Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp2862747pxb; Mon, 18 Oct 2021 03:35:46 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxwqKPr5AxUAqhXsQqSubbeCegF+5R7a/FdlwiiAiZfRIri6CuEGCXbjqj50ar/cvr8/l8V X-Received: by 2002:a05:6a00:2389:b0:44d:6d57:a38e with SMTP id f9-20020a056a00238900b0044d6d57a38emr28187788pfc.50.1634553345801; Mon, 18 Oct 2021 03:35:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634553345; cv=none; d=google.com; s=arc-20160816; b=tyLq41nUUqd4be919k+uNbarSuxNxie+euv2il5VZChjm6Dus3seNxp/RtcZbnFF3I aeByf7DisIVyKnGbg9Mt49kn8olmjhg29A2vGTZn4EkHVEco3gyEkRLnGvFMGJxtoMZ3 vzcLT/Kcb9X47w33i8sm/+x55bxlxJmpwQhD30I/4pHnLnoLNPUykjcexCkne4cO4bpD rpOt8YgGesSDTV9OjiLG/nozEfMEthu2SU3Z39s6ZdFX9H7RKqgHOyUXGakFqEOZPu2A YW8E11PBoHmXhSzmWIN31+NmQwrBMwkh9bcEDgcNrTCRl4xeAdGh2H5+D7ZYTBhrtyaW Mq7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from :dkim-signature; bh=vLQG/+g2rc3n5AuI3xXz6ksQ52G8r7tXmP6Q5CEcgiw=; b=cqVa+v8IEL09Iu6bekpyii9pox5AvDweTcrN2zEvNoxH2ky/r1DKnIUjaz+G3tblCu xEo9xdQioX5nXFJaEoC4TPF29aHYSeQANfv/yK2Jmo14xdppL9IbkILzC/YC1yXWq5ki mEm2ekybv2hM3uAKZBCkuH6a35tnqnKQy/oeeGy13ZuGU68fcDAwIenQOd2qm8Qi6Pa0 FvEGinYPwUeuLGZj5G4iBzgqAchqql/hToTEWUnow8/74Ev+/MNr41/AAO8fJt6+yfDj R0vJz9ucfKqB9J4Mvl2uRFGLVs+o45atbY4jcbpecg9Xz+hdVLBW9Qy3aBamB4NAW6Gs y/ag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=HLswWWW6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h8si22202266pfc.260.2021.10.18.03.35.33; Mon, 18 Oct 2021 03:35:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=HLswWWW6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230106AbhJRKgk (ORCPT + 99 others); Mon, 18 Oct 2021 06:36:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50050 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229491AbhJRKgj (ORCPT ); Mon, 18 Oct 2021 06:36:39 -0400 Received: from mail-pf1-x42e.google.com (mail-pf1-x42e.google.com [IPv6:2607:f8b0:4864:20::42e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4BA0EC06161C; Mon, 18 Oct 2021 03:34:28 -0700 (PDT) Received: by mail-pf1-x42e.google.com with SMTP id d9so7184340pfl.6; Mon, 18 Oct 2021 03:34:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id; bh=vLQG/+g2rc3n5AuI3xXz6ksQ52G8r7tXmP6Q5CEcgiw=; b=HLswWWW6B+2ynEGgOfkT0acpnqrMyj0oamcKteuldzzs0J3HjL/wT7rwDjqdrK52e0 zqTfF4dVJAYDU/4ITJrnojxEyyWihO4+yY7D11btwYEgb+DoDegMVhaUgcWrnZqjbxCq sKt1aWWLfjRFjL4/Vc5/Badlme5DfDcSZadZ7C3D5Ul1XlHpAi3KfwuvoxNgKFYx8JUk H0sxSIwx+n9dxuGmxXFVGocynysIW+8NqNqUni76BogZXDU+ZHtE51m3NPNXCisp7kM4 hEVUJEAZ1v3zfCdKyvkK5e722FNju2ohrGkWjaeQMy9I4+PbZKtlqNhkEplR9hybR23J 1igA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=vLQG/+g2rc3n5AuI3xXz6ksQ52G8r7tXmP6Q5CEcgiw=; b=Kp13S993ynLwTu4uGld/95cXz42DX69HewA9faQNDtrP29cqsz6J50OzXdARib89Cq QYmD8ZbzeBcFxtn5ArHzpF2OsPPo7qVlQ4TLnJo6AzAXhlBBPclagtZgpQxOfAsegvB5 