lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240524064306.b98TP1nU@linutronix.de>
Date: Fri, 24 May 2024 08:43:06 +0200
From: Sebastian Andrzej Siewior <bigeasy@...utronix.de>
To: Vlastimil Babka <vbabka@...e.cz>
Cc: Thomas Gleixner <tglx@...utronix.de>,
	syzbot <syzbot+50e25cfa4f917d41749f@...kaller.appspotmail.com>,
	bp@...en8.de, dave.hansen@...ux.intel.com, hpa@...or.com,
	linux-kernel@...r.kernel.org, mingo@...hat.com,
	syzkaller-bugs@...glegroups.com, x86@...nel.org, linux-mm@...ck.org,
	Tejun Heo <tj@...nel.org>, Lai Jiangshan <jiangshanlai@...il.com>
Subject: Re: [syzbot] [kernel?] WARNING in flush_cpu_slab

On 2024-05-23 23:03:52 [+0200], Vlastimil Babka wrote:
> I'm puzzled by this. We use local_lock_irqsave() on !PREEMPT_RT everywhere.
> IIUC this warning says we did the irqsave() and then found out somebody else
> already set the owner? But that means they also did that irqsave() and set
> themselves as l->owner. Does that mey there would be a spurious irq enable
> that didn't go through local_unlock_irqrestore()?

correct.

> 
> Also this particular stack is from the work, which is scheduled by
> queue_work_on() in flush_all_cpus_locked(), which also has a
> lockdep_assert_cpus_held() so it should fullfill the "the caller must ensure
> the cpu doesn't go away" property. But I think even if this ended up on the
> wrong cpu (for the full duration or migrated while processing the work item)
> somehow, it wouldn't be able to cause such warning, but rather corrupt
> something else

Based on

> >> CPU: 3 PID: 5221 Comm: kworker/3:3 Not tainted 6.9.0-syzkaller-10713-g2a8120d7b482 #0

the code was invoked on CPU3 and the kworker was made for CPU3. This is
all fine. All access for the lock in question is within a few lines so
there is no unbalance lock/ unlock or IRQ-unlock which could explain it.

Sebastian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