← Back to team overview

kernel-packages team mailing list archive

[Bug 1566471] Re: kernel oops: NULL pointer dereference in nfs_inode_attach_open_context+0x37/0x70 [nfs]

 

I tested 4.4.0-22.38_amd64 on Ubuntu 14.04 with an overlay over an NFS4
mount (same situation as in comment #7) and the crash when reading
existing files from the lower layer is gone.

I did not test overlay over NFS3.

I still cannot successfully write to files that exist in the lower layer
("Operation not supported"), only to new files, but I guess this is not
in the scope of this bug report.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1566471

Title:
  kernel oops: NULL pointer dereference in
  nfs_inode_attach_open_context+0x37/0x70 [nfs]

Status in linux package in Ubuntu:
  Incomplete
Status in linux-lts-xenial package in Ubuntu:
  Confirmed

Bug description:
  I'm attempting to boot a Xenial server install (created from
  debootstrap) via NFS with overlayroot so that the initial rootfs is
  read-only (via NFS) and all modifications are written to a tmpfs so
  that I can boot many such machines. The kernel oops occurs during run-
  init after the initramfs has successfully mounted the NFS rootfs,
  created the tmpfs, and the overlayfs using both. If I do not use
  overlayfs, and just boot into the NFS root (read-write), then
  everything works. Note that the following oops was gathered from a
  qemu virtual machine that I netbooted, though the apport output was
  from real hardware. The issue occurs in both cases. Please let me know
  if I can provide more information.

