Re: null pointer dereference in linux kernel 3.2.4 in nfs4_xdr_enc_getacl

To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Cc: "debian-backports@lists.debian.org" <debian-backports@lists.debian.org>, "linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>
Subject: Re: null pointer dereference in linux kernel 3.2.4 in nfs4_xdr_enc_getacl
From: "Myklebust, Trond" <Trond.Myklebust@netapp.com>
Date: Mon, 27 Feb 2012 18:41:59 +0000
Message-id: <[🔎] 1330368119.5541.59.camel@lade.trondhjem.org>
In-reply-to: <[🔎] 871upg2klr.fsf@pip.fifthhorseman.net>
References: <[🔎] 871upg2klr.fsf@pip.fifthhorseman.net>

On Mon, 2012-02-27 at 13:32 -0500, Daniel Kahn Gillmor wrote:
> I'm running linux kernel 3.2.4-1~bpo60+1 from debian's squeeze-backports
> repository on a 32-bit x86 machine.  The machine in question is an NFSv4
> client, using sec=krb5p.  Both the NFS client and server are both
> running rpc.svcgssd and rpc.gssd (so i think delegations are in effect,
> though i don't know how to check).
> 
> I got the following crash report from the client, which was subsequently
> unresponsive at the keyboard, and declined to shut down cleanly (i
> needed to do a hard poweroff to get the machine functional again for the
> user).
> 
> 
> Feb 27 10:39:55 birman kernel: [13172.618474] usb 2-1: USB disconnect, device number 4
> Feb 27 11:55:29 birman kernel: [17706.184079] BUG: unable to handle kernel NULL pointer dereference at   (null)
> Feb 27 11:55:29 birman kernel: [17706.184097] IP: [<c10b2623>] page_address+0x6/0x97
> Feb 27 11:55:29 birman kernel: [17706.184108] *pdpt = 00000000365d3001 *pde = 0000000000000000 
> Feb 27 11:55:29 birman kernel: [17706.184116] Oops: 0000 [#1] SMP 
> Feb 27 11:55:29 birman kernel: [17706.184122] Modules linked in: nls_utf8 nls_cp437 vfat fat usb_storage uas tun ip6table_filter ip6_tables iptable_filter ip_tables x_tables parport_pc ppdev lp parport bnep rfcomm bluetooth crc16 uinput kvm_amd kvm fuse sha1_generic hmac cryptd aes_i586 aes_generic cbc cts rpcsec_gss_krb5 nfsd nfs lockd fscache auth_rpcgss nfs_acl sunrpc bridge stp ext2 loop snd_hda_codec_hdmi tpm_infineon snd_hda_codec_realtek nouveau snd_hda_intel snd_hda_codec ttm hp_wmi drm_kms_helper drm sparse_keymap i2c_algo_bit snd_hwdep snd_pcm rfkill snd_seq snd_timer snd_seq_device sp5100_tco mxm_wmi i2c_piix4 snd usbhid video i2c_core wmi pcspkr processor evdev psmouse tpm_tis tpm tpm_bios serio_raw thermal_sys usblp soundcore snd_page_alloc hid k10temp ext3 jbd mbcache dm_mod sg sd_mod sr_mod crc_t10dif cdrom ohci_hcd ehci_hcd ahci libahci tg3 libphy libata scsi_mod usbcore usb_common button [last unloaded: scsi_wait_scan]
> Feb 27 11:55:29 birman kernel: [17706.184281] 
> Feb 27 11:55:29 birman kernel: [17706.184285] Pid: 7568, comm: eog Not tainted 3.2.0-0.bpo.1-686-pae #1 Hewlett-Packard HP Compaq 6005 Pro SFF PC/3047h
> Feb 27 11:55:29 birman kernel: [17706.184299] EIP: 0060:[<c10b2623>] EFLAGS: 00210202 CPU: 2
> Feb 27 11:55:29 birman kernel: [17706.184305] EIP is at page_address+0x6/0x97
> Feb 27 11:55:29 birman kernel: [17706.184310] EAX: 00000000 EBX: 00000000 ECX: f6711804 EDX: 000000dc
> Feb 27 11:55:29 birman kernel: [17706.184316] ESI: f67c3bf4 EDI: 00000037 EBP: f67c3c24 ESP: f67c3bd0
> Feb 27 11:55:29 birman kernel: [17706.184322]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
> Feb 27 11:55:29 birman kernel: [17706.184328] Process eog (pid: 7568, ti=f67c2000 task=f315b760 task.ti=f67c2000)
> Feb 27 11:55:29 birman kernel: [17706.184334] Stack:
> Feb 27 11:55:29 birman kernel: [17706.184337]  f67c3ddc f67c3bf4 00000037 f67c3c24 fb4b1ff3 00000000 00001000 f67c3bf4
> Feb 27 11:55:29 birman kernel: [17706.184351]  f6a67ac0 00000000 00000002 f6711074 00000000 00000000 00000097 00000000
> Feb 27 11:55:29 birman kernel: [17706.184365]  f6a67ac0 fb4b1f5c fb4b1f5c f6711064 f86402a8 f67110a0 f6a67ac4 f6711728
> Feb 27 11:55:29 birman kernel: [17706.184379] Call Trace:
> Feb 27 11:55:29 birman kernel: [17706.184393]  [<fb4b1ff3>] ? nfs4_xdr_enc_getacl+0x97/0xb4 [nfs]
> Feb 27 11:55:29 birman kernel: [17706.184407]  [<fb4b1f5c>] ? nfs4_xdr_enc_setacl+0xdf/0xdf [nfs]
> Feb 27 11:55:29 birman kernel: [17706.184420]  [<fb4b1f5c>] ? nfs4_xdr_enc_setacl+0xdf/0xdf [nfs]
> Feb 27 11:55:29 birman kernel: [17706.184428]  [<f86402a8>] ? gss_wrap_req_encode+0x1e/0x25 [auth_rpcgss]
> Feb 27 11:55:29 birman kernel: [17706.184441]  [<fb4b1f5c>] ? nfs4_xdr_enc_setacl+0xdf/0xdf [nfs]
> Feb 27 11:55:29 birman kernel: [17706.184449]  [<f8640429>] ? gss_wrap_req+0x158/0x2eb [auth_rpcgss]
> Feb 27 11:55:29 birman kernel: [17706.184456]  [<f8640a63>] ? gss_marshal+0x134/0x13e [auth_rpcgss]
> Feb 27 11:55:29 birman kernel: [17706.184464]  [<f86402d1>] ? priv_release_snd_buf+0x22/0x22 [auth_rpcgss]
> Feb 27 11:55:29 birman kernel: [17706.184477]  [<fb4b1f5c>] ? nfs4_xdr_enc_setacl+0xdf/0xdf [nfs]
> Feb 27 11:55:29 birman kernel: [17706.184489]  [<f8ec138e>] ? rpcauth_wrap_req+0x56/0x7c [sunrpc]
> Feb 27 11:55:29 birman kernel: [17706.184506]  [<f8ebab90>] ? call_transmit+0x175/0x1e0 [sunrpc]
> Feb 27 11:55:29 birman kernel: [17706.184518]  [<f8ec0989>] ? __rpc_execute+0x5b/0x1ee [sunrpc]
> Feb 27 11:55:29 birman kernel: [17706.184527]  [<f8ebb668>] ? rpc_run_task+0x57/0x5c [sunrpc]
> Feb 27 11:55:29 birman kernel: [17706.184536]  [<f8ebb74e>] ? rpc_call_sync+0x3c/0x56 [sunrpc]
> Feb 27 11:55:29 birman kernel: [17706.184549]  [<fb4a6a1c>] ? __nfs4_get_acl_uncached+0x165/0x1f9 [nfs]
> Feb 27 11:55:29 birman kernel: [17706.184563]  [<fb4a6b8c>] ? nfs4_xattr_get_nfs4_acl+0xdc/0x10a [nfs]
> Feb 27 11:55:29 birman kernel: [17706.184571]  [<c10eb661>] ? generic_getxattr+0x61/0x65
> Feb 27 11:55:29 birman kernel: [17706.184578]  [<c10eb600>] ? single_open+0x70/0x70
> Feb 27 11:55:29 birman kernel: [17706.184584]  [<c10ebd8e>] ? vfs_getxattr+0x76/0x7d
> Feb 27 11:55:29 birman kernel: [17706.184589]  [<c10ebe18>] ? getxattr+0x83/0xe2
> Feb 27 11:55:29 birman kernel: [17706.184596]  [<c10e50c8>] ? dput+0x21/0xc4
> Feb 27 11:55:29 birman kernel: [17706.184601]  [<c10dfb01>] ? path_lookupat+0x297/0x2a8
> Feb 27 11:55:29 birman kernel: [17706.184607]  [<c10e04cd>] ? user_path_at_empty+0x46/0x65
> Feb 27 11:55:29 birman kernel: [17706.184613]  [<c10ebb36>] ? listxattr+0x80/0x88
> Feb 27 11:55:29 birman kernel: [17706.184619]  [<c10ebef3>] ? sys_getxattr+0x37/0x48
> Feb 27 11:55:29 birman kernel: [17706.184626]  [<c12cddbc>] ? syscall_call+0x7/0xb
> Feb 27 11:55:29 birman kernel: [17706.184630] Code: 89 73 0c 89 0e eb 0c 8d 58 f8 8d 4b 08 39 f1 75 a1 89 f8 59 5b 5b 5e 5f 5d e9 14 b5 21 00 0f 0b e9 04 ff ff ff 55 57 56 53 89 c3 <8b> 00 c1 e8 1e 69 c0 40 03 00 00 05 40 7e 41 c1 2b 80 0c 03 00 
> Feb 27 11:55:29 birman kernel: [17706.184699] EIP: [<c10b2623>] page_address+0x6/0x97 SS:ESP 0068:f67c3bd0
> Feb 27 11:55:29 birman kernel: [17706.184709] CR2: 0000000000000000
> Feb 27 11:55:29 birman kernel: [17706.188397] ---[ end trace e521447c73f57914 ]---
> 
> Please let me know if i can provide any more useful information about
> this, or if there's something i can do to avoid this crash in the
> future.

Known issue, for which a patch has already been merged upstream. Please
see

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git&a=commitdiff&h=331818f1c468a24e581aedcbe52af799366a9dfe

Cheers
  Trond
-- 
Trond Myklebust
Linux NFS client maintainer

NetApp
Trond.Myklebust@netapp.com
www.netapp.com

Reply to:

References:
- null pointer dereference in linux kernel 3.2.4 in nfs4_xdr_enc_getacl
  - From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Prev by Date: null pointer dereference in linux kernel 3.2.4 in nfs4_xdr_enc_getacl
Next by Date: NVidia drivers and kernel 3.2.4
Previous by thread: null pointer dereference in linux kernel 3.2.4 in nfs4_xdr_enc_getacl
Next by thread: NVidia drivers and kernel 3.2.4
Index(es):
- Date
- Thread