From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mail-it1-f195.google.com ([209.85.166.195]:38473 "EHLO
        mail-it1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1729430AbeKFSrr (ORCPT
        <rfc822;linux-fsdevel@vger.kernel.org>);
        Tue, 6 Nov 2018 13:47:47 -0500
Received: by mail-it1-f195.google.com with SMTP id k141-v6so14890629itk.3
        for <linux-fsdevel@vger.kernel.org>; Tue, 06 Nov 2018 01:23:29 -0800 (PST)
MIME-Version: 1.0
In-Reply-To: <154149557692.17196.12607896696117775780.stgit@localhost.localdomain>
References: <154149557692.17196.12607896696117775780.stgit@localhost.localdomain>
From: Miklos Szeredi <miklos@szeredi.hu>
Date: Tue, 6 Nov 2018 10:23:28 +0100
Message-ID: <CAJfpegtMmrvnZE3xtMDNTmF=pSmqFROtehamivbLeAh2E_qZ6Q@mail.gmail.com>
Subject: Re: [PATCH] fuse: Put leaked request on error path of fuse_retrieve()
To: Kirill Tkhai <ktkhai@virtuozzo.com>
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On Tue, Nov 6, 2018 at 10:13 AM, Kirill Tkhai <ktkhai@virtuozzo.com> wrote:
> fuse_request_send_notify_reply() may fail, and this case
> it remains leaked (fuse_retrieve_end(), which is called
> on error path, does not do that). Also, fc->num_waiting,
> will never be decremented, and fuse_wait_aborted() will
> never finish. So, put the request patently.
>
> Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>

Posted same patch yesterday for a syzbot report.   How did you notice this?

Thanks,
Miklos


> ---
>  fs/fuse/dev.c |    4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
> index ae813e609932..6fe330cc9709 100644
> --- a/fs/fuse/dev.c
> +++ b/fs/fuse/dev.c
> @@ -1768,8 +1768,10 @@ static int fuse_retrieve(struct fuse_conn *fc, struct inode *inode,
>         req->in.args[1].size = total_len;
>
>         err = fuse_request_send_notify_reply(fc, req, outarg->notify_unique);
> -       if (err)
> +       if (err) {
>                 fuse_retrieve_end(fc, req);
> +               fuse_put_request(fc, req);
> +       }
>
>         return err;
>  }
>