[moderation] [fs?] KCSAN: data-race in drop_sysctl_table / proc_sys_delete
0 views
Skip to first unread message
syzbot
Mar 25, 2024, 12:26:20 AMMar 25
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 5e74df2f8f15 Merge tag 'x86-urgent-2024-03-24' of git://gi..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1100e7b9180000
kernel config: https://syzkaller.appspot.com/x/.config?x=5bd3d8ca9a9838e3
dashboard link: https://syzkaller.appspot.com/bug?extid=3f1399b5c5759d00d3d2
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [j.gra...@samsung.com kees...@chromium.org linux-...@vger.kernel.org linux-...@vger.kernel.org mcg...@kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c4a508894ded/disk-5e74df2f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/89a9561059b8/vmlinux-5e74df2f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/61aca4c58ef2/bzImage-5e74df2f.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3f1399...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in drop_sysctl_table / proc_sys_delete
write to 0xffff88815b7a1418 of 8 bytes by task 27126 on cpu 0:
start_unregistering fs/proc/proc_sysctl.c:301 [inline]
drop_sysctl_table+0x97/0x290 fs/proc/proc_sysctl.c:1498
drop_sysctl_table+0x1ef/0x290 fs/proc/proc_sysctl.c:1505
unregister_sysctl_table+0x30/0x50 fs/proc/proc_sysctl.c:1523
unregister_net_sysctl_table+0x15/0x20 net/sysctl_net.c:185
__devinet_sysctl_unregister net/ipv4/devinet.c:2612 [inline]
devinet_sysctl_unregister net/ipv4/devinet.c:2640 [inline]
inetdev_destroy net/ipv4/devinet.c:328 [inline]
inetdev_event+0x614/0xb10 net/ipv4/devinet.c:1628
notifier_call_chain kernel/notifier.c:93 [inline]
raw_notifier_call_chain+0x6f/0x1d0 kernel/notifier.c:461
call_netdevice_notifiers_info+0xae/0x100 net/core/dev.c:1950
call_netdevice_notifiers_extack net/core/dev.c:1988 [inline]
call_netdevice_notifiers net/core/dev.c:2002 [inline]
unregister_netdevice_many_notify+0x83c/0xf20 net/core/dev.c:11099
unregister_netdevice_many net/core/dev.c:11157 [inline]
unregister_netdevice_queue+0x1f4/0x220 net/core/dev.c:11036
unregister_netdevice include/linux/netdevice.h:3115 [inline]
lapbeth_free_device drivers/net/wan/lapbether.c:437 [inline]
lapbeth_device_event+0x47d/0x6d0 drivers/net/wan/lapbether.c:472
notifier_call_chain kernel/notifier.c:93 [inline]
raw_notifier_call_chain+0x6f/0x1d0 kernel/notifier.c:461
call_netdevice_notifiers_info+0xae/0x100 net/core/dev.c:1950
call_netdevice_notifiers_extack net/core/dev.c:1988 [inline]
call_netdevice_notifiers net/core/dev.c:2002 [inline]
unregister_netdevice_many_notify+0x83c/0xf20 net/core/dev.c:11099
unregister_netdevice_many net/core/dev.c:11157 [inline]
unregister_netdevice_queue+0x1f4/0x220 net/core/dev.c:11036
unregister_netdevice include/linux/netdevice.h:3115 [inline]
nsim_destroy+0x7d/0x130 drivers/net/netdevsim/netdev.c:456
__nsim_dev_port_del+0xcd/0x100 drivers/net/netdevsim/dev.c:1425
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1437 [inline]
nsim_dev_reload_destroy+0x1a6/0x2d0 drivers/net/netdevsim/dev.c:1658
nsim_drv_remove+0x3e/0x100 drivers/net/netdevsim/dev.c:1673
nsim_bus_remove+0x15/0x20 drivers/net/netdevsim/bus.c:398
device_remove drivers/base/dd.c:566 [inline]
__device_release_driver drivers/base/dd.c:1270 [inline]
device_release_driver_internal+0x2e5/0x4f0 drivers/base/dd.c:1293
