From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: debian-backports@lists.debian.org, linux-nfs@vger.kernel.org
Subject: null pointer dereference in linux kernel 3.2.4 in nfs4_xdr_enc_getacl
Date: Mon, 27 Feb 2012 13:32:16 -0500 [thread overview]
Message-ID: <871upg2klr.fsf@pip.fifthhorseman.net> (raw)
[-- Attachment #1: Type: text/plain, Size: 6355 bytes --]
I'm running linux kernel 3.2.4-1~bpo60+1 from debian's squeeze-backports
repository on a 32-bit x86 machine. The machine in question is an NFSv4
client, using sec=krb5p. Both the NFS client and server are both
running rpc.svcgssd and rpc.gssd (so i think delegations are in effect,
though i don't know how to check).
I got the following crash report from the client, which was subsequently
unresponsive at the keyboard, and declined to shut down cleanly (i
needed to do a hard poweroff to get the machine functional again for the
user).
Feb 27 10:39:55 birman kernel: [13172.618474] usb 2-1: USB disconnect, device number 4
Feb 27 11:55:29 birman kernel: [17706.184079] BUG: unable to handle kernel NULL pointer dereference at (null)
Feb 27 11:55:29 birman kernel: [17706.184097] IP: [<c10b2623>] page_address+0x6/0x97
Feb 27 11:55:29 birman kernel: [17706.184108] *pdpt = 00000000365d3001 *pde = 0000000000000000
Feb 27 11:55:29 birman kernel: [17706.184116] Oops: 0000 [#1] SMP
Feb 27 11:55:29 birman kernel: [17706.184122] Modules linked in: nls_utf8 nls_cp437 vfat fat usb_storage uas tun ip6table_filter ip6_tables iptable_filter ip_tables x_tables parport_pc ppdev lp parport bnep rfcomm bluetooth crc16 uinput kvm_amd kvm fuse sha1_generic hmac cryptd aes_i586 aes_generic cbc cts rpcsec_gss_krb5 nfsd nfs lockd fscache auth_rpcgss nfs_acl sunrpc bridge stp ext2 loop snd_hda_codec_hdmi tpm_infineon snd_hda_codec_realtek nouveau snd_hda_intel snd_hda_codec ttm hp_wmi drm_kms_helper drm sparse_keymap i2c_algo_bit snd_hwdep snd_pcm rfkill snd_seq snd_timer snd_seq_device sp5100_tco mxm_wmi i2c_piix4 snd usbhid video i2c_core wmi pcspkr processor evdev psmouse tpm_tis tpm tpm_bios serio_raw thermal_sys usblp soundcore snd_page_alloc hid k10temp ext3 jbd mbcache dm_mod sg sd_mod sr_mod crc_t10dif cdrom ohci_hcd ehci_hcd ahci libahci tg3 libphy libata scsi_mod usbcore usb_common button [last unloaded: scsi_wait_scan]
Feb 27 11:55:29 birman kernel: [17706.184281]
Feb 27 11:55:29 birman kernel: [17706.184285] Pid: 7568, comm: eog Not tainted 3.2.0-0.bpo.1-686-pae #1 Hewlett-Packard HP Compaq 6005 Pro SFF PC/3047h
Feb 27 11:55:29 birman kernel: [17706.184299] EIP: 0060:[<c10b2623>] EFLAGS: 00210202 CPU: 2
Feb 27 11:55:29 birman kernel: [17706.184305] EIP is at page_address+0x6/0x97
Feb 27 11:55:29 birman kernel: [17706.184310] EAX: 00000000 EBX: 00000000 ECX: f6711804 EDX: 000000dc
Feb 27 11:55:29 birman kernel: [17706.184316] ESI: f67c3bf4 EDI: 00000037 EBP: f67c3c24 ESP: f67c3bd0
Feb 27 11:55:29 birman kernel: [17706.184322] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Feb 27 11:55:29 birman kernel: [17706.184328] Process eog (pid: 7568, ti=f67c2000 task=f315b760 task.ti=f67c2000)
Feb 27 11:55:29 birman kernel: [17706.184334] Stack:
Feb 27 11:55:29 birman kernel: [17706.184337] f67c3ddc f67c3bf4 00000037 f67c3c24 fb4b1ff3 00000000 00001000 f67c3bf4
Feb 27 11:55:29 birman kernel: [17706.184351] f6a67ac0 00000000 00000002 f6711074 00000000 00000000 00000097 00000000
Feb 27 11:55:29 birman kernel: [17706.184365] f6a67ac0 fb4b1f5c fb4b1f5c f6711064 f86402a8 f67110a0 f6a67ac4 f6711728
Feb 27 11:55:29 birman kernel: [17706.184379] Call Trace:
