kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #74244
[Bug 1348670] Re: BUG: unable to handle kernel NULL pointer dereference at 0000000000000010, set_nfsv4_acl_one+0x21/0xb0 [nfsd]
It would be nice if this bug could be given some priority, it is making
it hard to run precise as an nfs server. I've just spent some hours
chasing down this on our systems, and can confirm that it also affects
kernels 3.8.0-44 and 3.13.0-32.
It is quite easy to trigger, a 'cp -a ...' on any nfs client will kill
one nfsd thread on the server. Once all threads are gone, the server is
dead and must be rebooted. Restarting the nfs-kernel-server service has
no effect.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1348670
Title:
BUG: unable to handle kernel NULL pointer dereference at
0000000000000010, set_nfsv4_acl_one+0x21/0xb0 [nfsd]
Status in “linux” package in Ubuntu:
Confirmed
Status in “linux” package in Debian:
New
Bug description:
I've seen this happen twice in the last 8 days on an NFS server
running Ubuntu precise and kernels 3.2.0-65.98-generic (on the first
occasion) and 3.2.0-67.101-generic (the second time), amd64. This
never happened before in several months of operation; until 2014-07-01
this server was running an older 3.2.0 kernel.
When this error appears in the logs, the system stops answering NFS
RPCs (e.g., "rpcinfo -u localhost nfs 3" hangs) and a reboot is
necessary to restore NFS service. A more detailed stack trace follows.
Looking at the source code (fs/nfsd/vfs.c:set_nfsv4_acl_one()) I see
that the call posix_acl_xattr_size(pacl->a_count) is not preceded by a
check that pacl != NULL. Could this be related to the following entry
in the changelog for 3.2.0-65.98?
* NFSD: Call ->set_acl with a NULL ACL structure if no entries
- LP: #1328154
Jul 24 10:12:53 server kernel: [575939.742131] IP: [<ffffffffa055c451>] set_nfsv4_acl_one+0x21/0xb0 [nfsd]
Jul 24 10:12:53 server kernel: [575939.742131] PGD c243bb067 PUD c2400a067 PMD 0
Jul 24 10:12:53 server kernel: [575939.742131] Oops: 0000 [#1] SMP
Jul 24 10:12:53 server kernel: [575939.742131] CPU 3
Jul 24 10:12:53 server kernel: [575939.742131] Modules linked in: usblp btrfs zlib_deflate libcrc32c ufs qnx4 hfsplus hfs minix ntfs vfat msdos fat jfs reiserfs ext2 cts openafs(P) xt_tcpudp ipmi_si ipmi_devintf ipmi_msghandler iptable_filter ip_tables x_tables autofs4 bnep parport_pc rfcomm bluetooth ppdev binfmt_misc rpcsec_gss_krb5 nfsd nfs lockd fscache auth_rpcgss nfs_acl sunrpc xfs dm_crypt bridge stp psmouse hpilo sp5100_tco i2c_piix4 amd64_edac_mod hpwdt edac_core k10temp edac_mce_amd joydev serio_raw acpi_power_meter mac_hid lp parport raid10 raid456 async_pq async_xor xor async_memcpy async_raid6_recov raid6_pq async_tx raid1 raid0 multipath linear radeon ttm drm_kms_helper drm osst usbhid hid st ch i2c_algo_bit pata_atiixp hpsa bnx2
Jul 24 10:12:53 server kernel: [575939.742131]
Jul 24 10:12:53 server kernel: [575939.742131] Pid: 2523, comm: nfsd Tainted: P O 3.2.0-67-generic #101-Ubuntu HP ProLiant DL385 G7
Jul 24 10:12:53 server kernel: [575939.742131] RIP: 0010:[<ffffffffa055c451>] [<ffffffffa055c451>] set_nfsv4_acl_one+0x21/0xb0 [nfsd]
Jul 24 10:12:53 server kernel: [575939.742131] RSP: 0018:ffff880422085ce0 EFLAGS: 00010282
Jul 24 10:12:53 server kernel: [575939.742131] RAX: 0000000000004000 RBX: ffff880e29b16cc0 RCX: 00000000013cc2cc
Jul 24 10:12:53 server kernel: [575939.742131] RDX: ffffffffa0583374 RSI: 0000000000000000 RDI: ffff880e29b16cc0
