Return-Path: linux-nfs-owner@vger.kernel.org Received: from mout.gmx.net ([212.227.17.20]:54462 "EHLO mout.gmx.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751167Ab3G0Jx7 (ORCPT ); Sat, 27 Jul 2013 05:53:59 -0400 Received: from [80.171.177.38] ([80.171.177.38]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0LaG7C-1UNfIJ2d8o-00m1g4 for ; Sat, 27 Jul 2013 11:53:57 +0200 Message-ID: <51F398B3.7040500@gmx.de> Date: Sat, 27 Jul 2013 11:53:55 +0200 From: =?UTF-8?B?VG9yYWxmIEbDtnJzdGVy?= MIME-Version: 1.0 To: Andrey Vagin , Oleg Nesterov , "Eric W. Biederman" , Andrey Vagin , Al Viro CC: Linux NFS mailing list Subject: fuzz tested user mode linux core dumps in fs/lockd/clntproc.c:131 Content-Type: text/plain; charset=UTF-8 Sender: linux-nfs-owner@vger.kernel.org List-ID: I do have a user mode linux image (stable 32 bit Gentoo Linux ) which erratically crashes while fuzz tested with trinity if the victim files are located on a NFS share. The back trace of the core dumps always looks like the attached. To bisect it is hard. However after few attempts in the last weeks the following commit is either the first bad commit or at least the upper limit. commit 8aac62706adaaf0fab02c4327761561c8bda9448 Author: Oleg Nesterov Date: Fri Jun 14 21:09:49 2013 +0200 move exit_task_namespaces() outside of exit_notify() tfoerste@n22 ~/devel/linux $ gdb --core=/mnt/ramdisk/core /home/tfoerste/devel/linux/linux -n -batch -ex bt [New LWP 20802] Core was generated by `/home/tfoerste/devel/linux/linux earlyprintk ubda=/home/tfoerste/virtual/uml/tr'. Program terminated with signal 6, Aborted. #0 0xb778e424 in __kernel_vsyscall () #0 0xb778e424 in __kernel_vsyscall () #1 0x08396175 in kill () #2 0x0807155d in uml_abort () at arch/um/os-Linux/util.c:93 #3 0x08071845 in os_dump_core () at arch/um/os-Linux/util.c:138 #4 0x08061197 in panic_exit (self=0x8591518 , unused1=0, unused2=0x85c5d60 ) at arch/um/kernel/um_arch.c:240 #5 0x0809daf8 in notifier_call_chain (nl=0x0, val=0, v=0x85c5d60 , nr_to_call=-2, nr_calls=0x0) at kernel/notifier.c:93 #6 0x0809dc43 in __atomic_notifier_call_chain (nr_calls=, nr_to_call=, v=, val=, nh=) at kernel/notifier.c:182 #7 atomic_notifier_call_chain (nh=0x85c5d44 , val=0, v=0x85c5d60 ) at kernel/notifier.c:191 #8 0x083f34f8 in panic (fmt=0x0) at kernel/panic.c:127 #9 0x08060b5e in segv (fi=, ip=136527369, is_user=0, regs=0x858f85c ) at arch/um/kernel/trap.c:209 #10 0x08060e13 in segv_handler (sig=11, unused_si=0x858fb0c , regs=0x858f85c ) at arch/um/kernel/trap.c:185 #11 0x080706a8 in sig_handler_common (sig=11, si=0x858fb0c , mc=0x858fba0 ) at arch/um/os-Linux/signal.c:44 #12 0x080707ed in sig_handler (sig=0, si=0x858fb0c , mc=0x858fba0 ) at arch/um/os-Linux/signal.c:231 #13 0x0807033b in hard_handler (sig=6, si=0x858fb0c , p=0x858fba0 ) at arch/um/os-Linux/signal.c:165 #14 #15 nlmclnt_setlockargs (req=0x48e18860, fl=0x48f27c8c) at fs/lockd/clntproc.c:131 #16 0x08234892 in nlmclnt_proc (host=0x48e18860, cmd=7, fl=0x48f27c8c) at fs/lockd/clntproc.c:170 #17 0x081d91ae in nfs_proc_lock (filp=0x0, cmd=0, fl=0x0) at fs/nfs/proc.c:667 #18 0x081ca386 in do_unlk (filp=0x48fbe0c0, cmd=7, fl=0x48f27c8c, is_local=0) at fs/nfs/file.c:773 #19 0x081ca572 in nfs_flock (filp=0x48fbe0c0, cmd=7, fl=0x0) at fs/nfs/file.c:902 #20 0x0813ee6e in locks_remove_flock (filp=0x48fbe0c0) at fs/locks.c:2074 #21 0x080fe438 in __fput (file=0x48fbe0c0) at fs/file_table.c:240 #22 0x080fe55b in ____fput (work=0x48fbe0c0) at fs/file_table.c:285 #23 0x08095f3e in task_work_run () at kernel/task_work.c:87 #24 0x08080c9d in exit_task_work (task=) at include/linux/task_work.h:21 #25 do_exit (code=1224150016) at kernel/exit.c:798 #26 0x080812a7 in do_group_exit (exit_code=11) at kernel/exit.c:931 #27 0x0808bc2d in get_signal_to_deliver (info=0x48f27e34, return_ka=0x48f27eb4, regs=0x48db31d4, cookie=0x0) at kernel/signal.c:2370 #28 0x0805f6ec in kern_do_signal (regs=0x48db31d4) at arch/um/kernel/signal.c:77 #29 0x0805f7ed in do_signal () at arch/um/kernel/signal.c:123 #30 0x0805e6b7 in interrupt_end () at arch/um/kernel/process.c:107 #31 0x08073c1b in userspace (regs=0x48db31d4) at arch/um/os-Linux/skas/process.c:464 #32 0x0805e44c in fork_handler () at arch/um/kernel/process.c:160 #33 0x5a5a5a5a in ?? () -- MfG/Sincerely Toralf Förster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3