syzbot


KCSAN: data-race in __d_rehash / retain_dentry (2)

Status: auto-closed as invalid on 2022/07/12 06:48
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 174d, last: 174d
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __d_rehash / retain_dentry 1 576d 576d 0/24 auto-closed as invalid on 2021/06/05 04:33

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __d_rehash / retain_dentry

write to 0xffff8881037d43d0 of 8 bytes by task 1829 on cpu 0:
 hlist_bl_add_head_rcu include/linux/rculist_bl.h:81 [inline]
 __d_rehash+0xb9/0x1f0 fs/dcache.c:2545
 __d_add+0x355/0x470 fs/dcache.c:2739
 d_splice_alias+0xd5/0x310 fs/dcache.c:3126
 proc_sys_lookup+0x3bc/0x470 fs/proc/proc_sysctl.c:555
 lookup_open fs/namei.c:3352 [inline]
 open_last_lookups fs/namei.c:3444 [inline]
 path_openat+0xb0f/0x1b30 fs/namei.c:3650
 do_filp_open+0x105/0x220 fs/namei.c:3680
 do_sys_openat2+0xb5/0x2a0 fs/open.c:1278
 do_sys_open fs/open.c:1294 [inline]
 __do_sys_openat fs/open.c:1310 [inline]
 __se_sys_openat fs/open.c:1305 [inline]
 __x64_sys_openat+0xef/0x110 fs/open.c:1305
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x46/0xb0

read to 0xffff8881037d43d0 of 8 bytes by task 1828 on cpu 1:
 hlist_bl_unhashed include/linux/list_bl.h:54 [inline]
 d_unhashed include/linux/dcache.h:332 [inline]
 retain_dentry+0x40/0x190 fs/dcache.c:668
 dput+0x10e/0x1f0 fs/dcache.c:908
 __fput+0x3dd/0x510 fs/file_table.c:330
 ____fput+0x11/0x20 fs/file_table.c:350
 task_work_run+0x8e/0x110 kernel/task_work.c:177
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop+0x124/0x130 kernel/entry/common.c:169
 exit_to_user_mode_prepare kernel/entry/common.c:201 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
 syscall_exit_to_user_mode+0x6a/0x90 kernel/entry/common.c:294
 do_syscall_64+0x37/0x70 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x46/0xb0

value changed: 0xffff888237b9e9f8 -> 0xffff8881027dbe48

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 1828 Comm: syz-executor.0 Not tainted 5.19.0-rc1-syzkaller-00003-ge71e60cd74df-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
chnl_net:caif_netlink_parms(): no params data found
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered disabled state
device bridge_slave_0 entered promiscuous mode
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_1 entered promiscuous mode
bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
team0: Port device team_slave_0 added
team0: Port device team_slave_1 added
batman_adv: batadv0: Adding interface: batadv_slave_0
batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
batman_adv: batadv0: Adding interface: batadv_slave_1
batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
device hsr_slave_0 entered promiscuous mode
device hsr_slave_1 entered promiscuous mode
debugfs: Directory 'hsr0' with parent 'hsr' already present!
Cannot create hsr debugfs directory
netdevsim netdevsim0 netdevsim0: renamed from eth0
netdevsim netdevsim0 netdevsim1: renamed from eth1
netdevsim netdevsim0 netdevsim2: renamed from eth2
netdevsim netdevsim0 netdevsim3: renamed from eth3
8021q: adding VLAN 0 to HW filter on device bond0
8021q: adding VLAN 0 to HW filter on device team0
IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
8021q: adding VLAN 0 to HW filter on device batadv0
device veth0_vlan entered promiscuous mode
device veth1_vlan entered promiscuous mode
device veth0_macvtap entered promiscuous mode
device veth1_macvtap entered promiscuous mode
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: batadv0: Interface activated: batadv_slave_0
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: batadv0: Interface activated: batadv_slave_1
netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2022/06/07 06:47 upstream e71e60cd74df c8857892 .config log report info KCSAN: data-race in __d_rehash / retain_dentry
* Struck through repros no longer work on HEAD.