On Wednesday, May 22, 2019 6:29:46 PM CEST, Al Viro wrote:
On Wed, May 22, 2019 at 05:44:30PM +0200, Vicente Bergas wrote: ... IOW, here we have also run into bogus hlist forward pointer or head - same 0x1000000 in one case and 0x0000880001000000 in two others. Have you tried to see if KASAN catches anything on those loads? Use-after-free, for example... Another thing to try: slap WARN_ON(entry->d_flags & DCACHE_NORCU); in __d_rehash() and see if it triggers.
Hi, i have been running 3 days with KASAN enabled and also with diff a/fs/dcache.c b/fs/dcache.c @@ -2395,3 +2395,4 @@ static void __d_rehash(struct dentry *entry) struct hlist_bl_head *b = d_hash(entry->d_name.hash); + WARN_ON(entry->d_flags & DCACHE_NORCU); hlist_bl_lock(b); but the issue has not appeared again. Next week i will try -rc2 without KASAN and with WARN_ON and see if it triggers. Regards, Vicenç.
