LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Michal Hocko <mhocko@kernel.org>
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: syzbot
<bot+065a25551da6c9ab4283b7ae889c707a37ab2de3@syzkaller.appspotmail.com>,
akpm@linux-foundation.org, hannes@cmpxchg.org,
hillf.zj@alibaba-inc.com, linux-kernel@vger.kernel.org,
linux-mm@kvack.org, mgorman@techsingularity.net,
minchan@kernel.org, shli@fb.com, syzkaller-bugs@googlegroups.com,
ying.huang@intel.com, Al Viro <viro@zeniv.linux.org.uk>,
Dave Chinner <david@fromorbit.com>
Subject: Re: general protection fault in __list_del_entry_valid (2)
Date: Tue, 21 Nov 2017 15:06:52 +0100 [thread overview]
Message-ID: <20171121140652.ybymoiaxd7nnargx@dhcp22.suse.cz> (raw)
In-Reply-To: <20171121140500.bgkpwcdk2dxesao4@dhcp22.suse.cz>
On Tue 21-11-17 15:05:00, Michal Hocko wrote:
> [Cc Al and Dave - email thread starts http://lkml.kernel.org/r/001a113f996099503a055e793dd3@google.com]
>
> On Tue 21-11-17 20:11:26, Tetsuo Handa wrote:
> > On 2017/11/21 16:35, syzbot wrote:
> > > Hello,
> > >
> > > syzkaller hit the following crash on ca91659962303d4fd5211a5e4e13df5cbb11e744
> > > git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master
> > > compiler: gcc (GCC) 7.1.1 20170620
> > > .config is attached
> > > Raw console output is attached.
> > >
> > > Unfortunately, I don't have any reproducer for this bug yet.
> >
> > Fault injection found an unchecked register_shrinker() return code.
> > Wow, register_shrinker()/unregister_shinker() is possibly frequently called path?
> >
> >
> > struct super_block *sget_userns(struct file_system_type *type,
> > int (*test)(struct super_block *,void *),
> > int (*set)(struct super_block *,void *),
> > int flags, struct user_namespace *user_ns,
> > void *data)
> > {
> > (...snipped...)
> > spin_unlock(&sb_lock);
> > get_filesystem(type);
> > register_shrinker(&s->s_shrink); // Error check required.
> > return s;
>
> Yes, this is the case since numa aware shrinkers were introduced.
I meant 1d3d4437eae1 ("vmscan: per-node deferred work")
> I have
> a bit hard time to follow the code flow but why cannot we simply
> register the shrinker when we allocate the new super block? We
> still have the s_umount held so the shrinker cannot race with the
> registration code.
>
> Something like the totally untested and possibly wrong
> ---
> diff --git a/fs/super.c b/fs/super.c
> index 994db21f59bf..1eb850413fdf 100644
> --- a/fs/super.c
> +++ b/fs/super.c
> @@ -506,6 +506,11 @@ struct super_block *sget_userns(struct file_system_type *type,
> s = alloc_super(type, (flags & ~SB_SUBMOUNT), user_ns);
> if (!s)
> return ERR_PTR(-ENOMEM);
> + if (register_shrinker(&s->s_shrink)) {
> + up_write(&s->s_umount);
> + destroy_super(s);
> + return ERR_PTR(-ENOMEM);
> + }
> goto retry;
> }
>
> @@ -522,7 +527,6 @@ struct super_block *sget_userns(struct file_system_type *type,
> hlist_add_head(&s->s_instances, &type->fs_supers);
> spin_unlock(&sb_lock);
> get_filesystem(type);
> - register_shrinker(&s->s_shrink);
> return s;
> }
>
> --
> Michal Hocko
> SUSE Labs
--
Michal Hocko
SUSE Labs
next prev parent reply other threads:[~2017-11-21 14:06 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <001a113f996099503a055e793dd3@google.com>
2017-11-21 11:11 ` general protection fault in __list_del_entry_valid (2) Tetsuo Handa
2017-11-21 14:05 ` Michal Hocko
2017-11-21 14:06 ` Michal Hocko [this message]
2017-11-23 11:26 ` Michal Hocko
2017-12-17 15:47 ` syzbot
2017-12-18 9:55 ` Michal Hocko
2018-01-30 20:55 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171121140652.ybymoiaxd7nnargx@dhcp22.suse.cz \
--to=mhocko@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=bot+065a25551da6c9ab4283b7ae889c707a37ab2de3@syzkaller.appspotmail.com \
--cc=david@fromorbit.com \
--cc=hannes@cmpxchg.org \
--cc=hillf.zj@alibaba-inc.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mgorman@techsingularity.net \
--cc=minchan@kernel.org \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=shli@fb.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=viro@zeniv.linux.org.uk \
--cc=ying.huang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).