Kernel crash when writing existing file

Holger Schurig Wed, 03 Mar 2010 05:21:18 -0800

Hi !

I'm using linux-2.6.33 from kernel.org and aufs2 from GIT (URL
http://git.c3sl.ufpr.br/pub/scm/aufs/aufs2-standalone.git, currently at hash
b25e69da98275db107b365f0a48f76495eba30cd.


aufs announces itself as "aufs 2-standalone.tree-32-20100301". However,
it is NOT loaded as a module, instead I made a patch for the vanilal 2.6.33
kernel with it, including the "aufs2-base.patch" patch.


On an embedded system I'm trying to hide the real compact flash behind AUFS.
This worked with some older kernel and an older aufs. And now it works for new
files, but not when editing existing files.


Mount sequenze
--------------
Assume init=/bin/bash from grub, so that I have a *real* clean system.

# Make compact flash readable
#    /etc/fstab: "/dev/hdc1 / ext3 
defaults,errors=remount-ro,noatime,nodiratime 0 1"
mount -n -o remount /dev/hdc1

# mount /tmp/aufs in a tmpfs-bases /tmp
#    /etc/fstab: tmpfs /tmp tmpfs defaults 0 0"
mount -n /tmp
mkdir /tmp/aufs

# Combine the writable tmp/aufs with a readonly compactflash,
# exhibit original compact-flash as /media/realroot, so that
# I can make changes if I need to:
mount -n -t aufs -o dirs=/tmp/aufs:/=ro none /media/realroot
cd /media/realroot
pivot_root . ./media/realroot


It works partly as expected:

$ echo test >/test
$ ls /media/realroot/tmp/aufs
test
$ rm test
$ ls /media/realroot/tmp/aufs
$
$ echo >>/etc/fstab
$ ls /media/realroot/tmp/aufs/etc
fstab
$


So fine, so good. Now I'm trying this:

$ joe /etc/fstab
<doing some editing>
^K^S

The Ctrl-K Ctrl-S saves the file. But then I'm getting a kernel crash:

------------[ cut here ]------------
kernel BUG at fs/aufs/f_op.c:85!
invalid opcode: 0000 [#1] 
last sysfs file: 
Modules linked in:
------------[ cut here ]------------

The backtrace is full of hex numbers, so I have to run it
via ksymoops:

------------[ cut here ]------------
ksymoops 2.4.11 on i686 2.6.33-rc8.  Options used
     -V (default)
     -K (specified)
     -L (specified)
     -O (specified)
     -m System.map (specified)

kernel BUG at fs/aufs/f_op.c:85!
Pid: 1068, comm: joe Not tainted 2.6.33 #7 i855-W83627HF/ 
EIP: 0060:[<c01c05fb>] EFLAGS: 00010206 CPU: 0
Using defaults from ksymoops -t elf32-i386 -a i386
EAX: ffffffe2 EBX: cda19d80 ECX: cd7c23fc EDX: 00000001
ESI: cd7cb500 EDI: 00000001 EBP: 00008241 ESP: cdaf3e50
 DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
 c03695c7 017cb500 00000000 cda19d80 cd7c23fc cdb02200 c01be7b2 cd7cb500
<0> cda88c00 c01c0573 00000001 00000000 cd7c23d8 00000022 cd7e1901 cd7cb500
<0> cda19d80 cd7c23fc cdb02200 c01640a3 00000000 cd7cb500 cda19d80 00000000
Call Trace:
 [<c03695c7>] ? 0xc03695c7
 [<c01be7b2>] ? 0xc01be7b2
 [<c01c0573>] ? 0xc01c0573
 [<c01640a3>] ? 0xc01640a3
 [<c01642dc>] ? 0xc01642dc
 [<c01bf872>] ? 0xc01bf872
 [<c016f2e0>] ? 0xc016f2e0
 [<c0163ea2>] ? 0xc0163ea2
 [<c0163fe3>] ? 0xc0163fe3
 [<c0102810>] ? 0xc0102810
Code: 14 8b 53 64 88 4a 15 89 c1 89 fa 89 d8 e8 6d e0 ff ff 89 d8 e8 3b df ff 
ff 31 c0 83 c4 08 5b 5e 5f 5d c3 f7 c5 00 02 00 00 74 b6 <0f> 0b eb fe 55 57 56 
53 83 ec 04 89 c3 
89 d7 8b 68 0c 8b 45 50 


