From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9A47939FCE for ; Mon, 6 Jan 2025 14:06:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736172421; cv=none; b=KK/CDljU7Bbe6dyr/+Av9plUE9gHyZkzeDWSChZ4pgF6WTm8D2EjbEOfqN7s67LJ8E4YnAiCJ0kGjbFHCOWU6qlyYS2ew7072rfgQamug+L6YCi2K4EIp0Imom915d9So2EyzMe8uBKknFU97I+J29Wv23e3k1pvXTKNd8MbefY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736172421; c=relaxed/simple; bh=l28OeW/cT7IO6Fki/6h4iF/kanGNhVkxo9uSBU1njL4=; h=From:In-Reply-To:References:To:Cc:Subject:MIME-Version: Content-Type:Date:Message-ID; b=lqFr5f+d4OLn/ddv/xYVoQk4PG8ZQucDLpJMgQuCLwRD4518nEeu/DL7WG/cw37j38xxECw6Di0Yo7ZGRVLcMYS3YpSHYkHE6NRszUQ2so9vnN1SNqxSRHU0CzYzQfstaYz/FkGwWqOLqjRIEj1hzYKJLG0OdzN2a0pRQ5o7/Tk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=PunYam0T; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="PunYam0T" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1736172418; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FIZR27WoeRb+DTe3GhGcJVjvQnI8uDObKMFrLawfO78=; b=PunYam0TnzwsFrwGZk/dySQxmP5cq7Eh/fZOttm5mdg7ujrmri2pG6fs++LB9noy6u73pf Y3iyYZAda1XAEaDwKW5KK9g/vYDRk/J7vJSYs1Ty0mXaMeTt0zPbiBk34RSj0buL3HIBiG LZeuapIfz8J5aNnXaH+/Q57BNZlrPls= Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-433-W-0pI4RDPQyLtwTYnSWLEg-1; Mon, 06 Jan 2025 09:06:55 -0500 X-MC-Unique: W-0pI4RDPQyLtwTYnSWLEg-1 X-Mimecast-MFC-AGG-ID: W-0pI4RDPQyLtwTYnSWLEg Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 0FD9D19560BC; Mon, 6 Jan 2025 14:06:54 +0000 (UTC) Received: from warthog.procyon.org.uk (unknown [10.42.28.12]) by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 7BA1D19560A2; Mon, 6 Jan 2025 14:06:52 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells In-Reply-To: <676c7f0d.050a0220.2f3838.03bb.GAE@google.com> References: <676c7f0d.050a0220.2f3838.03bb.GAE@google.com> To: syzbot Cc: dhowells@redhat.com, linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org, marc.dionne@auristor.com, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] [afs?] WARNING: lock held when returning to user space in afs_proc_addr_prefs_write Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <363218.1736172411.1@warthog.procyon.org.uk> Content-Transfer-Encoding: quoted-printable Date: Mon, 06 Jan 2025 14:06:51 +0000 Message-ID: <363219.1736172411@warthog.procyon.org.uk> X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12 #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.gi= t master afs: Merge preference rule failure condition syzbot reported a lock held when returning to userspace[1]. This is because if argc is less than 0 and the function returns directly, the held inode lock is not released. Fix this by store the error in ret and jump to done to clean up instead of returning directly. [dh: Modified Lizhi Xu's original patch to make it honour the error code from afs_split_string()] [1] WARNING: lock held when returning to user space! 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 Not tainted ------------------------------------------------ syz-executor133/5823 is leaving the kernel with locks still held! 1 lock held by syz-executor133/5823: #0: ffff888071cffc00 (&sb->s_type->i_mutex_key#9){++++}-{4:4}, at: inode_= lock include/linux/fs.h:818 [inline] #0: ffff888071cffc00 (&sb->s_type->i_mutex_key#9){++++}-{4:4}, at: afs_pr= oc_addr_prefs_write+0x2bb/0x14e0 fs/afs/addr_prefs.c:388 Reported-by: syzbot+76f33569875eb708e575@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3D76f33569875eb708e575 Signed-off-by: Lizhi Xu Signed-off-by: David Howells cc: Marc Dionne cc: linux-afs@lists.infradead.org Link: https://lore.kernel.org/r/20241226012616.2348907-1-lizhi.xu@windrive= r.com/ --- diff --git a/fs/afs/addr_prefs.c b/fs/afs/addr_prefs.c index a189ff8a5034..c0384201b8fe 100644 --- a/fs/afs/addr_prefs.c +++ b/fs/afs/addr_prefs.c @@ -413,8 +413,10 @@ int afs_proc_addr_prefs_write(struct file *file, char= *buf, size_t size) = do { argc =3D afs_split_string(&buf, argv, ARRAY_SIZE(argv)); - if (argc < 0) - return argc; + if (argc < 0) { + ret =3D argc; + goto done; + } if (argc < 2) goto inval; =