Project

General

Profile

Bug #9061

ofdlock(): assertion failed: lckdat->l_start == 0

Added by Robert Mustacchi over 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jerry Jelinek
Category:
kernel
Start date:
2018-02-06
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

Running stress-ng -a 4, I immediately hit a VERIFY in ofdlock():

2018-01-26T09:35:53.727240+00:00 dent unix: [ID 836849 kern.notice] #012#015panic[cpu2]/thread=ffffff04224853a0:
2018-01-26T09:35:53.727248+00:00 dent genunix: [ID 403854 kern.notice] assertion failed: lckdat->l_start == 0, file: ../../common/os/flock.c, line: 312
2018-01-26T09:35:53.727251+00:00 dent unix: [ID 100000 kern.notice] #012
2018-01-26T09:35:53.727254+00:00 dent genunix: [ID 802836 kern.notice] ffffff0016895ab0 fffffffffba7c1d8 ()
2018-01-26T09:35:53.727256+00:00 dent genunix: [ID 655072 kern.notice] ffffff0016895c40 genunix:ofdlock+370 ()
2018-01-26T09:35:53.727258+00:00 dent genunix: [ID 655072 kern.notice] ffffff0016895eb0 genunix:fcntl+c13 ()
2018-01-26T09:35:53.727261+00:00 dent genunix: [ID 655072 kern.notice] ffffff0016895f10 unix:brand_sys_sysenter+1d3 ()

The parameters are straight from user-space, but not sufficiently vetted prior to reaching ofdlock().

This looks very similar to
---OS-5585--- fcntl(F_OFD_GETLK) should return EINVAL on bad parameters
but that push didn't cover at least this case.

--

In the 64-bit fcntl() path:

369                 if (cmd == F_OFD_GETLK || cmd == F_OFD_SETLK ||
370                     cmd == F_OFD_SETLKW) {

But in the 32-bit:

721                 if (cmd == F_OFD_SETLK || cmd == F_OFD_SETLKW) {

and indeed we're doing a 32-bit F_OFD_GETLK

Details

Type:
    Bug
    Status:
    Resolved
    Priority:
    3 - Elevated
    Resolution:
    Fixed
    Affects Version/s:
    None
    Fix Version/s:
    2018-02-01 Kalm
    Component/s:
    None
    Labels:
    None

Description

Running stress-ng a 4, I immediately hit a VERIFY in ofdlock():
2018-01-26T09:35:53.727240+00:00 dent unix: [ID 836849 kern.notice] #012#015panic[cpu2]/thread=ffffff04224853a0:
2018-01-26T09:35:53.727248+00:00 dent genunix: [ID 403854 kern.notice] assertion failed: lckdat>l_start 0, file: ../../common/os/flock.c, line: 312
2018-01-26T09:35:53.727251+00:00 dent unix: [ID 100000 kern.notice] #012
2018-01-26T09:35:53.727254+00:00 dent genunix: [ID 802836 kern.notice] ffffff0016895ab0 fffffffffba7c1d8 ()
2018-01-26T09:35:53.727256+00:00 dent genunix: [ID 655072 kern.notice] ffffff0016895c40 genunix:ofdlock+370 ()
2018-01-26T09:35:53.727258+00:00 dent genunix: [ID 655072 kern.notice] ffffff0016895eb0 genunix:fcntl+c13 ()
2018-01-26T09:35:53.727261+00:00 dent genunix: [ID 655072 kern.notice] ffffff0016895f10 unix:brand_sys_sysenter+1d3 ()

The parameters are straight from user-space, but not sufficiently vetted prior to reaching ofdlock().

This looks very similar to
---OS-5585--- fcntl(F_OFD_GETLK) should return EINVAL on bad parameters
but that push didn't cover at least this case.

