Cc address is switched from linux-fsdevel ML to aufs-users.
Prasad Koya:
> <1>[45257161.254682] BUG: unable to handle kernel NULL pointer
> dereference at 0000000000000038
> <1>[45257161.351193] IP: [<ffffffff8117a5dc>] au_do_open_nondir+0x3b/0xaf
:::
> 43 finfo = au_fi(file);
> 44 memset(&finfo->fi_htop, 0, sizeof(finfo->fi_htop));
> 45 atomic_set(&finfo->fi_mmapped, 0);
> 46 bindex = au_dbstart(dentry);
> 47 h_file = au_h_open(dentry, bindex, flags, file);
> 48 if (IS_ERR(h_file))
> 49 err = PTR_ERR(h_file);
> 50 else {
> 51 au_set_fbstart(file, bindex); <========
> crash in this macro
:::
> 185 static inline void au_set_fbstart(struct file *file, aufs_bindex_t
> bindex)
> 186 {
> 187 FiMustWriteLock(file);
> 188 au_fi(file)->fi_btop = bindex;
> 189 }
> 190
:::
> au_set_fbstart(file, bindex);
> au_set_h_fptr(file, bindex, h_file);
> ffffffff8117a5d6: 44 89 e6 mov %r12d,%esi
> ffffffff8117a5d9: 48 89 df mov %rbx,%rdi
> ffffffff8117a5dc: 44 88 68 38 mov
> %r13b,0x38(%rax) <============ crash point
Looking at your first report again, I've noticed somthing strange.
If this crash had really happened in au_set_fbstart(), then it means
au_fi(file) returned NULL. But, as you can see, au_do_open_nondir()
calls au_fi(file) earlier in line 43, and line 44 succeeded
memset(&finfo->fi_htop, ...). As you know, au_fi(file) just returns
struct file.private_data, and it should never be NULL after being set
during open.
That is really really strange. I don't think someone else accidentally
set NULL to struct file.private_data. If it happens, then it means your
kernel is totally broken. So I'd suggest you to confirm these two
things as another first step.
- review your disassemble listing with the symbol table, since it looks
strange and your gdb produced
> (gdb) list *(au_do_open_nondir+0x3b)
> 0xffffffff8117a5dc is in au_do_open_nondir
> (/bld/kernel/rpmbuild/linux-3.4/fs/aufs/file.h:188).
> warning: Source file is more recent than executable.
- check the offset of fi_btop in struct au_finfo.
The disassemble listing said it is 0x38. It might be correct, but I'd
like to suggest you to confirm it. It is easy. Just put
pr_info("fi_generation %lu\n", offsetof(struct au_finfo,
fi_generation));
pr_info("fi_rwsem %lu\n", offsetof(struct au_finfo, fi_rwsem));
pr_info("fi_btop %lu\n", offsetof(struct au_finfo, fi_btop));
pr_info("fi_htop %lu\n", offsetof(struct au_finfo, fi_htop));
in your aufs_open_nondir() or somewhere else.
J. R. Okajima
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
