lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <202301061340.c954d61f-oliver.sang@intel.com>
Date:   Fri, 6 Jan 2023 15:08:33 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     Hongchen Zhang <zhanghongchen@...ngson.cn>
CC:     <oe-lkp@...ts.linux.dev>, <lkp@...el.com>,
        <linux-fsdevel@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        "Alexander Viro" <viro@...iv.linux.org.uk>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Kuniyuki Iwashima <kuniyu@...zon.co.jp>,
        Hongchen Zhang <zhanghongchen@...ngson.cn>,
        Luis Chamberlain <mcgrof@...nel.org>,
        "David Howells" <dhowells@...hat.com>,
        Christophe JAILLET <christophe.jaillet@...adoo.fr>,
        Randy Dunlap <rdunlap@...radead.org>,
        "Eric Dumazet" <edumazet@...gle.com>
Subject: Re: [PATCH v2] pipe: use __pipe_{lock,unlock} instead of spinlock


Greeting,

FYI, we noticed WARNING:possible_recursive_locking_detected due to commit (built with gcc-11):

commit: 2afced4b77a399b14eb2e2797968228d7ce69a2a ("[PATCH v2] pipe: use __pipe_{lock,unlock} instead of spinlock")
url: https://github.com/intel-lab-lkp/linux/commits/Hongchen-Zhang/pipe-use-__pipe_-lock-unlock-instead-of-spinlock/20230103-143459
patch link: https://lore.kernel.org/all/20230103063303.23345-1-zhanghongchen@loongson.cn/
patch subject: [PATCH v2] pipe: use __pipe_{lock,unlock} instead of spinlock

in testcase: trinity
version: trinity-static-x86_64-x86_64-1c734c75-1_2020-01-06
with following parameters:

	runtime: 300s

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


If you fix the issue, kindly add following tag
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Link: https://lore.kernel.org/oe-lkp/202301061340.c954d61f-oliver.sang@intel.com


[  493.585155][ T1930] Unable to find swap-space signature
[  508.410154][ T1930]
[  508.410930][ T1930] ============================================
[  508.412135][ T1930] WARNING: possible recursive locking detected
[  508.413313][ T1930] 6.2.0-rc1-00085-g2afced4b77a3 #14 Not tainted
[  508.414545][ T1930] --------------------------------------------
[  508.415735][ T1930] trinity-c2/1930 is trying to acquire lock:
[ 508.416905][ T1930] ffff8881641d3068 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_resize_ring (??:?) 
[  508.418698][ T1930]
[  508.418698][ T1930] but task is already holding lock:
[ 508.420086][ T1930] ffff8881641d3068 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_fcntl (??:?) 
[  508.421781][ T1930]
[  508.421781][ T1930] other info that might help us debug this:
[  508.423268][ T1930]  Possible unsafe locking scenario:
[  508.423268][ T1930]
[  508.424688][ T1930]        CPU0
[  508.425410][ T1930]        ----
[  508.426105][ T1930]   lock(&pipe->mutex/1);
[  508.426972][ T1930]   lock(&pipe->mutex/1);
[  508.427840][ T1930]
[  508.427840][ T1930]  *** DEADLOCK ***
[  508.427840][ T1930]
[  508.429476][ T1930]  May be due to missing lock nesting notation
[  508.429476][ T1930]
[  508.430981][ T1930] 1 lock held by trinity-c2/1930:
[ 508.431945][ T1930] #0: ffff8881641d3068 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_fcntl (??:?) 
[  508.433663][ T1930]
[  508.433663][ T1930] stack backtrace:
[  508.434847][ T1930] CPU: 1 PID: 1930 Comm: trinity-c2 Not tainted 6.2.0-rc1-00085-g2afced4b77a3 #14 b8d9e225d32aed8adc2a69ef5f115031b187ce0c
[  508.436917][ T1930] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014
[  508.438696][ T1930] Call Trace:
[  508.439402][ T1930]  <TASK>
[ 508.440075][ T1930] dump_stack_lvl (??:?) 
[ 508.440972][ T1930] validate_chain.cold (lockdep.c:?) 
[ 508.441972][ T1930] ? check_prev_add (lockdep.c:?) 
[ 508.442911][ T1930] ? mark_held_locks (lockdep.c:?) 
[ 508.443824][ T1930] __lock_acquire (lockdep.c:?) 
[ 508.444714][ T1930] lock_acquire (??:?) 
[ 508.445575][ T1930] ? pipe_resize_ring (??:?) 
[ 508.446497][ T1930] ? rcu_read_unlock (main.c:?) 
[ 508.447403][ T1930] ? entry_SYSCALL_64_after_hwframe (??:?) 
[ 508.448483][ T1930] __mutex_lock (mutex.c:?) 
[ 508.449361][ T1930] ? pipe_resize_ring (??:?) 
[ 508.450248][ T1930] ? kasan_quarantine_reduce (??:?) 
[ 508.451257][ T1930] ? lock_downgrade (lockdep.c:?) 
[ 508.452161][ T1930] ? pipe_resize_ring (??:?) 
[ 508.453053][ T1930] ? mark_held_locks (lockdep.c:?) 
[ 508.453935][ T1930] ? mutex_lock_io_nested (mutex.c:?) 
[ 508.454925][ T1930] ? kasan_quarantine_reduce (??:?) 
[ 508.455990][ T1930] ? pipe_resize_ring (??:?) 
[ 508.456904][ T1930] ? pipe_resize_ring (??:?) 
[ 508.457862][ T1930] ? pipe_resize_ring (??:?) 
[ 508.458791][ T1930] pipe_resize_ring (??:?) 
[ 508.459702][ T1930] pipe_fcntl (??:?) 
[ 508.460537][ T1930] ? find_held_lock (lockdep.c:?) 
[ 508.461435][ T1930] do_fcntl (fcntl.c:?) 
[ 508.462220][ T1930] ? __task_pid_nr_ns (??:?) 
[ 508.463185][ T1930] ? f_getown (fcntl.c:?) 
[ 508.464058][ T1930] ? __x64_sys_alarm (??:?) 
[ 508.464959][ T1930] __x64_sys_fcntl (??:?) 
[ 508.465869][ T1930] do_syscall_64 (??:?) 
[ 508.466745][ T1930] entry_SYSCALL_64_after_hwframe (??:?) 
[  508.467721][ T1930] RIP: 0033:0x463519
[ 508.468493][ T1930] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 59 00 00 c3 66 2e 0f 1f 84 00 00 00 00
All code
========
   0:	00 f3                	add    %dh,%bl
   2:	c3                   	retq   
   3:	66 2e 0f 1f 84 00 00 	nopw   %cs:0x0(%rax,%rax,1)
   a:	00 00 00 
   d:	0f 1f 40 00          	nopl   0x0(%rax)
  11:	48 89 f8             	mov    %rdi,%rax
  14:	48 89 f7             	mov    %rsi,%rdi
  17:	48 89 d6             	mov    %rdx,%rsi
  1a:	48 89 ca             	mov    %rcx,%rdx
  1d:	4d 89 c2             	mov    %r8,%r10
  20:	4d 89 c8             	mov    %r9,%r8
  23:	4c 8b 4c 24 08       	mov    0x8(%rsp),%r9
  28:	0f 05                	syscall 
  2a:*	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax		<-- trapping instruction
  30:	0f 83 db 59 00 00    	jae    0x5a11
  36:	c3                   	retq   
  37:	66                   	data16
  38:	2e                   	cs
  39:	0f                   	.byte 0xf
  3a:	1f                   	(bad)  
  3b:	84 00                	test   %al,(%rax)
  3d:	00 00                	add    %al,(%rax)
	...

