[Unionfs] Re: unionfs 2.2.3 OOPS

Erez Zadok ezk at cs.sunysb.edu
Mon Jan 28 22:50:26 EST 2008 

In message <20080128110152.6ea770db at mandriva.com.br>, "Luiz Fernando N. Capitulino" writes:
> 
>  Hi Erez,
> 
>  We've found a reproducible bug in unionfs when used with NFS. If you
> do this:

I tried to investigate/reproduce this on my en.  So far I couldn't.  Here are
some questions for you.  BTW, you can open a bugzilla report on this and we
can continue to communicate back and forth via bugzilla.

> # mkdir x nfs new-storage
> # mount -t nfs SOME-NFS-VOLUME nfs

Please give me the output of "ls -alR x nfs new-storage" at this point.

> # modprobe unionfs
> # mount -t unionfs -o dirs=./x=rw:./nfs=ro unionfs new-storage
> # l new-storage

I need to know what 'l' is here.

>  You'll get the OOPS below (the kernel is a 2.6.24 vanilla with
> unionfs patch applied):

Your OOPS trace seems truncated.  Usually there's more stuff at the bottom
below the stack trace, esp. the actual function which oopsed, and the hex
offset into it.  Can you provide it?

> """
> Registering unionfs 2.2.3 (for 2.6.24)
> BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000
> printing eip: 00000000 *pde = 00000000 
> Oops: 0000 [#1] 
> Modules linked in: unionfs nfs af_packet snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq ipv6 snd_pcm_oss snd_mixer_oss nfsd lockd nfs_acl auth_rpcgss sunrpc exportfs binfmt_misc loop dm_mirror dm_mod sata_via libata scsi_mod floppy cpufreq_ondemand cpufreq_conservative cpufreq_powersave freq_table parport_pc parport snd_via82xx rtc_cmos gameport rtc_core rtc_lib snd_ac97_codec ac97_bus snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore pcspkr ehci_hcd i2c_viapro uhci_hcd 8139cp i2c_core ohci1394 ieee1394 usbcore ide_cd cdrom 8139too mii shpchp firewire_ohci pci_hotplug via_agp firewire_core crc_itu_t agpgart evdev ext3 jbd ide_disk ide_generic via82cxxx ide_core
> 
> Pid: 4090, comm: ls Not tainted (2.6.24-1mdv #1)

Is your kernel truly a vanilla 2.6.24 kernel?  Or does it have all sorts of
mandriva patches?  I'll need a tarball w/ all of your kernel sources, which
should include all of your patches, and a kernel .config; that'll help me
reproduce the problem here.

> EIP: 0060:[<00000000>] EFLAGS: 00010282 CPU: 0
> EIP is at 0x0
> EAX: dc1a3540 EBX: e0e1e6d4 ECX: 00000000 EDX: dc1a29a4
> ESI: dc1a29a4 EDI: dc1a2a40 EBP: dd64fc84 ESP: dd64fc68
>  DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
> Process ls (pid: 4090, ti=dd64e000 task=de6aabb0 task.ti=dd64e000)
> Stack: c01776ed 00000000 dd64fc90 dc1a3540 dc1a2a40 dd64fc90 dc1a35c8 dd64fca4 
>        c0178937 00000010 1210cd94 00000010 e0d82725 dc1a3540 dc1a2a40 dd64fd14 
>        e0d7e160 dd64fcd4 c01804af dc1a2ab8 dd64fd00 dc18e3ac dc1a2a40 c01800ab 
> Call Trace:
>  [<c01054b2>] show_trace_log_lvl+0x1a/0x2f
>  [<c0105562>] show_stack_log_lvl+0x9b/0xa3
>  [<c0105610>] show_registers+0xa6/0x178
>  [<c01057f8>] die+0x116/0x202
>  [<c02cc070>] do_page_fault+0x561/0x63f
>  [<c02ca8ba>] error_code+0x6a/0x70
>  [<c0178937>] lookup_one_len+0x3b/0x42
>  [<e0d7e160>] is_opaque_dir+0x68/0xab [unionfs]
>  [<e0d7e706>] unionfs_lookup_backend+0x563/0x9a6 [unionfs]
>  [<e0d77242>] unionfs_lookup+0x6d/0x180 [unionfs]
>  [<c0177596>] do_lookup+0xa2/0x13f
>  [<c017918e>] __link_path_walk+0x740/0xb30
>  [<c01795c7>] link_path_walk+0x49/0xbc
>  [<c0179652>] path_walk+0x18/0x1a
>  [<c01798d3>] do_path_lookup+0x179/0x1dc
>  [<c017a0b7>] __user_walk_fd+0x32/0x44
>  [<c0173f7e>] vfs_lstat_fd+0x18/0x3e
>  [<c017400f>] vfs_lstat+0x11/0x13
>  [<c0174025>] sys_lstat64+0x14/0x28
>  [<c0103e02>] sysenter_past_esp+0x6b/0xc9
>  =======================
> Code:  Bad EIP value.
> EIP: [<00000000>] 0x0 SS:ESP 0068:dd64fc68
> ---[ end trace 140a045c14fdd94a ]---
> """
> 
> -- 
> Luiz Fernando N. Capitulino

Can you apply the small patch below and let me know if any of the 3 new
BUG_ON lines get triggered in your setup?

Thanks,
Erez.


diff --git a/fs/unionfs/lookup.c b/fs/unionfs/lookup.c
index b9ee072..4f161ce 100644
--- a/fs/unionfs/lookup.c
+++ b/fs/unionfs/lookup.c
@@ -40,8 +40,11 @@ static noinline int is_opaque_dir(struct dentry *dentry, int bindex)
 	struct inode *lower_inode;
 	struct sioq_args args;
 
+	BUG_ON(bindex < 0);
 	lower_dentry = unionfs_lower_dentry_idx(dentry, bindex);
+	BUG_ON(!lower_dentry);
 	lower_inode = lower_dentry->d_inode;
+	BUG_ON(!lower_inode);
 
 	BUG_ON(!S_ISDIR(lower_inode->i_mode));

More information about the unionfs mailing list