Description of problem: If one copies a kernel source tree onto an ecryptfs overlay atop an nfs share, one can successfully build a kernel. But almost immediately upon issuing a 'make clean' in the kernel source tree, the system panics. Version-Release number of selected component (if applicable): kernel-2.6.18-92.el5 + ecryptfs patches to bring it up to current 2.6.26 code + nfs fix patch. How reproducible: cd /nfs/mount/ecryptfs/overlay tar xjf kernel-2.6.25.tar.bz2 cd kernel-2.6.25 make -j2 [...wait for build to finish...] make clean Machine kernel panics. crash> log [...] Kernel BUG at include/linux/dcache.h:323 invalid opcode: 0000 [1] SMP last sysfs file: /devices/pci0000:00/0000:00:03.0/0000:04:00.0/irq CPU 0 Modules linked in: ecryptfs(U) md5 nfs lockd fscache nfs_acl aes_generic aes_x86_64 ipv6 xfrm_nalgo crypto_api autofs4 hidp l2cap bluetooth sunrpc ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink xt_tcpudp iptable_filter ip_tables x_tables dm_mirror dm_multipath dm_mod video sbs backlight i2c_ec button battery asus_acpi acpi_memhotplug ac lp sg snd_intel8x0 snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq ide_cd snd_seq_device floppy netxen_nic snd_pcm_oss cdrom snd_mixer_oss i2c_i801 serio_raw e1000 snd_pcm parport_pc i2c_core snd_timer snd parport soundcore snd_page_alloc shpchp e752x_edac edac_mc pcspkr ata_piix libata sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd Pid: 13842, comm: make Tainted: G 2.6.18-92.el5 #1 RIP: 0010:[<ffffffff88611163>] [<ffffffff88611163>] :ecryptfs:ecryptfs_init_persistent_file+0x49/0x104 RSP: 0018:ffff81003a007e58 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff81002d0daed0 RCX: 0000000000000002 RDX: ffff81001eaec400 RSI: ffff81003a007f38 RDI: ffff81001eaec640 RBP: ffff81003f01f5c0 R08: ffff81003a007d58 R09: 0000000000000000 R10: ffff81003a007e48 R11: ffff81000ea63000 R12: ffff81001eaec400 R13: ffff81001eaec640 R14: ffff81001eaec400 R15: ffffffff8002567e FS: 00002ba6c7e16250(0000) GS:ffffffff8039e000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 00000000033b5000 CR3: 0000000025950000 CR4: 00000000000006e0 Process make (pid: 13842, threadinfo ffff81003a006000, task ffff81003d5fb100) Stack: ffff81003f01f6c0 ffff81003a007f38 00000000fffffffe ffff81001c53bcc0 0000000000000000 ffffffff8860f369 0000000000000000 0000000048471216 0000000000000000 0000000000000004 ffff81001eaec400 ffff81001eaec400 Call Trace: [<ffffffff8860f369>] :ecryptfs:ecryptfs_readdir+0x34/0x12d [<ffffffff8002567e>] filldir+0x0/0xb7 [<ffffffff80034df6>] vfs_readdir+0x77/0xa9 [<ffffffff8003869f>] sys_getdents+0x75/0xbd [<ffffffff8005d229>] tracesys+0x71/0xe0 [<ffffffff8005d28d>] tracesys+0xd5/0xe0 Code: 0f 0b 68 44 99 61 88 c2 43 01 f0 ff 03 48 85 ed 74 04 f0 ff RIP [<ffffffff88611163>] :ecryptfs:ecryptfs_init_persistent_file+0x49/0x104 RSP <ffff81003a007e58> crash> bt PID: 13842 TASK: ffff81003d5fb100 CPU: 0 COMMAND: "make" #0 [ffff81003a007bb0] crash_kexec at ffffffff800aa977 #1 [ffff81003a007c70] __die at ffffffff800650af #2 [ffff81003a007cb0] die at ffffffff8006b6ae #3 [ffff81003a007ce0] do_invalid_op at ffffffff8006bc6e #4 [ffff81003a007da0] error_exit at ffffffff8005dde9 [exception RIP: ecryptfs_init_persistent_file+73] RIP: ffffffff88611163 RSP: ffff81003a007e58 RFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff81002d0daed0 RCX: 0000000000000002 RDX: ffff81001eaec400 RSI: ffff81003a007f38 RDI: ffff81001eaec640 RBP: ffff81003f01f5c0 R8: ffff81003a007d58 R9: 0000000000000000 R10: ffff81003a007e48 R11: ffff81000ea63000 R12: ffff81001eaec400 R13: ffff81001eaec640 R14: ffff81001eaec400 R15: ffffffff8002567e ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #5 [ffff81003a007e50] ecryptfs_init_persistent_file at ffffffff8861113b #6 [ffff81003a007e80] ecryptfs_readdir at ffffffff8860f369 #7 [ffff81003a007ef0] vfs_readdir at ffffffff80034df6 #8 [ffff81003a007f30] sys_getdents at ffffffff8003869f #9 [ffff81003a007f80] tracesys at ffffffff8005d28d (via system_call) RIP: 000000354e49499b RSP: 00007fffe2c991a0 RFLAGS: 00000206 RAX: ffffffffffffffda RBX: ffffffff8005d28d RCX: ffffffffffffffff RDX: 0000000000001000 RSI: 00000000033b5038 RDI: 0000000000000005 RBP: 00002ba6c7e16200 R8: 00000000033b5038 R9: 0000000000000002 R10: 0000000000000002 R11: 0000000000000206 R12: 0000000000000000 R13: ffffffffffffffb0 R14: 00000000033b5000 R15: 0000000000000029 ORIG_RAX: 000000000000004e CS: 0033 SS: 002b Additional info: Haven't been able to trigger this with a simple file creation/deletion loop, at least thus far...
