| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 07 Jun 2017 02:06:07 +0800
From: kernel test robot <fengguang.wu@...el.com>
To: Brian Foster <bfoster@...hat.com>
Cc: LKP <lkp@...org>, linux-kernel@...r.kernel.org,
Nikolay Borisov <nborisov@...e.com>,
"Darrick J. Wong" <darrick.wong@...cle.com>, wfg@...ux.intel.com
Subject: [xfs] 63db7c815b: XFS: Assertion failed:
spin_is_locked(&bp->b_lock), file: fs/xfs/xfs_buf.c, line: 120
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit 63db7c815bc0997c29e484d2409684fdd9fcd93b
Author: Brian Foster <bfoster@...hat.com>
AuthorDate: Wed May 31 08:22:52 2017 -0700
Commit: Darrick J. Wong <darrick.wong@...cle.com>
CommitDate: Wed May 31 08:22:52 2017 -0700
xfs: use ->b_state to fix buffer I/O accounting release race
We've had user reports of unmount hangs in xfs_wait_buftarg() that
analysis shows is due to btp->bt_io_count == -1. bt_io_count
represents the count of in-flight asynchronous buffers and thus
should always be >= 0. xfs_wait_buftarg() waits for this value to
stabilize to zero in order to ensure that all untracked (with
respect to the lru) buffers have completed I/O processing before
unmount proceeds to tear down in-core data structures.
The value of -1 implies an I/O accounting decrement race. Indeed,
the fact that xfs_buf_ioacct_dec() is called from xfs_buf_rele()
(where the buffer lock is no longer held) means that bp->b_flags can
be updated from an unsafe context. While a user-level reproducer is
currently not available, some intrusive hacks to run racing buffer
lookups/ioacct/releases from multiple threads was used to
successfully manufacture this problem.
Existing callers do not expect to acquire the buffer lock from
xfs_buf_rele(). Therefore, we can not safely update ->b_flags from
this context. It turns out that we already have separate buffer
state bits and associated serialization for dealing with buffer LRU
state in the form of ->b_state and ->b_lock. Therefore, replace the
_XBF_IN_FLIGHT flag with a ->b_state variant, update the I/O
accounting wrappers appropriately and make sure they are used with
the correct locking. This ensures that buffer in-flight state can be
modified at buffer release time without racing with modifications
from a buffer lock holder.
Fixes: 9c7504aa72b6 ("xfs: track and serialize in-flight async buffers against unmount")
Cc: <stable@...r.kernel.org> # v4.8+
Signed-off-by: Brian Foster <bfoster@...hat.com>
Reviewed-by: Nikolay Borisov <nborisov@...e.com>
Tested-by: Libor Pechacek <lpechacek@...e.com>
Reviewed-by: Darrick J. Wong <darrick.wong@...cle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@...cle.com>
a54fba8f5a xfs: Move handling of missing page into one place in xfs_find_get_desired_pgoff()
63db7c815b xfs: use ->b_state to fix buffer I/O accounting release race
ba7b2387ad Merge branch 'for-4.12-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup
19ce14199a Add linux-next specific files for 20170606
+------------------------------------------+------------+------------+------------+---------------+
| | a54fba8f5a | 63db7c815b | ba7b2387ad | next-20170606 |
+------------------------------------------+------------+------------+------------+---------------+
| boot_successes | 37 | 4 | 8 | 10 |
| boot_failures | 0 | 11 | 11 | 11 |
| Assertion_failed | 0 | 11 | 11 | 11 |
| kernel_BUG_at_fs/xfs/xfs_message.c | 0 | 11 | 11 | 11 |
| invalid_opcode:#[##] | 0 | 11 | 11 | 11 |
| EIP:assfail | 0 | 11 | 11 | 11 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 11 | 11 | 11 |
+------------------------------------------+------------+------------+------------+---------------+
[ 7.938397] rodata_test: all tests were successful
[ 8.869407] qnx6: unable to read the first superblock
[ 8.934965] qnx6: unable to read the first superblock
[ 8.952962] qnx6: unable to read the first superblock
[ 8.955407] qnx6: unable to read the first superblock
[ 9.006193] XFS: Assertion failed: spin_is_locked(&bp->b_lock), file: fs/xfs/xfs_buf.c, line: 120
[ 9.006207] ------------[ cut here ]------------
[ 9.006208] kernel BUG at fs/xfs/xfs_message.c:113!