>>EIP; c01c05fb <au_do_open_nondir+88/8c>   <=====

Trace; c03695c7 <down_read+8/21>
Trace; c01be7b2 <au_do_open+ad/f0>
Trace; c01c0573 <au_do_open_nondir+0/8c>
Trace; c01640a3 <__dentry_open+96/210>
Trace; c01642dc <nameidata_to_filp+41/4b>
Trace; c01bf872 <aufs_open_nondir+0/c>
Trace; c016f2e0 <do_filp_open+80a/9f7>
Trace; c0163ea2 <do_sys_open+50/141>
Trace; c0163fe3 <sys_open+23/2a>
Trace; c0102810 <sysenter_do_call+12/26>

Code;  c01c05d0 <au_do_open_nondir+5d/8c>
00000000 <_EIP>:
Code;  c01c05d0 <au_do_open_nondir+5d/8c>
   0:   14 8b                     adc    $0x8b,%al
Code;  c01c05d2 <au_do_open_nondir+5f/8c>
   2:   53                        push   %ebx
Code;  c01c05d3 <au_do_open_nondir+60/8c>
   3:   64 88 4a 15               mov    %cl,%fs:0x15(%edx)
Code;  c01c05d7 <au_do_open_nondir+64/8c>
   7:   89 c1                     mov    %eax,%ecx
Code;  c01c05d9 <au_do_open_nondir+66/8c>
   9:   89 fa                     mov    %edi,%edx
Code;  c01c05db <au_do_open_nondir+68/8c>
   b:   89 d8                     mov    %ebx,%eax
Code;  c01c05dd <au_do_open_nondir+6a/8c>
   d:   e8 6d e0 ff ff            call   ffffe07f <_EIP+0xffffe07f>
Code;  c01c05e2 <au_do_open_nondir+6f/8c>
  12:   89 d8                     mov    %ebx,%eax
Code;  c01c05e4 <au_do_open_nondir+71/8c>
  14:   e8 3b df ff ff            call   ffffdf54 <_EIP+0xffffdf54>
Code;  c01c05e9 <au_do_open_nondir+76/8c>
  19:   31 c0                     xor    %eax,%eax
Code;  c01c05eb <au_do_open_nondir+78/8c>
  1b:   83 c4 08                  add    $0x8,%esp
Code;  c01c05ee <au_do_open_nondir+7b/8c>
  1e:   5b                        pop    %ebx
Code;  c01c05ef <au_do_open_nondir+7c/8c>
  1f:   5e                        pop    %esi
Code;  c01c05f0 <au_do_open_nondir+7d/8c>
  20:   5f                        pop    %edi
Code;  c01c05f1 <au_do_open_nondir+7e/8c>
  21:   5d                        pop    %ebp
Code;  c01c05f2 <au_do_open_nondir+7f/8c>
  22:   c3                        ret    
Code;  c01c05f3 <au_do_open_nondir+80/8c>
  23:   f7 c5 00 02 00 00         test   $0x200,%ebp
Code;  c01c05f9 <au_do_open_nondir+86/8c>
  29:   74 b6                     je     ffffffe1 <_EIP+0xffffffe1>
Code;  c01c05fb <au_do_open_nondir+88/8c>   <=====
  2b:   0f 0b                     ud2a      <=====
Code;  c01c05fd <au_do_open_nondir+8a/8c>
  2d:   eb fe                     jmp    2d <_EIP+0x2d>
Code;  c01c05ff <aufs_flush+0/e1>
  2f:   55                        push   %ebp
Code;  c01c0600 <aufs_flush+1/e1>
  30:   57                        push   %edi
Code;  c01c0601 <aufs_flush+2/e1>
  31:   56                        push   %esi
Code;  c01c0602 <aufs_flush+3/e1>
  32:   53                        push   %ebx
Code;  c01c0603 <aufs_flush+4/e1>
  33:   83 ec 04                  sub    $0x4,%esp
Code;  c01c0606 <aufs_flush+7/e1>
  36:   89 c3                     mov    %eax,%ebx
Code;  c01c0608 <aufs_flush+9/e1>
  38:   89 d7                     mov    %edx,%edi
Code;  c01c060a <aufs_flush+b/e1>
  3a:   8b 68 0c                  mov    0xc(%eax),%ebp
Code;  c01c060d <aufs_flush+e/e1>
  3d:   8b 45 50                  mov    0x50(%ebp),%eax

