From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 03185C77B76 for ; Fri, 21 Apr 2023 14:39:03 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9633A6B0072; Fri, 21 Apr 2023 10:39:02 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 910F66B0075; Fri, 21 Apr 2023 10:39:02 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7D9D66B0078; Fri, 21 Apr 2023 10:39:02 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 6E31C6B0072 for ; Fri, 21 Apr 2023 10:39:02 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 2FB5CA0434 for ; Fri, 21 Apr 2023 14:39:02 +0000 (UTC) X-FDA: 80705655324.17.6AD705D Received: from mail-lf1-f53.google.com (mail-lf1-f53.google.com [209.85.167.53]) by imf01.hostedemail.com (Postfix) with ESMTP id 506084000F for ; Fri, 21 Apr 2023 14:39:00 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=google.com header.s=20221208 header.b=g3rmUy97; spf=pass (imf01.hostedemail.com: domain of dvyukov@google.com designates 209.85.167.53 as permitted sender) smtp.mailfrom=dvyukov@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1682087940; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=uE8L66mYi61Gg000YX9CaB4PguSbhnlIM05Rg2iq/GU=; b=NEPbUeJ3lOPJYo8x/FiCUPcbbZckUWcT/Mxw6Y98jK7Ej2hyBWib/Dkh7DMPQSfiTt9xos fEB9+brUiVZbyzn8ElrPgcOfJIVUBpkTZEmsTDvWWjzXBskBhpBNAbl1br8aRxZsO3ggRl jkQjohmQVKweyR5+Fs4dbDbrvCEztTI= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=google.com header.s=20221208 header.b=g3rmUy97; spf=pass (imf01.hostedemail.com: domain of dvyukov@google.com designates 209.85.167.53 as permitted sender) smtp.mailfrom=dvyukov@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1682087940; a=rsa-sha256; cv=none; b=uZ4rPM+rKJISL0UxTqawbLLJviohnS5tWRyq6Ce2iZYn1ian3db3gxYMLo/0DZkrYbdy6Q P9zJ0tTyyDFKpqHncj42sLytHFeGnzyXDRVMTfj5TUUPPUeajZ5F9b6L/uVrAtl5ziCYMZ xSnatly8S9UPpQadafNcVs1eXCONsdw= Received: by mail-lf1-f53.google.com with SMTP id 2adb3069b0e04-4edc63e066fso7012e87.1 for ; Fri, 21 Apr 2023 07:38:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1682087938; x=1684679938; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=uE8L66mYi61Gg000YX9CaB4PguSbhnlIM05Rg2iq/GU=; b=g3rmUy97ewR5Qob/EIc0qirnHyGan7c3n7pweFBrjd4IKEX1NVaHijC/5eHO4MNEDW Ff3BUAQNyy0m/fGS9YWwhDtiFnB5bLlPAjjH6fTEFwOvUJbkRqH9u3P763jj6of+sfJV eh1paFZ6ywkGWJqWKXSSu3i6LkZ0rb1dLjXid+GjA3s3hyJwVUlPonXyw6Cz30d88pjH TLOU/sY30TqTHGlXm0/qbIZsfLkAThaztVPBD3OR4nmNuVPX6xNzmzb7bGHzouRJKy77 iQTEbiCwwv2DBX8+uESfd1BeUMHZ/N3avr3F3IScinfFcGzEoNS/DlIRNt1JSYsaTWTy