94531 – kernel BUG at fs/9p/acl.c:96!

Bug 94531 - kernel BUG at fs/9p/acl.c:96!

Summary: kernel BUG at fs/9p/acl.c:96!

Status:	RESOLVED OBSOLETE

Alias:	None

Product:	File System
Classification:	Unclassified
Component:	v9fs (show other bugs)
Hardware:	x86-64 Linux

Importance:	P1 normal
Assignee:	Eric Van Hensbergen

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-03-08 15:04 UTC by Sverd Johnsen
Modified:	2015-11-22 04:55 UTC (History)
CC List:	2 users (show)

See Also:
Kernel Version:	4.1.1
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Sverd Johnsen 2015-03-08 15:04:10 UTC

[ 6752.647698] ------------[ cut here ]------------
[ 6752.650537] kernel BUG at fs/9p/acl.c:96!
[ 6752.652596] invalid opcode: 0000 [#1]
[ 6752.653134] Modules linked in: af_packet 9p fscache 9pnet_virtio 9pnet
[ 6752.653760] CPU: 0 PID: 912 Comm: ls Not tainted 3.18.7-kvm #6
[ 6752.654098] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140617_173321-var-lib-archbuild-testing-x86_64-tobias 04/01/2014
[ 6752.654781] task: ffff88001cf50670 ti: ffff88001cef4000 task.ti: ffff88001cef4000
[ 6752.655188] RIP: 0010:[<ffffffffa002ec21>]  [<ffffffffa002ec21>] v9fs_get_cached_acl+0xb/0xe [9p]
[ 6752.655665] RSP: 0018:ffff88001cef7d78  EFLAGS: 00010246
[ 6752.655937] RAX: ffffffffffffffff RBX: ffff88001d528cc0 RCX: 0000000000000000
[ 6752.656348] RDX: ffffffffffffffff RSI: 0000000000008000 RDI: ffff88001d516288
[ 6752.656758] RBP: ffff88001d528cc0 R08: 0000000000008000 R09: 0000000000000100
[ 6752.657167] R10: 0000000000000000 R11: 8080808080808080 R12: 0000000000000000
[ 6752.657303] R13: 0000000000000000 R14: ffff88001d516288 R15: ffff88001d528cc0
[ 6752.657303] FS:  00007f5b306b4700(0000) GS:ffffffff81620000(0000) knlGS:0000000000000000
[ 6752.657303] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 6752.657303] CR2: 0000000001f10000 CR3: 000000001ceb3000 CR4: 00000000000006b0
[ 6752.657303] Stack:
[ 6752.657303]  ffffffffa002ee88 0000000000000000 0000000000000000 ffff88001d528cc0
[ 6752.657303]  ffff88001d528cc0 ffffffff810b9147 0000000000000000 0000000000000000
[ 6752.657303]  ffff88001cef7e17 ffff88001cef7e00 ffffffff810b949b 0000000000000017
[ 6752.657303] Call Trace:
[ 6752.657303]  [<ffffffffa002ee88>] ? v9fs_xattr_get_acl+0x63/0xab [9p]
[ 6752.657303]  [<ffffffff810b9147>] ? generic_getxattr+0x4f/0x5b
[ 6752.657303]  [<ffffffff810b949b>] ? vfs_getxattr+0x8b/0x96
[ 6752.657303]  [<ffffffff810b973b>] ? getxattr+0xbc/0x173
[ 6752.657303]  [<ffffffff8109a658>] ? kmem_cache_free+0x27/0x6d
[ 6752.657303]  [<ffffffff810aca51>] ? user_path_at_empty+0x72/0xa8
[ 6752.657303]  [<ffffffff810b997e>] ? path_getxattr+0x4a/0x79
[ 6752.657303]  [<ffffffff813626a7>] ? system_call_fastpath+0x12/0x17
[ 6752.657303] Code: 44 24 04 e8 58 bb 06 e1 8b 44 24 04 eb 08 31 c0 c3 b8 f4 ff ff ff 5a 5b 5d 41 5c 41 5d 41 5e c3 e8 07 54 0a e1 48 83 f8 ff 75 02 <0f> 0b c3 41 57 41 56 49 89 fe 41 55 41 54 55 53 48 83 ec 60 80
[ 6752.657303] RIP  [<ffffffffa002ec21>] v9fs_get_cached_acl+0xb/0xe [9p]
[ 6752.657303]  RSP <ffff88001cef7d78>
[ 6752.872856] ---[ end trace 751fd225d6345527 ]---
[ 6752.873437] Kernel panic - not syncing: Fatal exception
[ 6752.873687] Kernel Offset: 0x0 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffff9fffffff)
[ 6752.874214] drm_kms_helper: panic occurred, switching back to text console
[ 6752.874549] Rebooting in 15 seconds..

