Qu Wenruo
43bfa08ba6
btrfs: unlock newly allocated extent buffer after error ...
commit 19ea40dddf1833db868533958ca066f368862211 upstream.
[BUG]
There is a bug report that injected ENOMEM error could leave a tree
block locked while we return to user-space:
BTRFS info (device loop0): enabling ssd optimizations
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 7579 Comm: syz-executor Not tainted 5.15.0-rc1 #16
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x8d/0xcf lib/dump_stack.c:106
fail_dump lib/fault-inject.c:52 [inline]
should_fail+0x13c/0x160 lib/fault-inject.c:146
should_failslab+0x5/0x10 mm/slab_common.c:1328
slab_pre_alloc_hook.constprop.99+0x4e/0xc0 mm/slab.h:494
slab_alloc_node mm/slub.c:3120 [inline]
slab_alloc mm/slub.c:3214 [inline]
kmem_cache_alloc+0x44/0x280 mm/slub.c:3219
btrfs_alloc_delayed_extent_op fs/btrfs/delayed-ref.h:299 [inline]
btrfs_alloc_tree_block+0x38c/0x670 fs/btrfs/extent-tree.c:4833
__btrfs_cow_block+0x16f/0x7d0 fs/btrfs/ctree.c:415
btrfs_cow_block+0x12a/0x300 fs/btrfs/ctree.c:570
btrfs_search_slot+0x6b0/0xee0 fs/btrfs/ctree.c:1768
btrfs_insert_empty_items+0x80/0xf0 fs/btrfs/ctree.c:3905
btrfs_new_inode+0x311/0xa60 fs/btrfs/inode.c:6530
btrfs_create+0x12b/0x270 fs/btrfs/inode.c:6783
lookup_open+0x660/0x780 fs/namei.c:3282
open_last_lookups fs/namei.c:3352 [inline]
path_openat+0x465/0xe20 fs/namei.c:3557
do_filp_open+0xe3/0x170 fs/namei.c:3588
do_sys_openat2+0x357/0x4a0 fs/open.c:1200
do_sys_open+0x87/0xd0 fs/open.c:1216
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x34/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x46ae99
Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48
89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d
01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f46711b9c48 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 000000000078c0a0 RCX: 000000000046ae99
RDX: 0000000000000000 RSI: 00000000000000a1 RDI: 0000000020005800
RBP: 00007f46711b9c80 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017
R13: 0000000000000000 R14: 000000000078c0a0 R15: 00007ffc129da6e0
================================================
WARNING: lock held when returning to user space!
5.15.0-rc1 #16 Not tainted
------------------------------------------------
syz-executor/7579 is leaving the kernel with locks still held!
1 lock held by syz-executor/7579:
#0 : ffff888104b73da8 (btrfs-tree-01/1){+.+.}-{3:3}, at:
__btrfs_tree_lock+0x2e/0x1a0 fs/btrfs/locking.c:112
[CAUSE]
In btrfs_alloc_tree_block(), after btrfs_init_new_buffer(), the new
extent buffer @buf is locked, but if later operations like adding
delayed tree ref fail, we just free @buf without unlocking it,
resulting above warning.
[FIX]
Unlock @buf in out_free_buf: label.
Reported-by: Hao Sun <sunhao.th@gmail.com>
Link: https://lore.kernel.org/linux-btrfs/CACkBjsZ9O6Zr0KK1yGn=1rQi6Crh1yeCRdTSBxx9R99L4xdn-Q@mail.gmail.com/
CC: stable@vger.kernel.org # 5.4+
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Denis Efremov <denis.e.efremov@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-03-16 12:49:01 +01:00
2020-12-29 13:45:05 +01:00
2018-03-11 16:21:35 +01:00
2021-11-26 11:48:42 +01:00
2020-04-24 07:59:00 +02:00
2022-01-27 08:47:38 +01:00
2016-09-26 17:59:49 +02:00
2016-09-26 18:08:44 +02:00
2016-06-07 13:41:38 -06:00
2021-08-08 08:38:53 +02:00
2021-03-24 10:59:22 +01:00
2020-08-26 10:29:03 +02:00
2016-07-26 13:52:25 +02:00
2021-07-20 16:20:59 +02:00
2016-06-25 06:20:10 -07:00
2020-02-14 16:31:07 -05:00
2016-08-03 11:02:51 +01:00
2019-07-10 09:55:46 +02:00
2016-04-28 10:59:13 +02:00
2016-09-26 18:08:44 +02:00
2020-09-03 11:21:20 +02:00
2016-09-26 17:59:49 +02:00
2020-08-26 10:29:03 +02:00
2020-08-26 10:29:03 +02:00
2020-11-18 18:26:24 +01:00
2020-09-12 11:47:35 +02:00
2020-02-28 15:42:12 +01:00
2022-03-16 12:49:01 +01:00
2021-06-10 12:42:36 +02:00
2021-06-16 11:36:34 +02:00
2021-03-03 17:44:36 +01:00
2016-09-26 19:37:04 +02:00
2016-10-12 13:16:00 -07:00
2017-06-24 07:11:17 +02:00
2016-06-06 14:08:28 +02:00
2020-01-29 10:24:31 +01:00
2021-09-22 11:42:57 +02:00
2021-05-22 10:40:16 +02:00
2021-07-20 16:20:59 +02:00
2016-09-26 18:08:44 +02:00
2018-12-08 13:05:11 +01:00
2020-02-28 15:42:53 +01:00
2016-05-30 12:58:21 +01:00
2016-09-26 18:08:44 +02:00
2016-07-26 13:54:22 +02:00
2020-12-29 13:45:04 +01:00
2016-08-25 03:58:21 -07:00
2021-03-11 13:48:03 +01:00
2020-11-10 10:23:57 +01:00
2021-05-22 10:40:17 +02:00
2019-05-31 06:48:12 -07:00
2020-12-29 13:45:05 +01:00
2022-02-23 11:56:39 +01:00
2018-12-08 13:05:12 +01:00
2020-08-26 10:29:03 +02:00
2019-05-31 06:48:12 -07:00
2021-07-20 16:20:56 +02:00
2016-09-26 19:37:04 +02:00
2018-12-08 13:05:13 +01:00
2018-12-08 13:05:12 +01:00
2021-11-26 11:48:21 +01:00
2016-08-25 03:58:32 -07:00
2016-05-25 22:35:14 +02:00
2020-01-04 13:38:57 +01:00
2020-12-11 13:37:58 +01:00
2019-12-21 10:41:57 +01:00
2016-09-27 21:06:22 -04:00
2016-05-17 19:17:09 -04:00
2016-09-26 18:08:44 +02:00
43bfa08ba6