[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Kernel Oops when issuing fcntl on an AUFS directory


the wheezy kernel upgrade from 3.2.78-1 to 3.2.81-1 added the SETFL
fcntl support code (#627782) which unfortunately results in a kernel
Oops when the fcntl is called on a directory. This breaks e.g. copying
files from an AUFS filesystem on a remote machine using scp.

Minimal code to reproduce the problem:
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>

int main (int argc, char **argv) {
        const char *fname = NULL;
        int fd;
        if (argc != 2)
                exit (1);
        fname = argv[1];
        fd = open (fname, O_RDONLY|O_NONBLOCK);
        printf ("fd %d\n", fd);
        fcntl (fd, F_SETFL, O_RDONLY);
        return 0;

Call the program on regular a file (nothing happens) and then on a
directory (Oops).

The Oops happens in fs/fcntl.c:
if (!error && filp->f_op->owner &&
    !strcmp(filp->f_op->owner->name, "aufs") &&
    strstr(filp->f_op->owner->version, "+setfl"))
        error = filp->f_op->setfl(filp, arg);

>From fs/aufs/inode.c:
case S_IFREG:
	inode->i_fop = &aufs_file_fop;
case S_IFDIR:
	inode->i_fop = &aufs_dir_fop;

The aufs_file_fop structure sets the value of the .setfl member to
aufs_setfl (f_op.c). aufs_dir_fop (dir.c) on the other hand does not.

[42990.915100] aufs 3.2.x+setfl-debian
[43046.383421] BUG: unable to handle kernel NULL pointer dereference at           (null)
[43046.384011] IP: [<          (null)>]           (null)
[43046.384369] PGD 3d0f1067 PUD 3b8cc067 PMD 0 
[43046.384688] Oops: 0010 [#1] SMP 
[43046.385620] Call Trace:
[43046.385620]  [<ffffffff81108701>] ? setfl+0xf1/0x157
[43046.385620]  [<ffffffff81108b9e>] ? sys_fcntl+0x1dc/0x3b0
[43046.385620]  [<ffffffff81358af2>] ? system_call_fastpath+0x16/0x1b

0xffffffff811086d3 <+195>:   callq  0xffffffff811b2bd2 <strcmp>
0xffffffff811086d8 <+200>:   test   %eax,%eax
0xffffffff811086da <+202>:   jne    0xffffffff81108705 <setfl+245>
0xffffffff811086dc <+204>:   mov    0xb0(%r13),%rdi
0xffffffff811086e3 <+211>:   mov    $0xffffffff814dc9e4,%rsi
0xffffffff811086ea <+218>:   callq  0xffffffff811b2e25 <strstr>
0xffffffff811086ef <+223>:   test   %rax,%rax
0xffffffff811086f2 <+226>:   je     0xffffffff81108705 <setfl+245>
0xffffffff811086f4 <+228>:   mov    %rbp,%rsi
0xffffffff811086f7 <+231>:   mov    %rbx,%rdi
0xffffffff811086fa <+234>:   callq  *0xd0(%r14)
0xffffffff81108701 <+241>:   test   %eax,%eax

Naturally it happens both on i686 and amd64.

BTW, changelog link on the package's page[1] is dead.

Interesting changelog's part:

  * aufs: Make fcntl(F_SETFL, ...) work (Closes: #627782):
    - for aufs: new f_op->setfl() to support fcntl(F_SETFL)
    - aufs: implement new f_op->setfl()
    - fs: Fix ABI change for aufs F_SETFL fix

Is there any chance for a fix in some future wheezy-lts update?

[1] https://packages.debian.org/wheezy/linux-image-3.2.0-4-amd64

Marcin Szewczyk

Reply to: