When trying to run 'rsync' with preserving ACLs, I get this kernel crash: [133972.725375] BUG: unable to handle kernel paging request at ffffffffffffffa1 [133972.734861] IP: [<ffffffffa03a6675>] nfs3_list_one_acl+0x35/0xa0 [nfsv3] [133972.735319] PGD 1c15067 PUD 1c17067 PMD 0 [133972.735319] Oops: 0002 [#1] PREEMPT SMP [133972.735319] Modules linked in: xt_REDIRECT iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack ip_tables x_tables binfmt_misc deflate ctr twofish_generic twofish_x86_64_3way twofish_x86_64 twofish_common camellia_generic camellia_x86_64 serpent_sse2_x86_64 xts serpent_generic nfsd lrw gf128mul glue_helper blowfish_generic blowfish_x86_64 blowfish_common rpcsec_gss_krb5 cast5_generic nfsv4 cast_common ablk_helper auth_rpcgss nfsv3 cryptd nfs_acl nfs des_generic cbc cmac xcbc rmd160 lockd sha256_generic arc4 ecb sha1_generic md4 hmac nls_iso8859_2 crypto_null af_key cifs xfrm_algo sunrpc iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi fscache af_packet ohci_pci ehci_pci ohci_hcd ehci_hcd usbcore tg3 ptp pps_core usb_common snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd ppdev parport_pc sg sr_mod k8temp shpchp floppy parport cdrom i2c_amd8111 i2c_amd756 hwmon ata_generic pata_acpi serio_raw aic79xx sata_sil24 w83627hf_wdt fuse ipv6 autofs4 [133972.735319] CPU: 1 PID: 28900 Comm: rsync Tainted: G W 3.16.0-rc6-64-00104-gb292d6b #46 [133972.735319] Hardware name: Supermicro H8DA8/H8DAR/H8DA8, BIOS 080010 05/22/2006 [133972.735319] task: ffff88013a344aa0 ti: ffff8800bd168000 task.ti: ffff8800bd168000 [133972.735319] RIP: 0010:[<ffffffffa03a6675>] [<ffffffffa03a6675>] nfs3_list_one_acl+0x35/0xa0 [nfsv3] [133972.735319] RSP: 0018:ffff8800bd16be78 EFLAGS: 00010282 [133972.735319] RAX: ffffffffffffffa1 RBX: 0000000000000000 RCX: 0000000000000000 [133972.735319] RDX: 00000000000000f6 RSI: 0000000000008000 RDI: ffff8800bd16be20 [133972.735319] RBP: ffff8800bd16bea0 R08: 0000000000000400 R09: ffff8800bd16beb0 [133972.735319] R10: ffff88013bd163e0 R11: ffffea0008e5e000 R12: 0000000000000400 [133972.735319] R13: ffffffffa03a762f R14: ffff8800bbb97c00 R15: ffff8800bd16beb0 [133972.735319] FS: 00007fb2dfdbb700(0000) GS:ffff88013bd00000(0000) knlGS:00000000f7585700 [133972.735319] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [133972.735319] CR2: ffffffffffffffa1 CR3: 000000016c28a000 CR4: 00000000000007e0 [133972.735319] Stack: [133972.735319] ffff8800afc109b8 ffff8800bbb97c00 0000000000000400 0000000000000000 [133972.735319] 0000000001ba9a90 ffff8800bd16bed0 ffffffffa03a6c54 0000000000000000 [133972.735319] ffff8800bb6c43c0 0000000000000400 ffff8800bbb97c00 ffff8800bd16bef8 [133972.735319] Call Trace: [133972.735319] [<ffffffffa03a6c54>] nfs3_listxattr+0x44/0x8c [nfsv3] [133972.735319] [<ffffffff8119e258>] vfs_listxattr+0x48/0x80 [133972.735319] [<ffffffff8119e2f1>] listxattr+0x61/0x150 [133972.735319] [<ffffffff8119ef27>] SyS_llistxattr+0x47/0x90 [133972.735319] [<ffffffff816807bf>] tracesys+0xe1/0xe6 [133972.735319] Code: 5d d8 4c 89 65 e0 4d 89 c4 4c 89 6d e8 4c 89 75 f0 49 89 d5 4c 89 7d f8 49 89 ce 4d 89 cf 49 8b 19 e8 e0 95 e2 e0 48 85 c0 74 34 <f0> ff 08 74 4e 4c 89 ef e8 0e 78 f3 e0 49 03 07 49 89 c2 49 ff [133972.735319] RIP [<ffffffffa03a6675>] nfs3_list_one_acl+0x35/0xa0 [nfsv3] [133972.735319] RSP <ffff8800bd16be78> [133972.735319] CR2: ffffffffffffffa1 [133972.735319] ---[ end trace d620f787c76b5f76 ]--- Apparently nfs3_list_one_acl() believes that get_acl() returns 0 on failure - but it returns PTR_ERR() - so posix_acl_release() then tries to dereference -EOPNOTSUPP, and dies.
Thanks for report and investigation. Patch submitted, see "nfs3_list_one_acl(): check get_acl() result with IS_ERR_OR_NULL".