From: Dongliang Mu <mudongliangabcd@xxxxxxxxx> When syzkaller injects fault into memory allocation at bpf_prog_array_alloc, the kernel encounters a memory failure and returns non-zero, thus leading to one WARN_ON at bpf_cgroup_link_release. The stack trace is as follows: __kmalloc+0x7e/0x3d0 bpf_prog_array_alloc+0x4f/0x60 compute_effective_progs+0x132/0x580 ? __sanitizer_cov_trace_pc+0x1a/0x40 update_effective_progs+0x5e/0x260 __cgroup_bpf_detach+0x293/0x760 bpf_cgroup_link_release+0xad/0x400 bpf_link_free+0xca/0x190 bpf_link_put+0x161/0x1b0 bpf_link_release+0x33/0x40 __fput+0x286/0x9f0 Fix this by removing the WARN_ON for __cgroup_bpf_detach. Reported-by: syzkaller <syzkaller@xxxxxxxxxxxxxxxx> Signed-off-by: Dongliang Mu <mudongliangabcd@xxxxxxxxx> --- kernel/bpf/cgroup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c index 514b4681a90a..fdbdcee6c9fa 100644 --- a/kernel/bpf/cgroup.c +++ b/kernel/bpf/cgroup.c @@ -896,8 +896,8 @@ static void bpf_cgroup_link_release(struct bpf_link *link) return; } - WARN_ON(__cgroup_bpf_detach(cg_link->cgroup, NULL, cg_link, - cg_link->type)); + __cgroup_bpf_detach(cg_link->cgroup, NULL, cg_link, + cg_link->type); cg = cg_link->cgroup; cg_link->cgroup = NULL; -- 2.25.1
