Re: linux-next: general protection fault in locks_remove_file

Re: linux-next: general protection fault in locks_remove_file

[NeilBrown]

[-- Attachment #1: Type: text/plain, Size: 3699 bytes --]

On Wed, Nov 07 2018, Andrei Vagin wrote:

> Hi,
>
> We run CRIU tests on the linux next kernels and today we found this bug:
>
> [   11.137989] kasan: GPF could be caused by NULL-ptr deref or user
> memory access
> [   11.138170] general protection fault: 0000 [#1] SMP KASAN PTI
> [   11.138325] CPU: 0 PID: 1039 Comm: first-boot Not tainted
> 4.20.0-rc1-next-20181107+ #1
> [   11.138513] Hardware name: Google Google Compute Engine/Google
> Compute Engine, BIOS Google 01/01/2011
> [   11.138725] RIP: 0010:locks_remove_flock+0x14f/0x220

Yeah, my fault, sorry.  I made a last minute change and messed it up.
Jeff has a fix and it should appear in the next -next.

Glad this testing is happening!

Thanks,
NeilBrown

> [   11.138882] Code: 48 89 ef e8 13 a9 bc 01 48 8b ac 24 00 01 00 00
> 48 85 ed 74 30 48 8d 7d 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48
> c1 ea 03 <80> 3c 02 00 0f 85 b2 00 00 00 48 8b 45 08 48 85 c0 74 08 4c
> 89 e7
> [   11.139075] RSP: 0018:ffff8801c2877a78 EFLAGS: 00010203
> [   11.139230] RAX: dffffc0000000000 RBX: 1ffff1003850ef50 RCX: ffff8801c364b700
> [   11.139385] RDX: 0000000000000049 RSI: ffff8801d9824600 RDI: 000000000000024e
> [   11.139537] RBP: 0000000000000246 R08: fffffbfff7633be1 R09: fffffbfff7633be1
> [   11.139702] R10: 0000000000000001 R11: fffffbfff7633be0 R12: ffff8801c2877aa0
> [   11.139849] R13: ffffffffba7428e0 R14: ffff8801c4f2e370 R15: ffff8801d9e1f220
> [   11.140002] FS:  0000000000000000(0000) GS:ffff8801db200000(0000)
> knlGS:0000000000000000
> [   11.140179] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [   11.140336] CR2: 00007f388215f148 CR3: 0000000076e22000 CR4: 00000000000406f0
> [   11.140498] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [   11.140656] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> [   11.140830] Call Trace:
> [   11.140990]  ? flock_lock_inode+0xdc0/0xdc0
> [   11.141151]  ? __kasan_slab_free+0x130/0x180
> [   11.141308]  ? kmem_cache_free+0x8f/0x210
> [   11.141465]  ? do_exit+0x725/0x27a0
> [   11.141619]  ? do_group_exit+0xf0/0x2e0
> [   11.141782]  ? __x64_sys_exit_group+0x3a/0x50
> [   11.141939]  ? do_syscall_64+0x94/0x280
> [   11.142096]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [   11.142255]  ? vfs_lock_file+0xf0/0xf0
> [   11.142412]  locks_remove_file+0xcc/0x380
> [   11.142563]  ? __fsnotify_update_child_dentry_flags.part.3+0x250/0x250
> [   11.142737]  ? fcntl_setlk+0xaf0/0xaf0
> [   11.142898]  __fput+0x1bb/0x780
> [   11.143057]  task_work_run+0x115/0x170
> [   11.143213]  do_exit+0x744/0x27a0
> [   11.143372]  ? find_held_lock+0x32/0x1c0
> [   11.143529]  ? mm_update_next_owner+0x670/0x670
> [   11.143705]  ? __do_page_fault+0x4f2/0xaa0
> [   11.143862]  ? lock_downgrade+0x5d0/0x5d0
> [   11.144023]  do_group_exit+0xf0/0x2e0
> [   11.144180]  __x64_sys_exit_group+0x3a/0x50
> [   11.144337]  do_syscall_64+0x94/0x280
> [   11.144490]  ? prepare_exit_to_usermode+0x88/0x130
> [   11.144648]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [   11.144820] RIP: 0033:0x7f3882855109
> [   11.144979] Code: Bad RIP value.
> [   11.145132] RSP: 002b:00007ffc7efc6d68 EFLAGS: 00000246 ORIG_RAX:
> 00000000000000e7
> [   11.145310] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f3882855109
> [   11.145467] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000001
> [   11.145683] RBP: 00007f3882b4e858 R08: 000000000000003c R09: 00000000000000e7
> [   11.145851] R10: ffffffffffffff60 R11: 0000000000000246 R12: 00007f3882b4e858
> [   11.146007] R13: 00007f3882b53e80 R14: 0000000000000000 R15: 0000000001775c48
> [   11.146170] Modules linked in:
> [   11.146361] ---[ end trace 2b8803b2836906fa ]---

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]