On 03/27/2014 11:33 AM, Sasha Levin wrote:
On 03/27/2014 11:11 AM, Sasha Levin wrote:
Hi all,

While fuzzing with trinity inside a KVM tools guest running latest -next
kernel I've stumbled on the following:

And another similar trace from a different vm:

[ 2696.454601] ======================================================
[ 2696.455460] [ INFO: possible circular locking dependency detected ]
[ 2696.456327] 3.14.0-rc8-next-20140326-sasha-00018-gffbc974-dirty #285 Not 
tainted
[ 2696.457227] -------------------------------------------------------
[ 2696.457898] trinity-c31/26818 is trying to acquire lock:
[ 2696.458495]  (&(&pool->lock)->rlock){-.-.-.}, at: __queue_work 
(kernel/workqueue.c:1358)
[ 2696.459829]
[ 2696.459829] but task is already holding lock:
[ 2696.460315]  (&ctx->lock){-.-...}, at: perf_event_exit_task 
(kernel/events/core.c:7415 kernel/events/core.c:7492)
[ 2696.461706]
[ 2696.461706] which lock already depends on the new lock.
[ 2696.461706]
[ 2696.461706]
[ 2696.461706] the existing dependency chain (in reverse order) is:
[ 2696.461706]
-> #3 (&ctx->lock){-.-...}:
[ 2696.461706]        lock_acquire (arch/x86/include/asm/current.h:14 
kernel/locking/lockdep.c:3602)
[ 2696.461706]        _raw_spin_lock (include/linux/spinlock_api_smp.h:143 
kernel/locking/spinlock.c:151)
[ 2696.461706]        __perf_event_task_sched_out (kernel/events/core.c:2340 
kernel/events/core.c:2366)
[ 2696.461706]        perf_event_task_sched_out (include/linux/perf_event.h:689)
[ 2696.461706]        __schedule (kernel/sched/core.c:2064 
kernel/sched/core.c:2102 kernel/sched/core.c:2226 kernel/sched/core.c:2713)
[ 2696.461706]        preempt_schedule (arch/x86/include/asm/preempt.h:80 
kernel/sched/core.c:2798)
[ 2696.461706]        ___preempt_schedule (arch/x86/kernel/preempt.S:11)
[ 2696.461706]        text_poke_bp (arch/x86/kernel/alternative.c:655)
[ 2696.461706]        arch_jump_label_transform 
(arch/x86/kernel/jump_label.c:111)
[ 2696.461706]        __jump_label_update (kernel/jump_label.c:177)
[ 2696.461706]        jump_label_update (kernel/jump_label.c:458)
[ 2696.461706]        static_key_slow_inc (kernel/jump_label.c:68)
[ 2696.461706]        tracepoint_update_probe_range (kernel/tracepoint.c:278 
kernel/tracepoint.c:319)
[ 2696.461706]        tracepoint_update_probes (kernel/tracepoint.c:354)
[ 2696.461706]        tracepoint_probe_register (kernel/tracepoint.c:407)
[ 2696.461706]        syscall_exit_register (kernel/trace/trace_syscalls.c:681 
kernel/trace/trace_syscalls.c:750)
[ 2696.461706]        perf_trace_init (kernel/trace/trace_event_perf.c:108 
kernel/trace/trace_event_perf.c:182 kernel/trace/trace_event_perf.c:206)
[ 2696.461706]        perf_tp_event_init (kernel/events/core.c:5937)
[ 2696.461706]        perf_init_event (kernel/events/core.c:6598)
[ 2696.461706]        perf_event_alloc (kernel/events/core.c:6754)
[ 2696.461706]        SYSC_perf_event_open (kernel/events/core.c:7062)
[ 2696.461706]        SyS_perf_event_open (kernel/events/core.c:6990)
[ 2696.461706]        tracesys (arch/x86/kernel/entry_64.S:749)
[ 2696.461706]
-> #2 (&rq->lock){-.-.-.}:
[ 2696.461706]        lock_acquire (arch/x86/include/asm/current.h:14 
kernel/locking/lockdep.c:3602)
[ 2696.461706]        _raw_spin_lock (include/linux/spinlock_api_smp.h:143 
kernel/locking/spinlock.c:151)
[ 2696.461706]        wake_up_new_task (include/linux/sched.h:2884 
kernel/sched/core.c:313 kernel/sched/core.c:2014)
[ 2696.461706]        do_fork (kernel/fork.c:1627)
[ 2696.461706]        kernel_thread (kernel/fork.c:1647)
[ 2696.461706]        rest_init (init/main.c:383)
[ 2696.461706]        start_kernel (init/main.c:653)
[ 2696.461706]        x86_64_start_reservations (arch/x86/kernel/head64.c:194)
[ 2696.461706]        x86_64_start_kernel (arch/x86/kernel/head64.c:183)
[ 2696.461706]
-> #1 (&p->pi_lock){-.-.-.}:
[ 2696.461706]        lock_acquire (arch/x86/include/asm/current.h:14 
kernel/locking/lockdep.c:3602)
[ 2696.461706]        _raw_spin_lock_irqsave 
(include/linux/spinlock_api_smp.h:117 kernel/locking/spinlock.c:159)
[ 2696.461706]        try_to_wake_up (kernel/sched/core.c:1592)
[ 2696.461706]        wake_up_process (kernel/sched/core.c:1688 (discriminator 
2))
[ 2696.461706]        start_worker (kernel/workqueue.c:1800)
[ 2696.461706]        create_and_start_worker (include/linux/spinlock.h:353 
kernel/workqueue.c:1820)
[ 2696.461706]        init_workqueues (kernel/workqueue.c:5061)
[ 2696.461706]        do_one_initcall (init/main.c:696)
[ 2696.461706]        kernel_init_freeable (init/main.c:797 init/main.c:904)
[ 2696.461706]        kernel_init (init/main.c:842)
[ 2696.461706]        ret_from_fork (arch/x86/kernel/entry_64.S:555)
[ 2696.461706]
-> #0 (&(&pool->lock)->rlock){-.-.-.}:
[ 2696.461706]        __lock_acquire (kernel/locking/lockdep.c:1840 
kernel/locking/lockdep.c:1945 kernel/locking/lockdep.c:2131 
kernel/locking/lockdep.c:3182)
[ 2696.461706]        lock_acquire (arch/x86/include/asm/current.h:14 
kernel/locking/lockdep.c:3602)
[ 2696.461706]        _raw_spin_lock (include/linux/spinlock_api_smp.h:143 
kernel/locking/spinlock.c:151)
[ 2696.461706]        __queue_work (kernel/workqueue.c:1358)
[ 2696.461706]        queue_work_on (kernel/workqueue.c:1436)
[ 2696.461706]        free_object (lib/debugobjects.c:206)
[ 2696.461706]        __debug_check_no_obj_freed (lib/debugobjects.c:714)
[ 2696.461706]        debug_check_no_obj_freed (lib/debugobjects.c:726)
[ 2696.461706]        kmem_cache_free (mm/slub.c:2679 mm/slub.c:2707)
[ 2696.461706]        __put_task_struct (kernel/fork.c:249 (discriminator 2))
[ 2696.461706]        put_ctx (include/linux/sched.h:1807 
kernel/events/core.c:896)
[ 2696.461706]        perf_event_exit_task (kernel/events/core.c:905 
kernel/events/core.c:7422 kernel/events/core.c:7492)
[ 2696.461706]        do_exit (kernel/exit.c:801)
[ 2696.461706]        do_group_exit (kernel/exit.c:919)
[ 2696.461706]        SyS_exit_group (kernel/exit.c:930)
[ 2696.461706]        tracesys (arch/x86/kernel/entry_64.S:749)
[ 2696.461706]
[ 2696.461706] other info that might help us debug this:
[ 2696.461706]
[ 2696.461706] Chain exists of:
&(&pool->lock)->rlock --> &rq->lock --> &ctx->lock

