← Back to team overview

kernel-packages team mailing list archive

Re: [Bug 1348670] Re: BUG: unable to handle kernel NULL pointer dereference at 0000000000000010, set_nfsv4_acl_one+0x21/0xb0 [nfsd]

 

* Michiel [2014-08-07 10:58:29 -0000]:
> Any hints at a workaround in the meantime? It's especially nasty since a
> dead NFS server locks up the clients completely.

I'd say either test my suggested patch (I'm on holiday and haven't gotten
around to testing, but since it only modifies the code path that triggers
the bug you should be pretty safe from side effects) or try nfsd.ko from an
older kernel.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1348670

Title:
  BUG: unable to handle kernel NULL pointer dereference at
  0000000000000010, set_nfsv4_acl_one+0x21/0xb0 [nfsd]

Status in “linux” package in Ubuntu:
  Confirmed
Status in “linux” package in Debian:
  New

Bug description:
  I've seen this happen twice in the last 8 days on an NFS server
  running Ubuntu precise and kernels 3.2.0-65.98-generic (on the first
  occasion) and 3.2.0-67.101-generic (the second time), amd64. This
  never happened before in several months of operation; until 2014-07-01
  this server was running an older 3.2.0 kernel.

  When this error appears in the logs, the system stops answering NFS
  RPCs (e.g., "rpcinfo -u localhost nfs 3" hangs) and a reboot is
  necessary to restore NFS service. A more detailed stack trace follows.
  Looking at the source code (fs/nfsd/vfs.c:set_nfsv4_acl_one()) I see
  that the call posix_acl_xattr_size(pacl->a_count) is not preceded by a
  check that pacl != NULL. Could this be related to the following entry
  in the changelog for 3.2.0-65.98?

    * NFSD: Call ->set_acl with a NULL ACL structure if no entries
      - LP: #1328154