device_release_driver+0x19/0x20 drivers/base/dd.c:1316
bus_remove_device+0x26f/0x290 drivers/base/bus.c:574
device_del+0x370/0x7b0 drivers/base/core.c:3894
device_unregister+0x15/0x40 drivers/base/core.c:3935
nsim_bus_dev_del drivers/net/netdevsim/bus.c:462 [inline]
del_device_store+0x1cb/0x230 drivers/net/netdevsim/bus.c:226
bus_attr_store+0x54/0x70 drivers/base/bus.c:170
sysfs_kf_write+0xae/0xd0 fs/sysfs/file.c:136
kernfs_fop_write_iter+0x1ce/0x2c0 fs/kernfs/file.c:334
call_write_iter include/linux/fs.h:2108 [inline]
new_sync_write fs/read_write.c:497 [inline]
vfs_write+0x771/0x8e0 fs/read_write.c:590
ksys_write+0xeb/0x1b0 fs/read_write.c:643
__do_sys_write fs/read_write.c:655 [inline]
__se_sys_write fs/read_write.c:652 [inline]
__x64_sys_write+0x42/0x50 fs/read_write.c:652
do_syscall_64+0xd3/0x1d0
entry_SYSCALL_64_after_hwframe+0x6d/0x75
read to 0xffff88815b7a1418 of 8 bytes by task 2818 on cpu 1:
proc_sys_delete+0x30/0x40 fs/proc/proc_sysctl.c:890
retain_dentry fs/dcache.c:696 [inline]
fast_dput+0x200/0x2b0 fs/dcache.c:799
dput+0x24/0xd0 fs/dcache.c:839
path_put fs/namei.c:561 [inline]
terminate_walk+0xfb/0x280 fs/namei.c:685
path_openat+0x1805/0x1d80 fs/namei.c:3800
do_filp_open+0xf7/0x200 fs/namei.c:3826
do_sys_openat2+0xab/0x120 fs/open.c:1406
do_sys_open fs/open.c:1421 [inline]
__do_sys_openat fs/open.c:1437 [inline]
__se_sys_openat fs/open.c:1432 [inline]
__x64_sys_openat+0xf3/0x120 fs/open.c:1432
do_syscall_64+0xd3/0x1d0
entry_SYSCALL_64_after_hwframe+0x6d/0x75
value changed: 0x0000000000000000 -> 0xffffffffffffffea
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 2818 Comm: dhcpcd Not tainted 6.8.0-syzkaller-13236-g5e74df2f8f15 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 5e74df2f8f15 Merge tag 'x86-urgent-2024-03-24' of git://gi..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1100e7b9180000
kernel config: https://syzkaller.appspot.com/x/.config?x=5bd3d8ca9a9838e3
dashboard link: https://syzkaller.appspot.com/bug?extid=3f1399b5c5759d00d3d2
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [j.gra...@samsung.com kees...@chromium.org linux-...@vger.kernel.org linux-...@vger.kernel.org mcg...@kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c4a508894ded/disk-5e74df2f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/89a9561059b8/vmlinux-5e74df2f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/61aca4c58ef2/bzImage-5e74df2f.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3f1399...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in drop_sysctl_table / proc_sys_delete
write to 0xffff88815b7a1418 of 8 bytes by task 27126 on cpu 0:
start_unregistering fs/proc/proc_sysctl.c:301 [inline]
drop_sysctl_table+0x97/0x290 fs/proc/proc_sysctl.c:1498
drop_sysctl_table+0x1ef/0x290 fs/proc/proc_sysctl.c:1505
unregister_sysctl_table+0x30/0x50 fs/proc/proc_sysctl.c:1523
unregister_net_sysctl_table+0x15/0x20 net/sysctl_net.c:185
__devinet_sysctl_unregister net/ipv4/devinet.c:2612 [inline]
devinet_sysctl_unregister net/ipv4/devinet.c:2640 [inline]
inetdev_destroy net/ipv4/devinet.c:328 [inline]
inetdev_event+0x614/0xb10 net/ipv4/devinet.c:1628
notifier_call_chain kernel/notifier.c:93 [inline]
raw_notifier_call_chain+0x6f/0x1d0 kernel/notifier.c:461
call_netdevice_notifiers_info+0xae/0x100 net/core/dev.c:1950
