lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <6D769E5D-F4FA-4E29-AC00-C2B000561ADF@oracle.com>
Date:	Mon, 24 Jan 2011 17:53:21 -0500
From:	Chuck Lever <chuck.lever@...cle.com>
To:	Nick Bowler <nbowler@...iptictech.com>
Cc:	linux-kernel@...r.kernel.org, linux-nfs@...r.kernel.org,
	"J. Bruce Fields" <bfields@...hat.com>,
	Trond Myklebust <Trond.Myklebust@...app.com>
Subject: Re: Regression, bisected: NFSv3 BUG when quitting vim in 2.6.38-rc2+.

I think we just fixed this one.  See:

  http://marc.info/?l=linux-nfs&m=129555110430091&w=2

On Jan 24, 2011, at 5:34 PM, Nick Bowler wrote:

> With an NFSv3 client machine running latest Linus' git, quitting vim in
> some circumstances causes an NFS BUG.  The exact conditions which cause
> the BUG are not entirely clear to me, but running
> 
> vim /path/to/some/directory (this opens a directory listing)
>   :q (quits vim)
> 
> causes it to crash 100% of the time.  The directory given to vim can be
> anything: not necessarily anything to do with the NFS mount.  Since my
> home directory is NFS mounted, my guess is that vim's access to its
> config and/or state files (~/.vim/, ~/.vimrc and/or ~/.viminfo) cause
> the crash.
> 
> Crash dump and bisection results follow.  Unfortunately, the implicated
> commit does not revert cleanly.
> 
>  ------------[ cut here ]------------
>  kernel BUG at /scratch_space/linux-2.6/fs/nfs/nfs3xdr.c:1338!
>  invalid opcode: 0000 [#1] PREEMPT SMP 
>  last sysfs file: /sys/devices/pci0000:00/0000:00:1b.0/subsystem_device
>  CPU 2 
>  Modules linked in: nfs nfs_acl bridge stp llc autofs4 nfsd lockd exportfs sunrpc ipv6 iptable_filter iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 ip_tables x_tables snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_timer snd soundcore snd_page_alloc sg evdev usb_storage ext2 ehci_hcd sr_mod cdrom loop tun acpi_cpufreq mperf arc4 ecb crypto_blkcipher cryptomgr aead crypto_algapi rt2800pci rt2800lib crc_ccitt rt2x00pci rt2x00lib mac80211 cfg80211 eeprom_93cx6 e1000e
> 
>  Pid: 31703, comm: vi Not tainted 2.6.38-rc2-00019-gd315777 #133 WG43M/Aspire X3810
>  RIP: 0010:[<ffffffffa03812f9>]  [<ffffffffa03812f9>] nfs3_xdr_enc_setacl3args+0x78/0xb6 [nfs]
>  RSP: 0018:ffff88012798da08  EFLAGS: 00010282
>  RAX: 00000000ffffffea RBX: ffff88012798dbf8 RCX: 0000000000000004
>  RDX: 0000000000000000 RSI: ffff88012798d8f8 RDI: ffff8801393a30e8
>  RBP: ffff88012798da28 R08: 0000000000000001 R09: 0000000000000000
>  R10: 0000000000000226 R11: 0000000000000004 R12: ffff88012798da48
>  R13: 000000000000009c R14: ffff8801390f0840 R15: ffffffffa0381281
>  FS:  00007f6f68727740(0000) GS:ffff8800b7b00000(0000) knlGS:0000000000000000
>  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>  CR2: 00007f6f67499400 CR3: 000000013571d000 CR4: 00000000000406e0
>  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
>  DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
