From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:62762 "EHLO
	mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL)
	by vger.kernel.org with ESMTP id S1751214AbcGUGkv (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Thu, 21 Jul 2016 02:40:51 -0400
Received: from pps.filterd (m0098419.ppops.net [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (8.16.0.11/8.16.0.11) with SMTP id u6L6chg8123719
	for <linux-fsdevel@vger.kernel.org>; Thu, 21 Jul 2016 02:40:50 -0400
Received: from e23smtp04.au.ibm.com (e23smtp04.au.ibm.com [202.81.31.146])
	by mx0b-001b2d01.pphosted.com with ESMTP id 2496ee1wxr-1
	(version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT)
	for <linux-fsdevel@vger.kernel.org>; Thu, 21 Jul 2016 02:40:50 -0400
Received: from localhost
	by e23smtp04.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
	for <linux-fsdevel@vger.kernel.org> from <xufeifei@linux.vnet.ibm.com>;
	Thu, 21 Jul 2016 16:40:46 +1000
Received: from d23relay08.au.ibm.com (d23relay08.au.ibm.com [9.185.71.33])
	by d23dlp01.au.ibm.com (Postfix) with ESMTP id E4CC42CE8056
	for <linux-fsdevel@vger.kernel.org>; Thu, 21 Jul 2016 16:40:43 +1000 (EST)
Received: from d23av01.au.ibm.com (d23av01.au.ibm.com [9.190.234.96])
	by d23relay08.au.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id u6L6ehDp19660866
	for <linux-fsdevel@vger.kernel.org>; Thu, 21 Jul 2016 16:40:43 +1000
Received: from d23av01.au.ibm.com (localhost [127.0.0.1])
	by d23av01.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id u6L6eh5S011137
	for <linux-fsdevel@vger.kernel.org>; Thu, 21 Jul 2016 16:40:43 +1000
Subject: Re: [Bug] fs/dcache.c: NULL pointer dereference on dentry_string_cmp
To: Al Viro <viro@ZenIV.linux.org.uk>, hejianet <hejianet@gmail.com>
References: <83724554-69c8-2b87-8e43-7ad252ec18c8@linux.vnet.ibm.com>
 <20160720055941.GJ2356@ZenIV.linux.org.uk> <57903F70.5030206@gmail.com>
 <20160721041857.GK2356@ZenIV.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org, xuhilar@gmail.com,
	boqun.feng@gmail.com
From: Feifei Xu <xufeifei@linux.vnet.ibm.com>
Date: Thu, 21 Jul 2016 14:40:39 +0800
MIME-Version: 1.0
In-Reply-To: <20160721041857.GK2356@ZenIV.linux.org.uk>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Message-Id: <52a76841-35e6-15c2-2482-7d7d4a8fba03@linux.vnet.ibm.com>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>



On 2016/7/21 12:18, Al Viro wrote:
>
> 	Hash insertion does smp_store_release().  Hash chain traversal -
> smp_read_barrier_depends().  On ppc the former is lwsync, while the latter
> is no-op, so it boils down to
> 	store dentry->d_name.name
> 	lwsync
> 	store mangled address of dentry into hash chain
> vs.
> 	fetch mangled address of dentry
> 	demangle it
> 	fetch dentry->d_name.name
> which should be enough - lwsync paired with address dependency gives the
> ordering.  IOW, it's not about the barriers in __d_alloc(), it's those in
> hlist_bl_add_head_rcu() and hlist_bl_for_each_entry_rcu().
>
> 	And it couldn't be a missing barrier anyway - crash dump shows that
> sucker with NULL ->d_name.name.
>
Maybe this is useful: there's a warning that in dmesg before the oops: 
http://paste.ubuntu.com/20279712/

[379630.827833] ------------[ cut here ]------------
[379630.827834] WARNING: at lib/list_debug.c:59
[379630.827835] Modules linked in: iptable_mangle iptable_nat nf_nat_ipv4 nf_nat iptable_raw iptable_filter ip_tables binfmt_misc nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack xfs libcrc32c ses enclosure sg ipmi_powernv ipmi_msghandler rtc_opal i2c_opal i2c_core powernv_rng shpchp ext4 mbcache jbd2 dm_service_time sd_mod sr_mod crc_t10dif crct10dif_generic cdrom crct10dif_common ipr tg3 cxgb4 libata ptp pps_core dm_mirror dm_region_hash dm_log dm_multipath nf_conntrack_ftp dm_mod nf_conntrack [last unloaded: ip_tables]
[379630.827876] CPU: 120 PID: 1371 Comm: kswapd17 Not tainted 3.10.0-327.18.2.el7.ppc64le #1
[379630.827877] task: c000000fe4c49c80 ti: c000000fe4ca0000 task.ti: c000000fe4ca0000
[379630.827879] NIP: c0000000004c9964 LR: c0000000004c9960 CTR: c0000000004b2860
[379630.827880] REGS: c000000fe4ca36a0 TRAP: 0700   Not tainted  (3.10.0-327.18.2.el7.ppc64le)
[379630.827881] MSR: 9000000100029033 <SF,HV,EE,ME,IR,DR,RI,LE>  CR: 28044044  XER: 20000000
[379630.827886] CFAR: c000000000956fb8 SOFTE: 1
GPR00: c0000000004c9960 c000000fe4ca3920 c0000000011231b0 0000000000000054
GPR04: c00000010ce08018 c00000010ce18bf0 0000000000000000 0000000000000002
GPR08: c000000000cb31b0 0000000000000000 0000000000000000 3239343331313632
GPR12: 0000000042044042 c000000007b63800 0000000000000000 0000000000000d63
GPR16: c000000001055848 00000000000001d4 00000000000f0b03 c000000001055868
GPR20: c000000fa0a2fbd8 00000000000f0b02 0000000000000040 0000000000000078
GPR24: 0000000000000000 c000000fe4ca39b0 c000000fe4ca39a0 0000000000000000
GPR28: c000000001162580 c000000fa0a2f8d0 c000000fa0a2f800 c000002611349200
[379630.827904] NIP [c0000000004c9964] __list_del_entry+0xb4/0xe0
[379630.827906] LR [c0000000004c9960] __list_del_entry+0xb0/0xe0
[379630.827907] Call Trace:
[379630.827909] [c000000fe4ca3920] [c0000000004c9960] __list_del_entry+0xb0/0xe0 (unreliable)
[379630.827913] [c000000fe4ca3980] [c0000000003270dc] prune_dcache_sb+0x9c/0x250
[379630.827915] [c000000fe4ca3a10] [c0000000002ff558] prune_super+0x1b8/0x200
[379630.827918] [c000000fe4ca3a50] [c00000000025adf4] shrink_slab+0x204/0x3b0
[379630.827920] [c000000fe4ca3b50] [c00000000025f00c] balance_pgdat+0x8ac/0xb20
[379630.827922] [c000000fe4ca3c90] [c00000000025f444] kswapd+0x1c4/0x740
[379630.827924] [c000000fe4ca3d80] [c00000000011023c] kthread+0xec/0x100
[379630.827927] [c000000fe4ca3e30] [c00000000000a474] ret_from_kernel_thread+0x5c/0x68
[379630.827928] Instruction dump:
[379630.827929] 0fe00000 4bffffd8 3c62ffa5 38639668 4848d5f9 60000000 0fe00000 4bffffc0
[379630.827931] 3c62ffa5 38639628 4848d5e1 60000000 <0fe00000> 4bffffa8 3c62ffa5 7d254b78
[379630.827935] ---[ end trace 7c1c505a25279a31 ]---

Thanks
Fiona