From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 54899E7718F for ; Sat, 4 Jan 2025 01:56:13 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 664F36B0082; Fri, 3 Jan 2025 20:56:12 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 614AE6B0088; Fri, 3 Jan 2025 20:56:12 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 503086B0089; Fri, 3 Jan 2025 20:56:12 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 336086B0082 for ; Fri, 3 Jan 2025 20:56:12 -0500 (EST) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 59DDAAF817 for ; Sat, 4 Jan 2025 01:56:11 +0000 (UTC) X-FDA: 82968104142.26.1FB3665 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf25.hostedemail.com (Postfix) with ESMTP id ABE21A0008 for ; Sat, 4 Jan 2025 01:56:09 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=XMTONl7C; spf=pass (imf25.hostedemail.com: domain of akpm@linux-foundation.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1735955769; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=c4Kxk0tmYjiN20YnyVUfGy9c00BmtL9D9NlYIGGu+y8=; b=Yp3/VE6c1RAsh3pcwsZrB9FOhc/h0kyzJjcjgL78nKEe8dDksjry1VIK9L+dk9C+/KCUxi PtJCIy0UuaHQ9B3sSmGW33Xj9XVAzVMbB+8vsR0PRerkBcs/z+VwnXYnYY9v0CY+hr5CTh mRfJlKpCtD75lJkpKcBS9oOI5+b3Vjo= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=XMTONl7C; spf=pass (imf25.hostedemail.com: domain of akpm@linux-foundation.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1735955769; a=rsa-sha256; cv=none; b=og7r9mY9hKagFuBGQUWNDnqFMeUWOfQXPbvdRdQy+CnAqw2ict210ebdEI1yv8JpFMk0Cx 1IpiaMQw7LI0fn80PntDZBBolS0J8e8JCnnko+5er1Z/fBHbkyo5neT1xgNQuN1KqyWzDa fBNogZ+1vpUH1DEdkFlU38Qqtssw94o= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id AC6FDA4119B; Sat, 4 Jan 2025 01:54:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5BF51C4CED6; Sat, 4 Jan 2025 01:56:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1735955768; bh=2PI2dbBFdO58pshzvvuPaxZMSuh1AlyrR65TCKHtA+w=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=XMTONl7CwPQMNyJk9jQPEo0yyjHE8nLxLuEO1AFO+gP2GmtyhGGK8kgJBeV5RY0gZ D/l9Mo+wAQuvjyXQJusF1OFRMmK4sC9vI/yYQ9PFtxGgzZEk3Tj2ut/LYzrTbd0vgA hfcC8BPD5bhSnGrTxhOmzvEsD1RB4i7fspYjERWM= Date: Fri, 3 Jan 2025 17:56:07 -0800 From: Andrew Morton To: cheung wall Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-ext4@vger.kernel.org Subject: Re: "WARNING in corrupted" in Linux kernel version 6.13.0-rc2 Message-Id: <20250103175607.12981bce1523e23d73315fd5@linux-foundation.org> In-Reply-To: References: X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Server: rspam05 X-Stat-Signature: 19dq9xe366sbdfhcc3gauqzuuqn3dogc X-Rspamd-Queue-Id: ABE21A0008 X-Rspam-User: X-HE-Tag: 1735955769-170487 X-HE-Meta: U2FsdGVkX1+v+hgw0FPS0IjDk6ug+pdAPGf8yJ5G7w8qXbEP0W734dP0wQ0ush2vdkCeFugvpeubt/faqjt19mLeVZFW/Z4s3F5Uc65221pH3U5xwt53pg6D+fB4y0P5o2FuNwnvtaooLcafJDt1nBq/CktVm+u2dgrxFZS1nAIiRpd1GPp5sAjAj8RTWjTNByRhDHx2ooPAXOkSVGZup1TSoHT8F3oV+ileeo5TMtJGb10wt3cUptxijPVwDXE2bYicvwuEM83bOh5wVCPMrmL8wRJvH6Nwb4STPyCVB3NS0EAdvizN0JUARR/6OB9KXqIV8QtyRdqFYv3ZvZZ9V2Mra9lLzyiLp6Q+yNqD590XRIyTdCVXDMAsAWPabO/pNyM05U7WRSNwjAM8RFarnt4ZAHIXe4qU6hXDxn5MU4CFn13QkfwpWWpg6ohgYX1HiaDU+kOmlokScr9LEX7mDW2a53B+nhyrIHTItXNonA/SnnIe7JwICEo1kp1V56IFVSDSjlJxfV/LNFpZtyl8BpBLTq9A/yp1IGetCLIp+gDix1O6JHka5VGEPmHOql+b7mtXnIl7m1h0zgy0kZ2jA/1X7EnOnx08lrHoQnKmvIGgnxYBBGd33186fKKrQykraaUCvqIbhShY/kZk1HtWFNxWOlKhHoc53C4UNKJJ9mZoki+kRiI9kFGHm/zZBSv57gEkCFCvgljXPcF5nb/i1Tk4n/BBQOARKiAKZRonPJp+zhw6rwARnKXhR52R7lSwv+fm5U3cUruXSN+rGr7saUBFrDCX74axv3hBIp67cWwQhHqewaAMuuAg1sXrFx3Wwmm+SF600u2936oS9O5tXlZ0hxPrQyFtkn5LToehtM39UXHVigl1f63/kq6/Zq+I6CzMr4yGG0tfTJ0wgH+UUz9jnU2QqwHm5C9URZqmnQKYisidQPfPd04Vn/xWYMoCJ5k1Ziu+Xrsc7g+qgSl dJEFvHDP 8wQDLENxCT2Bx/Z31FNhLwhmHOcGeq/UrKtWzOZgUXQWDFMLY63E5eVog3XTCuzCLOhQu0vuhf8oWEmSPZrKTUmxd0TB4KFoqPj2OesUKNAb2nfAjbIUOcAaExAU68DUeymCGGVBlYeQza28ZfPSTmcEDIhui3XrgFqrdFbk1+aKDegekvJCs0mVkyBLmKA2WjRK8XV5ltPR9Anm6PjdN56nMmdqfs0h73fhFYdsm47bqil9jFioyUe29fN8Ur+fMW8f5z179/zm6dqwqC0eYT9MRKop0sT//wpL8BPP0Co+37K+WDv4sZETZfM4u6LcyOxVGlyWzwy+dlttQrrTldBtHrA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: (cc linux-ext4) On Fri, 3 Jan 2025 15:42:39 +0800 cheung wall wrote: > Hello, > > I am writing to report a potential vulnerability identified in the > Linux Kernel version 5.15.169. This issue was discovered using our > custom vulnerability discovery tool. > > Affected File: mm/page_alloc.c > > File: mm/page_alloc.c > > Function: __alloc_pages > > Detailed Call Stack: > > ------------[ cut here begin]------------ > > WARNING: CPU: 1 PID: 3458 at mm/page_alloc.c:5398 current_gfp_context > include/linux/sched/mm.h:174 [inline] > WARNING: CPU: 1 PID: 3458 at mm/page_alloc.c:5398 > __alloc_pages+0x3d0/0x450 mm/page_alloc.c:5410 > Modules linked in: > CPU: 1 PID: 3458 Comm: syz.4.203 Not tainted 5.15.169 #1 > Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS > 1.16.3-debian-1.16.3-2 04/01/2014 > RIP: 0010:__alloc_pages+0x3d0/0x450 mm/page_alloc.c:5398 > Code: ff 4c 89 fa 44 89 f6 89 ef 89 6c 24 48 c6 44 24 78 00 4c 89 6c > 24 60 e8 de dc ff ff 49 89 c4 e9 f8 fd ff ff 40 80 e5 3f eb c5 <0f> 0b > eb 91 4c 89 e7 44 89 f6 45 31 e4 e8 5e 80 ff ff e9 ff fd ff > RSP: 0018:ffff8881020df718 EFLAGS: 00010246 > RAX: 0000000000000000 RBX: 1ffff1102041bee4 RCX: dffffc0000000000 > RDX: 0000000000000000 RSI: 0000000000000014 RDI: 0000000000040dc0 > RBP: 0000000000000000 R08: 0000000000000001 R09: ffff8881020dfa67 > R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001 > R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 > FS: 00007f0c2bb1a6c0(0000) GS:ffff88811ae80000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 0000001b2d11fffc CR3: 0000000108780000 CR4: 0000000000350ee0 > Call Trace: > > alloc_pages+0x18c/0x410 mm/mempolicy.c:2185 > kmalloc_order+0x30/0xd0 mm/slab_common.c:966 > kmalloc_order_trace+0x14/0xa0 mm/slab_common.c:982 > kmalloc_array include/linux/slab.h:631 [inline] > kcalloc include/linux/slab.h:660 [inline] > hashtab_init+0xe5/0x240 security/selinux/ss/hashtab.c:41 > policydb_read+0x781/0x61b0 security/selinux/ss/policydb.c:2531 > security_load_policy+0x15b/0xf30 security/selinux/ss/services.c:2301 > sel_write_load+0x382/0x1e70 security/selinux/selinuxfs.c:644 > vfs_write+0x28f/0xad0 fs/read_write.c:592 > ksys_write+0x12d/0x260 fs/read_write.c:647 > do_syscall_x64 arch/x86/entry/common.c:50 [inline] > do_syscall_64+0x33/0x80 