lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <51bd5e035546937b8c46264b52e149f0331d0b60.camel@redhat.com>
Date:   Mon, 01 Mar 2021 16:07:11 +0100
From:   Paolo Abeni <pabeni@...hat.com>
To:     Chuck Lever <chuck.lever@...cle.com>,
        syzbot <syzbot+e2fa57709a385e6db10f@...kaller.appspotmail.com>
Cc:     Bruce Fields <bfields@...ldses.org>,
        "David S. Miller" <davem@...emloft.net>,
        "dsahern@...nel.org" <dsahern@...nel.org>,
        Jakub Kicinski <kuba@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Linux NFS Mailing List <linux-nfs@...r.kernel.org>,
        Linux-Net <netdev@...r.kernel.org>,
        "yoshfuji@...ux-ipv6.org" <yoshfuji@...ux-ipv6.org>,
        "syzkaller-bugs@...glegroups.com" <syzkaller-bugs@...glegroups.com>
Subject: Re: possible deadlock in ipv6_sock_mc_close

Hello,

On Mon, 2021-03-01 at 14:52 +0000, Chuck Lever wrote:
> > On Mar 1, 2021, at 8:49 AM, syzbot <syzbot+e2fa57709a385e6db10f@...kaller.appspotmail.com> wrote:
> > 
> > Hello,
> > 
> > syzbot found the following issue on:
> > 
> > HEAD commit:    eee7ede6 Merge branch 'bnxt_en-error-recovery-bug-fixes'
> > git tree:       net
> > console output: https://syzkaller.appspot.com/x/log.txt?x=123ad632d00000
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=e2d5ba72abae4f14
> > dashboard link: https://syzkaller.appspot.com/bug?extid=e2fa57709a385e6db10f
> > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=109d89b6d00000
> > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=12e9e0dad00000
> > 
> > The issue was bisected to:
> > 
> > commit c8e88e3aa73889421461f878cd569ef84f231ceb
> > Author: Chuck Lever <chuck.lever@...cle.com>
> > Date:   Tue Nov 3 20:06:04 2020 +0000
> > 
> >    NFSD: Replace READ* macros in nfsd4_decode_layoutget()
> > 
> > bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=13bef9ccd00000
> > final oops:     https://syzkaller.appspot.com/x/report.txt?x=107ef9ccd00000
> > console output: https://syzkaller.appspot.com/x/log.txt?x=17bef9ccd00000
> > 
> > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > Reported-by: syzbot+e2fa57709a385e6db10f@...kaller.appspotmail.com
> > Fixes: c8e88e3aa738 ("NFSD: Replace READ* macros in nfsd4_decode_layoutget()")
> > 
> > ======================================================
> > WARNING: possible circular locking dependency detected
> > 5.11.0-syzkaller #0 Not tainted
> > ------------------------------------------------------
> > syz-executor905/8822 is trying to acquire lock:
> > ffffffff8d678fe8 (rtnl_mutex){+.+.}-{3:3}, at: ipv6_sock_mc_close+0xd7/0x110 net/ipv6/mcast.c:323
> > 
> > but task is already holding lock:
> > ffff888024390120 (sk_lock-AF_INET6){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1600 [inline]
> > ffff888024390120 (sk_lock-AF_INET6){+.+.}-{0:0}, at: mptcp6_release+0x57/0x130 net/mptcp/protocol.c:3507
> > 
> > which lock already depends on the new lock.
> 
> Hi, thanks for the report.
> 
> Initial analysis:
> 
> c8e88e3aa738 ("NFSD: Replace READ* macros in nfsd4_decode_layoutget()"
> changes code several layers above the network layer. In addition,
> neither of the stack traces contain NFSD functions. And, repro.c does
> not appear to exercise any filesystem code.
> 
> Therefore the bisect result looks implausible to me. I don't see any
> obvious connection between the lockdep splat and c8e88e3aa738. (If
> someone else does, please let me know where to look).

I agree the bisect result is unexpected.

This looks really as an MPTCP-specific issue, likely introduced by:

32fcc880e0a9 ("mptcp: provide subflow aware release function")

and should be fixed inside MPTCP.

Cheers,

Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