From patchwork Mon May 14 06:57:31 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tetsuo Handa X-Patchwork-Id: 10396987 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 53CCD60216 for ; Mon, 14 May 2018 06:57:43 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 41D3628EC4 for ; Mon, 14 May 2018 06:57:43 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 365AD28ED1; Mon, 14 May 2018 06:57:43 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 80A8F28EC4 for ; Mon, 14 May 2018 06:57:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A8F2C6B0007; Mon, 14 May 2018 02:57:40 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id A3E156B0008; Mon, 14 May 2018 02:57:40 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 956996B000A; Mon, 14 May 2018 02:57:40 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg0-f70.google.com (mail-pg0-f70.google.com [74.125.83.70]) by kanga.kvack.org (Postfix) with ESMTP id 4F8726B0007 for ; Mon, 14 May 2018 02:57:40 -0400 (EDT) Received: by mail-pg0-f70.google.com with SMTP id f19-v6so5814402pgv.4 for ; Sun, 13 May 2018 23:57:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:message-id :subject:from:to:cc:mime-version:date:content-transfer-encoding; bh=RVfrI61n87xTLU5KzZgJzNLf2wN59RtyiESpTv5Hlv0=; b=XJ06Q3xS+A4nKQpunK3lJhLHVhoqZJdqnP7h0ZFiSwZ4f8HgV3J3dBxej1FuTwFNV/ o+sHjcpaho5mSSTd5YeIsZY5IYdpx2bIA2mRj3++XsLPGiu6XV1/aL6lcLEdLBnizrKL 1sn+JOR+jjr9KJI1jyxzJRjpu6tQYexQZnpB3/EQnAAxmHYIegeYc7B+V8c11QGi1HOU 7Oq/WStjJL6gLckTHqraqlK2JW3CY7iw6+YZwfniTD7v4JfBNevNz0JlBQMCIl+w5mt+ AShtkfUAeVBPNoaSNZQTX/fQhlex7RcsQ5kQOOqDqaHuCzlfTOWUPR57Ah/H9qYj+4Xb Sn5Q== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of penguin-kernel@i-love.sakura.ne.jp designates 202.181.97.72 as permitted sender) smtp.mailfrom=penguin-kernel@i-love.sakura.ne.jp X-Gm-Message-State: ALKqPwcHNl58o5aWU/UdhtU+joYnSQq7hD9KxzwlYFnBkcnIs4mz3yGi YQMPzRfBh+JnuWRbQQl1XB2b3b/KOG6pLslhsH9ofUVTi8dO7r7xoQzDkEAcsFP+lzlbVNDI2sT OefkL5/T8E3QbzRjsBwLejmN/YTttwbNnlFYMaWwR4hEWqje9Mbzc4zg9VQAJ7v+TGA== X-Received: by 2002:a17:902:82c3:: with SMTP id u3-v6mr8495061plz.83.1526281059980; Sun, 13 May 2018 23:57:39 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqJVb/ud1W4EYPHxrxOrLWUhKdYTJmpSdPCGysZgCn3QmilfoTLx4fQfyjrA0VQc/5jEi1Q X-Received: by 2002:a17:902:82c3:: with SMTP id u3-v6mr8495024plz.83.1526281059052; Sun, 13 May 2018 23:57:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526281059; cv=none; d=google.com; s=arc-20160816; b=rYPtLpVaM3DSA5EvOILPnBaB92jLZvVYqswSJ9DHY/kPpXsTvAO2THVGwcBg11QfzL GkOhRZo631dClqTfcMHyPPO4kgh3CVY9iYRg+Djr1pPpIsprXjtyuKumjhFDDNp7Fb0e ktBybJttTWtjpUQgJbEK9S38MVIL5VcQlXIzMuSAzcGZM7wzcDmeZxmX54oOYjWuTnl8 si1SZ61XwKgAlXkRlBczBqTJqbOhDIBXNpRo4NUh+9Ds1m4ltaR1kPtBoSCb+MFfACdu M1DIC9bsgaidK6G0WsUuHMIGbNHlC4kg7z2hp2DMVTV+3BsuryoOVrs/89VAvmAAe9ql Ju/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:date:mime-version:cc:to:from:subject :message-id:arc-authentication-results; bh=RVfrI61n87xTLU5KzZgJzNLf2wN59RtyiESpTv5Hlv0=; b=q2/czq9nNm++XbU0QNjss+uCL2oQK248U7XEJ9bEwtnAf16Adb3b2AJgP6vc9T10xN l7oWVM1oGAJ48TyA3nxoWGo0YOrvrZqV3VdgMEgRFRFxBPO0O4gjqHvRNHYrryq0zai8 CYqq1o/y0Y21BlihED27W2v9LYSIgGfcwS2+yqGCDHm+veEIXYdtEMip1PdI7bnFCPkp LpMIW+vkVXr1a8CuhXqKIAvLlWUiMB27guiT6dp4Q5tVzIIEKlIC+rsrcaY5aDX8Zp8C