity/group-02-300s/vm-snb/yocto-x86_64-minimal-20190520.cgz/x86_64-randconfig-a015-20220124/clang-14/811b3985828e422a3759cf07a848fa75c17c1db4/9
BOOT_IMAGE=/pkg/linux/x86_64-randconfig-a015-20220124/clang-14/811b3985828e422a3759cf07a848fa75c17c1db4/vmlinuz-5.17.0-rc1-00119-g811b3985828e
branch=ammarfaizi2-block/axboe/linux-block/perf-wip
job=/job-script
user=lkp
ARCH=x86_64
kconfig=x86_64-randconfig-a015-20220124
commit=811b3985828e422a3759cf07a848fa75c17c1db4
vmalloc=128M
initramfs_async=0
page_owner=on
max_uptime=2100
result_service=tmpfs
selinux=0
debug
apic=debug
sysrq_always_enabled
rcupdate.rcu_cpu_stall_timeout=100
net.ifnames=0
printk.devkmsg=on
panic=-1
softlockup_panic=1
nmi_watchdog=panic
oops=panic
load_ramdisk=2
prompt_ramdisk=0
To reproduce:
# build kernel
cd linux
cp config-5.17.0-rc1-00119-g811b3985828e .config
make HOSTCC=clang-14 CC=clang-14 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=clang-14 CC=clang-14 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
---
0DAY/LKP+ Test Infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation
Thanks,
Oliver Sang
View attachment "config-5.17.0-rc1-00119-g811b3985828e" of type "text/plain" (136191 bytes)
View attachment "job-script" of type "text/plain" (4525 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (15668 bytes)
View attachment "trinity" of type "text/plain" (9745 bytes)
Powered by blists - more mailing lists