mWzw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682087938; x=1684679938; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=uE8L66mYi61Gg000YX9CaB4PguSbhnlIM05Rg2iq/GU=; b=mCF0UAb1unCU4gLknI/itMeL+StIcNoQ83EU7Gw9vduTrgSKGeuFedJMnMsmPxUxeg 0nHO8Dz/aviGtvssZHXmapDvIppPEfNCPSvgXHz9np9e1DvXRNrZPmCvDmF+LtGpwbZJ TobzJ/goeIjz3HpEKyDRE9UD8bxjVeWdNOzjD0tyFK6ldfNX82O98SBsFg1IKctKVmMi ngGZcP1RWrdWjhObBHo01RSWmwd83LoNAhICxjypEgs3FSWmJWgiDToMz6CXNEZ7iDhm 30+Dr8CB0Y7V4og+L+ULn2PAjEG3BVtslMa8EuaPQb48nm1NH86RnX2wPaPwH+290IDB GtnQ== X-Gm-Message-State: AAQBX9dnzU5uupgmRze1MTb5pg2HlFPvC6JTEe7qYfKK63YAmHFxlPKa /4ctbPnejhvjgCN+82210sRg7EILlxhljrrp6sjVxA== X-Google-Smtp-Source: AKy350ZyOfS4dtZ34VvdRpYL23nzMtyNO31vto5RCBtSVg3taplS7QBs38rFKaUmF1n0vGPY0tnESQznqaXNiGiGREk= X-Received: by 2002:a05:6512:110a:b0:4ed:af48:f8bb with SMTP id l10-20020a056512110a00b004edaf48f8bbmr104792lfg.5.1682087938324; Fri, 21 Apr 2023 07:38:58 -0700 (PDT) MIME-Version: 1.0 References: <00000000000058b63f05f9d98811@google.com> In-Reply-To: <00000000000058b63f05f9d98811@google.com> From: Dmitry Vyukov Date: Fri, 21 Apr 2023 16:38:45 +0200 Message-ID: Subject: Re: [syzbot] [cgroups?] [mm?] KCSAN: data-race in drain_all_stock / drain_obj_stock (4) To: syzbot Cc: akpm@linux-foundation.org, bpf@vger.kernel.org, cgroups@vger.kernel.org, hannes@cmpxchg.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, mhocko@kernel.org, muchun.song@linux.dev, roman.gushchin@linux.dev, shakeelb@google.com, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 506084000F X-Stat-Signature: kauj78umzeock5y683o19s8fbxfn55wa X-HE-Tag: 1682087940-34702 X-HE-Meta: U2FsdGVkX19RpG6V/Ev5dptwoFAgrRhxndPm3kpZX1tm7sva2tExCBnkgGcj/T3qDek8LBr2q0UegX/MId8myxSqtXZ0sgRyJcx5Ayg5heVNwZJHLjYmjv5rSvXdTyzsiTpmZA63JU3Try4fyn6EADXb5GOGVgF/PM7qj9qfPB7P/GUi7JtU2ddKQf/iyhCgaKnHY9EiAY1sPXWaYzgQAE4XMeI6diWRvibazC0bSUKzQIHwuYah45qAWJ5KplCvZEczUB2+4UNcjYOW7zsaHGso8iBLC+aNY9l6tm1Av+lT/pMQuWrXtxqZZlfSlEJ41vPzXKX/UjWOnAlZmlzwqB8oKlihIJcczAcOnOfAmXmmwFANzWSsl/imlNb2wo0MYCSEsyBCo867/XFsSaksxqSwh/pXgADm+4SsyNPJ0f5k/E5tjhTsg8gxdWbEc4FLdiVDlS+gM8Iq3TSqCMOwiQNzhyRa1tsm1dKPd2awCi0Hzl5pDqG2V3htvxCz3GhSvUOGSCUcUWOiFRqnF8luOHojR/zV0pQO4evKp9MOJ5lotf3XGZcY6auhQFKHEdm1XetQJIn/rKjgQ74b3fZVsPsaecWhDYrpZHYuyoqIiphBGILf6fiqYLLyMjCYjVKj1aIoPwJSYXdoZObk17ucC5h+xJ05a2zHh7SpIwF45eau23H7o8dMXeSFe0/bKjnfpQFgG7mD9Hf9dLyXYLtWrfNN4LYxxpd/P6joztUymnUDxY1kUiDFgBWbtZ4KL9WzSobkSyliBnlUcHUVagiKhu7Qfi017yLns8l5M+IjeJv6NXePa5BC2WnVVhulkK2GZpqtlpeP39KNbCSDgiG5bMbq1o6+8CJ4k4tuSU20vAqpayGTNV1yYBb//+GE/V6w8MoD2+kzYbAYNlakRZNTbgc3IaeC6CWzq6BlWNfSoHnGHf6Bt/G7QlhwGwzjliT3J9iS/4XObQXdULPsdp4 HTXNFatu