Attachments
Drop files to attach, or

Add Link

Issue Links

links to

Web Link Gerrit CR 3270 (joyent/illumos-joyent)
Delete this link

Activity

All
    Comments
    Work Log
    History
    Activity
    Emails

Ascending order - Click to sort in descending order
Permalink Edit Delete
john.levon John Levon added a comment - 26/Jan/18 10:38 AM

thoth at 85c6eead2f2d0f0d1e3af5e676e14314

Permalink Edit Delete
john.levon John Levon added a comment - 26/Jan/18 1:07 PM

In the 64-bit fcntl() path:

369 if (cmd F_OFD_GETLK || cmd F_OFD_SETLK ||
370 cmd F_OFD_SETLKW) {

But in the 32-bit:

721 if (cmd F_OFD_SETLK || cmd F_OFD_SETLKW) {

and indeed we're doing a 32-bit F_OFD_GETLK

Permalink Edit Delete
jerry Jerry Jelinek added a comment - 26/Jan/18 6:14 PM

Output from the new test cases for 32-bit and 64-bit runs

[root@smartos /opt/os-tests/tests/file-locking]# ./runtests.32
# Exclusive lock tests
Running fcntl(2) POSIX + fcntl(2) POSIX tests (kill child)... ok
Running fcntl(2) POSIX + fcntl(2) POSIX tests (child exits)... ok
Running fcntl(2) POSIX + fcntl(2) OFD tests (kill child)... ok
Running fcntl(2) POSIX + fcntl(2) OFD tests (child exits)... ok
Running fcntl(2) POSIX + flock(3C) tests (kill child)... ok
Running fcntl(2) POSIX + flock(3C) tests (child exits)... ok
Running fcntl(2) OFD + fcntl(2) POSIX tests (kill child)... ok
Running fcntl(2) OFD + fcntl(2) POSIX tests (child exits)... ok
Running fcntl(2) OFD + fcntl(2) OFD tests (kill child)... ok
Running fcntl(2) OFD + fcntl(2) OFD tests (child exits)... ok
Running fcntl(2) OFD + flock(3C) tests (kill child)... ok
Running fcntl(2) OFD + flock(3C) tests (child exits)... ok
Running flock(3C) + fcntl(2) POSIX tests (kill child)... ok
Running flock(3C) + fcntl(2) POSIX tests (child exits)... ok
Running flock(3C) + fcntl(2) OFD tests (kill child)... ok
Running flock(3C) + fcntl(2) OFD tests (child exits)... ok
Running flock(3C) + flock(3C) tests (kill child)... ok
Running flock(3C) + flock(3C) tests (child exits)... ok
# Shared lock tests
Running fcntl(2) POSIX + fcntl(2) POSIX tests (kill child)... ok
Running fcntl(2) POSIX + fcntl(2) POSIX tests (child exits)... ok
Running fcntl(2) POSIX + fcntl(2) OFD tests (kill child)... ok
Running fcntl(2) POSIX + fcntl(2) OFD tests (child exits)... ok
Running fcntl(2) POSIX + flock(3C) tests (kill child)... ok
Running fcntl(2) POSIX + flock(3C) tests (child exits)... ok
Running fcntl(2) OFD + fcntl(2) POSIX tests (kill child)... ok
Running fcntl(2) OFD + fcntl(2) POSIX tests (child exits)... ok
Running fcntl(2) OFD + fcntl(2) OFD tests (kill child)... ok
Running fcntl(2) OFD + fcntl(2) OFD tests (child exits)... ok
Running fcntl(2) OFD + flock(3C) tests (kill child)... ok
Running fcntl(2) OFD + flock(3C) tests (child exits)... ok
Running flock(3C) + fcntl(2) POSIX tests (kill child)... ok
Running flock(3C) + fcntl(2) POSIX tests (child exits)... ok
Running flock(3C) + fcntl(2) OFD tests (kill child)... ok
