All of lore.kernel.org
 help / color / mirror / Atom feed
From: Thomas Gleixner <tglx@linutronix.de>
To: Kees Cook <keescook@chromium.org>
Cc: linux-kernel@vger.kernel.org, mingo@kernel.org,
	syzbot <syzbot+7ffc7214b893651d52b8@syzkaller.appspotmail.com>,
	syzkaller-bugs@googlegroups.com,
	Andy Lutomirski <luto@kernel.org>,
	Peter Zijlstra <peterz@infradead.org>
Subject: Re: WARNING in syscall_exit_to_user_mode
Date: Sun, 13 Sep 2020 21:54:34 +0200	[thread overview]
Message-ID: <87sgblpi4l.fsf@nanos.tec.linutronix.de> (raw)
In-Reply-To: <202009121050.0D9CAB95@keescook>

On Sat, Sep 12 2020 at 10:52, Kees Cook wrote:
>> ------------[ cut here ]------------
>> syscall 56 left IRQs disabled
>
> This WARN appears reachable. :)

The above is hardly a problem of the new entry code. It's just detecting
the wreckage...

> I also see on the dashboard these other problems with the new entry
> code:

This one is also just the messenger. That's the

     lockdep_assert_irqs_disabled();

in irqentry_exit() if I'm reading the reports correctly. That's a #PF
returning with interrupts enabled for whatever weird reason. Let me
stare at that...

> https://syzkaller.appspot.com/bug?extid=d4336c84ed0099fdbe47

This one is not a new entry code problem either:

> https://syzkaller.appspot.com/bug?extid=c4af95386364bc59b13e

INFO: task syz-executor.0:5956 can't die for more than 143 seconds.
task:syz-executor.0  state:R  running task     stack:25424 pid: 5956 ppid: 14284 flags:0x00004004
Call Trace:
 context_switch kernel/sched/core.c:3778 [inline]
 __schedule+0x8e5/0x21e0 kernel/sched/core.c:4527
 preempt_schedule_irq+0xb0/0x150 kernel/sched/core.c:4785
 irqentry_exit_cond_resched kernel/entry/common.c:333 [inline]
 irqentry_exit_cond_resched kernel/entry/common.c:325 [inline]
 irqentry_exit+0x65/0x90 kernel/entry/common.c:363
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:653 [inline]
RIP: 0010:lock_acquire+0x27b/0xad0 kernel/locking/lockdep.c:5008
Code: 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 f8 06 00 00 48 83 3d 6a d1 5b 08 00 0f 84 a6 05 00 00 48 8b 7c 24 08 57 9d <0f> 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 48 03 44 24 10 48 c7
RSP: 0018:ffffc900088477c0 EFLAGS: 00000286
RAX: 1ffffffff136c7d9 RBX: ffff88808766c200 RCX: 000000005603e267
RDX: dffffc0000000000 RSI: 0000000000000001 RDI: 0000000000000286
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8c6a59e7
R10: fffffbfff18d4b3c R11: 0000000000000001 R12: 0000000000000002
R13: ffffffff89c67640 R14: 0000000000000000 R15: ffff88808766c200
 rcu_lock_acquire include/linux/rcupdate.h:248 [inline]
 rcu_read_lock include/linux/rcupdate.h:641 [inline]
 inet_twsk_purge+0x112/0x7c0 net/ipv4/inet_timewait_sock.c:268
 ops_exit_list+0x10d/0x160 net/core/net_namespace.c:189
 setup_net+0x508/0x850 net/core/net_namespace.c:364
 copy_net_ns+0x31e/0x760 net/core/net_namespace.c:482
 create_new_namespaces+0x3f6/0xb20 kernel/nsproxy.c:110

The new entry code is just in the stack trace because that task was
preempted after a timer interrupt.

Thanks,

        tglx

  reply	other threads:[~2020-09-13 19:54 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-11 10:39 WARNING in syscall_exit_to_user_mode syzbot
2020-09-12 17:52 ` Kees Cook
2020-09-13 19:54   ` Thomas Gleixner [this message]
2020-09-14 20:06     ` Kees Cook
2020-09-14 20:22       ` Thomas Gleixner
2020-09-13 19:40 ` Thomas Gleixner
2020-11-08 17:22 ` syzbot
2020-11-11 11:11   ` Dmitry Vyukov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87sgblpi4l.fsf@nanos.tec.linutronix.de \
    --to=tglx@linutronix.de \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=mingo@kernel.org \
    --cc=peterz@infradead.org \
    --cc=syzbot+7ffc7214b893651d52b8@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.