pZiOe72+VHJdIVPKwMdsQxiH5f+Fqi/fngFiwsVgETmlSGUzss0UfsYR7Ye8UJeRz+fnEn9cbEH1NaF/rkyM9ph8a6wqD3rjTd1F3lwG73yAHHUDQpqxfcrSNfOa19PSdYSfvhAQGfIArPai2sZHKs0VJyWJxbAM7Ft6tTiPsudY7eIigMNoWCJ0UOqpvzhlaVv9IjMZXXcwq7YgHHeuIW/tn6Z75iiP5Fs/bflZNBjyjlr8i6rL6pipPk0RCpHh/tJ/ahQEGyN9vALESyxml/+HjTTBJ62xrYdLTfwCFL59RQwiEIl0T1qhiZQDxC9KEXPGMziZYz/4ao+oZFpf+psKQV0pMexxw+aNp1YCr/h7fFcL7fxCh21tQSIKdiKBC4dl8PAHILbZyqCSfzYfLlPBvILxgwzlRGWJnukt8jx6PrBiGTl1ma9O/y6SHv3YMgFyPMaGuirf/dTFz+VtHjclKBRMKebhKC19B6EZKhRc/QEOfp2YCCkiFV6qeoWI3XjcPW5Y/H8KCWNE5p6BOuZwIzx/Z8D9kcf0eBhT8OQON1zkjPBCJBcNmyd95e+dkmSNEJciSEiIivH7/edDeVYFVSqp32QHCXcxTSDdV2tCq22HU7AY1szRZgGdqtl7CHC6F+IXt2O3yNGti6PNKByhEb1dLZZoXTmaCBpDg+mff/vVtAEMNzq3j46z/VPqrMGrBYjqvsFfWF4TtqfUKZwXUHkHn/tTwzYJrMvhr4GqSHsuyqcUrXobdcIL4CNBvAb9o+jgSjEFy2ghOAl/AKh7hdsagfyCIEuTwYjoW+y/OhfISLDXvhcB1q+x9kb846tgiEpEmz8YxqF9iTDV7FDtMIUmd97lAqXMc3bdF0XLtOH7fL/wGSPAC+vXBK14CRAXFce7VGeoZfPYjzB3J1//0+ewo41EOuUi8c0UpuIXwdil/HAX7hRxulPS+J1BrFaY9nMnfnXzgu4Sq20zzmfKuTQUw Uyt1Ygzq f+c4A2liYaolJsYLRxBmyUBxdGdcZhhPaq+w/c1WF1KyCgFJQn1moP0FI2MVMIX8KSyPceHMzraZ9Io00WxKPesaInSOT47f X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, 21 Apr 2023 at 16:33, syzbot wrote: > > Hello, > > syzbot found the following issue on: > > HEAD commit: 534293368afa Merge tag 'kbuild-fixes-v6.3' of git://git.ke.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=11a0c26ec80000 > kernel config: https://syzkaller.appspot.com/x/.config?x=85fa20c996a2e46d > dashboard link: https://syzkaller.appspot.com/bug?extid=774c29891415ab0fd29d > compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 > > Unfortunately, I don't have any reproducer for this issue yet. > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/ec0e584af797/disk-53429336.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/423a67f52f94/vmlinux-53429336.xz > kernel image: https://storage.googleapis.com/syzbot-assets/8409b9716faa/bzImage-53429336.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+774c29891415ab0fd29d@syzkaller.appspotmail.com Here this: stock->cached_objcg = NULL; runs concurrently with: if (stock->cached_objcg) { memcg = obj_cgroup_memcg(stock->cached_objcg); If I am reading this correctly, this can cause a NULL deref, if cached_objcg is reset between the check and the use. > ================================================================== > BUG: KCSAN: data-race in drain_all_stock / drain_obj_stock > > write to 0xffff888237c2a2f8 of 8 bytes by task 19625 on cpu 0: > drain_obj_stock+0x408/0x4e0 mm/memcontrol.c:3306 > refill_obj_stock+0x9c/0x1e0 mm/memcontrol.c:3340 > obj_cgroup_uncharge+0xe/0x10 mm/memcontrol.c:3408 > memcg_slab_free_hook mm/slab.h:587 [inline] > __cache_free mm/slab.c:3373 [inline] > __do_kmem_cache_free mm/slab.c:3577 [inline] > kmem_cache_free+0x105/0x280 mm/slab.c:3602 > __d_free fs/dcache.c:298 [inline] > dentry_free fs/dcache.c:375 [inline] > __dentry_kill+0x422/0x4a0 fs/dcache.c:621 > dentry_kill+0x8d/0x1e0 > dput+0x118/0x1f0 fs/dcache.c:913 > __fput+0x3bf/0x570 fs/file_table.c:329 > ____fput+0x15/0x20 fs/file_table.c:349 > task_work_run+0x123/0x160 kernel/task_work.c:179 > resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] > exit_to_user_mode_loop+0xcf/0xe0 kernel/entry/common.c:171 > exit_to_user_mode_prepare+0x6a/0xa0 kernel/entry/common.c:203 > __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline] > syscall_exit_to_user_mode+0x26/0x140 kernel/entry/common.c:296 > do_syscall_64+0x4d/0xc0 arch/x86/entry/common.c:86 > entry_SYSCALL_64_after_hwframe+0x63/0xcd > > read to 0xffff888237c2a2f8 of 8 bytes by task 19632 on cpu 1: > obj_stock_flush_required mm/memcontrol.c:3319 [inline] > drain_all_stock+0x174/0x2a0 mm/memcontrol.c:2361 > try_charge_memcg+0x6d0/0xd10 mm/memcontrol.c:2703 > try_charge mm/memcontrol.c:2837 [inline] > mem_cgroup_charge_skmem+0x51/0x140 mm/memcontrol.c:7290 > sock_reserve_memory+0xb1/0x390 net/core/sock.c:1025 > sk_setsockopt+0x800/0x1e70 net/core/sock.c:1525 > udp_lib_setsockopt+0x99/0x6c0 net/ipv4/udp.c:2692 > udp_setsockopt+0x73/0xa0 net/ipv4/udp.c:2817 > sock_common_setsockopt+0x61/0x70 net/core/sock.c:3668 > __sys_setsockopt+0x1c3/0x230 net/socket.c:2271 > __do_sys_setsockopt net/socket.c:2282 [inline] > __se_sys_setsockopt net/socket.c:2279 [inline] > __x64_sys_setsockopt+0x66/0x80 net/socket.c:2279 > do_syscall_x64 arch/x86/entry/common.c:50 [inline] > do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 > entry_SYSCALL_64_after_hwframe+0x63/0xcd > > value changed: 0xffff8881382d52c0 -> 0xffff888138893740 > > Reported by Kernel Concurrency Sanitizer on: > CPU: 1 PID: 19632 Comm: syz-executor.0 Not tainted 6.3.0-rc2-syzkaller-00387-g534293368afa #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 > ================================================================== > > > --- > This report is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@googlegroups.com. > > syzbot will keep track of this issue. See: > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > -- > You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group. > To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/00000000000058b63f05f9d98811%40google.com.