Bug 81111 - BUG: unabel to handle kernel paging request at ffffffffffffffa1
Summary: BUG: unabel to handle kernel paging request at ffffffffffffffa1
Status: NEW
Alias: None
Product: File System
Classification: Unclassified
Component: NFS (show other bugs)
Hardware: All Linux
: P1 high
Assignee: Trond Myklebust
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-07-25 20:20 UTC by Petr Vandrovec
Modified: 2016-03-20 11:23 UTC (History)
2 users (show)

See Also:
Kernel Version: 3.16.0-rc6-00104
Subsystem:
Regression: No
Bisected commit-id:


Attachments

Description Petr Vandrovec 2014-07-25 20:20:40 UTC
When trying to run 'rsync' with preserving ACLs, I get this kernel crash:

[133972.725375] BUG: unable to handle kernel paging request at ffffffffffffffa1
[133972.734861] IP: [<ffffffffa03a6675>] nfs3_list_one_acl+0x35/0xa0 [nfsv3]
[133972.735319] PGD 1c15067 PUD 1c17067 PMD 0 
[133972.735319] Oops: 0002 [#1] PREEMPT SMP 
[133972.735319] Modules linked in: xt_REDIRECT iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack ip_tables x_tables binfmt_misc deflate ctr twofish_generic twofish_x86_64_3way twofish_x86_64 twofish_common camellia_generic camellia_x86_64 serpent_sse2_x86_64 xts serpent_generic nfsd lrw gf128mul glue_helper blowfish_generic blowfish_x86_64 blowfish_common rpcsec_gss_krb5 cast5_generic nfsv4 cast_common ablk_helper auth_rpcgss nfsv3 cryptd nfs_acl nfs des_generic cbc cmac xcbc rmd160 lockd sha256_generic arc4 ecb sha1_generic md4 hmac nls_iso8859_2 crypto_null af_key cifs xfrm_algo sunrpc iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi fscache af_packet ohci_pci ehci_pci ohci_hcd ehci_hcd usbcore tg3 ptp pps_core usb_common snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd ppdev parport_pc sg sr_mod k8temp shpchp floppy parport cdrom i2c_amd8111 i2c_amd756 hwmon ata_generic pata_acpi serio_raw aic79xx sata_sil24 w83627hf_wdt fuse ipv6 autofs4
[133972.735319] CPU: 1 PID: 28900 Comm: rsync Tainted: G        W     3.16.0-rc6-64-00104-gb292d6b #46
[133972.735319] Hardware name: Supermicro H8DA8/H8DAR/H8DA8, BIOS 080010  05/22/2006
[133972.735319] task: ffff88013a344aa0 ti: ffff8800bd168000 task.ti: ffff8800bd168000
[133972.735319] RIP: 0010:[<ffffffffa03a6675>]  [<ffffffffa03a6675>] nfs3_list_one_acl+0x35/0xa0 [nfsv3]
[133972.735319] RSP: 0018:ffff8800bd16be78  EFLAGS: 00010282
[133972.735319] RAX: ffffffffffffffa1 RBX: 0000000000000000 RCX: 0000000000000000
[133972.735319] RDX: 00000000000000f6 RSI: 0000000000008000 RDI: ffff8800bd16be20
[133972.735319] RBP: ffff8800bd16bea0 R08: 0000000000000400 R09: ffff8800bd16beb0
[133972.735319] R10: ffff88013bd163e0 R11: ffffea0008e5e000 R12: 0000000000000400
[133972.735319] R13: ffffffffa03a762f R14: ffff8800bbb97c00 R15: ffff8800bd16beb0
[133972.735319] FS:  00007fb2dfdbb700(0000) GS:ffff88013bd00000(0000) knlGS:00000000f7585700
[133972.735319] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[133972.735319] CR2: ffffffffffffffa1 CR3: 000000016c28a000 CR4: 00000000000007e0
[133972.735319] Stack:
[133972.735319]  ffff8800afc109b8 ffff8800bbb97c00 0000000000000400 0000000000000000
[133972.735319]  0000000001ba9a90 ffff8800bd16bed0 ffffffffa03a6c54 0000000000000000
[133972.735319]  ffff8800bb6c43c0 0000000000000400 ffff8800bbb97c00 ffff8800bd16bef8
[133972.735319] Call Trace:
[133972.735319]  [<ffffffffa03a6c54>] nfs3_listxattr+0x44/0x8c [nfsv3]
[133972.735319]  [<ffffffff8119e258>] vfs_listxattr+0x48/0x80
[133972.735319]  [<ffffffff8119e2f1>] listxattr+0x61/0x150
[133972.735319]  [<ffffffff8119ef27>] SyS_llistxattr+0x47/0x90
[133972.735319]  [<ffffffff816807bf>] tracesys+0xe1/0xe6
[133972.735319] Code: 5d d8 4c 89 65 e0 4d 89 c4 4c 89 6d e8 4c 89 75 f0 49 89 d5 4c 89 7d f8 49 89 ce 4d 89 cf 49 8b 19 e8 e0 95 e2 e0 48 85 c0 74 34 <f0> ff 08 74 4e 4c 89 ef e8 0e 78 f3 e0 49 03 07 49 89 c2 49 ff 
[133972.735319] RIP  [<ffffffffa03a6675>] nfs3_list_one_acl+0x35/0xa0 [nfsv3]
[133972.735319]  RSP <ffff8800bd16be78>
[133972.735319] CR2: ffffffffffffffa1
[133972.735319] ---[ end trace d620f787c76b5f76 ]---

Apparently nfs3_list_one_acl() believes that get_acl() returns 0 on failure - but it returns PTR_ERR() - so posix_acl_release() then tries to dereference -EOPNOTSUPP, and dies.
Comment 1 Andrey Utkin 2014-07-26 12:01:07 UTC
Thanks for report and investigation. Patch submitted, see "nfs3_list_one_acl(): check get_acl() result with IS_ERR_OR_NULL".

Note You need to log in before you can comment on or make changes to this bug.