RMomgGaRJzbLYYP6k6kJM0gegfOyLhsjl3I+M8mgm8zbwApMVMB0ozrYVGD8lpyQprvp LoBo+ZGhC8FO2M6Os94U8yGbcmVcPvdmfKdjBgZYzIgOIaJSbVsMN8rETxXrcQ7Xsd+r jj9a//NBPL4Kim2GWee2Be7gWuFtLiyASB+ujI98lDmhZqGPss8xkImdKCI5ihNHUkJ2 2XGw== X-Gm-Message-State: AOAM531gO6R85hPX7fGsnhvLwzTm9GuwGyVXE5S5L1FVbhKljZf1adLB fgAO6ZsVyuogjOcw8c5tWvs= X-Received: by 2002:a05:6a00:1488:b0:44d:25b2:f80b with SMTP id v8-20020a056a00148800b0044d25b2f80bmr27802215pfu.20.1634553267884; Mon, 18 Oct 2021 03:34:27 -0700 (PDT) Received: from BJ-zhangqiang.qcraft.lan ([137.59.101.13]) by smtp.gmail.com with ESMTPSA id z24sm13229044pfr.141.2021.10.18.03.34.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Oct 2021 03:34:27 -0700 (PDT) From: Zqiang To: axboe@kernel.dk, hch@lst.de, willy@infradead.org, sunhao.th@gmail.com, hch@infradead.org Cc: linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, Zqiang Subject: [PATCH v2] block: fix incorrect references to disk objects Date: Mon, 18 Oct 2021 18:34:22 +0800 Message-Id: <20211018103422.2043-1-qiang.zhang1211@gmail.com> X-Mailer: git-send-email 2.17.1 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When adding partitions to the disk, the reference count of the disk object is increased. then alloc partition device and called device_add(), if the device_add() return error, the reference count of the disk object will be reduced twice, at put_device(pdev) and put_disk(disk). this leads to the end of the object's life cycle prematurely, and trigger following calltrace. __init_work+0x2d/0x50 kernel/workqueue.c:519 synchronize_rcu_expedited+0x3af/0x650 kernel/rcu/tree_exp.h:847 bdi_remove_from_list mm/backing-dev.c:938 [inline] bdi_unregister+0x17f/0x5c0 mm/backing-dev.c:946 release_bdi+0xa1/0xc0 mm/backing-dev.c:968 kref_put include/linux/kref.h:65 [inline] bdi_put+0x72/0xa0 mm/backing-dev.c:976 bdev_free_inode+0x11e/0x220 block/bdev.c:408 i_callback+0x3f/0x70 fs/inode.c:226 rcu_do_batch kernel/rcu/tree.c:2508 [inline] rcu_core+0x76d/0x16c0 kernel/rcu/tree.c:2743 __do_softirq+0x1d7/0x93b kernel/softirq.c:558 invoke_softirq kernel/softirq.c:432 [inline] __irq_exit_rcu kernel/softirq.c:636 [inline] irq_exit_rcu+0xf2/0x130 kernel/softirq.c:648 sysvec_apic_timer_interrupt+0x93/0xc0 making disk is NULL when calling put_disk(). Reported-by: Hao Sun Signed-off-by: Zqiang --- v1->v2: directly returning instead of assigning disk to NULL block/partitions/core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/block/partitions/core.c b/block/partitions/core.c index 3a4898433c43..b9e9af84f518 100644 --- a/block/partitions/core.c +++ b/block/partitions/core.c @@ -424,6 +424,7 @@ static struct block_device *add_partition(struct gendisk *disk, int partno, device_del(pdev); out_put: put_device(pdev); + return ERR_PTR(err); out_put_disk: put_disk(disk); return ERR_PTR(err); -- 2.17.1