CC aufs-users.
On Mon, Jul 16, 2018 at 2:29 PM Prasad Koya <prasad.koya@xxxxxxxxx> wrote:
>
> Hi
>
> Has anyone run into this crash with aufs 3? We hit this in production.
>
> Thank you.
>
> <1>[45257161.254682] BUG: unable to handle kernel NULL pointer
> dereference at 0000000000000038
> <1>[45257161.351193] IP: [<ffffffff8117a5dc>] au_do_open_nondir+0x3b/0xaf
> <4>[45257161.425916] PGD 80ffb067 PUD 2d20b067 PMD 0
> <4>[45257161.425923] Oops: 0002 [#1] PREEMPT SMP
> <4>[45257161.425930] CPU 1
> <4>[45257161.425932] Modules linked in: arptable_filter arp_tables
> dummy ipt_ULOG nf_conntrack_ipv6 nf_defrag_ipv6 ip6t_REJECT
> ip6table_mangle
> nf_conntrack_ipv4 nf_defrag_ipv4 xt_LOG xt_limit xt_hl xt_state
> ipt_REJECT xt_multiport xt_tcpudp iptable_mangle msr sch_prio
> kbfd(O) 8021q garp stp llc tun nf_conntrack_tftp iptable_raw
> iptable_filter ip_tables xt_NOTRACK nf_conntrack xt_mark ip6table_raw
> ip6table_filter ip6_tables x_tables scd(O) amd64_edac_mod k10temp
> hwmon microcode kvm_amd kvm
> <4>[45257161.425985]
> <4>[45257161.425990] Pid: 29253, comm: sandy2 Tainted: P O
> 3.4.43.Ar-3379181.4167M #1
> <4>[45257161.425996] RIP: 0010:[<ffffffff8117a5dc>]
> [<ffffffff8117a5dc>] au_do_open_nondir+0x3b/0xaf
> <4>[45257161.426004] RSP: 0018:ffff8800388b9c28 EFLAGS: 00210287
> <4>[45257161.426007] RAX: 0000000000000000 RBX: ffff8800576263c0 RCX:
> 0000000000000001
> <4>[45257161.426011] RDX: ffff8800576263c0 RSI: 0000000000000000 RDI:
> ffff8800576263c0
> <4>[45257161.426015] RBP: ffff8800388b9c48 R08: 0000000000000000 R09:
> 0000000000000000
> <4>[45257161.426019] R10: ffff880104d1e500 R11: fefefefefefefeff R12:
> 0000000000000000
> <4>[45257161.426022] R13: ffffffff8117a500 R14: ffff8800576263e8 R15:
> 0000000000080000
> <4>[45257161.426027] FS: 0000000000000000(0000)
> GS:ffff88013fb00000(0063) knlGS:00000000f73df8e0
> <4>[45257161.426031] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
> <4>[45257161.426034] CR2: 0000000000000038 CR3: 000000003ee9c000 CR4:
> 00000000000007e0
> <4>[45257161.426038] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
> 0000000000000000
> <4>[45257161.426041] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
> 0000000000000400
> <4>[45257161.426046] Process sandy2 (pid: 29253, threadinfo
> ffff8800388b8000, task ffff88003d9d5930)
> <4>[45257161.426049] Stack:
> <4>[45257161.426052] ffff8800388b9c48 ffff8800576263c0
> ffff880072891df8 ffffffff8117a5a1
> <4>[45257161.426059] ffff8800388b9c98 ffffffff811789cd
> ffff8800388b9c78 ffffffff813eb090
> <4>[45257161.426065] ffff88013f180000 ffff88013f180000
> ffff8800576263c0 ffff8800576263c0
> <4>[45257161.426072] Call Trace:
> <4>[45257161.426077] [<ffffffff8117a5a1>] ? au_do_open_nondir+0x0/0xaf
> <4>[45257161.426081] [<ffffffff811789cd>] au_do_open+0x57/0xaa
> <4>[45257161.426088] [<ffffffff813eb090>] ? sub_preempt_count+0x92/0xa5
> <4>[45257161.426093] [<ffffffff81179c5b>] ? aufs_open_nondir+0x0/0x80
> <4>[45257161.426097] [<ffffffff81179c8e>] aufs_open_nondir+0x33/0x80
> <4>[45257161.426103] [<ffffffff810a7945>] __dentry_open+0x158/0x275
> <4>[45257161.426107] [<ffffffff810a7b1f>] nameidata_to_filp+0x5b/0x62
> <4>[45257161.426113] [<ffffffff810b5854>] do_last+0x539/0x642
> <4>[45257161.426118] [<ffffffff810b5a28>] path_openat+0xcb/0x361
> <4>[45257161.426123] [<ffffffff810b5dad>] do_filp_open+0x38/0x84
> <4>[45257161.426129] [<ffffffff813eb090>] ? sub_preempt_count+0x92/0xa5
> <4>[45257161.426134] [<ffffffff813e8310>] ? _raw_spin_unlock+0x13/0x2e
> <4>[45257161.426139] [<ffffffff810bfb9c>] ? alloc_fd+0xfb/0x10d
> <4>[45257161.426144] [<ffffffff810a75f0>] do_sys_open+0x116/0x1af
> <4>[45257161.426150] [<ffffffff810e4320>] compat_sys_open+0x16/0x18
> <4>[45257161.426155] [<ffffffff813ee28b>] cstar_dispatch+0x7/0x1e