Running flock(3C) + fcntl(2) OFD tests (child exits)... ok
Running flock(3C) + flock(3C) tests (kill child)... ok
Running flock(3C) + flock(3C) tests (child exits)... ok
# flock(3C) directory lock tests
Running flock(3C) + flock(3C) tests (kill child)... ok
Running flock(3C) + flock(3C) tests (child exits)... ok
Running flock(3C) + flock(3C) tests (kill child)... ok
Running flock(3C) + flock(3C) tests (child exits)... ok
# Invalid fcntl(2) parameters tests
fcntl(fd, F_SETLK, { 200, 0, 0, 0, ... })... ok
fcntl(fd, F_SETLK, { -1, 0, 0, 0, ... })... ok
fcntl(fd, F_SETLKW, { 200, 0, 0, 0, ... })... ok
fcntl(fd, F_SETLKW, { -1, 0, 0, 0, ... })... ok
fcntl(fd, F_GETLK, { 200, 0, 0, 0, ... })... ok
fcntl(fd, F_GETLK, { -1, 0, 0, 0, ... })... ok
fcntl(fd, F_OFD_SETLK, { 200, 0, 0, 0, ... })... ok
fcntl(fd, F_OFD_SETLK, { -1, 0, 0, 0, ... })... ok
fcntl(fd, F_OFD_SETLKW, { 200, 0, 0, 0, ... })... ok
fcntl(fd, F_OFD_SETLKW, { -1, 0, 0, 0, ... })... ok
fcntl(fd, F_OFD_GETLK, { 200, 0, 0, 0, ... })... ok
fcntl(fd, F_OFD_GETLK, { -1, 0, 0, 0, ... })... ok
fcntl(fd, F_FLOCK, { 200, 0, 0, 0, ... })... ok
fcntl(fd, F_FLOCK, { -1, 0, 0, 0, ... })... ok
fcntl(fd, F_FLOCKW, { 200, 0, 0, 0, ... })... ok
fcntl(fd, F_FLOCKW, { -1, 0, 0, 0, ... })... ok
fcntl(fd, F_OFD_SETLK, { 2, 1, 0, 0, ... })... ok
fcntl(fd, F_OFD_SETLK, { 2, 0, 1, 0, ... })... ok
fcntl(fd, F_OFD_SETLK, { 2, 0, 0, 1, ... })... ok
fcntl(fd, F_OFD_SETLKW, { 2, 1, 0, 0, ... })... ok
fcntl(fd, F_OFD_SETLKW, { 2, 0, 1, 0, ... })... ok
fcntl(fd, F_OFD_SETLKW, { 2, 0, 0, 1, ... })... ok
fcntl(fd, F_OFD_GETLK, { 2, 1, 0, 0, ... })... ok
fcntl(fd, F_OFD_GETLK, { 2, 0, 1, 0, ... })... ok
fcntl(fd, F_OFD_GETLK, { 2, 0, 0, 1, ... })... ok
fcntl(fd, F_FLOCK, { 2, 1, 0, 0, ... })... ok
fcntl(fd, F_FLOCK, { 2, 0, 1, 0, ... })... ok
fcntl(fd, F_FLOCK, { 2, 0, 0, 1, ... })... ok
fcntl(fd, F_FLOCKW, { 2, 1, 0, 0, ... })... ok
fcntl(fd, F_FLOCKW, { 2, 0, 1, 0, ... })... ok
fcntl(fd, F_FLOCKW, { 2, 0, 0, 1, ... })... ok
fcntl(fd, F_OFD_SETLK64, { 2, 1, 0, 0, ... })... ok
fcntl(fd, F_OFD_SETLK64, { 2, 0, 1, 0, ... })... ok
fcntl(fd, F_OFD_SETLK64, { 2, 0, 0, 1, ... })... ok
fcntl(fd, F_OFD_SETLKW64, { 2, 1, 0, 0, ... })... ok
fcntl(fd, F_OFD_SETLKW64, { 2, 0, 1, 0, ... })... ok
fcntl(fd, F_OFD_SETLKW64, { 2, 0, 0, 1, ... })... ok
fcntl(fd, F_OFD_GETLK64, { 2, 1, 0, 0, ... })... ok
fcntl(fd, F_OFD_GETLK64, { 2, 0, 1, 0, ... })... ok
fcntl(fd, F_OFD_GETLK64, { 2, 0, 0, 1, ... })... ok
# Testing that multiple OFD locks work in a process
Acquiring first two shared locks... ok
Acquiring an exclusive lock should fail w/ EWOULDBLOCK... ok
Releasing to acquire an exclusive lock... ok
Acquiring an exclusive lock... ok
Acquiring a shared lock should fail w/ EWOULDBLOCK... ok
Releasing exclusive lock... ok
# Testing flock(3C) upgrade/downgrade tests
Acquiring shared locks 1, 2 and 3... ok
Upgrading lock 3 should fail w/ EWOULDBLOCK... ok
Upgrading 3 should succeed after releasing locks 1 & 2... ok