>  Process vi (pid: 31703, threadinfo ffff88012798c000, task ffff88013efad940)
>  Stack:
>  000000002798da68 ffff88012798da48 ffff88013549c888 ffff8801393a30e0
>  ffff88012798dab8 ffffffffa02b51f3 0000000000000000 ffff88012798dbf8
>  ffff88013549c8a4 ffff8801393a30e8 ffff88013549c9d8 ffff8801393a30e8
>  Call Trace:
>  [<ffffffffa02b51f3>] rpcauth_wrap_req+0x9c/0xad [sunrpc]
>  [<ffffffffa02adeee>] call_transmit+0x1df/0x25e [sunrpc]
>  [<ffffffffa02b458c>] __rpc_execute+0x83/0x1dd [sunrpc]
>  [<ffffffffa02b4723>] rpc_execute+0x3d/0x41 [sunrpc]
>  [<ffffffffa02aea59>] rpc_run_task+0xed/0xf9 [sunrpc]
>  [<ffffffffa02aeb43>] rpc_call_sync+0x3f/0x60 [sunrpc]
>  [<ffffffffa03825f5>] nfs3_proc_setacls+0x1f5/0x2d6 [nfs]
>  [<ffffffff810aedef>] ? __slab_free+0x7f/0x108
>  [<ffffffff810c36d8>] ? dput+0xcf/0xee
>  [<ffffffffa036eec7>] ? nfs_lookup_revalidate+0x2c3/0x420 [nfs]
>  [<ffffffffa0382b72>] nfs3_proc_setacl+0xab/0xcb [nfs]
>  [<ffffffffa0382c61>] nfs3_setxattr+0x7b/0x98 [nfs]
>  [<ffffffff810c36d8>] ? dput+0xcf/0xee
>  [<ffffffff810cc301>] __vfs_setxattr_noperm+0x28/0x41
>  [<ffffffff8113920a>] ? cap_inode_setxattr+0x38/0x55
>  [<ffffffff810cc393>] vfs_setxattr+0x79/0x97
>  [<ffffffff810cc469>] setxattr+0xb8/0xd6
>  [<ffffffff810bdc14>] ? user_path_at+0x66/0x95
>  [<ffffffff810badd3>] ? path_put+0x1d/0x22
>  [<ffffffff810b15a6>] ? sys_fchmodat+0xa3/0xb6
>  [<ffffffff810cc5ee>] sys_setxattr+0x60/0x85
>  [<ffffffff810029bb>] system_call_fastpath+0x16/0x1b
>  Code: 45 8b 6d 40 f6 43 08 01 74 04 48 8b 4b 10 45 31 c9 49 8b 7c 24 08 41 b8 01 00 00 00 48 8b 13 44 89 ee e8 9c 5f fe ff 85 c0 79 04 <0f> 0b eb fe 31 c9 f6 43 08 04 74 04 48 8b 4b 18 42 8d 34 28 49 
>  RIP  [<ffffffffa03812f9>] nfs3_xdr_enc_setacl3args+0x78/0xb6 [nfs]
>  RSP <ffff88012798da08>
>  ---[ end trace 284553ae693ad393 ]---
> 
> ad96b5b5eae59696b97e207d730b8c8cfb9d4e42 is the first bad commit
> commit ad96b5b5eae59696b97e207d730b8c8cfb9d4e42
> Author: Chuck Lever <chuck.lever@...cle.com>
> Date:   Tue Dec 14 14:56:01 2010 +0000
> 
>    NFS: Replace old NFSv3 encoder functions with xdr_stream-based ones
> 
>    The naming scheme of the new encoder functions, which follows the
>    NFSv4 XDR encoder functions, is slightly different than the scheme
>    used for the old functions.  Rename the functions as a separate
>    step to keep the patches clean.
> 
>    Signed-off-by: Chuck Lever <chuck.lever@...cle.com>
>    Tested-by: J. Bruce Fields <bfields@...hat.com>
>    Signed-off-by: Trond Myklebust <Trond.Myklebust@...app.com>
> 
> :040000 040000 795b37efad99589a07e4f2b2d6da2ec80f08c56e 37b1643869b5f388fcb1e96cab49d9bbd9cab71e M      fs
> 
> git bisect start
> # bad: [d315777b32a4696feb86f2a0c9e9f39c94683649] Merge branch 'BUG_ON' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus
> git bisect bad d315777b32a4696feb86f2a0c9e9f39c94683649
> # good: [3c0eee3fe6a3a1c745379547c7e7c904aa64f6d5] Linux 2.6.37