Feb 27 11:55:29 birman kernel: [17706.184393] [<fb4b1ff3>] ? nfs4_xdr_enc_getacl+0x97/0xb4 [nfs]
Feb 27 11:55:29 birman kernel: [17706.184407] [<fb4b1f5c>] ? nfs4_xdr_enc_setacl+0xdf/0xdf [nfs]
Feb 27 11:55:29 birman kernel: [17706.184420] [<fb4b1f5c>] ? nfs4_xdr_enc_setacl+0xdf/0xdf [nfs]
Feb 27 11:55:29 birman kernel: [17706.184428] [<f86402a8>] ? gss_wrap_req_encode+0x1e/0x25 [auth_rpcgss]
Feb 27 11:55:29 birman kernel: [17706.184441] [<fb4b1f5c>] ? nfs4_xdr_enc_setacl+0xdf/0xdf [nfs]
Feb 27 11:55:29 birman kernel: [17706.184449] [<f8640429>] ? gss_wrap_req+0x158/0x2eb [auth_rpcgss]
Feb 27 11:55:29 birman kernel: [17706.184456] [<f8640a63>] ? gss_marshal+0x134/0x13e [auth_rpcgss]
Feb 27 11:55:29 birman kernel: [17706.184464] [<f86402d1>] ? priv_release_snd_buf+0x22/0x22 [auth_rpcgss]
Feb 27 11:55:29 birman kernel: [17706.184477] [<fb4b1f5c>] ? nfs4_xdr_enc_setacl+0xdf/0xdf [nfs]
Feb 27 11:55:29 birman kernel: [17706.184489] [<f8ec138e>] ? rpcauth_wrap_req+0x56/0x7c [sunrpc]
Feb 27 11:55:29 birman kernel: [17706.184506] [<f8ebab90>] ? call_transmit+0x175/0x1e0 [sunrpc]
Feb 27 11:55:29 birman kernel: [17706.184518] [<f8ec0989>] ? __rpc_execute+0x5b/0x1ee [sunrpc]
Feb 27 11:55:29 birman kernel: [17706.184527] [<f8ebb668>] ? rpc_run_task+0x57/0x5c [sunrpc]
Feb 27 11:55:29 birman kernel: [17706.184536] [<f8ebb74e>] ? rpc_call_sync+0x3c/0x56 [sunrpc]
Feb 27 11:55:29 birman kernel: [17706.184549] [<fb4a6a1c>] ? __nfs4_get_acl_uncached+0x165/0x1f9 [nfs]
Feb 27 11:55:29 birman kernel: [17706.184563] [<fb4a6b8c>] ? nfs4_xattr_get_nfs4_acl+0xdc/0x10a [nfs]
Feb 27 11:55:29 birman kernel: [17706.184571] [<c10eb661>] ? generic_getxattr+0x61/0x65
Feb 27 11:55:29 birman kernel: [17706.184578] [<c10eb600>] ? single_open+0x70/0x70
Feb 27 11:55:29 birman kernel: [17706.184584] [<c10ebd8e>] ? vfs_getxattr+0x76/0x7d
Feb 27 11:55:29 birman kernel: [17706.184589] [<c10ebe18>] ? getxattr+0x83/0xe2
Feb 27 11:55:29 birman kernel: [17706.184596] [<c10e50c8>] ? dput+0x21/0xc4
Feb 27 11:55:29 birman kernel: [17706.184601] [<c10dfb01>] ? path_lookupat+0x297/0x2a8
Feb 27 11:55:29 birman kernel: [17706.184607] [<c10e04cd>] ? user_path_at_empty+0x46/0x65
Feb 27 11:55:29 birman kernel: [17706.184613] [<c10ebb36>] ? listxattr+0x80/0x88
Feb 27 11:55:29 birman kernel: [17706.184619] [<c10ebef3>] ? sys_getxattr+0x37/0x48
Feb 27 11:55:29 birman kernel: [17706.184626] [<c12cddbc>] ? syscall_call+0x7/0xb
Feb 27 11:55:29 birman kernel: [17706.184630] Code: 89 73 0c 89 0e eb 0c 8d 58 f8 8d 4b 08 39 f1 75 a1 89 f8 59 5b 5b 5e 5f 5d e9 14 b5 21 00 0f 0b e9 04 ff ff ff 55 57 56 53 89 c3 <8b> 00 c1 e8 1e 69 c0 40 03 00 00 05 40 7e 41 c1 2b 80 0c 03 00
Feb 27 11:55:29 birman kernel: [17706.184699] EIP: [<c10b2623>] page_address+0x6/0x97 SS:ESP 0068:f67c3bd0
Feb 27 11:55:29 birman kernel: [17706.184709] CR2: 0000000000000000
Feb 27 11:55:29 birman kernel: [17706.188397] ---[ end trace e521447c73f57914 ]---
Please let me know if i can provide any more useful information about
this, or if there's something i can do to avoid this crash in the
future.
--dkg
[-- Attachment #2: Type: application/pgp-signature, Size: 965 bytes --]
next reply other threads:[~2012-02-27 18:31 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-27 18:32 Daniel Kahn Gillmor [this message]
2012-02-27 18:41 ` null pointer dereference in linux kernel 3.2.4 in nfs4_xdr_enc_getacl Myklebust, Trond
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871upg2klr.fsf@pip.fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=debian-backports@lists.debian.org \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).