Received: by 2002:ab2:1689:0:b0:1f7:5705:b850 with SMTP id d9csp1045652lqa; Sun, 28 Apr 2024 16:23:24 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCV02xTu+RVpM5DTRXtfPw8fon4Wilc8ZXNoTPeufFNJTH3ESptUi3HT76txVQaN42+ZIHkX6hbkOscW6fJoRTor7Jql5xjcfc4pz8740g== X-Google-Smtp-Source: AGHT+IFRyd23e6Ahhm0nE5wyTZflVe24Kf8h6UP6drTvNQHM9++gov1kusmyCKRljFc+8uO5fNGX X-Received: by 2002:a17:906:3102:b0:a52:42ce:7da6 with SMTP id 2-20020a170906310200b00a5242ce7da6mr5874354ejx.10.1714346604420; Sun, 28 Apr 2024 16:23:24 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714346604; cv=pass; d=google.com; s=arc-20160816; b=q8nhgm1enyPeskjnHIilmeQP4j2szkqoPsQTnowqippyHy/tvI9E1sK6faz3AYFRM/ fOd5OvQgjch3lS78iOoKrDf06Q51NAW4EqkLIWKJYEPKMoxquwQXitWOEB1N/lDhzoAg F+MpFYO8NA8tXt+vx/Oxyb4skn655FReFU08i7I0zg695UCH3Tk9TDL14Ummy/rpjTuY RtFp9H9NmRGz9oLynG4MRJupaTs3EGNNz6BpjpjAGGAIUYSI49/MYucHVScvLHe+guJg 4L09j7LpMNRWFpsdyUTKVnJfihDCHvPusE/5CCQSQ/KQ9BZ9ad9LGCz0HdavhG0BIcjb jXsg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=Fe063MflVb6NTAuf8yLtc+MtVwi3mLkub2DKDxhl6oo=; fh=kr3modg/3UShEsGLm13NQ6vuQocHEPPXTJg2hH1Dwpw=; b=puvbsPDwSfpaz9fKkgwFxdqZVeQNK+0TSpaBoSuEogSYaRQQhdlXAeZWEy2Qri/I6Z C3Uw60FfUNHxGuL+TKJjYDIDmytHyWR7MMUsJbce3H+meGhFAhVSNxpN62NCmQWx3T80 Vy4dCMprXZEJpCQVxzWJUAM2KFcvPfaqf5Vxuk3krbVbcAhVQOIfVElmMvC7ZCHfP9Qe drll3YVXJdRGXcOBThAlrM5w7mNRsQbF24HEH8069O6XJJQ13cI0BzdglvysCE0ukLQK o9x86qmKFmOLtWT80eBRImgacRvFkYb3nrIPH9nsUQiSHWrjDt0axGHyDGaYbGVnBoSh rH6Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=sina.com); spf=pass (google.com: domain of linux-kernel+bounces-161627-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-161627-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id j27-20020a170906095b00b00a58db29217esi2856412ejd.894.2024.04.28.16.23.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 28 Apr 2024 16:23:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-161627-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=sina.com); spf=pass (google.com: domain of linux-kernel+bounces-161627-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-161627-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 2C2CF1F21240 for ; Sun, 28 Apr 2024 23:23:24 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D2A071BF2F; Sun, 28 Apr 2024 23:23:14 +0000 (UTC) Received: from mail115-100.sinamail.sina.com.cn (mail115-100.sinamail.sina.com.cn [218.30.115.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 06B59389 for ; Sun, 28 Apr 2024 23:23:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=218.30.115.100 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714346594; cv=none; b=IK96M4RIoyc07J70uEF2lLKqYrdOF4MxrAVY7M2n2SAVdro51WWVJf0gq3FnsFVgkt3gBOmxW/hogvzNF96qvETFc5AqIm37Xqi69me46bJbX4+gfiMumlI40SQ2fH0bY0XD5UdEDzw9kfJYzzKNPk+Rcl5S2NWMHYlxr3YEI+4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714346594; c=relaxed/simple; bh=f5SHVKCd1yLoB3LpdWW54rLqKvQnFndtp0BSi77PSMI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=LebEwaFshdoIBnf5XnnirnK5rfx+pIq/feY/iyUEvqrrp1gz2BqrhFXSXsDhG4EHWRn2wV4Z9ZqhFtufVRSZFagqOBvNfD20cWj029Exsa0ptpydCfcCGTMy0d5R1igbpfgAdVlXetlnjc21/RCcmOPVRojVOO8eckB8OsTUeTQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=sina.com; spf=pass smtp.mailfrom=sina.com; arc=none smtp.client-ip=218.30.115.100 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=sina.