> git bisect good 3c0eee3fe6a3a1c745379547c7e7c904aa64f6d5
> # skip: [443e6221e465efa8efb752a8405a759ef1161af9] Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mjg59/platform-drivers-x86
> git bisect skip 443e6221e465efa8efb752a8405a759ef1161af9
> # good: [11dbf0acb4aba818a4f0600996216be55667b400] ASoC: soc-cache: Remove unnecessary debugging info
> git bisect good 11dbf0acb4aba818a4f0600996216be55667b400
> # skip: [37c2ac7872a9387542616f658d20ac25f5bdb32e] thp: compound_trans_order
> git bisect skip 37c2ac7872a9387542616f658d20ac25f5bdb32e
> # good: [6aa85a5ae610106d89e50c7e1f760c56d12f9bc4] omap4: 4430sdp: enable the ehci port on 4430SDP
> git bisect good 6aa85a5ae610106d89e50c7e1f760c56d12f9bc4
> # bad: [c56eb8fb6dccb83d9fe62fd4dc00c834de9bc470] Linux 2.6.38-rc1
> git bisect bad c56eb8fb6dccb83d9fe62fd4dc00c834de9bc470
> # bad: [8dec00059ef1db9f58719186366b71c8afbc4d1e] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
> git bisect bad 8dec00059ef1db9f58719186366b71c8afbc4d1e
> # good: [786a5e15b613a9cee4fc9139fc3113a5ab0fde79] fs: d_validate fixes
> git bisect good 786a5e15b613a9cee4fc9139fc3113a5ab0fde79
> # good: [01539ba2a706ab7d35fc0667dff919ade7f87d63] Merge branch 'omap-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap-2.6
> git bisect good 01539ba2a706ab7d35fc0667dff919ade7f87d63
> # bad: [357f54d6b38252737116a6d631f6ac28ded018ed] NFS fix the setting of exchange id flag
> git bisect bad 357f54d6b38252737116a6d631f6ac28ded018ed
> # bad: [611c96c8f728c4bcdbadaa2387942d3c0641cadf] nfs4: fix units bug causing hang on recovery
> git bisect bad 611c96c8f728c4bcdbadaa2387942d3c0641cadf
> # bad: [573c4e1ef53a6b891b73cc2257e1604da754a2e4] NFS: Simplify ->decode_dirent() calling sequence
> git bisect bad 573c4e1ef53a6b891b73cc2257e1604da754a2e4
> # bad: [499ff710b2fd3a03c8195c82340e5166eed04205] NFS: Remove unused old NFSv3 encoder functions
> git bisect bad 499ff710b2fd3a03c8195c82340e5166eed04205
> # good: [661ad4239a51a2169a366a227c68cf3b654ab936] NFS: Replace old NFSv2 decoder functions with xdr_stream-based ones
> git bisect good 661ad4239a51a2169a366a227c68cf3b654ab936
> # good: [2b061f9ef216b6d229b06267f188167fd6ab3d9b] lockd: Introduce new-style XDR functions for NLMv3
> git bisect good 2b061f9ef216b6d229b06267f188167fd6ab3d9b
> # bad: [ad96b5b5eae59696b97e207d730b8c8cfb9d4e42] NFS: Replace old NFSv3 encoder functions with xdr_stream-based ones
> git bisect bad ad96b5b5eae59696b97e207d730b8c8cfb9d4e42
> # good: [d9c407b138926132e1f93c01fb2dee50eb0bb615] NFS: Introduce new-style XDR encoding functions for NFSv3
> git bisect good d9c407b138926132e1f93c01fb2dee50eb0bb615
> 
> -- 
> Nick Bowler, Elliptic Technologies (http://www.elliptictech.com/)
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

-- 
Chuck Lever
chuck[dot]lever[at]oracle[dot]com




--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