  Jul 24 10:12:53 server kernel: [575939.742131] IP: [<ffffffffa055c451>] set_nfsv4_acl_one+0x21/0xb0 [nfsd]
  Jul 24 10:12:53 server kernel: [575939.742131] PGD c243bb067 PUD c2400a067 PMD 0
  Jul 24 10:12:53 server kernel: [575939.742131] Oops: 0000 [#1] SMP
  Jul 24 10:12:53 server kernel: [575939.742131] CPU 3
  Jul 24 10:12:53 server kernel: [575939.742131] Modules linked in: usblp btrfs zlib_deflate libcrc32c ufs qnx4 hfsplus hfs minix ntfs vfat msdos fat jfs reiserfs ext2 cts openafs(P) xt_tcpudp ipmi_si ipmi_devintf ipmi_msghandler iptable_filter ip_tables x_tables autofs4 bnep parport_pc rfcomm bluetooth ppdev binfmt_misc rpcsec_gss_krb5 nfsd nfs lockd fscache auth_rpcgss nfs_acl sunrpc xfs dm_crypt bridge stp psmouse hpilo sp5100_tco i2c_piix4 amd64_edac_mod hpwdt edac_core k10temp edac_mce_amd joydev serio_raw acpi_power_meter mac_hid lp parport raid10 raid456 async_pq async_xor xor async_memcpy async_raid6_recov raid6_pq async_tx raid1 raid0 multipath linear radeon ttm drm_kms_helper drm osst usbhid hid st ch i2c_algo_bit pata_atiixp hpsa bnx2
  Jul 24 10:12:53 server kernel: [575939.742131]
  Jul 24 10:12:53 server kernel: [575939.742131] Pid: 2523, comm: nfsd Tainted: P O 3.2.0-67-generic #101-Ubuntu HP ProLiant DL385 G7
  Jul 24 10:12:53 server kernel: [575939.742131] RIP: 0010:[<ffffffffa055c451>] [<ffffffffa055c451>] set_nfsv4_acl_one+0x21/0xb0 [nfsd]
  Jul 24 10:12:53 server kernel: [575939.742131] RSP: 0018:ffff880422085ce0 EFLAGS: 00010282
  Jul 24 10:12:53 server kernel: [575939.742131] RAX: 0000000000004000 RBX: ffff880e29b16cc0 RCX: 00000000013cc2cc
  Jul 24 10:12:53 server kernel: [575939.742131] RDX: ffffffffa0583374 RSI: 0000000000000000 RDI: ffff880e29b16cc0
  Jul 24 10:12:53 server kernel: [575939.742131] RBP: ffff880422085d10 R08: ffffea002cdf3b80 R09: ffffffffa055c4af
  Jul 24 10:12:53 server kernel: [575939.742131] R10: ffff880b37ceed00 R11: 0000000040000004 R12: 0000000000000000
  Jul 24 10:12:53 server kernel: [575939.742131] R13: ffff8807f56418c0 R14: 0000000000000000 R15: ffff880c2268d180
  Jul 24 10:12:53 server kernel: [575939.742131] FS: 00007fbbbbafd700(0000) GS:ffff88103fc80000(0000) knlGS:0000000000000000
  Jul 24 10:12:53 server kernel: [575939.742131] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
  Jul 24 10:12:53 server kernel: [575939.742131] CR2: 0000000000000010 CR3: 0000000c22d6c000 CR4: 00000000000006e0
  Jul 24 10:12:53 server kernel: [575939.742131] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
  Jul 24 10:12:53 server kernel: [575939.742131] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
  Jul 24 10:12:53 server kernel: [575939.742131] Process nfsd (pid: 2523, threadinfo ffff880422084000, task ffff880425964500)
  Jul 24 10:12:53 server kernel: [575939.742131] Stack:
  Jul 24 10:12:53 server kernel: [575939.742131] ffff880c2268d040 ffff880e29b16cc0 0000000000000000 ffff8807f56418c0
  Jul 24 10:12:53 server kernel: [575939.742131] 0000000000000000 ffff880c2268d180 ffff880422085d50 ffffffffa055d5e3
  Jul 24 10:12:53 server kernel: [575939.742131] ffff880b37cee840 0000000000000000 ffff880c22684000 ffff880c2268d040
  Jul 24 10:12:53 server kernel: [575939.742131] Call Trace:
  Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffffa055d5e3>] nfsd4_set_nfs4_acl+0x143/0x150 [nfsd]
  Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffffa056ab74>] nfsd4_setattr+0xd4/0x130 [nfsd]
  Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffffa0569be8>] nfsd4_proc_compound+0x518/0x6e0 [nfsd]
  Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffffa0558a4b>] nfsd_dispatch+0xeb/0x230 [nfsd]
  Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffffa03ae475>] svc_process_common+0x345/0x690 [sunrpc]
  Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffff81060ad0>] ? try_to_wake_up+0x200/0x200
  Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffffa03aeb12>] svc_process+0x102/0x150 [sunrpc]
  Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffffa05581ad>] nfsd+0xbd/0x160 [nfsd]
  Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffffa05580f0>] ? nfsd_startup+0xf0/0xf0 [nfsd]
  Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffff8108b8cc>] kthread+0x8c/0xa0
  Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffff8166deb4>] kernel_thread_helper+0x4/0x10
  Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffff8108b840>] ? flush_kthread_worker+0xa0/0xa0
  Jul 24 10:12:53 server kernel: [575939.742131] [<ffffffff8166deb0>] ? gs_change+0x13/0x13
  Jul 24 10:12:53 server kernel: [575939.742131] Code: 19 c0 f7 d0 83 e0 02 c3 90 90 55 48 89 e5 48 83 ec 30 48 89 5d d8 4c 89 65 e0 4c 89 6d e8 4c 89 75 f0 4c 89 7d f8 66 66 66 66 90 <48> 63 46 10 49 89 fd 49 89 f6 be d0 00 00 00 49 89 d4 4c 8d 3c
  Jul 24 10:12:53 server kernel: [575939.742131] RIP [<ffffffffa055c451>] set_nfsv4_acl_one+0x21/0xb0 [nfsd]
  Jul 24 10:12:53 server kernel: [575939.742131] RSP <ffff880422085ce0>
  Jul 24 10:12:53 server kernel: [575939.742131] CR2: 0000000000000010
  Jul 24 10:12:53 server kernel: [575942.132715] ---[ end trace ba2b82e486b77140 ]---

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1348670/+subscriptions


References