EIP: [<c01c05fb>]  SS:ESP 0068:cdaf3e50
Warning (Oops_read): Code line not seen, dumping what data is available


>>EIP; c01c05fb <au_do_open_nondir+88/8c>   <=====


1 warning issued.  Results may not be reliable.
------------[ cut here ]------------

It's not joe's fault, other file operations produce the same
result, e.g. "apt-get update". Or some standard Debian
runscripts, e.g. /etc/init.d/bootmisc.sh.

However, I "straced" joe. Those lines that deal with the
opened file:

------------[ cut here ]------------
execve("/usr/bin/joe", ["joe", "/etc/fstab"], [/* 14 vars */]) = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
... junk omitted ...
open("//.joe_state", O_RDONLY|O_LARGEFILE) = 3
open("/etc/fstab", O_RDWR|O_LARGEFILE)  = 3
open("/etc/fstab", O_RDONLY|O_LARGEFILE) = 3
open("/etc/localtime", O_RDONLY)        = 3
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
symlink("[email protected]", "/etc/.#fstab") = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
--- SIGALRM (Alarm clock) @ 0 (0) ---
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
stat64("/etc/fstab", {st_mode=S_IFREG|0644, st_size=737, ...}) = 0
unlink("/etc/fstab~")                   = -1 ENOENT (No such file or directory)
open("/etc/fstab", O_RDONLY|O_LARGEFILE) = 3
open("/etc/fstab~", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0100644) = 4
utime("/etc/fstab~", [2010/03/04-22:48:25, 2010/03/03-13:19:59]) = 0
stat64("/etc/fstab", {st_mode=S_IFREG|0644, st_size=737, ...}) = 0
open("/etc/fstab", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666 <unfinished ...>
+++ killed by SIGSEGV +++

------------[ cut here ]------------

Also, writing any existing file with "nvi" shows the
same behavior.


$ cat /proc/mounts:
$ ls /sys/module/aufs
parameters/
$ ls /sys/module/aufs/parameters
brs
$ cat /sys/module/aufs/parameters/brs
1

Kconfig options are:

CONFIG_AUFS_FS=y
CONFIG_AUFS_BRANCH_MAX_127=y
# CONFIG_AUFS_BRANCH_MAX_511 is not set
# CONFIG_AUFS_BRANCH_MAX_1023 is not set
# CONFIG_AUFS_BRANCH_MAX_32767 is not set
CONFIG_AUFS_HINOTIFY=y
# CONFIG_AUFS_RDU is not set
# CONFIG_AUFS_SP_IATTR is not set
# CONFIG_AUFS_SHWH is not set
CONFIG_AUFS_BR_RAMFS=y
CONFIG_AUFS_BDEV_LOOP=y
# CONFIG_AUFS_DEBUG is not set


-- 
http://www.holgerschurig.de

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev

Kernel crash when writing existing file

Reply via email to