arch/x86/entry/common.c:80 > entry_SYSCALL_64_after_hwframe+0x6c/0xd6 > RIP: 0033:0x7f0c2cf4c9c9 > Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 > 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d > 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 > RSP: 002b:00007f0c2bb1a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 > RAX: ffffffffffffffda RBX: 00007f0c2d168f80 RCX: 00007f0c2cf4c9c9 > RDX: 0000000000000163 RSI: 0000000020000380 RDI: 0000000000000003 > RBP: 00007f0c2cff91b6 R08: 0000000000000000 R09: 0000000000000000 > R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 > R13: 0000000000000000 R14: 00007f0c2d168f80 R15: 00007fff5b996ef8 > > irq event stamp: 1509 > hardirqs last enabled at (1519): [] > __up_console_sem+0x78/0x80 kernel/printk/printk.c:257 > hardirqs last disabled at (1528): [] > __up_console_sem+0x5d/0x80 kernel/printk/printk.c:255 > softirqs last enabled at (798): [] __do_softirq > kernel/softirq.c:592 [inline] > softirqs last enabled at (798): [] invoke_softirq > kernel/softirq.c:432 [inline] > softirqs last enabled at (798): [] __irq_exit_rcu > kernel/softirq.c:641 [inline] > softirqs last enabled at (798): [] > irq_exit_rcu+0xe9/0x130 kernel/softirq.c:653 > softirqs last disabled at (175): [] __do_softirq > kernel/softirq.c:592 [inline] > softirqs last disabled at (175): [] invoke_softirq > kernel/softirq.c:432 [inline] > softirqs last disabled at (175): [] __irq_exit_rcu > kernel/softirq.c:641 [inline] > softirqs last disabled at (175): [] > irq_exit_rcu+0xe9/0x130 kernel/softirq.c:653 > > ------------[ cut here end]------------ > > Root Cause: > > The crash is caused by a circular locking dependency detected within > the Linux kernel's Ext4 filesystem and quota management subsystems. > Specifically, the task is attempting to acquire the dq_lock > (&dquot->dq_lock) in the dquot_commit function (fs/quota/dquot.c:507) > while another task already holds the i_data_sem lock (&ei->i_data_sem) > in the ext4_map_blocks function (fs/ext4/inode.c:665). This creates a > circular dependency where each lock is waiting for the other to be > released, potentially leading to a deadlock. Additionally, a separate > warning is raised in mm/page_alloc.c:5398 during the __alloc_pages > function, which occurs while loading SELinux policies > (security/selinux/ss/policydb.c:2531). This memory allocation warning > suggests that the system is experiencing issues allocating memory in > the context of SELinux operations, possibly exacerbated by the locking > problem. The combination of improper lock ordering in Ext4's quota > handling and concurrent memory allocation failures indicates flaws in > the synchronization mechanisms and memory management within the > kernel. These issues can lead to system instability, including > deadlocks and memory allocation failures, ultimately causing kernel > panics and crashes. Addressing these problems would require revising > the lock acquisition order to eliminate circular dependencies and > ensuring robust memory allocation handling during critical security > operations. > > Thank you for your time and attention. > > Best regards > > Wall