On host:
-chroot /some/where -fsdev local,id=vmhome,path=/,security_model=mapped-xattr -device virtio-9p-pci,fsdev=vmhome,mount_tag=home-archvm-one

On guest:
/home  home-archvm-one 9p     rw,relatime,dirsync,trans=virtio,version=9p2000.L,posixacl,cache=fscache

Reproduce (?)
Created file on host as root in directory where 9p is used as home dir in the guest and used 'ls' on it in the guest.

Comment 1 Sverd Johnsen 2015-03-10 15:49:53 UTC

To clarify, qemu runs as non-root and the file that is created outside of qemu in the host by root with mode 0600 where 9p is shared in the guest is not readable by the qemu user.

Comment 2 Sverd Johnsen 2015-07-06 06:25:15 UTC

Can still be reproduced but does not seem too important.

[  224.248568] ------------[ cut here ]------------
[  224.252792] kernel BUG at fs/9p/acl.c:96!
[  224.256308] invalid opcode: 0000 [#1]
[  224.258424] Modules linked in: af_packet
[  224.258424] CPU: 0 PID: 266 Comm: ls Not tainted 4.1.1-kvm #1
[  224.258424] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.2-20150617_082717-anatol 04/01/2014
[  224.258424] task: ffff880025029a40 ti: ffff8800252f0000 task.ti: ffff8800252f0000
[  224.258424] RIP: 0010:[<ffffffff81149c5f>]  [<ffffffff81149c5f>] v9fs_get_cached_acl+0xf/0x13
[  224.258424] RSP: 0018:ffff8800252f3d08  EFLAGS: 00010246
[  224.258424] RAX: ffffffffffffffff RBX: ffff8800252f3db0 RCX: 0000000000000000
[  224.258424] RDX: ffffffffffffffff RSI: 0000000000008000 RDI: ffff880025cba040
[  224.258424] RBP: ffff8800252f3d08 R08: 0000000000008000 R09: ff72726462626000
[  224.258424] R10: ffff880025ca3600 R11: 0000000000000000 R12: ffff880025ca3600
[  224.258424] R13: 0000000000000000 R14: 0000000000000000 R15: ffff880025cba040
[  224.258424] FS:  00007fad3f89b700(0000) GS:ffffffff8161a000(0000) knlGS:0000000000000000
[  224.258424] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[  224.258424] CR2: 00007fad3f8b1000 CR3: 0000000001f1b000 CR4: 00000000000007b0
[  224.258424] Stack:
[  224.258424]  ffff8800252f3d38 ffffffff81149f1f 0000000000000000 0000000000000000
[  224.258424]  ffff8800252f3db0 ffff880025ca3600 ffff8800252f3d60 ffffffff810ce701
[  224.258424]  0000000000000000 0000000000000000 ffff8800252f3dc7 ffff8800252f3d98
[  224.258424] Call Trace:
[  224.258424]  [<ffffffff81149f1f>] v9fs_xattr_get_acl+0x67/0xaf
[  224.258424]  [<ffffffff810ce701>] generic_getxattr+0x4d/0x55
[  224.258424]  [<ffffffff810cea8c>] vfs_getxattr+0x90/0x9d
[  224.258424]  [<ffffffff810cedf3>] getxattr+0xcb/0x186
[  224.258424]  [<ffffffff810c0de5>] ? user_path_at_empty+0x80/0xca
[  224.258424]  [<ffffffff8115ee7e>] ? __aa_current_profile+0x1c/0x1e
[  224.258424]  [<ffffffff811481a3>] ? v9fs_cached_dentry_delete+0x28/0x35
[  224.258424]  [<ffffffff810cef0a>] path_getxattr+0x5c/0xa2
[  224.258424]  [<ffffffff810cf684>] SyS_getxattr+0xf/0x11
[  224.258424]  [<ffffffff8138d26b>] system_call_fastpath+0x12/0x71
[  224.258424] Code: 33 f6 ff 8b 45 d4 eb 08 31 c0 c3 b8 f4 ff ff ff 5a 5b 41 5c 41 5d 41 5e 41 5f 5d c3 55 48 89 e5 e8 3b 29 fa ff 48 83 f8 ff 75 02 <0f> 0b 5d c3 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 70
[  224.258424] RIP  [<ffffffff81149c5f>] v9fs_get_cached_acl+0xf/0x13
[  224.258424]  RSP <ffff8800252f3d08>
[  224.366590] ---[ end trace 11bd711b8565ce78 ]---
[  224.367527] Kernel panic - not syncing: Fatal exception
[  224.368142] Kernel Offset: disabled
[  224.368610] Rebooting in 30 seconds..

Comment 3 Sverd Johnsen 2015-11-22 04:55:36 UTC

Probably fixed, cannot confirm.

https://github.com/torvalds/linux/commit/0a73d0a204a4a04a1e110539c5a524ae51f91d6d

Note You need to log in before you can comment on or make changes to this bug.