Starting up child, then downgrading lock 3 to shared... ok
Releasing child and upgrading... ok
Releasing lock 3... ok
[root@smartos /opt/os-tests/tests/file-locking]# ./runtests.64
# Exclusive lock tests
Running fcntl(2) POSIX + fcntl(2) POSIX tests (kill child)... ok
Running fcntl(2) POSIX + fcntl(2) POSIX tests (child exits)... ok
Running fcntl(2) POSIX + fcntl(2) OFD tests (kill child)... ok
Running fcntl(2) POSIX + fcntl(2) OFD tests (child exits)... ok
Running fcntl(2) POSIX + flock(3C) tests (kill child)... ok
Running fcntl(2) POSIX + flock(3C) tests (child exits)... ok
Running fcntl(2) OFD + fcntl(2) POSIX tests (kill child)... ok
Running fcntl(2) OFD + fcntl(2) POSIX tests (child exits)... ok
Running fcntl(2) OFD + fcntl(2) OFD tests (kill child)... ok
Running fcntl(2) OFD + fcntl(2) OFD tests (child exits)... ok
Running fcntl(2) OFD + flock(3C) tests (kill child)... ok
Running fcntl(2) OFD + flock(3C) tests (child exits)... ok
Running flock(3C) + fcntl(2) POSIX tests (kill child)... ok
Running flock(3C) + fcntl(2) POSIX tests (child exits)... ok
Running flock(3C) + fcntl(2) OFD tests (kill child)... ok
Running flock(3C) + fcntl(2) OFD tests (child exits)... ok
Running flock(3C) + flock(3C) tests (kill child)... ok
Running flock(3C) + flock(3C) tests (child exits)... ok
# Shared lock tests
Running fcntl(2) POSIX + fcntl(2) POSIX tests (kill child)... ok
Running fcntl(2) POSIX + fcntl(2) POSIX tests (child exits)... ok
Running fcntl(2) POSIX + fcntl(2) OFD tests (kill child)... ok
Running fcntl(2) POSIX + fcntl(2) OFD tests (child exits)... ok
Running fcntl(2) POSIX + flock(3C) tests (kill child)... ok
Running fcntl(2) POSIX + flock(3C) tests (child exits)... ok
Running fcntl(2) OFD + fcntl(2) POSIX tests (kill child)... ok
Running fcntl(2) OFD + fcntl(2) POSIX tests (child exits)... ok
Running fcntl(2) OFD + fcntl(2) OFD tests (kill child)... ok
Running fcntl(2) OFD + fcntl(2) OFD tests (child exits)... ok
Running fcntl(2) OFD + flock(3C) tests (kill child)... ok
Running fcntl(2) OFD + flock(3C) tests (child exits)... ok
Running flock(3C) + fcntl(2) POSIX tests (kill child)... ok
Running flock(3C) + fcntl(2) POSIX tests (child exits)... ok
Running flock(3C) + fcntl(2) OFD tests (kill child)... ok
Running flock(3C) + fcntl(2) OFD tests (child exits)... ok
Running flock(3C) + flock(3C) tests (kill child)... ok
Running flock(3C) + flock(3C) tests (child exits)... ok
# flock(3C) directory lock tests
Running flock(3C) + flock(3C) tests (kill child)... ok
Running flock(3C) + flock(3C) tests (child exits)... ok
Running flock(3C) + flock(3C) tests (kill child)... ok
Running flock(3C) + flock(3C) tests (child exits)... ok
# Invalid fcntl(2) parameters tests
fcntl(fd, F_SETLK, { 200, 0, 0, 0, ... })... ok
fcntl(fd, F_SETLK, { -1, 0, 0, 0, ... })... ok
fcntl(fd, F_SETLKW, { 200, 0, 0, 0, ... })... ok
fcntl(fd, F_SETLKW, { -1, 0, 0, 0, ... })... ok
fcntl(fd, F_GETLK, { 200, 0, 0, 0, ... })... ok
