lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CACT4Y+Z=+u_HdmJUcRJ6e0srvqh4pk273CC2C3AmfH9B1Z=o+A@mail.gmail.com>
Date:   Fri, 29 Apr 2022 08:50:28 +0200
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     syzbot <syzbot+f8181becdab66ab4b181@...kaller.appspotmail.com>,
        Paul Walmsley <paul.walmsley@...ive.com>,
        Palmer Dabbelt <palmer@...belt.com>,
        Albert Ou <aou@...s.berkeley.edu>,
        linux-riscv <linux-riscv@...ts.infradead.org>
Cc:     ebiederm@...ssion.com, keescook@...omium.org,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-mm@...ck.org, syzkaller-bugs@...glegroups.com,
        viro@...iv.linux.org.uk
Subject: Re: [syzbot] possible deadlock in do_page_fault

On Fri, 29 Apr 2022 at 08:42, syzbot
<syzbot+f8181becdab66ab4b181@...kaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit:    0966d385830d riscv: Fix auipc+jalr relocation range checks
> git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes
> console output: https://syzkaller.appspot.com/x/log.txt?x=1128ae72f00000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=6295d67591064921
> dashboard link: https://syzkaller.appspot.com/bug?extid=f8181becdab66ab4b181
> compiler:       riscv64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> userspace arch: riscv64
>
> Unfortunately, I don't have any reproducer for this issue yet.
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+f8181becdab66ab4b181@...kaller.appspotmail.com
>
> ============================================
> WARNING: possible recursive locking detected
> 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Not tainted
> --------------------------------------------
> dhcpcd-run-hook/3780 is trying to acquire lock:
> ffffaf8010608d18 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
> ffffaf8010608d18 (&mm->mmap_lock){++++}-{3:3}, at: do_page_fault+0x24e/0xa3c arch/riscv/mm/fault.c:285
>
> but task is already holding lock:
> ffffaf8010608d18 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock_killable include/linux/mmap_lock.h:87 [inline]
> ffffaf8010608d18 (&mm->mmap_lock){++++}-{3:3}, at: setup_arg_pages+0x1aa/0x4b8 fs/exec.c:793
>
> other info that might help us debug this:
>  Possible unsafe locking scenario:
>
>        CPU0
>        ----
>   lock(&mm->mmap_lock);
>   lock(&mm->mmap_lock);
>
>  *** DEADLOCK ***
>
>  May be due to missing lock nesting notation
>
> 1 lock held by dhcpcd-run-hook/3780:
>  #0: ffffaf8010608d18 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock_killable include/linux/mmap_lock.h:87 [inline]
>  #0: ffffaf8010608d18 (&mm->mmap_lock){++++}-{3:3}, at: setup_arg_pages+0x1aa/0x4b8 fs/exec.c:793
>
> stack backtrace:
> CPU: 1 PID: 3780 Comm: dhcpcd-run-hook Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
> Hardware name: riscv-virtio,qemu (DT)
> Call Trace:
> [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:113
> [<ffffffff831668cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:119
> [<ffffffff831756ba>] __dump_stack lib/dump_stack.c:88 [inline]
> [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:106
> [<ffffffff83175742>] dump_stack+0x1c/0x24 lib/dump_stack.c:113
> [<ffffffff8011404e>] print_deadlock_bug kernel/locking/lockdep.c:2956 [inline]
> [<ffffffff8011404e>] check_deadlock kernel/locking/lockdep.c:2999 [inline]
> [<ffffffff8011404e>] validate_chain kernel/locking/lockdep.c:3788 [inline]
> [<ffffffff8011404e>] __lock_acquire+0x1dcc/0x333e kernel/locking/lockdep.c:5027
> [<ffffffff80116582>] lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5639
> [<ffffffff8011682a>] lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5612
> [<ffffffff831ab656>] down_read+0x3c/0x54 kernel/locking/rwsem.c:1461
> [<ffffffff800117d4>] mmap_read_lock include/linux/mmap_lock.h:117 [inline]
> [<ffffffff800117d4>] do_page_fault+0x24e/0xa3c arch/riscv/mm/fault.c:285

+riscv maintainers
this looks riscv related

> [<ffffffff80005724>] ret_from_exception+0x0/0x10
> [<ffffffff80c0069a>] __stack_depot_save+0x40/0x4b2 lib/stackdepot.c:360
>
>
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@...glegroups.com.
>
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@...glegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/00000000000001044205ddc55870%40google.com.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