On Wed, Jun 05, 2019 at 02:54:01PM +0100, Mark Rutland wrote:
> Hi All,
>
> While fuzzing arm64 v5.2-rc3, Syzkaller started hitting splats of the
> form:
>
> BUG: Dentry (____ptrval____){i=1,n=/} still in use (2) [unmount of bpf bpf]
>
> ... which I can reliably reproduce with the following C program
> (partially minimized from what Syzkaller auto-generated).
>
> It looks like any filesystem will do. I've seen splats with "bpf",
> "hugetlbfs", "rpc_pipefs", and "tmpfs", and can reproduce the problem
> with any of these.
>
> Any ideas?
>
> I'm using the config from my fuzzing/5.2-rc3 branch on kernel.org [1].
>
> Thanks,
> Mark.
>
> ----
> #include <unistd.h>
> #include <sys/syscall.h>
>
> /*
> * NOTE: these are the arm64 numbers
> */
> #ifndef __NR_fsconfig
> #define __NR_fsconfig 431
> #endif
> #ifndef __NR_fsmount
> #define __NR_fsmount 432
> #endif
> #ifndef __NR_fsopen
> #define __NR_fsopen 430
> #endif
>
> int main(void)
> {
> int fs, mnt;
>
> fs = syscall(__NR_fsopen, "bpf", 0);
> syscall(__NR_fsconfig, fs, 6, 0, 0, 0);
> mnt = syscall(__NR_fsmount, fs, 0, 0);
> fchdir(mnt);
>
> close(fs);
> close(mnt);
> }
>
David and Al, is sys_fsmount() missing a call to mntget()?
- Eric
