From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Subject: [PATCH] fs: Fix double prealloc_shrinker() in sget_fc() From: Kirill Tkhai To: viro@zeniv.linux.org.uk, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, akpm@linux-foundation.org, dhowells@redhat.com, ktkhai@virtuozzo.com Date: Wed, 11 Jul 2018 17:37:34 +0300 Message-ID: <153131984019.24777.15284245961241666054.stgit@localhost.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Sender: owner-linux-mm@kvack.org List-ID: Hi, I'm observing "KASAN: use-after-free Read in shrink_slab" on recent linux-next in the code I've added: https://syzkaller.appspot.com/bug?id=91767fc6346a4b9e0309a8cd7e2f356c434450b9 It seems to be not related to my patchset, since there is a problem with double preallocation of shrinker. We should use register_shrinker_prepared() in sget_fc(), since shrinker is already allocated in alloc_super(). Signed-off-by: Kirill Tkhai --- fs/super.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/super.c b/fs/super.c index 13647d4fd262..47a819f1a300 100644 --- a/fs/super.c +++ b/fs/super.c @@ -551,7 +551,7 @@ struct super_block *sget_fc(struct fs_context *fc, hlist_add_head(&s->s_instances, &s->s_type->fs_supers); spin_unlock(&sb_lock); get_filesystem(s->s_type); - register_shrinker(&s->s_shrink); + register_shrinker_prepared(&s->shrinker); return s; } EXPORT_SYMBOL(sget_fc);