group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #27057
[Bug 1797314] Re: fscache: bad refcounting in fscache_op_complete leads to OOPS
This bug was fixed in the package linux - 4.4.0-139.165
---------------
linux (4.4.0-139.165) xenial; urgency=medium
* linux: 4.4.0-139.165 -proposed tracker (LP: #1799401)
* Kernel panic after the ubuntu_nbd_smoke_test on Xenial kernel (LP: #1793464)
- nbd: Remove signal usage
- nbd: Timeouts are not user requested disconnects
- nbd: Cleanup reset of nbd and bdev after a disconnect
- nbd: don't shutdown sock with irq's disabled
- nbd: fix race in ioctl
* fscache: bad refcounting in fscache_op_complete leads to OOPS (LP: #1797314)
- SAUCE: fscache: Fix race in decrementing refcount of op->npages
* xenial: virtio-scsi: CPU soft lockup due to loop in
virtscsi_target_destroy() (LP: #1798110)
- SAUCE: (no-up) virtio-scsi: Decrement reqs counter before SCSI command
requeue
* Error reported when creating ZFS pool with "-t" option, despite successful
pool creation (LP: #1769937)
- SAUCE: (noup) Update zfs to 0.6.5.6-0ubuntu26
* Xenial update: 4.4.160 upstream stable release (LP: #1798770)
- crypto: skcipher - Fix -Wstringop-truncation warnings
- tsl2550: fix lux1_input error in low light
- vmci: type promotion bug in qp_host_get_user_memory()
- x86/numa_emulation: Fix emulated-to-physical node mapping
- staging: rts5208: fix missing error check on call to rtsx_write_register
- uwb: hwa-rc: fix memory leak at probe
- power: vexpress: fix corruption in notifier registration
- Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
- USB: serial: kobil_sct: fix modem-status error handling
- 6lowpan: iphc: reset mac_header after decompress to fix panic
- md-cluster: clear another node's suspend_area after the copy is finished
- media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
- powerpc/kdump: Handle crashkernel memory reservation failure
- media: fsl-viu: fix error handling in viu_of_probe()
- x86/tsc: Add missing header to tsc_msr.c
- x86/entry/64: Add two more instruction suffixes
- scsi: target/iscsi: Make iscsit_ta_authentication() respect the output
buffer size
- scsi: klist: Make it safe to use klists in atomic context
- scsi: ibmvscsi: Improve strings handling
- usb: wusbcore: security: cast sizeof to int for comparison
- powerpc/powernv/ioda2: Reduce upper limit for DMA window size
- alarmtimer: Prevent overflow for relative nanosleep
- s390/extmem: fix gcc 8 stringop-overflow warning
- ALSA: snd-aoa: add of_node_put() in error path
- media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
- media: soc_camera: ov772x: correct setting of banding filter
- media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
- staging: android: ashmem: Fix mmap size validation
- drivers/tty: add error handling for pcmcia_loop_config
- media: tm6000: add error handling for dvb_register_adapter
- ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
- ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
- rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
- wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()
- ARM: mvebu: declare asm symbols as character arrays in pmsu.c
- HID: hid-ntrig: add error handling for sysfs_create_group
- scsi: bnx2i: add error handling for ioremap_nocache
- EDAC, i7core: Fix memleaks and use-after-free on probe and remove
- ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
- module: exclude SHN_UNDEF symbols from kallsyms api
- nfsd: fix corrupted reply to badly ordered compound
- ARM: dts: dra7: fix DCAN node addresses
- serial: cpm_uart: return immediately from console poll
- spi: tegra20-slink: explicitly enable/disable clock
- spi: sh-msiof: Fix invalid SPI use during system suspend
- spi: sh-msiof: Fix handling of write value for SISTR register
- spi: rspi: Fix invalid SPI use during system suspend
- spi: rspi: Fix interrupted DMA transfers
- USB: fix error handling in usb_driver_claim_interface()
- USB: handle NULL config in usb_find_alt_setting()
- slub: make ->cpu_partial unsigned int
- Revert "UBUNTU: SAUCE: media: uvcvideo: Support realtek's UVC 1.5 device"
- media: uvcvideo: Support realtek's UVC 1.5 device
- USB: usbdevfs: sanitize flags more
- USB: usbdevfs: restore warning for nonsensical flags
- Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in
service_outstanding_interrupt()"
- USB: remove LPM management from usb_driver_claim_interface()
- Input: elantech - enable middle button of touchpad on ThinkPad P72
- IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop
- scsi: target: iscsi: Use bin2hex instead of a re-implementation
- serial: imx: restore handshaking irq for imx1
- arm64: KVM: Tighten guest core register access from userspace
- ext4: never move the system.data xattr out of the inode body
- thermal: of-thermal: disable passive polling when thermal zone is disabled
- net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES
- e1000: check on netif_running() before calling e1000_up()
- e1000: ensure to free old tx/rx rings in set_ringparam()
- hwmon: (ina2xx) fix sysfs shunt resistor read access
- hwmon: (adt7475) Make adt7475_read_word() return errors
- i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus
- arm64: cpufeature: Track 32bit EL0 support
- arm64: KVM: Sanitize PSTATE.M when being set from userspace
- media: v4l: event: Prevent freeing event subscriptions while accessed
- KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function
- mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X
- mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X
- gpio: adp5588: Fix sleep-in-atomic-context bug
- mac80211: mesh: fix HWMP sequence numbering to follow standard
- cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE
- RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0
- i2c: uniphier: issue STOP only for last message or I2C_M_STOP
- i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP
- net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx()
- fs/cifs: don't translate SFM_SLASH (U+F026) to backslash
- cfg80211: fix a type issue in ieee80211_chandef_to_operating_class()
- mac80211: fix a race between restart and CSA flows
- mac80211: Fix station bandwidth setting after channel switch
- mac80211: shorten the IBSS debug messages
- tools/vm/slabinfo.c: fix sign-compare warning
- tools/vm/page-types.c: fix "defined but not used" warning
- mm: madvise(MADV_DODUMP): allow hugetlbfs pages
- usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i]
- perf probe powerpc: Ignore SyS symbols irrespective of endianness
- RDMA/ucma: check fd type in ucma_migrate_id()
- USB: yurex: Check for truncation in yurex_read()
- drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS
- fs/cifs: suppress a string overflow warning
- dm thin metadata: try to avoid ever aborting transactions
- arch/hexagon: fix kernel/dma.c build warning
- hexagon: modify ffs() and fls() to return int
- arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto"
- r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED
- s390/qeth: don't dump past end of unknown HW header
- cifs: read overflow in is_valid_oplock_break()
- xen/manage: don't complain about an empty value in control/sysrq node
- xen: avoid crash in disable_hotplug_cpu
- xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage
- smb2: fix missing files in root share directory listing
- crypto: mxs-dcp - Fix wait logic on chan threads
- proc: restrict kernel stack dumps to root
- ocfs2: fix locking for res->tracking and dlm->tracking_list
- dm thin metadata: fix __udivdi3 undefined on 32-bit
- Linux 4.4.160
* Volume control not working Dell XPS 27 (7760) (LP: #1775068) // Xenial
update: 4.4.160 upstream stable release (LP: #1798770)
- ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760
* Xenial update: 4.4.160 upstream stable release (LP: #1798770) //
CVE-2018-7755
- floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl
* Xenial update: 4.4.159 upstream stable release (LP: #1798617)
- NFC: Fix possible memory corruption when handling SHDLC I-Frame commands
- NFC: Fix the number of pipes
- ASoC: cs4265: fix MMTLR Data switch control
- ALSA: bebob: use address returned by kmalloc() instead of kernel stack for
streaming DMA mapping
- ALSA: emu10k1: fix possible info leak to userspace on
SNDRV_EMU10K1_IOCTL_INFO
- platform/x86: alienware-wmi: Correct a memory leak
- xen/netfront: don't bug in case of too many frags
- xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code
- ring-buffer: Allow for rescheduling when removing pages
- mm: shmem.c: Correctly annotate new inodes for lockdep
- gso_segment: Reset skb->mac_len after modifying network header
- ipv6: fix possible use-after-free in ip6_xmit()
- net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
- net: hp100: fix always-true check for link up state
- neighbour: confirm neigh entries when ARP packet is received
- ocfs2: fix ocfs2 read block panic
- drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect()
- tty: vt_ioctl: fix potential Spectre v1
