[#LU-10694] use after free in ll_dir

It looks like we have some use after free problem in ll_dir_read in amster. I hit this in master-next, but nothing appears to be related to it in the queue so likely an older rare problem.

[245308.118823] Lustre: DEBUG MARKER: == sanity test 48a: Access renamed working dir (should return errors)================================= 10:36:33 (1518881793)
[245308.291198] BUG: unable to handle kernel paging request at ffff880084cf1f78
[245308.296641] IP: [<ffffffffa16617d1>] ll_dir_read+0x121/0x320 [lustre]
[245308.297422] PGD 2e75067 PUD 33fa01067 PMD 33f9da067 PTE 8000000084cf1060
[245308.298130] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
[245308.298798] Modules linked in: lustre(OE) ofd(OE) osp(OE) lod(OE) ost(OE) mdt(OE) mdd(OE) mgs(OE) osd_ldiskfs(OE) ldiskfs(OE) lquota(OE) lfsck(OE) obdecho(OE) mgc(OE) lov(OE) mdc(OE) osc(OE) lmv(OE) fid(OE) fld(OE) ptlrpc_gss(OE) ptlrpc(OE) obdclass(OE) ksocklnd(OE) lnet(OE) libcfs(OE) ext4 loop zfs(PO) zunicode(PO) zavl(PO) icp(PO) zcommon(PO) znvpair(PO) spl(O) zlib_deflate mbcache jbd2 syscopyarea sysfillrect sysimgblt ttm drm_kms_helper i2c_piix4 ata_generic drm pata_acpi i2c_core serio_raw pcspkr virtio_blk ata_piix virtio_balloon virtio_console floppy libata nfsd ip_tables rpcsec_gss_krb5 [last unloaded: libcfs]
[245308.305963] CPU: 2 PID: 10385 Comm: ls Tainted: P        W  OE  ------------   3.10.0-debug #2
[245308.307247] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[245308.309135] task: ffff880095160a80 ti: ffff880053d34000 task.ti: ffff880053d34000
[245308.310394] RIP: 0010:[<ffffffffa16617d1>]  [<ffffffffa16617d1>] ll_dir_read+0x121/0x320 [lustre]
[245308.311682] RSP: 0018:ffff880053d37dd0  EFLAGS: 00010282
[245308.312332] RAX: 0000000000006f20 RBX: 7ff8f5c704c2772b RCX: 0000000000000020
[245308.313701] RDX: 0000000000000000 RSI: ffff880084ceb03f RDI: 00000000015d61b9
[245308.315216] RBP: ffff880053d37e58 R08: 0200000002000001 R09: 0000000000000004
[245308.316550] R10: ffff880084ceb018 R11: ffff880053d3782e R12: ffff880084ceb000
[245308.317491] R13: ffffea0002133ac0 R14: 29454f2865727473 R15: ffff880084cf1f68
[245308.318433] FS:  00007f1e12a0a800(0000) GS:ffff88033e440000(0000) knlGS:0000000000000000
[245308.319379] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[245308.320000] CR2: ffff880084cf1f78 CR3: 0000000091178000 CR4: 00000000000006e0
[245308.320888] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[245308.321742] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[245308.322584] Stack:
[245308.322983]  ffff880053d37ea8 ffff880203af5e00 ffff88029bcf7828 ffffffff81201e10
[245308.323858]  ffff880053d37f38 0001880053d37e58 0000000700000000 7ff8f5c704c2772b
[245308.324740]  ffff880000000000 0000000200000002 0000000000000001 0000000062937836
[245308.325624] Call Trace:
[245308.326048]  [<ffffffff81201e10>] ? fillonedir+0xf0/0xf0
[245308.326507]  [<ffffffff81201e10>] ? fillonedir+0xf0/0xf0
[245308.327129]  [<ffffffffa1661aec>] ll_readdir+0x11c/0x4c0 [lustre]
[245308.327613]  [<ffffffff81201e10>] ? fillonedir+0xf0/0xf0
[245308.328058]  [<ffffffff81201e10>] ? fillonedir+0xf0/0xf0
[245308.328525]  [<ffffffff81201cf0>] vfs_readdir+0xb0/0xe0
[245308.328971]  [<ffffffff81202165>] SyS_getdents+0x95/0x130
[245308.329485]  [<ffffffff8170fc49>] system_call_fastpath+0x16/0x1b
[245308.329942] Code: 06 49 c1 e4 0c 49 01 c4 41 f6 44 24 10 01 4d 8d 54 24 18 4d 0f 44 fa 31 d2 90 84 d2 0f 85 bd 00 00 00 4d 85 ff 0f 84 b4 00 00 00 <4d> 8b 77 10 49 39 de 0f 82 f2 00 00 00 41 0f b7 57 1a 85 d2 0f 
[245308.331758] RIP  [<ffffffffa16617d1>] ll_dir_read+0x121/0x320 [lustre]

[LU-10694] use after free in ll_dir_read Created: 21/Feb/18 Updated: 21/Feb/18
Status:	Open
Project:	Lustre
Component/s:	None
Affects Version/s:	None
Fix Version/s:	None

[LU-10694] use after free in ll_dir_read Created: 21/Feb/18 Updated: 21/Feb/18