fcntl(fd, F_GETLK, { -1, 0, 0, 0, ... })... ok
fcntl(fd, F_OFD_SETLK, { 200, 0, 0, 0, ... })... ok
fcntl(fd, F_OFD_SETLK, { -1, 0, 0, 0, ... })... ok
fcntl(fd, F_OFD_SETLKW, { 200, 0, 0, 0, ... })... ok
fcntl(fd, F_OFD_SETLKW, { -1, 0, 0, 0, ... })... ok
fcntl(fd, F_OFD_GETLK, { 200, 0, 0, 0, ... })... ok
fcntl(fd, F_OFD_GETLK, { -1, 0, 0, 0, ... })... ok
fcntl(fd, F_FLOCK, { 200, 0, 0, 0, ... })... ok
fcntl(fd, F_FLOCK, { -1, 0, 0, 0, ... })... ok
fcntl(fd, F_FLOCKW, { 200, 0, 0, 0, ... })... ok
fcntl(fd, F_FLOCKW, { -1, 0, 0, 0, ... })... ok
fcntl(fd, F_OFD_SETLK, { 2, 1, 0, 0, ... })... ok
fcntl(fd, F_OFD_SETLK, { 2, 0, 1, 0, ... })... ok
fcntl(fd, F_OFD_SETLK, { 2, 0, 0, 1, ... })... ok
fcntl(fd, F_OFD_SETLKW, { 2, 1, 0, 0, ... })... ok
fcntl(fd, F_OFD_SETLKW, { 2, 0, 1, 0, ... })... ok
fcntl(fd, F_OFD_SETLKW, { 2, 0, 0, 1, ... })... ok
fcntl(fd, F_OFD_GETLK, { 2, 1, 0, 0, ... })... ok
fcntl(fd, F_OFD_GETLK, { 2, 0, 1, 0, ... })... ok
fcntl(fd, F_OFD_GETLK, { 2, 0, 0, 1, ... })... ok
fcntl(fd, F_FLOCK, { 2, 1, 0, 0, ... })... ok
fcntl(fd, F_FLOCK, { 2, 0, 1, 0, ... })... ok
fcntl(fd, F_FLOCK, { 2, 0, 0, 1, ... })... ok
fcntl(fd, F_FLOCKW, { 2, 1, 0, 0, ... })... ok
fcntl(fd, F_FLOCKW, { 2, 0, 1, 0, ... })... ok
fcntl(fd, F_FLOCKW, { 2, 0, 0, 1, ... })... ok
fcntl(fd, F_OFD_SETLK, { 2, 1, 0, 0, ... })... ok
fcntl(fd, F_OFD_SETLK, { 2, 0, 1, 0, ... })... ok
fcntl(fd, F_OFD_SETLK, { 2, 0, 0, 1, ... })... ok
fcntl(fd, F_OFD_SETLKW, { 2, 1, 0, 0, ... })... ok
fcntl(fd, F_OFD_SETLKW, { 2, 0, 1, 0, ... })... ok
fcntl(fd, F_OFD_SETLKW, { 2, 0, 0, 1, ... })... ok
fcntl(fd, F_OFD_GETLK, { 2, 1, 0, 0, ... })... ok
fcntl(fd, F_OFD_GETLK, { 2, 0, 1, 0, ... })... ok
fcntl(fd, F_OFD_GETLK, { 2, 0, 0, 1, ... })... ok
# Testing that multiple OFD locks work in a process
Acquiring first two shared locks... ok
Acquiring an exclusive lock should fail w/ EWOULDBLOCK... ok
Releasing to acquire an exclusive lock... ok
Acquiring an exclusive lock... ok
Acquiring a shared lock should fail w/ EWOULDBLOCK... ok
Releasing exclusive lock... ok
# Testing flock(3C) upgrade/downgrade tests
Acquiring shared locks 1, 2 and 3... ok
Upgrading lock 3 should fail w/ EWOULDBLOCK... ok
Upgrading 3 should succeed after releasing locks 1 & 2... ok
Starting up child, then downgrading lock 3 to shared... ok
Releasing child and upgrading... ok
Releasing lock 3... ok

History

#1

Updated by Electric Monk about 2 years ago

  • Status changed from New to Closed

git commit 9c7f1ae01d2294b79bc57dff1f29ac9b813d6172

commit  9c7f1ae01d2294b79bc57dff1f29ac9b813d6172
Author: Jerry Jelinek <jerry.jelinek@joyent.com>
Date:   2018-05-14T17:14:00.000Z

    9061 ofdlock(): assertion failed: lckdat->l_start == 0
    Reviewed by: Cody Mello <cody.mello@joyent.com>
    Reviewed by: John Levon <john.levon@joyent.com>
    Reviewed by: Richard Lowe <richlowe@richlowe.net>
    Approved by: Dan McDonald <danmcd@joyent.com>

Also available in: Atom PDF