From: Kees Cook <kees@kernel.org>
To: Paul Moore <paul@paul-moore.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
syzbot <syzbot+4576eaa688ef747b8d6c@syzkaller.appspotmail.com>,
linux-kernel@vger.kernel.org, luto@kernel.org,
peterz@infradead.org, syzkaller-bugs@googlegroups.com,
audit@vger.kernel.org
Subject: Re: [syzbot] [kernel?] WARNING in audit_log_start
Date: Tue, 3 Sep 2024 12:24:16 -0700 [thread overview]
Message-ID: <202409031223.018C3D1@keescook> (raw)
In-Reply-To: <CAHC9VhTDqe8pYbmuNUu-Mdq6rmLo17z+eUTiOFh_PegbN99b-w@mail.gmail.com>
On Tue, Sep 03, 2024 at 03:22:17PM -0400, Paul Moore wrote:
> On Mon, Sep 2, 2024 at 4:37 AM Thomas Gleixner <tglx@linutronix.de> wrote:
> >
> > On Mon, Aug 26 2024 at 01:29, syzbot wrote:
> >
> > Cc:+ seccomp and audit folks
> >
> > > syzbot found the following issue on:
> > >
> > > HEAD commit: 6a7917c89f21 Add linux-next specific files for 20240822
> > > git tree: linux-next
> > > console output: https://syzkaller.appspot.com/x/log.txt?x=15c8680b980000
> > > kernel config: https://syzkaller.appspot.com/x/.config?x=897bd7c53a10fcfc
> > > dashboard link: https://syzkaller.appspot.com/bug?extid=4576eaa688ef747b8d6c
> > > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
> > >
> > > Unfortunately, I don't have any reproducer for this issue yet.
> > >
> > > Downloadable assets:
> > > disk image: https://storage.googleapis.com/syzbot-assets/47820545bc51/disk-6a7917c8.raw.xz
> > > vmlinux: https://storage.googleapis.com/syzbot-assets/e300f3a38860/vmlinux-6a7917c8.xz
> > > kernel image: https://storage.googleapis.com/syzbot-assets/9146afef58aa/bzImage-6a7917c8.xz
> > >
> > > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > > Reported-by: syzbot+4576eaa688ef747b8d6c@syzkaller.appspotmail.com
> > >
> > > WARNING: CPU: 1 PID: 8527 at kernel/sched/core.c:8556 __might_sleep+0xb9/0xe0 kernel/sched/core.c:8552
> > > Modules linked in:
> > > CPU: 1 UID: 0 PID: 8527 Comm: syz.4.642 Not tainted 6.11.0-rc4-next-20240822-syzkaller #0
> > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
> > > RIP: 0010:__might_sleep+0xb9/0xe0 kernel/sched/core.c:8552
> > > Code: a1 0e 01 90 42 80 3c 23 00 74 08 48 89 ef e8 ce e6 97 00 48 8b 4d 00 48 c7 c7 c0 60 0a 8c 44 89 ee 48 89 ca e8 f8 02 f1 ff 90 <0f> 0b 90 90 eb b5 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 70 ff ff ff
> > > RSP: 0018:ffffc90009ab7a20 EFLAGS: 00010246
> > > RAX: a60a1ffb5c104900 RBX: 1ffff11004257a6c RCX: 0000000000040000
> > > RDX: ffffc90003e59000 RSI: 000000000001b727 RDI: 000000000001b728
> > > RBP: ffff8880212bd360 R08: ffffffff8155a632 R09: fffffbfff1cfa364
> > > R10: dffffc0000000000 R11: fffffbfff1cfa364 R12: dffffc0000000000
> > > R13: 0000000000000002 R14: 0000000000000151 R15: ffffffff8e0a492c
> > > FS: 00007f4cf5b6a6c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
> > > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > > CR2: 00007f7e0f003000 CR3: 000000001feec000 CR4: 00000000003506f0
> > > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> > > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> > > Call Trace:
> > > <TASK>
> > > might_alloc include/linux/sched/mm.h:337 [inline]
> > > slab_pre_alloc_hook mm/slub.c:3987 [inline]
> > > slab_alloc_node mm/slub.c:4065 [inline]
> > > kmem_cache_alloc_noprof+0x5d/0x2a0 mm/slub.c:4092
> > > audit_buffer_alloc kernel/audit.c:1790 [inline]
> > > audit_log_start+0x15e/0xa30 kernel/audit.c:1912
> > > audit_seccomp+0x63/0x1f0 kernel/auditsc.c:3007
>
> The audit_seccomp() function allocates an audit buffer using
> GFP_KERNEL, which should be the source of the might_sleep. We can fix
> that easily enough by moving to GFP_ATOMIC (either for just this code
> path or all callers, need to check that), but I just want to confirm
> that we can't sleep here? I haven't dug into the syscall code in a
> while, so I don't recall all the details, but it seems odd to me that
> we can't safely sleep here ...
I had a similar question.. this is at syscall entry time. What is
suddenly different here? We've been doing seccomp logging here for
years...
-Kees
--
Kees Cook
next prev parent reply other threads:[~2024-09-03 19:24 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-26 8:29 [syzbot] [kernel?] WARNING in audit_log_start syzbot
2024-09-02 8:37 ` Thomas Gleixner
2024-09-03 19:22 ` Paul Moore
2024-09-03 19:24 ` Kees Cook [this message]
2024-09-03 20:54 ` Thomas Gleixner
2024-09-03 21:21 ` Paul Moore
2024-09-03 21:22 ` Aleksandr Nogikh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202409031223.018C3D1@keescook \
--to=kees@kernel.org \
--cc=audit@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=paul@paul-moore.com \
--cc=peterz@infradead.org \
--cc=syzbot+4576eaa688ef747b8d6c@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.