Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp10114rdb; Mon, 4 Dec 2023 18:07:32 -0800 (PST) X-Google-Smtp-Source: AGHT+IF3yoNvq+oa9zoaXdjrlhnviWxyvc/mTmVVwra55y6d2dovGla/loOBkB5II1Eg/TBHnAV6 X-Received: by 2002:a05:6a00:4108:b0:6cd:d6eb:2f19 with SMTP id bu8-20020a056a00410800b006cdd6eb2f19mr796257pfb.9.1701742052128; Mon, 04 Dec 2023 18:07:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701742052; cv=none; d=google.com; s=arc-20160816; b=VWbhyj8gaimAQWtrUXxMbBoH3crPvtp0H0uDM7TVzifX5DaE0YI5e8FQcSn24c8p1O tFR53sfJ9cgwP+KVuc9lidv1yxXqb8zv+1yh5SzKT6EtT/Op7acUyJ2DjVMZDSoiwz+d iW7uerNtu3a90GVjnsDtmJcL7mqtKRTe+ffrwxT7BV6t0k1qxAoqJYeGiPTxE1ntcqYt U0VJyZb+/QQ7Lt/SLzCfXzl4rb0lHkEiQYZxHmJ/EGXU+RQmKtefwqnukwzCzRFIofHx cprgfbHnVPsSNM1/RB9ezeX6ilS4Niw+f0kkrv3dak9e5SUkPtr1kobyF4k9vRGpgyhp FiXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:mime-version :dkim-signature; bh=Duy7xrdmHS3/KWf76FzBalcsQcmviuMuAMAHHpJ5A24=; fh=oOMg8GAEr+2lJ8H3pesp8iMLEZ3/jj2iXgP0qNVf1J4=; b=L/RCExH+wYvkYDCO25v+Lijgr0DKDGjQmvZpNfUjm8ljj7S69hhlmRhNANyDdqg2PN 1DEti9g6zySiG7OpbArwRI9rbdHDufHdRV/EzQpSlYFdRoibpjTPqs7M7KQpY89CIkPk lPxWUHNq8HhUdVgtDO2I88YMlI8ufjdmMmY3pa3sm4+RgMtFO3o/y6vDBzpgx6L5FuOK ZbzFXnAV03jGSGiSCQitQJnS0Lax/luFmGuThl6O3Pzh8SHwFHCJGTi9PhByTyUUsfnv RbSlk5YrD5Dl+ebBRJedq5kdPv9Q8KRz0ahlk49dtJ9yaQ5RpfjQdEBwuWZsCwYPugHe sj5Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="HHf3MTV/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id k10-20020a056a00134a00b006ce45456a0esi3523038pfu.46.2023.12.04.18.07.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Dec 2023 18:07:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="HHf3MTV/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 13308805B334; Mon, 4 Dec 2023 18:07:29 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346338AbjLECHN (ORCPT + 99 others); Mon, 4 Dec 2023 21:07:13 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48902 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234860AbjLECHM (ORCPT ); Mon, 4 Dec 2023 21:07:12 -0500 Received: from mail-pf1-x42f.google.com (mail-pf1-x42f.google.com [IPv6:2607:f8b0:4864:20::42f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DBC9C111 for ; Mon, 4 Dec 2023 18:07:17 -0800 (PST) Received: by mail-pf1-x42f.google.com with SMTP id d2e1a72fcca58-6cda22140f2so5018171b3a.1 for ; Mon, 04 Dec 2023 18:07:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701742037; x=1702346837; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=Duy7xrdmHS3/KWf76FzBalcsQcmviuMuAMAHHpJ5A24=; b=HHf3MTV/gK7s/vJw0YV3nw06h7QudypkYjxlPqAhgKQs5ROgSdTlUs3lErNYEytHSc atrkJAogfxAt63bbTEMlMXYv3K6vCeM1VtyOvPq5dgi09ekftQurhsdMXHh9Lym3NP3c b2tG/D1qxPk5CZeicnt2T4/RhCzoLkJszmqwkYXd5lTWH1VSQvSp0kVnRqv2Q7FoH5Br fWDt+bcOTOmnf8UL6i6CmY0AKmPTe2z0ADW4A2XJtk67ozmuRGxlAsBxkE3ChhjRiW2k 