Code starting with the faulting instruction
===========================================
   0:	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax
   6:	0f 83 db 59 00 00    	jae    0x59e7
   c:	c3                   	retq   
   d:	66                   	data16
   e:	2e                   	cs
   f:	0f                   	.byte 0xf
  10:	1f                   	(bad)  
  11:	84 00                	test   %al,(%rax)
  13:	00 00                	add    %al,(%rax)
	...
[  508.471663][ T1930] RSP: 002b:00007ffd6a2fa2c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
[  508.473176][ T1930] RAX: ffffffffffffffda RBX: 0000000000000048 RCX: 0000000000463519
[  508.474574][ T1930] RDX: 0000000000000066 RSI: 0000000000000407 RDI: 000000000000013e
[  508.476026][ T1930] RBP: 00007f36cc433000 R08: fffffffffffffff8 R09: 000000000000000f
[  508.477459][ T1930] R10: 0000000010000000 R11: 0000000000000246 R12: 0000000000000002
[  508.478870][ T1930] R13: 00007f36cc433058 R14: 0000000002241850 R15: 00007f36cc433000
[  508.482573][ T1930]  </TASK>
[  510.837665][ T2080] Unable to find swap-space signature
[  518.245623][ T2080] futex_wake_op: trinity-c1 tries to shift op by -1; fix this program
[  639.655156][  T298] hwclock: can't open '/dev/misc/rtc': No such file or directory
LKP: ttyS0: 273: LKP: rebooting forcely
[  651.988559][  T273] sysrq: Emergency Sync
[  651.989495][   T29] Emergency Sync complete
[  651.990747][  T273] sysrq: Resetting



To reproduce:

        # build kernel
	cd linux
	cp config-6.2.0-rc1-00085-g2afced4b77a3 .config
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
	cd <mod-install-dir>
	find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz


        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests



View attachment "config-6.2.0-rc1-00085-g2afced4b77a3" of type "text/plain" (150040 bytes)

View attachment "job-script" of type "text/plain" (4593 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (38088 bytes)

View attachment "trinity" of type "text/plain" (12205 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