From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:3242 "EHLO
	mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL)
	by vger.kernel.org with ESMTP id S1751001AbcGNNZ5 (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Thu, 14 Jul 2016 09:25:57 -0400
Received: from pps.filterd (m0098416.ppops.net [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (8.16.0.11/8.16.0.11) with SMTP id u6EDOOT1103140
	for <linux-fsdevel@vger.kernel.org>; Thu, 14 Jul 2016 09:25:57 -0400
Received: from e28smtp02.in.ibm.com (e28smtp02.in.ibm.com [125.16.236.2])
	by mx0b-001b2d01.pphosted.com with ESMTP id 246bcy0khm-1
	(version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT)
	for <linux-fsdevel@vger.kernel.org>; Thu, 14 Jul 2016 09:25:56 -0400
Received: from localhost
	by e28smtp02.in.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
	for <linux-fsdevel@vger.kernel.org> from <xufeifei@linux.vnet.ibm.com>;
	Thu, 14 Jul 2016 18:55:52 +0530
Received: from d28relay04.in.ibm.com (d28relay04.in.ibm.com [9.184.220.61])
	by d28dlp02.in.ibm.com (Postfix) with ESMTP id 10D4C3940062
	for <linux-fsdevel@vger.kernel.org>; Thu, 14 Jul 2016 18:55:41 +0530 (IST)
Received: from d28av05.in.ibm.com (d28av05.in.ibm.com [9.184.220.67])
	by d28relay04.in.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id u6EDOPsu5439798
	for <linux-fsdevel@vger.kernel.org>; Thu, 14 Jul 2016 18:54:25 +0530
Received: from d28av05.in.ibm.com (localhost [127.0.0.1])
	by d28av05.in.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id u6EDPcmr005011
	for <linux-fsdevel@vger.kernel.org>; Thu, 14 Jul 2016 18:55:39 +0530
From: Feifei Xu <xufeifei@linux.vnet.ibm.com>
To: linux-fsdevel@vger.kernel.org
Cc: xuhilar@gmail.com
Subject: [Bug] fs/dcache.c: NULL pointer dereference on dentry_string_cmp
Date: Thu, 14 Jul 2016 21:25:41 +0800
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="------------4028695AF7312110A918AD46"
Message-Id: <83724554-69c8-2b87-8e43-7ad252ec18c8@linux.vnet.ibm.com>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

This is a multi-part message in MIME format.
--------------4028695AF7312110A918AD46
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

Hi,

I met crashes on ppc64le machine.

Call trace: lookup_fast( ) -> __d_lookup_rcu( ) -> dentry_cmp( ) -> 
dentry_string_cmp ( )
 From the symbolized trace and disassembly code, when doing 
dentry_string_cmp(),
dentry.d_name->name is NULL , this dereference triggered crash.

The dentry's data when crash happens: http://paste.ubuntu.com/19340635/.
And the analysis of the crash vmcore here if you're interested: 
http://paste.ubuntu.com/19359665/

Also pasted above traces on attached txt file.

Can we add check before at the begging of dentry_string_cmp() as below?
Or maybe we should not silently ignore the NULL pointer.
static inline int dentry_string_cmp(const unsigned char *cs, const 
unsigned char *ct, unsigned tcount)
  {
         do {
+             if (unlikely(!cs || !ct ))
+                     return 1;
                 if (*cs != *ct)
                         return 1;
                 cs++;



Below is the stack trace:
--------------------------------------------------------------------------------------------------------- 


Stack trace output:
[387421.142576] Unable to handle kernel paging request for data at 
address 0x00000000
[387421.142709] Faulting instruction address: 0xc000000000327f00
[387421.142769] Oops: Kernel access of bad area, sig: 11 [#1]
[387421.142816] SMP NR_CPUS=2048 NUMA PowerNV
[387421.142876] Modules linked in: iptable_mangle iptable_nat 
nf_nat_ipv4 nf_nat
iptable_raw iptable_filter ip_tables binfmt_misc nf_conntrack_ipv4 
nf_defrag_ipv4
...
[387421.143529] CPU: 69 PID: 39485 Comm: rsync Tainted: G W      
------------   3.10.0-327.18.2.el7.ppc64le #1
[387421.143622] task: c0000022787bd220 ti: c000001f06fc0000 task.ti: 
c000001f06fc0000
[387421.143692] NIP: c000000000327f00 LR: c0000000003122f8 CTR: 
0000000000000008
[387421.143761] REGS: c000001f06fc3820 TRAP: 0300   Tainted: G        
W      ------------    (3.10.0-327.18.2.el7.ppc64le)
[387421.143853] MSR: 9000000000009033 <SF,HV,EE,ME,IR,DR,RI,LE>  CR: 
22000882  XER: 00000000
[387421.144026] CFAR: c000000000009368 DAR: 0000000000000000 DSISR: 
40000000 SOFTE: 1
GPR00: c0000000003122f8 c000001f06fc3aa0 c0000000011231b0 c000002611320300
GPR04: c000001f06fc3c60 0000000000000002 0000000000000007 0000000000000000
GPR08: 0000000000000008 ffffffffffffffff c0000029aa14b048 c0000029aa14b049
GPR12: 0000000000000000 c000000007b46d00 0000000000000003 0000000000000018
GPR16: 0000000000000000 00000000001cc131 00000100399fc3b0 0000000000000002
GPR20: 000000004ab52a5c 00003fffe2a2b328 0000000000000001 c000000001179650
GPR24: 0000000000000007 c0000029aa14b049 c000001f06fc3b20 c000001f06fc3c60
GPR28: 00000008d4908d9a c0000026113203c0 c000002611320300 c0000026113203c8
[387421.144948] NIP [c000000000327f00] __d_lookup_rcu+0x150/0x1d0
[387421.145006] LR [c0000000003122f8] lookup_fast+0x68/0x390
[387421.145053] Call Trace:
[387421.145077] [c000001f06fc3aa0] [c00000000031291c] 
link_path_walk+0x2fc/0xba0 (unreliable)
[387421.145159] [c000001f06fc3b00] [c0000000003122f8] 
lookup_fast+0x68/0x390
[387421.145228] [c000001f06fc3b70] [c00000000031352c] 
path_lookupat+0x1bc/0xb60
[387421.145298] [c000001f06fc3c30] [c000000000319440] 
user_path_at_empty+0xc0/0x430
[387421.145380] [c000001f06fc3d30] [c0000000003056f4] 
vfs_fstatat+0x84/0x280
[387421.145449] [c000001f06fc3d90] [c0000000003059c4] 
SyS_newlstat+0x34/0x60
[387421.145520] [c000001f06fc3e30] [c00000000000a17c] system_call+0x38/0xb4
[387421.145589] Instruction dump:
[387421.145651] 39180001 7d0903a6 3959ffff e93f0020 3929ffff 4800001c 
60000000 60000000
[387421.145872] 60000000 60000000 60000000 60420000 <8ce90001> 8d0a0001 
7f874000 409eff4c
[387421.146096] ---[ end trace 7c1c505a25279a32 ]---
[387421.157384]
[387421.157422] Sending IPI to other CPUs
[387421.158535] IPI complete

Thanks
Fiona


--------------4028695AF7312110A918AD46
Content-Type: text/plain; charset=UTF-8;
 name="symbolize_dentry_cmp_crash.txt"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="symbolize_dentry_cmp_crash.txt"

ICAgICAgS0VSTkVMOiB2bWxpbnV4DQogICAgRFVNUEZJTEU6IC9ob21lL2ZlZG9yYS92bWNv
cmUgIFtQQVJUSUFMIERVTVBdDQogICAgICAgIENQVVM6IDE5Mg0KCUxPQUQgQVZFUkFHRTog
MC4wNSwgMC4wOSwgMC4xMg0KICAgICAgIFRBU0tTOiAyNDQ1DQogICAgIFJFTEVBU0U6IDMu
MTAuMC0zMjcuMTguMi5lbDcucHBjNjRsZQ0KICAgICBWRVJTSU9OOiAjMSBTTVAgRnJpIEFw
ciA4IDA1OjEwOjQ1IEVEVCAyMDE2DQogICAgIE1BQ0hJTkU6IHBwYzY0bGUgICgzNTI1IE1o
eikNCiAgICAgIE1FTU9SWTogMjU2IEdCDQogICAgICAgUEFOSUM6ICJVbmFibGUgdG8gaGFu
ZGxlIGtlcm5lbCBwYWdpbmcgcmVxdWVzdCBmb3IgZGF0YSBhdCBhZGRyZXNzIDB4MDAwMDAw
MDAiDQogICAgICAgICBQSUQ6IDM5NDg1DQogICAgIENPTU1BTkQ6ICJyc3luYyINCiAgICAg
ICAgVEFTSzogYzAwMDAwMjI3ODdiZDIyMCAgW1RIUkVBRF9JTkZPOiBjMDAwMDAxZjA2ZmMw
MDAwXQ0KICAgICAgICAgQ1BVOiA2OQ0KICAgICAgIFNUQVRFOiBUQVNLX1JVTk5JTkcgKFBB
TklDKQ0KDQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQkg
ICANCmNyYXNoPiBnZGIgbCooX19kX2xvb2t1cF9yY3UrMHgxNTApDQoweGMwMDAwMDAwMDAz
MjdmMDAgaXMgaW4gX19kX2xvb2t1cF9yY3UgKGZzL2RjYWNoZS5jOjE4MikuDQoxNzcgICAg
ICNlbHNlDQoxNzgNCjE3OSAgICAgc3RhdGljIGlubGluZSBpbnQgZGVudHJ5X3N0cmluZ19j
bXAoY29uc3QgdW5zaWduZWQgY2hhciAqY3MsIGNvbnN0IHVuc2lnbmVkIGNoYXIgKmN0LCB1
bnNpZ25lZCB0Y291bnQpDQoxODAgICAgIHsNCjE4MSAgICAgICAgICAgICBkbyB7DQoxODIg
ICAgICAgICAgICAgICAgICAgICBpZiAoKmNzICE9ICpjdCkNCjE4MyAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgcmV0dXJuIDE7DQoxODQgICAgICAgICAgICAgICAgICAgICBjcysr
Ow0KMTg1ICAgICAgICAgICAgICAgICAgICAgY3QrKzsNCjE4NiAgICAgICAgICAgICAgICAg
ICAgIHRjb3VudC0tOw0KDQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLQ0KY3Jhc2g+ZGlzIC1sIF9fZF9sb29rdXBfcmN1DQouLi4NCi91c3Ivc3JjL2Rl
YnVnL2tlcm5lbC0zLjEwLjAtMzI3LjE4LjIuZWw3L2xpbnV4LTMuMTAuMC0zMjcuMTguMi5l
bDcucHBjNjRsZS9mcy9kY2FjaGUuYzogMjEyDQoweGMwMDAwMDAwMDAzMjdlZGMgPF9fZF9s
b29rdXBfcmN1KzMwMD46ICAgICAgICBsZCAgICAgIHI5LDMyKHIzMSkgDQoweGMwMDAwMDAw
MDAzMjdlZTAgPF9fZF9sb29rdXBfcmN1KzMwND46ICAgICAgICBhZGRpICAgIHI5LHI5LC0x
DQoweGMwMDAwMDAwMDAzMjdlZTQgPF9fZF9sb29rdXBfcmN1KzMwOD46ICAgICAgICBiICAg
ICAgIDB4YzAwMDAwMDAwMDMyN2YwMCA8X19kX2xvb2t1cF9yY3UrMzM2Pg0KMHhjMDAwMDAw
MDAwMzI3ZWU4IDxfX2RfbG9va3VwX3JjdSszMTI+OiAgICAgICAgbm9wDQoweGMwMDAwMDAw
MDAzMjdlZWMgPF9fZF9sb29rdXBfcmN1KzMxNj46ICAgICAgICBub3ANCjB4YzAwMDAwMDAw
MDMyN2VmMCA8X19kX2xvb2t1cF9yY3UrMzIwPjogICAgICAgIG5vcA0KMHhjMDAwMDAwMDAw
MzI3ZWY0IDxfX2RfbG9va3VwX3JjdSszMjQ+OiAgICAgICAgbm9wDQoweGMwMDAwMDAwMDAz
MjdlZjggPF9fZF9sb29rdXBfcmN1KzMyOD46ICAgICAgICBub3ANCjB4YzAwMDAwMDAwMDMy
N2VmYyA8X19kX2xvb2t1cF9yY3UrMzMyPjogICAgICAgIG9yaSAgICAgcjIscjIsMA0KL3Vz
ci9zcmMvZGVidWcva2VybmVsLTMuMTAuMC0zMjcuMTguMi5lbDcvbGludXgtMy4xMC4wLTMy
Ny4xOC4yLmVsNy5wcGM2NGxlL2ZzL2RjYWNoZS5jOiAxODINCjB4YzAwMDAwMDAwMDMyN2Yw
MCA8X19kX2xvb2t1cF9yY3UrMzM2PjogICAgICAgIGxienUgICAgcjcsMShyOSkgIC0tLT5D
cmFzaCBIZXJlKDB4YzAwMDAwMDAwMDMyN2YwMCkNCjB4YzAwMDAwMDAwMDMyN2YwNCA8X19k
X2xvb2t1cF9yY3UrMzQwPjogICAgICAgIGxienUgICAgcjgsMShyMTApDQoweGMwMDAwMDAw
MDAzMjdmMDggPF9fZF9sb29rdXBfcmN1KzM0ND46ICAgICAgICBjbXB3ICAgIGNyNyxyNyxy
OA0KMHhjMDAwMDAwMDAwMzI3ZjBjIDxfX2RfbG9va3VwX3JjdSszNDg+OiAgICAgICAgYm5l
ICAgICBjcjcsMHhjMDAwMDAwMDAwMzI3ZTU4IDxfX2RfbG9va3VwX3JjdSsxNjg+DQoNCklu
ICIvdXNyL3NyYy9kZWJ1Zy9rZXJuZWwtMy4xMC4wLTMyNy4xOC4yLmVsNy9saW51eC0zLjEw
LjAtMzI3LjE4LjIuZWw3LnBwYzY0bGUvZnMvZGNhY2hlLmM6IDE4MiIsIGNvbnZlcnQgdG8g
YXNzZW1ibHkgY29kZToNCjB4YzAwMDAwMDAwMDMyN2YwMCA8X19kX2xvb2t1cF9yY3UrMzM2
PjogICAgICAgIGxienUgICAgcjcsMShyOSkgIC0tLT5DcmFzaCBoZXJlLihyZWFkIEdQUjA5
ICgweGZmZmZmZmZmZmZmZmZmZmYgKzEpID0gMHgwICwgSXQgaXMgYSBiYWQgYWRkcmVzcy4p
DQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpyOTog
YzAwMDAwMjYxMTMyMDNjOCBpcyB0aGUgYWRkcmVzcyBvZiBkZW50cnkuZF9oYXNoLCB0aGVu
IHN0cnVjdCBkZW50cnkncyBhZGRyZXNzIGlzICAweGMwMDAwMDI2MTEzMjAzYzANCg0KY3Jh
c2g+IHN0cnVjdCBkZW50cnkgMHhjMDAwMDAyNjExMzIwM2MwDQpzdHJ1Y3QgZGVudHJ5IHsN
CiAgZF9mbGFncyA9IDE3MzAxNjMyLA0KICBkX3NlcSA9IHsNCiAgICBzZXF1ZW5jZSA9IDIN
CiAgfSwNCiAgZF9oYXNoID0gew0KICAgIG5leHQgPSAweGMwMDAwMDIxYjg5OTVkYzgsDQog
ICAgcHByZXYgPSAweGMwMDAwMDM2MThkMjUyODgNCiAgfSwNCiAgZF9wYXJlbnQgPSAweGMw
MDAwMDI2MTEzMjAzMDAsDQogIGRfbmFtZSA9IHsNCiAgICB7DQogICAgICB7DQogICAgICAg
IGhhc2ggPSAzNTY2MjQzMjI2LA0KICAgICAgICBsZW4gPSA4DQogICAgICB9LA0KICAgICAg
aGFzaF9sZW4gPSAzNzkyNTk4MTU5NA0KICAgIH0sDQogICAgbmFtZSA9IDB4MCAgICAgIC0t
LT4gbmFtZSBpcyBOVUxMDQogIH0sDQogIGRfaW5vZGUgPSAweGMwMDAwMDE4YThlNWZkYjgs
DQogIGRfaW5hbWUgPSAiZmVhdHVyZXNcMDAwXDAwMFwwMDBcMDAwXDAwMFwwMDBcMDAwXDAw
MFwwMDBcMDAwXDAwMFwwMDBcMDAwXDAwMFwwMDBcMDAwXDAwMFwwMDBcMDAwXDAwMFwwMDBc
MDAwXDAwMCIsCSAgICAgLS0tPiBpbmFtZSBpcyBub3QgTlVMTA0KICBkX2xvY2tyZWYgPSB7
DQogICAgew0KICAgICAgbG9ja19jb3VudCA9IDEwNzM3NDE4MjQwMCwNCiAgICAgIHsNCiAg
ICAgICAgbG9jayA9IHsNCiAgICAgICAgICB7DQogICAgICAgICAgICBybG9jayA9IHsNCiAg
ICAgICAgICAgICAgcmF3X2xvY2sgPSB7DQogICAgICAgICAgICAgICAgc2xvY2sgPSAwDQog
ICAgICAgICAgICAgIH0NCiAgICAgICAgICAgIH0NCiAgICAgICAgICB9DQogICAgICAgIH0s
DQogICAgICAgIGNvdW50ID0gMjUNCiAgICAgIH0NCiAgICB9DQogIH0sDQogIGRfb3AgPSAw
eDAsDQogIGRfc2IgPSAweGMwMDAwMDBmYTBhMmY4MDAsDQogIGRfdGltZSA9IDAsDQogIGRf
ZnNkYXRhID0gMHgwLA0KICBkX2xydSA9IHsNCiAgICBuZXh0ID0gMHhjMDAwMDAyNjExMzIw
MzgwLA0KICAgIHByZXYgPSAweGMwMDAwMDI2MTEzMjA1MDANCiAgfSwNCiAgZF91ID0gew0K
ICAgIGRfY2hpbGQgPSB7DQogICAgICBuZXh0ID0gMHhjMDAwMDAyNjExMzIwM2EwLA0KICAg
ICAgcHJldiA9IDB4YzAwMDAwMjYxMTMyMTdkMA0KICAgIH0sDQogICAgZF9yY3UgPSB7DQog
ICAgICBuZXh0ID0gMHhjMDAwMDAyNjExMzIwM2EwLA0KICAgICAgZnVuYyA9IDB4YzAwMDAw
MjYxMTMyMTdkMA0KICAgIH0NCiAgfSwNCiAgZF9zdWJkaXJzID0gew0KICAgIG5leHQgPSAw
eGMwMDAwMDI2MTEzMjE3MTAsDQogICAgcHJldiA9IDB4YzAwMDAwMjYxMTMyMDUxMA0KICB9
LA0KICBkX2FsaWFzID0gew0KICAgIG5leHQgPSAweDAsDQogICAgcHByZXYgPSAweGMwMDAw
MDE4YThlNWZlZDANCiAgfQ0KfQ0KICAg
--------------4028695AF7312110A918AD46--