[ 2696.461706]  Possible unsafe locking scenario:
[ 2696.461706]
[ 2696.461706]        CPU0                    CPU1
[ 2696.461706]        ----                    ----
[ 2696.461706]   lock(&ctx->lock);
[ 2696.461706]                                lock(&rq->lock);
[ 2696.461706]                                lock(&ctx->lock);
[ 2696.461706]   lock(&(&pool->lock)->rlock);
[ 2696.461706]
[ 2696.461706]  *** DEADLOCK ***
[ 2696.461706]
[ 2696.461706] 1 lock held by trinity-c31/26818:
[ 2696.461706]  #0:  (&ctx->lock){-.-...}, at: perf_event_exit_task 
(kernel/events/core.c:7415 kernel/events/core.c:7492)
[ 2696.461706]
[ 2696.461706] stack backtrace:
[ 2696.461706] CPU: 31 PID: 26818 Comm: trinity-c31 Not tainted 
3.14.0-rc8-next-20140326-sasha-00018-gffbc974-dirty #285
[ 2696.461706]  ffffffffbb9711d0 ffff88024f7a1a78 ffffffffb84b5057 
0000000000000000
[ 2696.461706]  ffffffffbb9b5c60 ffff88024f7a1ac8 ffffffffb84a7b57 
0000000000000001
[ 2696.461706]  ffff88024f7a1b58 ffff88024f7a1ac8 ffff88022f643cf0 
ffff88022f643d28
[ 2696.461706] Call Trace:
[ 2696.461706]  dump_stack (lib/dump_stack.c:52)
[ 2696.461706]  print_circular_bug (kernel/locking/lockdep.c:1216)
[ 2696.461706]  __lock_acquire (kernel/locking/lockdep.c:1840 
kernel/locking/lockdep.c:1945 kernel/locking/lockdep.c:2131 
kernel/locking/lockdep.c:3182)
[ 2696.461706]  ? kvm_clock_read (arch/x86/include/asm/preempt.h:90 
arch/x86/kernel/kvmclock.c:86)
[ 2696.461706]  lock_acquire (arch/x86/include/asm/current.h:14 
kernel/locking/lockdep.c:3602)
[ 2696.461706]  ? __queue_work (kernel/workqueue.c:1358)
[ 2696.461706]  ? __lock_is_held (kernel/locking/lockdep.c:3516)
[ 2696.461706]  _raw_spin_lock (include/linux/spinlock_api_smp.h:143 
kernel/locking/spinlock.c:151)
[ 2696.461706]  ? __queue_work (kernel/workqueue.c:1358)
[ 2696.461706]  __queue_work (kernel/workqueue.c:1358)
[ 2696.461706]  queue_work_on (kernel/workqueue.c:1436)
[ 2696.461706]  free_object (lib/debugobjects.c:206)
[ 2696.461706]  __debug_check_no_obj_freed (lib/debugobjects.c:714)
[ 2696.461706]  ? __this_cpu_preempt_check (lib/smp_processor_id.c:63)
[ 2696.461706]  debug_check_no_obj_freed (lib/debugobjects.c:726)
[ 2696.461706]  kmem_cache_free (mm/slub.c:2679 mm/slub.c:2707)
[ 2696.461706]  ? __put_task_struct (kernel/fork.c:249 (discriminator 2))
[ 2696.461706]  __put_task_struct (kernel/fork.c:249 (discriminator 2))
[ 2696.461706]  put_ctx (include/linux/sched.h:1807 kernel/events/core.c:896)
[ 2696.461706]  perf_event_exit_task (kernel/events/core.c:905 
kernel/events/core.c:7422 kernel/events/core.c:7492)
[ 2696.461706]  do_exit (kernel/exit.c:801)
[ 2696.461706]  ? __this_cpu_preempt_check (lib/smp_processor_id.c:63)
[ 2696.461706]  ? trace_hardirqs_on_caller (kernel/locking/lockdep.c:2557 
kernel/locking/lockdep.c:2599)
[ 2696.461706]  ? trace_hardirqs_on (kernel/locking/lockdep.c:2607)
[ 2696.461706]  do_group_exit (kernel/exit.c:919)
[ 2696.461706]  SyS_exit_group (kernel/exit.c:930)
[ 2696.461706]  tracesys (arch/x86/kernel/entry_64.S:749)

Figured I'd Cc' Thomas as well, as this trace seems to point at debugobjects.


Thanks,
Sasha

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to