LERvvLgCOEHbOOjJib7JISEXZd3ev1GozV2p/DHW47J72YfuhHkTUtrPdRbsRJva59/p KWcQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of penguin-kernel@i-love.sakura.ne.jp designates 202.181.97.72 as permitted sender) smtp.mailfrom=penguin-kernel@i-love.sakura.ne.jp Received: from www262.sakura.ne.jp (www262.sakura.ne.jp. [202.181.97.72]) by mx.google.com with ESMTPS id l21-v6si3365521pgu.608.2018.05.13.23.57.38 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 13 May 2018 23:57:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of penguin-kernel@i-love.sakura.ne.jp designates 202.181.97.72 as permitted sender) client-ip=202.181.97.72; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of penguin-kernel@i-love.sakura.ne.jp designates 202.181.97.72 as permitted sender) smtp.mailfrom=penguin-kernel@i-love.sakura.ne.jp Received: from fsav102.sakura.ne.jp (fsav102.sakura.ne.jp [27.133.134.229]) by www262.sakura.ne.jp (8.14.5/8.14.5) with ESMTP id w4E6vWwi035382; Mon, 14 May 2018 15:57:32 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav102.sakura.ne.jp (F-Secure/fsigk_smtp/530/fsav102.sakura.ne.jp); Mon, 14 May 2018 15:57:32 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/530/fsav102.sakura.ne.jp) Received: from www262.sakura.ne.jp (localhost [127.0.0.1]) by www262.sakura.ne.jp (8.14.5/8.14.5) with ESMTP id w4E6vVVf035378; Mon, 14 May 2018 15:57:31 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Received: (from i-love@localhost) by www262.sakura.ne.jp (8.14.5/8.14.5/Submit) id w4E6vV4a035377; Mon, 14 May 2018 15:57:31 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Message-Id: <201805140657.w4E6vV4a035377@www262.sakura.ne.jp> X-Authentication-Warning: www262.sakura.ne.jp: i-love set sender to penguin-kernel@i-love.sakura.ne.jp using -f Subject: [PATCH] shmem: don't call =?ISO-2022-JP?B?cHV0X3N1cGVyKCkgd2hlbiBmaWxs?= =?ISO-2022-JP?B?X3N1cGVyKCkgZmFpbGVkLg==?= From: Tetsuo Handa To: syzbot+d2586fde8fdcead3647f@syzkaller.appspotmail.com, viro@ZenIV.linux.org.uk Cc: hughd@google.com, syzkaller-bugs@googlegroups.com, linux-mm@kvack.org MIME-Version: 1.0 Date: Mon, 14 May 2018 15:57:31 +0900 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From 193d9cb8b5dfc50c693d4bdd345cedb615bbf5ae Mon Sep 17 00:00:00 2001 From: Tetsuo Handa Date: Mon, 14 May 2018 15:25:13 +0900 Subject: [PATCH] shmem: don't call put_super() when fill_super() failed. syzbot is reporting NULL pointer dereference at shmem_unused_huge_count() [1]. This is because shmem_fill_super() is calling shmem_put_super() which immediately releases memory before unregister_shrinker() is called by deactivate_locked_super() after fill_super() in mount_nodev() failed. Fix this by leaving the call to shmem_put_super() to generic_shutdown_super() from kill_anon_super() from kill_litter_super() from deactivate_locked_super(). [1] https://syzkaller.appspot.com/bug?id=46e792849791f4abbac898880e8522054e032391 Signed-off-by: Tetsuo Handa Reported-by: syzbot Cc: Al Viro --- mm/shmem.c | 1 - 1 file changed, 1 deletion(-) diff --git a/mm/shmem.c b/mm/shmem.c index 9d6c7e5..18e134c 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -3843,7 +3843,6 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) return 0; failed: - shmem_put_super(sb); return err; }