Re: WARNING: lock held when returning to user space in grab_super

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello, Tejun.

[ 1100.561812] FAULT_INJECTION: forcing a failure.
[ 1100.561812] name failslab, interval 1, probability 0, space 0, times 0
[ 1100.625231] CPU: 1 PID: 29677 Comm: syz-executor0 Not tainted 4.20.0+ #396
[ 1100.632289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1100.641646] Call Trace:
[ 1100.644355]  dump_stack+0x1d3/0x2c6
[ 1100.662152]  should_fail.cold.4+0xa/0x17
[ 1100.709512]  __should_failslab+0x124/0x180
[ 1100.713784]  should_failslab+0x9/0x14
[ 1100.717604]  kmem_cache_alloc+0x2c4/0x730
[ 1100.721784]  __d_alloc+0xc8/0xb90
[ 1100.755462]  d_alloc+0x96/0x380
[ 1100.775659]  d_alloc_parallel+0x15a/0x1f40
[ 1100.852877]  __lookup_slow+0x1e6/0x540
[ 1100.864887]  lookup_slow+0x57/0x80
[ 1100.868448]  lookup_one_len_unlocked+0xf1/0x100
[ 1100.876873]  kernfs_node_dentry+0x1c7/0x2d0
[ 1100.881215]  cgroup_do_mount+0x1b1/0x330
[ 1100.899627]  cgroup_mount+0xb6d/0xd30
[ 1100.937317]  mount_fs+0xae/0x31d
[ 1100.940710]  vfs_kern_mount.part.35+0xdc/0x4f0
[ 1100.957015]  do_mount+0x581/0x31f0
[ 1100.998447]  ksys_mount+0x12d/0x140
[ 1101.002098]  __x64_sys_mount+0xbe/0x150
[ 1101.006095]  do_syscall_64+0x1b9/0x820

[ 1101.127520] WARNING: lock held when returning to user space!
[ 1101.133310] 4.20.0+ #396 Not tainted
[ 1101.137004] ------------------------------------------------
[ 1101.142780] syz-executor0/29677 is leaving the kernel with locks still held!
[ 1101.149944] 1 lock held by syz-executor0/29677:
[ 1101.154599]  #0: 00000000ec5f6915 (&type->s_umount_key#43){++++}, at: grab_super+0xcc/0x400

According to commit 633feee310de6b6c ("cgroup: refactor mount path and
clearly distinguish v1 and v2 paths"), cgroup_do_mount() is failing to
do full teardown steps for kernfs_mount() (deactivate_locked_super() ?)
when kernfs_node_dentry() failed.

+       if (!IS_ERR(dentry) && ns != &init_cgroup_ns) {
+               struct dentry *nsdentry;
+               struct cgroup *cgrp;

-       if (is_v2) {
-               if (data) {
-                       pr_err("cgroup2: unknown option \"%s\"\n", (char *)data);
-                       put_cgroup_ns(ns);
-                       return ERR_PTR(-EINVAL);
-               }
-               cgrp_dfl_visible = true;
-               root = &cgrp_dfl_root;
-               cgroup_get(&root->cgrp);
-               goto out_mount;
+               mutex_lock(&cgroup_mutex);
+               spin_lock_irq(&css_set_lock);
+
+               cgrp = cset_cgroup_from_root(ns->root_cset, root);
+
+               spin_unlock_irq(&css_set_lock);
+               mutex_unlock(&cgroup_mutex);
+
+               nsdentry = kernfs_node_dentry(cgrp->kn, dentry->d_sb);
+               dput(dentry);
+               dentry = nsdentry;
        }

+       if (IS_ERR(dentry) || !new_sb)
+               cgroup_put(&root->cgrp);
+
+       return dentry;
+}




[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux