From: NeilBrown <neilb@suse.com>
To: Andrei Vagin <avagin@gmail.com>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Jeff Layton <jlayton@kernel.org>,
"J. Bruce Fields" <bfields@fieldses.org>
Subject: Re: linux-next: general protection fault in locks_remove_file
Date: Thu, 08 Nov 2018 17:08:49 +1100 [thread overview]
Message-ID: <87sh0cw172.fsf@notabene.neil.brown.name> (raw)
In-Reply-To: <CANaxB-xGyiV1kF1j3pjZGyPcDhsYLfL8DqvX7+Tu-EBNpwg_cg@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 3699 bytes --]
On Wed, Nov 07 2018, Andrei Vagin wrote:
> Hi,
>
> We run CRIU tests on the linux next kernels and today we found this bug:
>
> [ 11.137989] kasan: GPF could be caused by NULL-ptr deref or user
> memory access
> [ 11.138170] general protection fault: 0000 [#1] SMP KASAN PTI
> [ 11.138325] CPU: 0 PID: 1039 Comm: first-boot Not tainted
> 4.20.0-rc1-next-20181107+ #1
> [ 11.138513] Hardware name: Google Google Compute Engine/Google
> Compute Engine, BIOS Google 01/01/2011
> [ 11.138725] RIP: 0010:locks_remove_flock+0x14f/0x220
Yeah, my fault, sorry. I made a last minute change and messed it up.
Jeff has a fix and it should appear in the next -next.
Glad this testing is happening!
Thanks,
NeilBrown
> [ 11.138882] Code: 48 89 ef e8 13 a9 bc 01 48 8b ac 24 00 01 00 00
> 48 85 ed 74 30 48 8d 7d 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48
> c1 ea 03 <80> 3c 02 00 0f 85 b2 00 00 00 48 8b 45 08 48 85 c0 74 08 4c
> 89 e7
> [ 11.139075] RSP: 0018:ffff8801c2877a78 EFLAGS: 00010203
> [ 11.139230] RAX: dffffc0000000000 RBX: 1ffff1003850ef50 RCX: ffff8801c364b700
> [ 11.139385] RDX: 0000000000000049 RSI: ffff8801d9824600 RDI: 000000000000024e
> [ 11.139537] RBP: 0000000000000246 R08: fffffbfff7633be1 R09: fffffbfff7633be1
> [ 11.139702] R10: 0000000000000001 R11: fffffbfff7633be0 R12: ffff8801c2877aa0
> [ 11.139849] R13: ffffffffba7428e0 R14: ffff8801c4f2e370 R15: ffff8801d9e1f220
> [ 11.140002] FS: 0000000000000000(0000) GS:ffff8801db200000(0000)
> knlGS:0000000000000000
> [ 11.140179] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 11.140336] CR2: 00007f388215f148 CR3: 0000000076e22000 CR4: 00000000000406f0
> [ 11.140498] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [ 11.140656] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> [ 11.140830] Call Trace:
> [ 11.140990] ? flock_lock_inode+0xdc0/0xdc0
> [ 11.141151] ? __kasan_slab_free+0x130/0x180
> [ 11.141308] ? kmem_cache_free+0x8f/0x210
> [ 11.141465] ? do_exit+0x725/0x27a0
> [ 11.141619] ? do_group_exit+0xf0/0x2e0
> [ 11.141782] ? __x64_sys_exit_group+0x3a/0x50
> [ 11.141939] ? do_syscall_64+0x94/0x280
> [ 11.142096] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [ 11.142255] ? vfs_lock_file+0xf0/0xf0
> [ 11.142412] locks_remove_file+0xcc/0x380
> [ 11.142563] ? __fsnotify_update_child_dentry_flags.part.3+0x250/0x250
> [ 11.142737] ? fcntl_setlk+0xaf0/0xaf0
> [ 11.142898] __fput+0x1bb/0x780
> [ 11.143057] task_work_run+0x115/0x170
> [ 11.143213] do_exit+0x744/0x27a0
> [ 11.143372] ? find_held_lock+0x32/0x1c0
> [ 11.143529] ? mm_update_next_owner+0x670/0x670
> [ 11.143705] ? __do_page_fault+0x4f2/0xaa0
> [ 11.143862] ? lock_downgrade+0x5d0/0x5d0
> [ 11.144023] do_group_exit+0xf0/0x2e0
> [ 11.144180] __x64_sys_exit_group+0x3a/0x50
> [ 11.144337] do_syscall_64+0x94/0x280
> [ 11.144490] ? prepare_exit_to_usermode+0x88/0x130
> [ 11.144648] entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [ 11.144820] RIP: 0033:0x7f3882855109
> [ 11.144979] Code: Bad RIP value.
> [ 11.145132] RSP: 002b:00007ffc7efc6d68 EFLAGS: 00000246 ORIG_RAX:
> 00000000000000e7
> [ 11.145310] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f3882855109
> [ 11.145467] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000001
> [ 11.145683] RBP: 00007f3882b4e858 R08: 000000000000003c R09: 00000000000000e7
> [ 11.145851] R10: ffffffffffffff60 R11: 0000000000000246 R12: 00007f3882b4e858
> [ 11.146007] R13: 00007f3882b53e80 R14: 0000000000000000 R15: 0000000001775c48
> [ 11.146170] Modules linked in:
> [ 11.146361] ---[ end trace 2b8803b2836906fa ]---
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
parent reply other threads:[~2018-11-08 15:42 UTC|newest]
Thread overview: expand[flat|nested] mbox.gz Atom feed
[parent not found: <CANaxB-xGyiV1kF1j3pjZGyPcDhsYLfL8DqvX7+Tu-EBNpwg_cg@mail.gmail.com>]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87sh0cw172.fsf@notabene.neil.brown.name \
--to=neilb@suse.com \
--cc=avagin@gmail.com \
--cc=bfields@fieldses.org \
--cc=jlayton@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).