James B:
> The system has been up for 15 hours; normally by now it would have given me
> the oops. But it still looks like it is going strong. I'll update you again
> as time goes on, keep fingers crossed ...
Digging into the aufs history, I've found the bug was born in aufs1 (CVS-age)
On 2008-07-21
- backpot from fs/aufs25.
+ pin the hierarchy on lower branch and new ignore scheme for inotify,
do_rename(), au_hgdirs(), au_may_ren(), au_ren_pin_init(),
au_ren_fake_pin(), au_ren_pin4(), au_ren_pin3(), au_ren_pin(),
au_ren_unlock(), au_ren_lock() and aufs_rename().
+ reduce the stack usage.
+ split do_rename() into several static functions.
+ prefix 'au_' to nhash/vdir functions.
Here "split do_rename() into several static functions" had a bug, and it
passes an error code to dput() instead of a pointer. In your case, a
function just before calling dput() returns -17 (which is EEXIST:File
exists), and aufs blidnly passed it to dput().
dput() checks whether the given argument is NULL or not. It is good but
not helpful for this case. And tried accessing a member thought the
pointer by adding 0x50. Now -17(0xffffffef) + 0x50 produced 0x3f. I
think this is the story of this bug.
It must be one of the most long lived bug.
Thank you very much for your report and repeted tests.
J. R. Okajima
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
