lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <9143.1443358024@jrobl>
Date:	Sun, 27 Sep 2015 21:47:04 +0900
From:	"J. R. Okajima" <hooanon05g@...il.com>
To:	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	linux-nfs@...r.kernel.org
Subject: v4.3-rc2, fault in sock_release via nfs_put_client


Hello NFS folks,

I don't know whether this is a known issue or not (since I was off from
development for a few months), but I've got a "general protection fault:
0000" message from linux-4.3-rc2.
Here are the reproducible script and the log.
Would you check them please?

Notes:
- The script cannot reproduce the problem perfectly. Not always. But if
  you try several times, you will able to see. On my test system, I had
  to try a few times.
- As far as I know, if bind-mount did not happen, then the problem did
  not happen either. But I am not sure whether bind-mount is really the
  trigger of this issue.


J. R. Okajima

----------------------------------------------------------------------
#!/bin/sh

set -eu

Stat() # path
{
	stat -f --printf="%n %T\n" $1
}

uname -a
s=/dev/shm
Stat $s
c=/tmp/c
mkdir -p $c
showmount -e > /tmp/e
sudo exportfs -i -o rw,async,no_subtree_check,no_root_squash,fsid=99 localhost:$s
showmount -e | diff /tmp/e - || :
sudo mount -t nfs localhost:$s $c
Stat $c
b=/tmp/b
mkdir -p $b
sudo mount -o bind $c $b
Stat $b
> $b/f
cat /proc/mounts > /tmp/m
sudo umount -l $b
diff /tmp/m /proc/mounts || :
sync
sleep 1
cat /proc/mounts > /tmp/m
sudo umount -l $c
diff /tmp/m /proc/mounts
sudo exportfs -u localhost:$s
showmount -e | diff /tmp/e -
----------------------------------------------------------------------

$ sh -x ./nfs-4.3-rc2.sh
+ set -eu
+ s=/dev/shm
+ Stat /dev/shm
+ stat -f --printf=%n %T\n /dev/shm
/dev/shm tmpfs
+ c=/tmp/c
+ mkdir -p /tmp/c
+ showmount -e
+ sudo exportfs -i -o rw,async,no_subtree_check,no_root_squash,fsid=99 localhost:/dev/shm
+ showmount -e
+ diff /tmp/e -
3a4
> /dev/shm     localhost
+ :
+ sudo mount -t nfs localhost:/dev/shm /tmp/c
+ Stat /tmp/c
+ stat -f --printf=%n %T\n /tmp/c
/tmp/c nfs
+ b=/tmp/b
+ mkdir -p /tmp/b
+ sudo mount -o bind /tmp/c /tmp/b
+ Stat /tmp/b
+ stat -f --printf=%n %T\n /tmp/b
/tmp/b nfs
+
+ cat /proc/mounts
+ sudo umount -l /tmp/b
+ diff /tmp/m /proc/mounts
26d25
< localhost:/dev/shm /tmp/b nfs4 rw,relatime,vers=4.0,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,clientaddr=127.0.0.1,local_lock=none,addr=127.0.0.1 0 0
+ :
+ sync
+ sleep 1
+ cat /proc/mounts
+ sudo umount -l /tmp/c
general protection fault: 0000 [#7] PREEMPT SMP
Modules linked in: oprofile configs autofs4 nfsd [last unloaded: brd]
CPU: 0 PID: 4325 Comm: umount.nfs Tainted: G      D         4.3.0-rc2aufsD+ #67
Hardware name: Pegatron Pegatron/IPM41, BIOS 0001 02/05/2009
task: ffff88002d69ea00 ti: ffff88002ca00000 task.ti: ffff88002ca00000
RIP: 0010:[<ffffffff81643be1>]  [<ffffffff81643be1>] sock_release+0x21/0x90
RSP: 0018:ffff88002ca03bd8  EFLAGS: 00010202
RAX: 6b6b6b6b6b6b6b6b RBX: ffff88002812f7c0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88002812f7c0
RBP: ffff88002ca03be8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
R13: ffff88002812f7c0 R14: ffff88002b8eeea0 R15: 0000000000000001
FS:  00007f763d4f57e0(0000) GS:ffff88002fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000001176db8 CR3: 000000002d76c000 CR4: 00000000000406f0
Stack:
 ffff88002b870000 0000000000000000 ffff88002ca03c18 ffffffff81715afc
 ffff88002b870000 0000000000000000 ffff88002b870000 ffff88002ca03d08
 ffff88002ca03c38 ffffffff81715bd6 0000000000000000 ffff88002b870000
Call Trace:
 [<ffffffff81715afc>] xs_reset_transport+0x18c/0x250
 [<ffffffff81715bd6>] xs_close+0x16/0x30
 [<ffffffff81715c06>] xs_destroy+0x16/0x30
 [<ffffffff8170fb4f>] xprt_destroy+0x6f/0x80
 [<ffffffff81712364>] xprt_put+0x14/0x20
 [<ffffffff8170dda4>] rpc_free_client+0x84/0xc0
 [<ffffffff8170de3a>] rpc_release_client+0x5a/0x90
 [<ffffffff8170df61>] rpc_shutdown_client+0xf1/0x100
 [<ffffffff812cb4c7>] nfs_free_client+0x97/0xa0
 [<ffffffff81312c84>] nfs4_free_client+0xa4/0xc0
 [<ffffffff812c97e5>] nfs_put_client+0x295/0x430
 [<ffffffff81312be0>] ? nfs4_alloc_client+0x380/0x380
 [<ffffffff812ca80c>] nfs_free_server+0x7c/0xd0
 [<ffffffff812d732c>] nfs_kill_super+0x2c/0x40
 [<ffffffff811ad5f1>] deactivate_locked_super+0x51/0x90
 [<ffffffff811ae4b4>] deactivate_super+0x84/0x90
 [<ffffffff811d28e7>] cleanup_mnt+0x97/0xe0
 [<ffffffff811d2982>] __cleanup_mnt+0x12/0x20
 [<ffffffff8107e9f2>] task_work_run+0x72/0xa0
 [<ffffffff81001d0b>] prepare_exit_to_usermode+0x10b/0x150
 [<ffffffff811d3d95>] ? mntput_no_expire+0x5/0x2c0
 [<ffffffff81001de6>] syscall_return_slowpath+0x96/0x2f0
 [<ffffffff81751a71>] int_ret_from_sys_call+0x25/0x9f
Code: 5b 5d c3 0f 1f 80 00 00 00 00 66 66 66 66 90 55 48 89 e5 48 83 ec 10 48 89 5d f0 48 89 fb 4c 89 65 f8 48 8b 47 28 48 85 c0 74 17 <4c> 8b 60 08 ff 50 10 48 c7 43 28 00 00 00 00 4c 89 e7 e8 b8 7d 
RIP  [<ffffffff81643be1>] sock_release+0x21/0x90
 RSP <ffff88002ca03bd8>
---[ end trace 1bcdd4036690d082 ]---
umount.nfs: /tmp/c: not mounted
umount.nfs: /tmp/c: not mounted
umount.nfs: /tmp/c: not mounted
umount.nfs: /tmp/c: not mounted
umount.nfs: /tmp/c: not mounted
umount.nfs: /tmp/c: not mounted
umount.nfs: /tmp/c: not mounted
$
----------------------------------------------------------------------
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