- ext4: avoid divide by zero fault when deleting corrupted inline directories
- ext4: recalucate superblock checksum after updating free blocks/inodes
- ext4: fix online resize's handling of a too-small final block group
- ext4: fix online resizing for bigalloc file systems with a 1k block size
- ext4: don't mark mmp buffer head dirty
- arm64: Add trace_hardirqs_off annotation in ret_to_user
- HID: sony: Update device ids
- HID: sony: Support DS4 dongle
- iw_cxgb4: only allow 1 flush on user qps
- Linux 4.4.159
* Xenial update: 4.4.158 upstream stable release (LP: #1798587)
- iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register
- ALSA: msnd: Fix the default sample sizes
- ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro
- xfrm: fix 'passing zero to ERR_PTR()' warning
- gfs2: Special-case rindex for gfs2_grow
- clk: imx6ul: fix missing of_node_put()
- kbuild: add .DELETE_ON_ERROR special target
- dmaengine: pl330: fix irq race with terminate_all
- MIPS: ath79: fix system restart
- media: videobuf2-core: check for q->error in vb2_core_qbuf()
- mtd/maps: fix solutionengine.c printk format warnings
- fbdev: omapfb: off by one in omapfb_register_client()
- video: goldfishfb: fix memory leak on driver remove
- fbdev/via: fix defined but not used warning
- perf powerpc: Fix callchain ip filtering when return address is in a
register
- fbdev: Distinguish between interlaced and progressive modes
- ARM: exynos: Clear global variable on init error path
- perf powerpc: Fix callchain ip filtering
- powerpc/powernv: opal_put_chars partial write fix
- MIPS: jz4740: Bump zload address
- mac80211: restrict delayed tailroom needed decrement
- xen-netfront: fix queue name setting
- arm64: dts: qcom: db410c: Fix Bluetooth LED trigger
- s390/qeth: fix race in used-buffer accounting
- s390/qeth: reset layer2 attribute on layer switch
- platform/x86: toshiba_acpi: Fix defined but not used build warnings
- crypto: sharah - Unregister correct algorithms for SAHARA 3
- xen-netfront: fix warn message as irq device name has '/'
- RDMA/cma: Protect cma dev list with lock
- pstore: Fix incorrect persistent ram buffer mapping
- xen/netfront: fix waiting for xenbus state change
- IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler
- Tools: hv: Fix a bug in the key delete code
- misc: hmc6352: fix potential Spectre v1
- usb: Don't die twice if PCI xhci host is not responding in resume
- USB: Add quirk to support DJI CineSSD
- usb: Avoid use-after-free by flushing endpoints early in usb_set_interface()
- usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame()
- USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller
- USB: net2280: Fix erroneous synchronization change
- USB: serial: io_ti: fix array underflow in completion handler
- usb: misc: uss720: Fix two sleep-in-atomic-context bugs
- USB: yurex: Fix buffer over-read in yurex_write()
- usb: cdc-wdm: Fix a sleep-in-atomic-context bug in
service_outstanding_interrupt()
- cifs: prevent integer overflow in nxt_dir_entry()
- CIFS: fix wrapping bugs in num_entries()
- binfmt_elf: Respect error return from `regset->active'
- audit: fix use-after-free in audit_add_watch
- mtdchar: fix overflows in adjustment of `count`
- MIPS: loongson64: cs5536: Fix PCI_OHCI_INT_REG reads
- ARM: hisi: handle of_iomap and fix missing of_node_put
- ARM: hisi: fix error handling and missing of_node_put
- ARM: hisi: check of_iomap and fix missing of_node_put
- drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping
- parport: sunbpp: fix error return code
- coresight: Handle errors in finding input/output ports
- coresight: tpiu: Fix disabling timeouts
- gpiolib: Mark gpio_suffixes array with __maybe_unused
- drm/amdkfd: Fix error codes in kfd_get_process
- rtc: bq4802: add error handling for devm_ioremap
- ALSA: pcm: Fix snd_interval_refine first/last with open min/max
- selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock
adjustments are in progress
- drm/panel: type promotion bug in s6e8aa0_read_mtp_id()
- pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant
- USB: serial: ti_usb_3410_5052: fix array underflow in completion handler
- mei: bus: type promotion bug in mei_nfc_if_version()
- drivers: net: cpsw: fix segfault in case of bad phy-handle
- MIPS: VDSO: Match data page cache colouring when D$ aliases
- Linux 4.4.158
* Xenial update: 4.4.157 upstream stable release (LP: #1798539)
- i2c: xiic: Make the start and the byte count write atomic
- i2c: i801: fix DNV's SMBCTRL register offset
- ALSA: hda - Fix cancel_work_sync() stall from jackpoll work
- cfq: Give a chance for arming slice idle timer in case of group_idle
- kthread: Fix use-after-free if kthread fork fails
- kthread: fix boot hang (regression) on MIPS/OpenRISC
- staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page
- staging/rts5208: Fix read overflow in memcpy
- block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg
- locking/rwsem-xadd: Fix missed wakeup due to reordering of load
- selinux: use GFP_NOWAIT in the AVC kmem_caches
- locking/osq_lock: Fix osq_lock queue corruption
- ARC: [plat-axs*]: Enable SWAP
- misc: mic: SCIF Fix scif_get_new_port() error handling
- ethtool: Remove trailing semicolon for static inline
- gpio: tegra: Move driver registration to subsys_init level
- scsi: target: fix __transport_register_session locking
- md/raid5: fix data corruption of replacements after originals dropped
- misc: ti-st: Fix memory leak in the error path of probe()
- uio: potential double frees if __uio_register_device() fails
- tty: rocket: Fix possible buffer overwrite on register_PCI
- f2fs: do not set free of current section
- perf tools: Allow overriding MAX_NR_CPUS at compile time
- NFSv4.0 fix client reference leak in callback
- macintosh/via-pmu: Add missing mmio accessors
- ath10k: prevent active scans on potential unusable channels
- MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET
- ata: libahci: Correct setting of DEVSLP register
- scsi: 3ware: fix return 0 on the error path of probe
- ath10k: disable bundle mgmt tx completion event support
- Bluetooth: hidp: Fix handling of strncpy for hid->name information
- x86/mm: Remove in_nmi() warning from vmalloc_fault()
- gpio: ml-ioh: Fix buffer underwrite on probe error path
- net: mvneta: fix mtu change on port without link
- MIPS: Octeon: add missing of_node_put()
- net: dcb: For wild-card lookups, use priority -1, not 0
- Input: atmel_mxt_ts - only use first T9 instance
- iommu/ipmmu-vmsa: Fix allocation in atomic context
- mfd: ti_am335x_tscadc: Fix struct clk memory leak
- f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize
- MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON
- RDMA/cma: Do not ignore net namespace for unbound cm_id
- xhci: Fix use-after-free in xhci_free_virt_device
- vmw_balloon: include asm/io.h
- netfilter: x_tables: avoid stack-out-of-bounds read in
xt_copy_counters_from_user
- drivers: net: cpsw: fix parsing of phy-handle DT property in dual_emac
config
- net: ethernet: ti: cpsw: fix mdio device reference leak
- ethernet: ti: davinci_emac: add missing of_node_put after calling
of_parse_phandle
- crypto: vmx - Fix sleep-in-atomic bugs
- mtd: ubi: wl: Fix error return code in ubi_wl_init()
- autofs: fix autofs_sbi() does not check super block type
- Linux 4.4.157
* Xenial update: 4.4.156 upstream stable release (LP: #1797563)
- staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free
- net: bcmgenet: use MAC link status for fixed phy
- qlge: Fix netdev features configuration.
- tcp: do not restart timewait timer on rst reception
- vti6: remove !skb->ignore_df check from vti6_xmit()
- cifs: check if SMB2 PDU size has been padded and suppress the warning
- hfsplus: don't return 0 when fill_super() failed
- hfs: prevent crash on exit from failed search
- fork: don't copy inconsistent signal handler state to child
- reiserfs: change j_timestamp type to time64_t
- hfsplus: fix NULL dereference in hfsplus_lookup()
- fat: validate ->i_start before using
- scripts: modpost: check memory allocation results
- mm/fadvise.c: fix signed overflow UBSAN complaint
- fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()
- ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest()
- mfd: sm501: Set coherent_dma_mask when creating subdevices
- platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360
- irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP
- net/9p: fix error path of p9_virtio_probe
- powerpc: Fix size calculation using resource_size()
- s390/dasd: fix hanging offline processing due to canceled worker
- scsi: aic94xx: fix an error code in aic94xx_init()
- PCI: mvebu: Fix I/O space end address calculation
- dm kcopyd: avoid softlockup in run_complete_job
- staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice
- selftests/powerpc: Kill child processes on SIGINT
- smb3: fix reset of bytes read and written stats
- SMB3: Number of requests sent should be displayed for SMB3 not just CIFS
- powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX.