call_netdevice_notifiers_extack net/core/dev.c:1988 [inline]
call_netdevice_notifiers net/core/dev.c:2002 [inline]
unregister_netdevice_many_notify+0x83c/0xf20 net/core/dev.c:11099
unregister_netdevice_many net/core/dev.c:11157 [inline]
unregister_netdevice_queue+0x1f4/0x220 net/core/dev.c:11036
unregister_netdevice include/linux/netdevice.h:3115 [inline]
lapbeth_free_device drivers/net/wan/lapbether.c:437 [inline]
lapbeth_device_event+0x47d/0x6d0 drivers/net/wan/lapbether.c:472
notifier_call_chain kernel/notifier.c:93 [inline]
raw_notifier_call_chain+0x6f/0x1d0 kernel/notifier.c:461
call_netdevice_notifiers_info+0xae/0x100 net/core/dev.c:1950
call_netdevice_notifiers_extack net/core/dev.c:1988 [inline]
call_netdevice_notifiers net/core/dev.c:2002 [inline]
unregister_netdevice_many_notify+0x83c/0xf20 net/core/dev.c:11099
unregister_netdevice_many net/core/dev.c:11157 [inline]
unregister_netdevice_queue+0x1f4/0x220 net/core/dev.c:11036
unregister_netdevice include/linux/netdevice.h:3115 [inline]
nsim_destroy+0x7d/0x130 drivers/net/netdevsim/netdev.c:456
__nsim_dev_port_del+0xcd/0x100 drivers/net/netdevsim/dev.c:1425
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1437 [inline]
nsim_dev_reload_destroy+0x1a6/0x2d0 drivers/net/netdevsim/dev.c:1658
nsim_drv_remove+0x3e/0x100 drivers/net/netdevsim/dev.c:1673
nsim_bus_remove+0x15/0x20 drivers/net/netdevsim/bus.c:398
device_remove drivers/base/dd.c:566 [inline]
__device_release_driver drivers/base/dd.c:1270 [inline]
device_release_driver_internal+0x2e5/0x4f0 drivers/base/dd.c:1293
device_release_driver+0x19/0x20 drivers/base/dd.c:1316
bus_remove_device+0x26f/0x290 drivers/base/bus.c:574
device_del+0x370/0x7b0 drivers/base/core.c:3894
device_unregister+0x15/0x40 drivers/base/core.c:3935
nsim_bus_dev_del drivers/net/netdevsim/bus.c:462 [inline]
del_device_store+0x1cb/0x230 drivers/net/netdevsim/bus.c:226
bus_attr_store+0x54/0x70 drivers/base/bus.c:170
sysfs_kf_write+0xae/0xd0 fs/sysfs/file.c:136
kernfs_fop_write_iter+0x1ce/0x2c0 fs/kernfs/file.c:334
call_write_iter include/linux/fs.h:2108 [inline]
new_sync_write fs/read_write.c:497 [inline]
vfs_write+0x771/0x8e0 fs/read_write.c:590
ksys_write+0xeb/0x1b0 fs/read_write.c:643
__do_sys_write fs/read_write.c:655 [inline]
__se_sys_write fs/read_write.c:652 [inline]
__x64_sys_write+0x42/0x50 fs/read_write.c:652
do_syscall_64+0xd3/0x1d0
entry_SYSCALL_64_after_hwframe+0x6d/0x75
read to 0xffff88815b7a1418 of 8 bytes by task 2818 on cpu 1:
proc_sys_delete+0x30/0x40 fs/proc/proc_sysctl.c:890
retain_dentry fs/dcache.c:696 [inline]
fast_dput+0x200/0x2b0 fs/dcache.c:799
dput+0x24/0xd0 fs/dcache.c:839
path_put fs/namei.c:561 [inline]
terminate_walk+0xfb/0x280 fs/namei.c:685
path_openat+0x1805/0x1d80 fs/namei.c:3800
do_filp_open+0xf7/0x200 fs/namei.c:3826
do_sys_openat2+0xab/0x120 fs/open.c:1406
do_sys_open fs/open.c:1421 [inline]
__do_sys_openat fs/open.c:1437 [inline]
__se_sys_openat fs/open.c:1432 [inline]
__x64_sys_openat+0xf3/0x120 fs/open.c:1432
do_syscall_64+0xd3/0x1d0
entry_SYSCALL_64_after_hwframe+0x6d/0x75
value changed: 0x0000000000000000 -> 0xffffffffffffffea
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 2818 Comm: dhcpcd Not tainted 6.8.0-syzkaller-13236-g5e74df2f8f15 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages