Description yqleng 2023-11-14 14:55:12 UTC

Description of problem:
Host crash when run a container with nydus rafs v6 image

Version-Release number of selected component (if applicable):
Host kernel version: 
6.7.0-rc1

Nydusd version:
Version:        v2.3.0-alpha.0-48-g767adcf0
Git Commit:     767adcf03a722b9c730efaa37e528600a1bbeba8
Build Time:     2023-11-14T00:36:10.366246342Z
Profile:        release
Rustc:          rustc 1.68.2 (9eb3afe9e 2023-03-27)


How reproducible:
Steps to Reproduce:
Run the command and then host crash:
ctr run --rm --snapshotter=nydus docker.io/hsiangkao/ubuntu:20.04-rafs-v6 test_container tar cvf /tmp/foo.tar --exclude=/sys --exclude=/proc --exclude=/dev /

Actual results:
Host crash


Expected results:
Succeed to run a container with nydus rafs v6 image and execute tar command in container.


Additional info:
Host dmesg:
[ 3570.547840] erofs: (device erofs): EXPERIMENTAL fscache-based on-demand read feature in use. Use at your own risk!
[ 3570.548498] erofs: (device erofs): mounted with root inode @ nid 128.
[ 3570.553926] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 3570.554333] #PF: supervisor read access in kernel mode
[ 3570.554587] #PF: error_code(0x0000) - not-present page
[ 3570.554844] PGD 0 P4D 0
[ 3570.554976] Oops: 0000 [#1] PREEMPT SMP PTI
[ 3570.555182] CPU: 8 PID: 29119 Comm: ctr Kdump: loaded Tainted: G E 6.7.0-rc1 #1
[ 3570.555594] Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 449e491 04/01/2014
[ 3570.555967] RIP: 0010:erofs_map_dev+0xb6/0x1c0
[ 3570.556192] Code: 00 8b 43 28 4c 89 ef 8d 70 ff e8 75 bc 6d 00 48 85 c0 0f 84 06 01 00 00 41 80 7d 44 00 0f 85 a9 00 00 00 48 8b 50 10 4c 89 e7 <48> 8b 12 48 89 53 08 48 8b 50 18 48 89 53 10 48 8b 50 20 48 89 53
[ 3570.557076] RSP: 0018:ffff980a00833a20 EFLAGS: 00010246
[ 3570.557327] RAX: ffff8ba7c17ea640 RBX: ffff980a00833a78 RCX: 0000000000000000
[ 3570.557665] RDX: 0000000000000000 RSI: ffff8ba8d9c75268 RDI: ffff8ba7cd47f138
[ 3570.558009] RBP: ffff8ba800238000 R08: ffff8ba7c17ea640 R09: ffff8ba7cd47f120
[ 3570.558348] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8ba7cd47f138
[ 3570.558688] R13: ffff8ba7cd47f120 R14: ffff8ba8dbe1f178 R15: 0000000000001000
[ 3570.559037] FS: 00007f71effff640(0000) GS:ffff8bb680c00000(0000) knlGS:0000000000000000
[ 3570.559422] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3570.559700] CR2: 0000000000000000 CR3: 0000000131016006 CR4: 00000000003706f0
[ 3570.560048] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3570.560405] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3570.560745] Call Trace:
[ 3570.560890] <TASK>
[ 3570.561002] ? __die+0x20/0x70
[ 3570.561162] ? page_fault_oops+0x66/0x150
[ 3570.561359] ? do_user_addr_fault+0x61/0x680
[ 3570.561571] ? exc_page_fault+0x65/0x140
[ 3570.561765] ? asm_exc_page_fault+0x22/0x30
[ 3570.561979] ? erofs_map_dev+0xb6/0x1c0
[ 3570.562170] erofs_fscache_data_read_slice+0xd4/0x360
[ 3570.562418] ? erofs_fscache_readahead+0x45/0x110
[ 3570.562660] ? xas_load+0xa/0x50
[ 3570.562834] erofs_fscache_readahead+0xdc/0x110
[ 3570.563057] read_pages+0x4a/0x1f0
[ 3570.563232] ? folio_add_lru+0x6b/0xa0
[ 3570.563420] page_cache_ra_order+0x1d5/0x2b0
[ 3570.563632] filemap_get_pages+0xdf/0x290
[ 3570.563839] filemap_read+0xb4/0x2d0
[ 3570.564018] ? ima_file_check+0x43/0x50
[ 3570.564210] ? mntput_no_expire+0x3a/0x220
[ 3570.564412] do_iter_readv_writev+0x104/0x120
[ 3570.564629] do_iter_read+0xf2/0x180
[ 3570.564815] ovl_read_iter+0x16b/0x1a0 [overlay]
[ 3570.565054] vfs_read+0x197/0x2b0
[ 3570.565420] ksys_read+0x4f/0xd0
[ 3570.565747] do_syscall_64+0x41/0xf0
[ 3570.566093] entry_SYSCALL_64_after_hwframe+0x6e/0x76
[ 3570.566496] RIP: 0033:0x55ad3f604ebb
[ 3570.566838] Code: e8 aa b6 f9 ff eb 88 cc cc cc cc cc cc cc cc e8 db fc f9 ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[ 3570.568028] RSP: 002b:000000c00061df78 EFLAGS: 00000212 ORIG_RAX: 0000000000000000
[ 3570.568554] RAX: ffffffffffffffda RBX: 000000c000048800 RCX: 000055ad3f604ebb
[ 3570.569067] RDX: 0000000000001000 RSI: 000000c000558000 RDI: 0000000000000009
[ 3570.569570] RBP: 000000c00061dfc8 R08: 0000000000000001 R09: 000000c00068e300
[ 3570.570078] R10: 000000c0005b0268 R11: 0000000000000212 R12: 000000c000558000
[ 3570.570591] R13: 0000000000000000 R14: 000000c0000001a0 R15: 0000000000000040
[ 3570.571095] </TASK>
[ 3570.571362] Modules linked in: xt_conntrack(E) xt_MASQUERADE(E) xt_comment(E) nft_compat(E) nft_chain_nat(E) nf_nat(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) nf_tables(E) nfnetlink(E) veth(E) bridge(E) stp(E) llc(E) binfmt_misc(E) tcp_diag(E) inet_diag(E) overlay(E) rfkill(E) intel_rapl_msr(E) intel_rapl_common(E) isst_if_common(E) nfit(E) intel_powerclamp(E) crct10dif_pclmul(E) crc32_pclmul(E) ghash_clmulni_intel(E) rapl(E) joydev(E) mousedev(E) nfsd(E) psmouse(E) pcspkr(E) i2c_piix4(E) virtio_balloon(E) auth_rpcgss(E) nfs_acl(E) lockd(E) grace(E) sunrpc(E) cirrus(E) ata_generic(E) drm_shmem_helper(E) drm_kms_helper(E) ata_piix(E) crc32c_intel(E) drm(E) virtio_net(E) serio_raw(E) net_failover(E) failover(E) virtio_console(E) libata(E) i2c_core(E) fuse(E)
[ 3570.575621] CR2: 0000000000000000