- btrfs: replace: Reset on-disk dev stats value after replace
- btrfs: relocation: Only remove reloc rb_trees if reloc control has been
initialized
- btrfs: Don't remove block group that still has pinned down bytes
- debugobjects: Make stack check warning more informative
- x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear
- kbuild: make missing $DEPMOD a Warning instead of an Error
- Revert "ARM: imx_v6_v7_defconfig: Select ULPI support"
- enic: do not call enic_change_mtu in enic_probe
- Fixes: Commit cdbf92675fad ("mm: numa: avoid waiting on freed migrated
pages")
- genirq: Delay incrementing interrupt count if it's disabled/pending
- irqchip/gic-v3-its: Recompute the number of pages on page size change
- irqchip/gicv3-its: Fix memory leak in its_free_tables()
- irqchip/gicv3-its: Avoid cache flush beyond ITS_BASERn memory size
- irqchip/gic-v3: Add missing barrier to 32bit version of gic_read_iar()
- irqchip/gic: Make interrupt ID 1020 invalid
- ovl: rename is_merge to is_lowest
- ovl: override creds with the ones from the superblock mounter
- ovl: proper cleanup of workdir
- sch_htb: fix crash on init failure
- sch_multiq: fix double free on init failure
- sch_hhf: fix null pointer dereference on init failure
- sch_netem: avoid null pointer deref on init failure
- sch_tbf: fix two null pointer dereferences on init failure
- mei: me: allow runtime pm for platform with D0i3
- ASoC: wm8994: Fix missing break in switch
- btrfs: use correct compare function of dirty_metadata_bytes
- Linux 4.4.156
-- Kleber Sacilotto de Souza <kleber.souza@xxxxxxxxxxxxx> Wed, 24 Oct
2018 09:57:17 +0000
** Changed in: linux (Ubuntu Xenial)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-7755
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1797314
Title:
fscache: bad refcounting in fscache_op_complete leads to OOPS
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Xenial:
Fix Released
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Cosmic:
Fix Committed
Bug description:
SRU Justification
-----------------
[Impact]
A kernel BUG is sometimes observed when using fscache:
[4740718.880898] FS-Cache:
[4740718.880920] FS-Cache: Assertion failed
[4740718.880934] FS-Cache: 0 > 0 is false
[4740718.881001] ------------[ cut here ]------------
[4740718.881017] kernel BUG at /usr/src/linux-4.4.0/fs/fscache/operation.c:449!
[4740718.881040] invalid opcode: 0000 [#1] SMP
[4740718.892659] Call Trace:
[4740718.893506] [<ffffffffc1464cf9>] cachefiles_read_copier+0x3a9/0x410 [cachefiles]
[4740718.894374] [<ffffffffc037e272>] fscache_op_work_func+0x22/0x50 [fscache]
[4740718.895180] [<ffffffff81096da0>] process_one_work+0x150/0x3f0
[4740718.895966] [<ffffffff8109751a>] worker_thread+0x11a/0x470
[4740718.896753] [<ffffffff81808e59>] ? __schedule+0x359/0x980
[4740718.897783] [<ffffffff81097400>] ? rescuer_thread+0x310/0x310
[4740718.898581] [<ffffffff8109cdd6>] kthread+0xd6/0xf0
[4740718.899469] [<ffffffff8109cd00>] ? kthread_park+0x60/0x60
[4740718.900477] [<ffffffff8180d0cf>] ret_from_fork+0x3f/0x70
[4740718.901514] [<ffffffff8109cd00>] ? kthread_park+0x60/0x60
[Problem]
In include/linux/fscache-cache.h, fscache_retrieval_complete reads, in
part:
atomic_sub(n_pages, &op->n_pages);
if (atomic_read(&op->n_pages) <= 0)
fscache_op_complete(&op->op, true);
The code is using atomic_sub followed by an atomic_read. This causes
two threads doing a decrement of pages to race with each other seeing
the op->refcount <= 0 at same time, and end up calling
fscache_op_complete in both the threads leading to the OOPS.
[Fix]
The fix is trivial to use atomic_sub_return instead of two calls.
[Testcase]
I believe the user has tested the patch successfully on their fscache/cachefiles setup.
[Regression Potential]
Limited to fscache. Small, comprehensible change.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1797314/+subscriptions