BUG: sleeping function called from invalid context in console_lock

BUG: sleeping function called from invalid context in console_lock

[syzbot]

Hello,

syzbot found the following crash on:

HEAD commit:    3d1c1e59 Merge tag 'block-5.7-2020-05-16' of git://git.ker..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11a8d202100000
kernel config:  https://syzkaller.appspot.com/x/.config?x=c14212794ed9ad24
dashboard link: https://syzkaller.appspot.com/bug?extid=f8589c355cdce42b2446
compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
userspace arch: i386

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f8589c355cdce42b2446@syzkaller.appspotmail.com

BUG: sleeping function called from invalid context at kernel/printk/printk.c:2312
in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 21174, name: syz-executor.5
3 locks held by syz-executor.5/21174:
 #0: ffff8880a965c098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:267
 #1: ffff8880a965c3f8 (&tty->flow_lock){....}-{2:2}, at: spin_lock_irq include/linux/spinlock.h:378 [inline]
 #1: ffff8880a965c3f8 (&tty->flow_lock){....}-{2:2}, at: n_tty_ioctl_helper drivers/tty/tty_ioctl.c:914 [inline]
 #1: ffff8880a965c3f8 (&tty->flow_lock){....}-{2:2}, at: n_tty_ioctl_helper+0xcc/0x3b0 drivers/tty/tty_ioctl.c:894
 #2: ffff8880a965c098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1d/0x80 drivers/tty/tty_ldisc.c:288
irq event stamp: 46
hardirqs last  enabled at (45): [<ffffffff81b0ba8b>] kfree+0x1eb/0x2b0 mm/slab.c:3758
hardirqs last disabled at (46): [<ffffffff87d08f35>] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:126 [inline]
hardirqs last disabled at (46): [<ffffffff87d08f35>] _raw_spin_lock_irq+0x35/0x80 kernel/locking/spinlock.c:167
softirqs last  enabled at (0): [<ffffffff8143deb7>] copy_process+0x1ae7/0x7110 kernel/fork.c:2031
softirqs last disabled at (0): [<0000000000000000>] 0x0
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 0 PID: 21174 Comm: syz-executor.5 Not tainted 5.7.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x188/0x20d lib/dump_stack.c:118
 ___might_sleep.cold+0x1f4/0x23d kernel/sched/core.c:6801
 console_lock+0x19/0x80 kernel/printk/printk.c:2312
 do_con_write.part.0+0x95/0x1dc0 drivers/tty/vt/vt.c:2596
 do_con_write drivers/tty/vt/vt.c:2593 [inline]
 con_write+0x41/0xe0 drivers/tty/vt/vt.c:3159
 n_hdlc_send_frames+0x22d/0x3d0 drivers/tty/n_hdlc.c:289
 tty_wakeup+0xe1/0x120 drivers/tty/tty_io.c:536
 __start_tty+0x5c/0x70 drivers/tty/tty_io.c:803
 n_tty_ioctl_helper drivers/tty/tty_ioctl.c:917 [inline]
 n_tty_ioctl_helper+0x34e/0x3b0 drivers/tty/tty_ioctl.c:894
 n_hdlc_tty_ioctl+0xd3/0x2f0 drivers/tty/n_hdlc.c:615
 tty_ioctl+0xf88/0x1440 drivers/tty/tty_io.c:2665
 tty_compat_ioctl+0x2bf/0x410 drivers/tty/tty_io.c:2834
 __do_compat_sys_ioctl fs/ioctl.c:865 [inline]
 __se_compat_sys_ioctl fs/ioctl.c:816 [inline]
 __ia32_compat_sys_ioctl+0x23d/0x2b0 fs/ioctl.c:816
 do_syscall_32_irqs_on arch/x86/entry/common.c:337 [inline]
 do_fast_syscall_32+0x270/0xe90 arch/x86/entry/common.c:396
 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

BUG: sleeping function called from invalid context in console_lock

[yiyang (D)]

In recent years, this problem has been reported in syzkaller all the time.

Link: https://syzkaller.appspot.com/bug?extid=dbac96d8e73b61aa559c

Historically, the developers have tried to fix this problem by use mutex 
instead spinlock, but it didn't solve the problem..

Link: https://lore.kernel.org/all/20220826193545.20363-1-pchelkin@ispras.ru/

Other developers have recently reported this problem, but no one has 
continued to try to fix it.

Link: 
https://lore.kernel.org/all/20230420082153.6711-1-daniel.starke@siemens.com/

Anyway, do we have any ideas for solving this problem?

-- 
yiyang
.

Re: BUG: sleeping function called from invalid context in console_lock

[Greg Kroah-Hartman]

On Mon, Sep 18, 2023 at 09:35:23PM +0800, yiyang (D) wrote:
> In recent years, this problem has been reported in syzkaller all the time.
> 
> Link: https://syzkaller.appspot.com/bug?extid=dbac96d8e73b61aa559c
> 
> Historically, the developers have tried to fix this problem by use mutex
> instead spinlock, but it didn't solve the problem..
> 
> Link: https://lore.kernel.org/all/20220826193545.20363-1-pchelkin@ispras.ru/
> 
> Other developers have recently reported this problem, but no one has
> continued to try to fix it.
> 
> Link:
> https://lore.kernel.org/all/20230420082153.6711-1-daniel.starke@siemens.com/
> 
> Anyway, do we have any ideas for solving this problem?

Nope!  Why do you think this is something that even needs to be
addressed?

Re: BUG: sleeping function called from invalid context in console_lock

[yiyang (D)]

On 2023/9/18 23:19, Greg Kroah-Hartman wrote:
> On Mon, Sep 18, 2023 at 09:35:23PM +0800, yiyang (D) wrote:
>> In recent years, this problem has been reported in syzkaller all the time.
>>
>> Link: https://syzkaller.appspot.com/bug?extid=dbac96d8e73b61aa559c
>>
>> Historically, the developers have tried to fix this problem by use mutex
>> instead spinlock, but it didn't solve the problem..
>>
>> Link: https://lore.kernel.org/all/20220826193545.20363-1-pchelkin@ispras.ru/
>>
>> Other developers have recently reported this problem, but no one has
>> continued to try to fix it.
>>
>> Link:
>> https://lore.kernel.org/all/20230420082153.6711-1-daniel.starke@siemens.com/
>>
>> Anyway, do we have any ideas for solving this problem?
> 
> Nope!  Why do you think this is something that even needs to be
> addressed?
> .
> 
Kernel only perform cannot sleep operations in atomic context, as 
otherwise a system hang or crash may occur.

So there's a risk to this problem.

Re: BUG: sleeping function called from invalid context in console_lock

[Greg Kroah-Hartman]

On Wed, Sep 27, 2023 at 03:48:33PM +0800, yiyang (D) wrote:
> On 2023/9/18 23:19, Greg Kroah-Hartman wrote:
> > On Mon, Sep 18, 2023 at 09:35:23PM +0800, yiyang (D) wrote:
> > > In recent years, this problem has been reported in syzkaller all the time.
> > > 
> > > Link: https://syzkaller.appspot.com/bug?extid=dbac96d8e73b61aa559c
> > > 
> > > Historically, the developers have tried to fix this problem by use mutex
> > > instead spinlock, but it didn't solve the problem..
> > > 
> > > Link: https://lore.kernel.org/all/20220826193545.20363-1-pchelkin@ispras.ru/
> > > 
> > > Other developers have recently reported this problem, but no one has
> > > continued to try to fix it.
> > > 
> > > Link:
> > > https://lore.kernel.org/all/20230420082153.6711-1-daniel.starke@siemens.com/
> > > 
> > > Anyway, do we have any ideas for solving this problem?
> > 
> > Nope!  Why do you think this is something that even needs to be
> > addressed?
> > .
> > 
> Kernel only perform cannot sleep operations in atomic context, as otherwise
> a system hang or crash may occur.
> 
> So there's a risk to this problem.
> 

Have you see this risk in real workloads?  If so, great, please provide
a working solution that is tested and verified to work properly.

good luck!

greg k-h

Re: BUG: sleeping function called from invalid context in console_lock

[yiyang (D)]

On 2023/9/18 23:19, Greg Kroah-Hartman wrote:
> On Mon, Sep 18, 2023 at 09:35:23PM +0800, yiyang (D) wrote:
>> In recent years, this problem has been reported in syzkaller all the time.
>>
>> Link: https://syzkaller.appspot.com/bug?extid=dbac96d8e73b61aa559c
>>
>> Historically, the developers have tried to fix this problem by use mutex
>> instead spinlock, but it didn't solve the problem..
>>
>> Link: https://lore.kernel.org/all/20220826193545.20363-1-pchelkin@ispras.ru/
>>
>> Other developers have recently reported this problem, but no one has
>> continued to try to fix it.
>>
>> Link:
>> https://lore.kernel.org/all/20230420082153.6711-1-daniel.starke@siemens.com/
>>
>> Anyway, do we have any ideas for solving this problem?
> 
> Nope!  Why do you think this is something that even needs to be
> addressed?
> .
> 
This problem seems to be a CVE problem.
https://nvd.nist.gov/vuln/detail/CVE-2023-31082

Re: BUG: sleeping function called from invalid context in console_lock

[Greg Kroah-Hartman]

On Wed, Sep 27, 2023 at 05:15:25PM +0800, yiyang (D) wrote:
> On 2023/9/18 23:19, Greg Kroah-Hartman wrote:
> > On Mon, Sep 18, 2023 at 09:35:23PM +0800, yiyang (D) wrote:
> > > In recent years, this problem has been reported in syzkaller all the time.
> > > 
> > > Link: https://syzkaller.appspot.com/bug?extid=dbac96d8e73b61aa559c
> > > 
> > > Historically, the developers have tried to fix this problem by use mutex
> > > instead spinlock, but it didn't solve the problem..
> > > 
> > > Link: https://lore.kernel.org/all/20220826193545.20363-1-pchelkin@ispras.ru/
> > > 
> > > Other developers have recently reported this problem, but no one has
> > > continued to try to fix it.
> > > 
> > > Link:
> > > https://lore.kernel.org/all/20230420082153.6711-1-daniel.starke@siemens.com/
> > > 
> > > Anyway, do we have any ideas for solving this problem?
> > 
> > Nope!  Why do you think this is something that even needs to be
> > addressed?
> > .
> > 
> This problem seems to be a CVE problem.
> https://nvd.nist.gov/vuln/detail/CVE-2023-31082

If you think CVEs are actually valid for the kernel (hint, they aren't),
then wonderful, please work to resolve this issue.

Again, good luck!

greg k-h