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sina.com X-SMAIL-HELO: localhost.localdomain Received: from unknown (HELO localhost.localdomain)([116.24.11.20]) by sina.com (172.16.235.24) with ESMTP id 662EDA5200003786; Sun, 29 Apr 2024 07:23:00 +0800 (CST) X-Sender: hdanton@sina.com X-Auth-ID: hdanton@sina.com Authentication-Results: sina.com; spf=none smtp.mailfrom=hdanton@sina.com; dkim=none header.i=none; dmarc=none action=none header.from=hdanton@sina.com X-SMAIL-MID: 69199445089247 X-SMAIL-UIID: 471609B53FAC4BECA5769360A9C487B0-20240429-072300-1 From: Hillf Danton To: Linus Torvalds Cc: syzbot , Tetsuo Handa , andrii@kernel.org, bpf@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] [bpf?] [trace?] possible deadlock in force_sig_info_to_task Date: Mon, 29 Apr 2024 07:23:02 +0800 Message-Id: <20240428232302.4035-1-hdanton@sina.com> In-Reply-To: References: <0000000000009dfa6d0617197994@google.com> <20240427231321.3978-1-hdanton@sina.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit On Sun, 28 Apr 2024 13:01:19 -0700 Linus Torvalds wrote: > On Sat, 27 Apr 2024 at 16:13, Hillf Danton wrote: > > > > > -> #0 (&sighand->siglock){....}-{2:2}: > > > check_prev_add kernel/locking/lockdep.c:3134 [inline] > > > check_prevs_add kernel/locking/lockdep.c:3253 [inline] > > > validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869 > > > __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137 > > > lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754 > > > __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] > > > _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 > > > force_sig_info_to_task+0x68/0x580 kernel/signal.c:1334 > > > force_sig_fault_to_task kernel/signal.c:1733 [inline] > > > force_sig_fault+0x12c/0x1d0 kernel/signal.c:1738 > > > __bad_area_nosemaphore+0x127/0x780 arch/x86/mm/fault.c:814 > > > handle_page_fault arch/x86/mm/fault.c:1505 [inline] > > > > Given page fault with runqueue locked, bpf makes trouble instead of > > helping anything in this case. > > That's not the odd thing here. > > Look, the callchain is: > > > > exc_page_fault+0x612/0x8e0 arch/x86/mm/fault.c:1563 > > > asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 > > > rep_movs_alternative+0x22/0x70 arch/x86/lib/copy_user_64.S:48 > > > copy_user_generic arch/x86/include/asm/uaccess_64.h:110 [inline] > > > raw_copy_from_user arch/x86/include/asm/uaccess_64.h:125 [inline] > > > __copy_from_user_inatomic include/linux/uaccess.h:87 [inline] > > > copy_from_user_nofault+0xbc/0x150 mm/maccess.c:125 > > IOW, this is all doing a copy from user with page faults disabled, and > it shouldn't have caused a signal to be sent, so the whole > __bad_area_nosemaphore -> force_sig_fault path is bad. > So is game like copying from/putting to user with runqueue locked at the first place. Plus as per another syzbot report [1], bpf could make trouble with workqueue pool locked. [1] https://lore.kernel.org/lkml/00000000000051348606171f61a1@google.com/