8kwMVXEd0+TUTNyp+Cw+0nX4hVnPvvCLD2MWaGu7ByRr38fFQxB9exxQh3kVci91x0ny aDoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701742037; x=1702346837; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=Duy7xrdmHS3/KWf76FzBalcsQcmviuMuAMAHHpJ5A24=; b=uUJM4rIwdChj8Tm7knvRXP31Gy8YHWSgAobtrITRN7FjK1sEnZxilQgupaGsHXgUPN cuZuO2ncS+jYp2nKEKKTnJw9bpl57FftL0VlwPZZeVDv/161h2koC7/cg+5QmTg4v6yY 0bsgoky/TKHOOIPKOPBOuRABOadtuoiMsn/Y/DtvREbGkFi7i/AzhBpvo7Zb22fk891/ NZPFbTfiP119BcP41XuQWGYUXjEREzvCPBo6Pk4y9gwKEIKTs2gcDdvAo6XHhsZtYO/z zdBeLTcuH0D9qWfFlQKwDD+ltt2/mPjVifWYjffxL7Yh7oYkuxTX2CDb/07Ni9Bj/b85 iDYw== X-Gm-Message-State: AOJu0Yw39AoR8GGS/WmHNxn9nplsqHsnjAoEREny4Jqeo4cTOF1i7J2u 8Xk1Mox6H+J0e2GvqBDK4rgcj/ijBlEtQ5i+hZs= X-Received: by 2002:a05:6a20:1601:b0:18f:97c:615f with SMTP id l1-20020a056a20160100b0018f097c615fmr7104314pzj.92.1701742037278; Mon, 04 Dec 2023 18:07:17 -0800 (PST) MIME-Version: 1.0 From: xingwei lee Date: Tue, 5 Dec 2023 10:07:03 +0800 Message-ID: Subject: Re: [syzbot] [kernel?] possible deadlock in alarm_handle_timer To: syzbot+f2c4e7bfcca6c6d6324c@syzkaller.appspotmail.com Cc: jstultz@google.com, linux-kernel@vger.kernel.org, sboyd@kernel.org, syzkaller-bugs@googlegroups.com, tglx@linutronix.de Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Mon, 04 Dec 2023 18:07:29 -0800 (PST) Hello I reproduced this bug with repro.c =* repro.txt =* r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) timer_create(0x9, 0x0, &(0x7f0000000500)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) =* repro.c =* // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #define USLEEP_FORKED_CHILD (3 * 50 * 1000) static long handle_clone_ret(long ret) { if (ret != 0) { return ret; } usleep(USLEEP_FORKED_CHILD); syscall(__NR_exit, 0); while (1) { } } static long syz_clone(volatile long flags, volatile long stack, volatile long stack_len, volatile long ptid, volatile long ctid, volatile long tls) { long sp = (stack + stack_len) & ~15; long ret = (long)syscall(__NR_clone, flags & ~CLONE_VM, sp, ptid, ctid, tls); return handle_clone_ret(ret); } uint64_t r[1] = {0x0}; int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul, /*prot=*/7ul, /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul); intptr_t res = 0; res = -1; res = syz_clone(/*flags=*/0, /*stack=*/0, /*stack_len=*/0, /*parentid=*/0, /*childtid=*/0, /*tls=*/0); if (res != -1) r[0] = res; syscall(__NR_ptrace, /*req=*/0x10ul, /*pid=*/r[0], 0, 0); syscall(__NR_timer_create, /*id=*/9ul, /*ev=*/0ul, /*timerid=*/0x20000500ul); *(uint64_t*)0x2006b000 = 0; *(uint64_t*)0x2006b008 = 8; *(uint64_t*)0x2006b010 = 0; *(uint64_t*)0x2006b018 = 9; syscall(__NR_timer_settime, /*timerid=*/0, /*flags=*/0ul, /*new=*/0x2006b000ul, /*old=*/0ul); return 0; } see also https://gist.github.com/dracary7/55a1fc1c839289a1abe01293fe82aa8e Thanks. xingwei lee