  + exec run-init /root /sbin/init
  [    9.003288] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
  [    9.005772] IP: [<ffffffffc01d14d7>] nfs_inode_attach_open_context+0x37/0x70 [nfs]
  [    9.007227] PGD 0 
  [    9.007227] Oops: 0002 [#1] SMP 
  [    9.007227] Modules linked in: overlay nfsv3 nfs_acl nfs lockd grace sunrpc fscache raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear aesni_intel aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd psmouse floppy pata_acpi
  [    9.007227] CPU: 0 PID: 1 Comm: init Not tainted 4.4.0-16-generic #32-Ubuntu
  [    9.007227] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014
  [    9.007227] task: ffff88013ab80000 ti: ffff88013ab88000 task.ti: ffff88013ab88000
  [    9.007227] RIP: 0010:[<ffffffffc01d14d7>]  [<ffffffffc01d14d7>] nfs_inode_attach_open_context+0x37/0x70 [nfs]
  [    9.007227] RSP: 0018:ffff88013ab8bc30  EFLAGS: 00010246
  [    9.007227] RAX: ffff88007fa86d30 RBX: ffff8800bba16000 RCX: 0000000200000000
  [    9.007227] RDX: 0000000000000000 RSI: ffff88007fa86cc0 RDI: ffff8800bba16088
  [    9.007227] RBP: ffff88013ab8bc48 R08: ffff88007f09e09c R09: ffff88013b001800
  [    9.007227] R10: ffff88007fa86cc0 R11: 0000000000000000 R12: ffff88007fa86cc0
  [    9.007227] R13: ffff8800bba16088 R14: ffff8800bb9f7d88 R15: ffff88013a52f010
  [    9.007227] FS:  0000000000000000(0000) GS:ffff88013fc00000(0000) knlGS:0000000000000000
  [    9.007227] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  [    9.007227] CR2: 0000000000000008 CR3: 000000013a530000 CR4: 00000000001406f0
  [    9.007227] Stack:
  [    9.007227]  ffff88007fa86cc0 ffff88013a52f000 ffff8800bb9f7d88 ffff88013ab8bc58
  [    9.007227]  ffffffffc01d153b ffff88013ab8bc80 ffffffffc01d3d37 ffff88013a52f000
  [    9.007227]  ffff8800bb9f7d88 0000000000000000 ffff88013ab8bca0 ffffffffc01d010d
  [    9.007227] Call Trace:
  [    9.007227]  [<ffffffffc01d153b>] nfs_file_set_open_context+0x2b/0x30 [nfs]
  [    9.007227]  [<ffffffffc01d3d37>] nfs_open+0x37/0x60 [nfs]
  [    9.007227]  [<ffffffffc01d010d>] nfs_file_open+0x4d/0x70 [nfs]
  [    9.007227]  [<ffffffff812098cf>] do_dentry_open+0x1ff/0x310
  [    9.007227]  [<ffffffffc01d00c0>] ? nfs_file_fsync+0x130/0x130 [nfs]
  [    9.007227]  [<ffffffff8120aa76>] vfs_open+0x56/0x60
  [    9.007227]  [<ffffffff8121a107>] path_openat+0x1b7/0x1360
  [    9.007227]  [<ffffffff8121c4a1>] do_filp_open+0x91/0x100
  [    9.007227]  [<ffffffff81229da8>] ? __alloc_fd+0xc8/0x190
  [    9.007227]  [<ffffffff8120ae3e>] do_sys_open+0x13e/0x2a0
  [    9.007227]  [<ffffffff810a112d>] ? __put_cred+0x3d/0x50
  [    9.007227]  [<ffffffff8120a1f8>] ? SyS_access+0x1e8/0x230
  [    9.007227]  [<ffffffff8120afbe>] SyS_open+0x1e/0x20
  [    9.007227]  [<ffffffff81824ef2>] entry_SYSCALL_64_fastpath+0x16/0x71
  [    9.007227] Code: 54 53 48 8b 47 40 49 89 fc 48 8b 58 30 4c 8d ab 88 00 00 00 4c 89 ef e8 98 37 65 c1 48 8b 93 60 ff ff ff 49 8d 44 24 70 4c 89 ef <48> 89 42 08 49 89 54 24 70 48 8d 93 60 ff ff ff 49 89 54 24 78 
  [    9.007227] RIP  [<ffffffffc01d14d7>] nfs_inode_attach_open_context+0x37/0x70 [nfs]
  [    9.007227]  RSP <ffff88013ab8bc30>
  [    9.007227] CR2: 0000000000000008
  [    9.056135] ---[ end trace 4bf38e0df912649a ]---
  [    9.057055] BUG: unable to handle kernel NULL pointer dereference at 0000000000000158
  [    9.058345] IP: [<ffffffffc01d1c70>] __put_nfs_open_context+0xa0/0x100 [nfs]
  [    9.059479] PGD 0 
  [    9.059823] Oops: 0000 [#2] SMP 
  [    9.060117] Modules linked in: overlay nfsv3 nfs_acl nfs lockd grace sunrpc fscache raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear aesni_intel aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd psmouse floppy pata_acpi
  [    9.060117] CPU: 0 PID: 1 Comm: init Tainted: G      D         4.4.0-16-generic #32-Ubuntu
  [    9.060117] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014
  [    9.060117] task: ffff88013ab80000 ti: ffff88013ab88000 task.ti: ffff88013ab88000
  [    9.060117] RIP: 0010:[<ffffffffc01d1c70>]  [<ffffffffc01d1c70>] __put_nfs_open_context+0xa0/0x100 [nfs]
  [    9.060117] RSP: 0018:ffff88013ab8b878  EFLAGS: 00010282
  [    9.060117] RAX: 0000000000000000 RBX: ffff880138e3e3c0 RCX: 0000000000000001
  [    9.060117] RDX: ffff88007fd3b358 RSI: 0000000000000001 RDI: ffff880138e3e3c0
  [    9.060117] RBP: ffff88013ab8b8a0 R08: 0000000000000000 R09: 0000000000000000
  [    9.060117] R10: ffff88007fd43598 R11: ffff8800bb71b610 R12: ffff88007fd3b3f8
  [    9.060117] R13: ffff88007fd3b480 R14: 0000000000000001 R15: ffff88007f09e000
  [    9.060117] FS:  0000000000000000(0000) GS:ffff88013fc00000(0000) knlGS:0000000000000000
  [    9.060117] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  [    9.060117] CR2: 0000000000000158 CR3: 0000000001e0a000 CR4: 00000000001406f0
  [    9.060117] Stack:
  [    9.060117]  ffff880138e3e3c0 ffff88007fd3b358 ffff88007fd3b480 ffff880138426620
  [    9.060117]  ffff88007fd38600 ffff88013ab8b8c8 ffffffffc01d3cf3 ffff8800bb71b600
  [    9.060117]  ffff88007fd43598 ffff88007fd43598 ffff88013ab8b8e8 ffffffffc01cfa8b
  [    9.060117] Call Trace:
  [    9.060117]  [<ffffffffc01d3cf3>] nfs_file_clear_open_context+0x83/0x90 [nfs]
  [    9.060117]  [<ffffffffc01cfa8b>] nfs_file_release+0x3b/0x50 [nfs]
  [    9.060117]  [<ffffffff8120db84>] __fput+0xe4/0x220
  [    9.060117]  [<ffffffff8120dcfe>] ____fput+0xe/0x10
  [    9.060117]  [<ffffffff8109d9e8>] task_work_run+0x78/0xa0
  [    9.060117]  [<ffffffff81082b64>] do_exit+0x2e4/0xae0
  [    9.060117]  [<ffffffff8101abf1>] oops_end+0xa1/0xd0
  [    9.060117]  [<ffffffff81069db5>] no_context+0x135/0x380
  [    9.060117]  [<ffffffff8106a080>] __bad_area_nosemaphore+0x80/0x1f0
  [    9.060117]  [<ffffffff8106a253>] bad_area+0x43/0x50
  [    9.060117]  [<ffffffff8106a76b>] __do_page_fault+0x35b/0x400
  [    9.060117]  [<ffffffff8106a877>] trace_do_page_fault+0x37/0xe0
  [    9.060117]  [<ffffffff81062f29>] do_async_page_fault+0x19/0x70
  [    9.060117]  [<ffffffff818270a8>] async_page_fault+0x28/0x30
  [    9.060117]  [<ffffffffc01d14d7>] ? nfs_inode_attach_open_context+0x37/0x70 [nfs]
  [    9.060117]  [<ffffffffc01d153b>] nfs_file_set_open_context+0x2b/0x30 [nfs]
  [    9.060117]  [<ffffffffc01d3d37>] nfs_open+0x37/0x60 [nfs]
  [    9.060117]  [<ffffffffc01d010d>] nfs_file_open+0x4d/0x70 [nfs]
  [    9.060117]  [<ffffffff812098cf>] do_dentry_open+0x1ff/0x310
  [    9.060117]  [<ffffffffc01d00c0>] ? nfs_file_fsync+0x130/0x130 [nfs]
  [    9.060117]  [<ffffffff8120aa76>] vfs_open+0x56/0x60
  [    9.060117]  [<ffffffff8121a107>] path_openat+0x1b7/0x1360
  [    9.060117]  [<ffffffff8121c4a1>] do_filp_open+0x91/0x100
  [    9.060117]  [<ffffffff81229da8>] ? __alloc_fd+0xc8/0x190
  [    9.060117]  [<ffffffff8120ae3e>] do_sys_open+0x13e/0x2a0
  [    9.060117]  [<ffffffff810a112d>] ? __put_cred+0x3d/0x50
  [    9.060117]  [<ffffffff8120a1f8>] ? SyS_access+0x1e8/0x230
  [    9.060117]  [<ffffffff8120afbe>] SyS_open+0x1e/0x20
  [    9.060117]  [<ffffffff81824ef2>] entry_SYSCALL_64_fastpath+0x16/0x71
  [    9.060117] Code: 89 43 78 ff 14 25 08 bf e2 81 4d 85 e4 74 22 49 8b 44 24 28 44 89 f6 48 89 df 48 8b 80 58 04 00 00 48 8b 00 48 8b 80 e0 00 00 00 <ff> 90 58 01 00 00 48 8b 7b 48 48 85 ff 74 05 e8 bc e5 f7 ff 48 
  [    9.060117] RIP  [<ffffffffc01d1c70>] __put_nfs_open_context+0xa0/0x100 [nfs]
  [    9.060117]  RSP <ffff88013ab8b878>
  [    9.060117] CR2: 0000000000000158
  [    9.060117] ---[ end trace 4bf38e0df912649b ]---
  [    9.060117] Fixing recursive fault but reboot is needed!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1566471/+subscriptions


References