Bug#715548: linux-image-3.9-1-amd64: NFS causes a general protection fault

To: Francois Gouget <fgouget@free.fr>, 715548@bugs.debian.org
Subject: Bug#715548: linux-image-3.9-1-amd64: NFS causes a general protection fault
From: Bastian Blank <waldi@debian.org>
Date: Wed, 10 Jul 2013 13:27:24 +0200
Message-id: <[🔎] 20130710112724.GA7585@mail.waldi.eu.org>
Reply-to: Bastian Blank <waldi@debian.org>, 715548@bugs.debian.org
In-reply-to: <[🔎] 20130710105135.11941.91633.reportbug@amboise.dolphin>
References: <[🔎] 20130710105135.11941.91633.reportbug@amboise.dolphin>

On Wed, Jul 10, 2013 at 12:51:35PM +0200, Francois Gouget wrote:
> I have a Solaris 11.11 (vmware) virtual machine which mounts a host filesystem via NFS.
> With the linux-image-3.2.0-3-amd64 kernel all was fine.
> But with the linux-image-3.2.0-4-amd64 one the NFS accesses soon result in the general protection fault included below. After that NFS accesses stop working and the filesystem cannot be mounted by other VMs.

What now. Is it broken in 3.2 or in 3.9.8-1 as listed as running?

> ** Tainted: PDO (4225)
>  * Proprietary module has been loaded.

Nice try.

> [  903.144368] general protection fault: 0000 [#1] SMP 
> [  903.144374] Modules linked in: bridge stp llc ebtable_nat ebtables vmnet(O) vsock(O) vmci(O) ppdev lp vmmon(O) bnep rfcomm bluetooth rfkill cpufreq_powersave cpufreq_stats cpufreq_conservative cpufreq_userspace tun pci_stub vboxpci(O) vboxnetadp(O) vboxnetflt(O) binfmt_misc uinput nfsd auth_rpcgss nfs_acl nfs lockd dns_resolver fscache sunrpc ipt_MASQUERADE xt_REDIRECT xt_recent xt_connmark xt_tcpudp nf_conntrack_ipv6 nf_defrag_ipv6 xt_state iptable_nat nf_nat_ipv4 ip6table_filter ip6_tables iptable_filter ip_tables x_tables nf_nat_ftp nf_nat nf_conntrack_ftp nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack vboxdrv(O) it87 hwmon_vid loop firewire_sbp2 fuse nvidia(PO) ivtv_alsa tuner_simple tuner_types tda9887 tda8290 tuner msp3400 saa7127 mt2060 pcspkr acpi_cpufreq mperf processor thermal_sys snd_hda_codec_realtek snd_hda_intel snd_hda_codec coretemp saa7115 evdev snd_usb_audio snd_usbmidi_lib snd_hwdep kvm_intel snd_seq_midi snd_seq_midi_event snd_seq snd_rawmidi snd_pcm snd
>  _page_alloc i2c_i801 ivtv tveeprom cx2341x v4l2_common videodev media i2c_algo_bit dvb_usb_dib0700 dib8000 dib7000m dib0090 dib0070 dib7000p dib3000mc dibx000_common dvb_usb dvb_core rc_core i2c_core iTCO_wdt iTCO_vendor_support lpc_ich mfd_core button kvm parport_pc parport snd_seq_device snd_timer snd soundcore ext4 crc16 jbd2 mbcache dm_mod raid1 md_mod sr_mod cdrom ata_generic hid_generic usbhid hid sg sd_mod crc_t10dif usb_storage firewire_ohci firewire_core xhci_hcd crc_itu_t r8169 pata_jmicron mii ahci libahci microcode libata ehci_pci uhci_hcd ehci_hcd scsi_mod usbcore usb_common
> [  903.144486] CPU 1 
> [  903.144491] Pid: 5270, comm: nfsd Tainted: P           O 3.9-1-amd64 #1 Debian 3.9.8-1 Gigabyte Technology Co., Ltd. EP35-DS3P/EP35-DS3P

So actually it is 3.9.8-1

> [  903.144494] RIP: 0010:[<ffffffffa11061bd>]  [<ffffffffa11061bd>] free_generic_stateid+0xc/0x29 [nfsd]
> [  903.144507] RSP: 0018:ffff8800c17f3d48  EFLAGS: 00010202
> [  903.144510] RAX: 0000000000000000 RBX: 0a226f6e7822203d RCX: 0000000000000078
> [  903.144512] RDX: 0000000000000049 RSI: ffff88012a68c228 RDI: 0a226f6e7822203d
> [  903.144514] RBP: ffff8801275428c0 R08: ffff8800c144e3a0 R09: 0000000000000000
> [  903.144517] R10: 000000000000008b R11: 0000000000000010 R12: ffff8800c174e040
> [  903.144519] R13: ffffffff8167b8c0 R14: ffff8800c1754000 R15: ffff8801282dc600
> [  903.144522] FS:  0000000000000000(0000) GS:ffff88012fc80000(0000) knlGS:0000000000000000
> [  903.144524] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> [  903.144526] CR2: 00007f48e00218c8 CR3: 0000000036c8b000 CR4: 00000000000007e0
> [  903.144529] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [  903.144531] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> [  903.144534] Process nfsd (pid: 5270, threadinfo ffff8800c17f2000, task ffff88012a74a7b0)
> [  903.144646] Code: fb 85 c0 75 11 be 2b 00 00 00 48 c7 c7 31 1c 11 a1 e8 c1 6f f3 df 48 89 df 5b e9 3b fd ff ff 55 48 8b 2d a7 1e 01 00 53 48 89 fb <8b> 77 10 48 8b 7f 18 48 83 c7 38 e8 fb fe 0b e0 48 89 de 48 89 
> [  903.144678] RIP  [<ffffffffa11061bd>] free_generic_stateid+0xc/0x29 [nfsd]

This matches the following code:
|   131bd:       8b 77 10                mov    0x10(%rdi),%esi

RDI is completely bogus.

There are some race fixes in 3.10. It is possible that they fix the
problem.

Bastian

-- 
Time is fluid ... like a river with currents, eddies, backwash.
		-- Spock, "The City on the Edge of Forever", stardate 3134.0

Reply to:

Follow-Ups:
- Bug#715548: linux-image-3.9-1-amd64: NFS causes a general protection fault
  - From: Francois Gouget <fgouget@free.fr>

References:
- Bug#715548: linux-image-3.9-1-amd64: NFS causes a general protection fault
  - From: Francois Gouget <fgouget@free.fr>

Prev by Date: Bug#715548: linux-image-3.9-1-amd64: NFS causes a general protection fault
Next by Date: Bug#715478: Correctly match *,sec=krb5,*
Previous by thread: Bug#715548: linux-image-3.9-1-amd64: NFS causes a general protection fault
Next by thread: Bug#715548: linux-image-3.9-1-amd64: NFS causes a general protection fault
Index(es):
- Date
- Thread