[ 9.006210] invalid opcode: 0000 [#1] PREEMPT
[ 9.006211] Modules linked in:
[ 9.006215] CPU: 0 PID: 398 Comm: mount Not tainted 4.12.0-rc1-00012-g63db7c8 #1
[ 9.006216] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[ 9.006218] task: cc445a40 task.stack: cc596000
[ 9.006223] EIP: assfail+0x17/0x19
[ 9.006225] EFLAGS: 00010282 CPU: 0
[ 9.006226] EAX: ffffffea EBX: cc46b3e8 ECX: c7a68e9f EDX: c7aa464a
[ 9.006227] ESI: cc46b3c0 EDI: cc46b3e8 EBP: cc597e40 ESP: cc597e2c
[ 9.006229] DS: 007b ES: 007b FS: 0000 GS: 00e0 SS: 0068
[ 9.006230] CR0: 80050033 CR2: b776c000 CR3: 0c4aa820 CR4: 00140630
[ 9.006234] Call Trace:
[ 9.006238] xfs_buf_rele+0xdd/0x63f
[ 9.006240] ? xfs_buf_unlock+0x71/0xc3
[ 9.006243] xfs_readsb+0x1b8/0x1c2
[ 9.006246] xfs_fs_fill_super+0x21f/0x435
[ 9.006250] mount_bdev+0x137/0x182
[ 9.006253] xfs_fs_mount+0x15/0x17
[ 9.006255] ? xfs_finish_flags+0x114/0x114
[ 9.006257] mount_fs+0x17/0xf8
[ 9.006260] vfs_kern_mount+0x51/0x13c
[ 9.006263] do_mount+0x857/0xad1
[ 9.006266] SyS_mount+0xac/0xd0
[ 9.006269] do_int80_syscall_32+0x6c/0x102
[ 9.006274] entry_INT80_32+0x31/0x31
[ 9.006275] EIP: 0x47f46fee
[ 9.006276] EFLAGS: 00000282 CPU: 0
[ 9.006277] EAX: ffffffda EBX: bfe3fe9d ECX: bfe3fea6 EDX: 080d36d0
[ 9.006279] ESI: 00008010 EDI: 00000000 EBP: 00000000 ESP: bfe3f7a0
[ 9.006280] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b
[ 9.006282] Code: 00 00 00 6a 01 b8 10 3f be c7 e8 89 bb e3 ff 83 c4 1c c9 c3 55 89 e5 e8 6b 38 db ff 51 52 50 68 ac 46 aa c7 6a 00 e8 85 fc ff ff <0f> 0b 55 89 e5 e8 52 38 db ff b9 01 00 00 00 6a 01 52 ba 9b 61
[ 9.006312] EIP: assfail+0x17/0x19 SS:ESP: 0068:cc597e2c
[ 9.006314] ---[ end trace b5abbbc5416845ea ]---
[ 9.006315] Kernel panic - not syncing: Fatal exception
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start 3c2993b8c6143d8a5793746a54eba8f86f95240f v4.11 --
git bisect good 29250d301b0c75ef142b51eebee6b7403cc79624 # 22:42 G 11 0 0 0 Merge tag 'trace-v4.12-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
git bisect good 334a023ee50997b45ffb8fbcc8bc875519040aac # 22:56 G 11 0 0 0 Clean up x86 unsafe_get/put_user() type handling
git bisect good b0f5a8f32e8bbdaae1abb8abe2d3cbafaba57e08 # 23:07 G 11 0 0 0 kthread: fix boot hang (regression) on MIPS/OpenRISC
git bisect good 6f37fa4364a1099b59f73d1a71538895fd2ef975 # 23:18 G 11 0 0 0 Merge tag 'md/4.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md
git bisect bad cc54874055c007cd599138a394d1f039e4e0764b # 23:31 B 0 8 20 0 Merge tag 'for-linus-20170602' of git://git.infradead.org/linux-mtd
git bisect bad e6e6d074369c839e84071c3b056adf20ead8da6e # 23:47 B 0 11 23 0 Merge tag 'xfs-4.12-fixes-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
git bisect good 65d03328aace31043be98f807f6e20332cdb19c8 # 00:04 G 11 0 0 0 Merge tag 'ceph-for-4.12-rc4' of git://github.com/ceph/ceph-client
git bisect good b939c51445f0542e80a8f910014c418d04b5de6e # 00:24 G 10 0 0 0 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
git bisect bad 63db7c815bc0997c29e484d2409684fdd9fcd93b # 00:37 B 0 11 23 0 xfs: use ->b_state to fix buffer I/O accounting release race
# first bad commit: [63db7c815bc0997c29e484d2409684fdd9fcd93b] xfs: use ->b_state to fix buffer I/O accounting release race
git bisect good a54fba8f5a0dc36161cacdf2aa90f007f702ec1a # 00:51 G 30 0 0 0 xfs: Move handling of missing page into one place in xfs_find_get_desired_pgoff()
# extra tests with CONFIG_DEBUG_INFO_REDUCED
git bisect bad 63db7c815bc0997c29e484d2409684fdd9fcd93b # 01:01 B 0 11 23 0 xfs: use ->b_state to fix buffer I/O accounting release race
# extra tests on HEAD of linux-devel/devel-spot-201706062120
git bisect bad 231575479432f3449f51bb810d5b8b116f81557b # 01:01 B 0 13 28 0 0day head guard for 'devel-spot-201706062120'
# extra tests on tree/branch linus/master
git bisect bad ba7b2387ad239a519041f2a2d35a1902bdd03dfb # 01:17 B 0 3 15 0 Merge branch 'for-4.12-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup
# extra tests with first bad commit reverted
git bisect good a22863108b531d27f722d99567c102340e7a4153 # 01:35 G 11 0 0 0 Revert "xfs: use ->b_state to fix buffer I/O accounting release race"
# extra tests on tree/branch linux-next/master
git bisect bad 19ce14199afdacb1621ccc681d1ba5938efad8b3 # 02:05 B 0 11 24 0 Add linux-next specific files for 20170606
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
Download attachment "dmesg-yocto-ivb41-132:20170607003619:i386-randconfig-h0-06062153:4.12.0-rc1-00012-g63db7c8:1.gz" of type "application/gzip" (9254 bytes)
View attachment "reproduce-yocto-ivb41-132:20170607003619:i386-randconfig-h0-06062153:4.12.0-rc1-00012-g63db7c8:1" of type "text/plain" (901 bytes)
View attachment "config-4.12.0-rc1-00012-g63db7c8" of type "text/plain" (96257 bytes)
Powered by blists - more mailing lists