> <4>[45257161.426158] Code: ec 08 4c 8b 47 18 4d 3b 40 18 49 8b 40 30
> 74 07 49 83 78 10 00 74 29 48 85 c0 75 31 eb 22 48 8b 83 c0 00 00 00
> 44 89 e6 48 89 df
> <44> 88 68 38 e8 b0 e1 ff ff 48 89 df e8 b7 df ff ff 31 c0 eb 05
> <1>[45257161.426218] RIP [<ffffffff8117a5dc>] au_do_open_nondir+0x3b/0xaf
> <4>[45257161.501970] RSP <ffff8800388b9c28>
> <0>[45257161.501974] Kernel version: 3.4.43 #1 SMP PREEMPT Fri Jul 22
> 13:33:33 PDT 2016
> <4>[45257161.608848] CR2: 0000000000000038
>
> <4>[45257161.425996] RIP: 0010:[<ffffffff8117a5dc>]
> [<ffffffff8117a5dc>] au_do_open_nondir+0x3b/0xaf
>
> 28 int au_do_open_nondir(struct file *file, int flags)
> 29 {
> 30 int err;
> 31 aufs_bindex_t bindex;
> 32 struct file *h_file;
> 33 struct dentry *dentry;
> 34 struct au_finfo *finfo;
> 35
> 36 FiMustWriteLock(file);
> 37
> 38 dentry = file->f_dentry;
> 39 err = au_d_alive(dentry);
> 40 if (unlikely(err))
> 41 goto out;
> 42
> 43 finfo = au_fi(file);
> 44 memset(&finfo->fi_htop, 0, sizeof(finfo->fi_htop));
> 45 atomic_set(&finfo->fi_mmapped, 0);
> 46 bindex = au_dbstart(dentry);
> 47 h_file = au_h_open(dentry, bindex, flags, file);
> 48 if (IS_ERR(h_file))
> 49 err = PTR_ERR(h_file);
> 50 else {
> 51 au_set_fbstart(file, bindex); <========
> crash in this macro
> 52 au_set_h_fptr(file, bindex, h_file);
> 53 au_update_figen(file);
> 54 /* todo: necessary? */
> 55 /* file->f_ra = h_file->f_ra; */
> 56 }
>
> 185 static inline void au_set_fbstart(struct file *file, aufs_bindex_t
> bindex)
> 186 {
> 187 FiMustWriteLock(file);
> 188 au_fi(file)->fi_btop = bindex;
> 189 }
> 190
>
> 145 static inline struct au_finfo *au_fi(struct file *file)
> 146 {
> 147 return file->private_data;
> 148 }
>
>
>
> struct inode *inode = d->d_inode;
> err = 0;
> if (unlikely(d_unhashed(d) || !inode || !inode->i_nlink))
> ffffffff8117a5c1: 49 83 78 10 00 cmpq $0x0,0x10(%r8)
> ffffffff8117a5c6: 74 29 je
> ffffffff8117a5f1 <au_do_open_nondir+0x50>
> err = 0;
> if (!IS_ROOT(d))
> err = au_d_hashed_positive(d);
> else {
> inode = d->d_inode;
> if (unlikely(d_unlinked(d) || !inode ||
> !inode->i_nlink))
> ffffffff8117a5c8: 48 85 c0 test %rax,%rax
> ffffffff8117a5cb: 75 31 jne
> ffffffff8117a5fe <au_do_open_nondir+0x5d>
> ffffffff8117a5cd: eb 22 jmp
> ffffffff8117a5f1 <au_do_open_nondir+0x50>
> }
>
> static inline void au_set_fbstart(struct file *file, aufs_bindex_t
> bindex)
> {
> FiMustWriteLock(file);
> au_fi(file)->fi_btop = bindex;
> ffffffff8117a5cf: 48 8b 83 c0 00 00 00 mov 0xc0(%rbx),%rax
> h_file = au_h_open(dentry, bindex, flags, file);
> if (IS_ERR(h_file))
> err = PTR_ERR(h_file);
> else {
> au_set_fbstart(file, bindex);
> au_set_h_fptr(file, bindex, h_file);
> ffffffff8117a5d6: 44 89 e6 mov %r12d,%esi
> ffffffff8117a5d9: 48 89 df mov %rbx,%rdi
> ffffffff8117a5dc: 44 88 68 38 mov
> %r13b,0x38(%rax) <============ crash point
> ffffffff8117a5e0: e8 b0 e1 ff ff callq
> ffffffff81178795 <au_set_h_fptr>
> au_update_figen(file);
> ffffffff8117a5e5: 48 89 df mov %rbx,%rdi
> ffffffff8117a5e8: e8 b7 df ff ff callq
> ffffffff811785a4 <au_update_figen>
> ffffffff8117a5ed: 31 c0 xor %eax,%eax
> ffffffff8117a5ef: eb 05 jmp
> ffffffff8117a5f6 <au_do_open_nondir+0x55>
> ffffffff8117a5f1: b8 fe ff ff ff mov
> $0xfffffffe,%eax
> /* file->f_ra = h_file->f_ra; */
> }
>
>
> Reading symbols from /tmp/vmlinux...done.
> (gdb) list *(au_do_open_nondir+0x3b)
> 0xffffffff8117a5dc is in au_do_open_nondir
> (/bld/kernel/rpmbuild/linux-3.4/fs/aufs/file.h:188).
> warning: Source file is more recent than executable.
> 183 }
> 184
> 185 static inline void au_set_fbstart(struct file *file,
> aufs_bindex_t bindex)
> 186 {
> 187 FiMustWriteLock(file);
> 188 au_fi(file)->fi_btop = bindex;
> 189 }
> 190
> 191 static inline void au_set_fbend_dir(struct file *file,
> aufs_bindex_t bindex)
> 192 {
> (gdb)