Jul 24 10:12:53 server kernel: [575939.742131] RBP: ffff880422085d10 R08: ffffea002cdf3b80 R09: ffffffffa055c4af
Jul 24 10:12:53 server kernel: [575939.742131] R10: ffff880b37ceed00 R11: 0000000040000004 R12: 0000000000000000
Jul 24 10:12:53 server kernel: [575939.742131] R13: ffff8807f56418c0 R14: 0000000000000000 R15: ffff880c2268d180
Jul 24 10:12:53 server kernel: [575939.742131] FS: 00007fbbbbafd700(0000) GS:ffff88103fc80000(0000) knlGS:0000000000000000
Jul 24 10:12:53 server kernel: [575939.742131] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
Jul 24 10:12:53 server kernel: [575939.742131] CR2: 0000000000000010 CR3: 0000000c22d6c000 CR4: 00000000000006e0
Jul 24 10:12:53 server kernel: [575939.742131] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jul 24 10:12:53 server kernel: [575939.742131] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Jul 24 10:12:53 server kernel: [575939.742131] Process nfsd (pid: 2523, threadinfo ffff880422084000, task ffff880425964500)
Jul 24 10:12:53 server kernel: [575939.742131] Stack:
Jul 24 10:12:53 server kernel: [575939.742131] ffff880c2268d040 ffff880e29b16cc0 0000000000000000 ffff8807f56418c0
Jul 24 10:12:53 server kernel: [575939.742131] 0000000000000000 ffff880c2268d180 ffff880422085d50 ffffffffa055d5e3
Jul 24 10:12:53 server kernel: [575939.742131] ffff880b37cee840 0000000000000000 ffff880c22684000 ffff880c2268d040
Jul 24 10:12:53 server kernel: [575939.742131] Call Trace:
Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffffa055d5e3>] nfsd4_set_nfs4_acl+0x143/0x150 [nfsd]
Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffffa056ab74>] nfsd4_setattr+0xd4/0x130 [nfsd]
Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffffa0569be8>] nfsd4_proc_compound+0x518/0x6e0 [nfsd]
Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffffa0558a4b>] nfsd_dispatch+0xeb/0x230 [nfsd]
Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffffa03ae475>] svc_process_common+0x345/0x690 [sunrpc]
Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffff81060ad0>] ? try_to_wake_up+0x200/0x200
Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffffa03aeb12>] svc_process+0x102/0x150 [sunrpc]
Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffffa05581ad>] nfsd+0xbd/0x160 [nfsd]
Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffffa05580f0>] ? nfsd_startup+0xf0/0xf0 [nfsd]
Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffff8108b8cc>] kthread+0x8c/0xa0
Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffff8166deb4>] kernel_thread_helper+0x4/0x10
Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffff8108b840>] ? flush_kthread_worker+0xa0/0xa0
Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffff8166deb0>] ? gs_change+0x13/0x13
Jul 24 10:12:53 server kernel: [575939.742131] Code: 19 c0 f7 d0 83 e0 02 c3 90 90 55 48 89 e5 48 83 ec 30 48 89 5d d8 4c 89 65 e0 4c 89 6d e8 4c 89 75 f0 4c 89 7d f8 66 66 66 66 90 <48> 63 46 10 49 89 fd 49 89 f6 be d0 00 00 00 49 89 d4 4c 8d 3c
Jul 24 10:12:53 server kernel: [575939.742131] RIP [<ffffffffa055c451>] set_nfsv4_acl_one+0x21/0xb0 [nfsd]
Jul 24 10:12:53 server kernel: [575939.742131] RSP <ffff880422085ce0>
Jul 24 10:12:53 server kernel: [575939.742131] CR2: 0000000000000010
Jul 24 10:12:53 server kernel: [575942.132715] ---[ end trace ba2b82e486b77140 ]---
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1348670/+subscriptions
References