Looks suspiciously like there's a race condition somewhere, as when I add a number of printk calls to ecryptfs_init_persistent_file(), I can do the same make clean w/o triggering the panic.
Also, I've been able to trigger *another* panic, this time by doing a 'make -j3' immediately after a 'make clean': crash> log ... Unable to handle kernel NULL pointer dereference at 0000000000000010 RIP: [<ffffffff80034d9a>] vfs_readdir+0x1b/0xa9 PGD 132a0067 PUD 11f58067 PMD 0 Oops: 0000 [1] SMP last sysfs file: /devices/pci0000:00/0000:00:00.0/irq CPU 0 Modules linked in: ecryptfs(U) md5 aes_generic aes_x86_64 nfs lockd fscache nfs_ acl ipv6 xfrm_nalgo crypto_api autofs4 hidp l2cap bluetooth sunrpc ip_conntrack_ netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink xt_tcpudp iptable_filter i p_tables x_tables dm_mirror dm_multipath dm_mod video sbs backlight i2c_ec butto n battery asus_acpi acpi_memhotplug ac lp sg snd_intel8x0 snd_ac97_codec ac97_bu s snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq ide_cd snd_seq_device e75 2x_edac floppy snd_pcm_oss e1000 snd_mixer_oss edac_mc pcspkr snd_pcm i2c_i801 c drom netxen_nic snd_timer snd soundcore serio_raw i2c_core snd_page_alloc parpor t_pc parport shpchp ata_piix libata sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd e hci_hcd Pid: 5578, comm: make Tainted: G 2.6.18-94.el5.bz448787 #1 RIP: 0010:[<ffffffff80034d9a>] [<ffffffff80034d9a>] vfs_readdir+0x1b/0xa9 RSP: 0018:ffff81002fe55e48 EFLAGS: 00010296 RAX: 0000000000000000 RBX: ffff810013043cc0 RCX: 0000000000000000 RDX: ffff81002fe55e88 RSI: ffffffff885ca105 RDI: ffff810013043cc0 RBP: 00000000fffffffe R08: ffff81002fe55d58 R09: 0000000000000000 R10: ffff81002fe55e48 R11: ffff810036dc0000 R12: ffff81001cadad80 R13: ffff810013043cc0 R14: ffffffff885ca105 R15: ffff81002fe55e88 FS: 00002b5438702250(0000) GS:ffffffff8039f000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000010 CR3: 000000001cd5e000 CR4: 00000000000006e0 Process make (pid: 5578, threadinfo ffff81002fe54000, task ffff81003f61b0c0) Stack: 0000000000000001 ffff81002fe55f38 00000000fffffffe ffff81001cadad80 ffff810013043cc0 ffff810023ced000 ffffffff8002567e ffffffff885ca3fb ffff81002fe55f38 ffff81002e9b98e8 ffffffff8002567e 0000000000000000 Call Trace: [<ffffffff8002567e>] filldir+0x0/0xb7 [<ffffffff885ca3fb>] :ecryptfs:ecryptfs_readdir+0xc6/0x12d [<ffffffff8002567e>] filldir+0x0/0xb7 [<ffffffff8002567e>] filldir+0x0/0xb7 [<ffffffff80034df6>] vfs_readdir+0x77/0xa9 [<ffffffff8003869f>] sys_getdents+0x75/0xbd [<ffffffff8005d229>] tracesys+0x71/0xe0 [<ffffffff8005d28d>] tracesys+0xd5/0xe0 Code: 4c 8b 60 10 48 8b 47 20 48 85 c0 74 6e 48 83 78 30 00 74 67 RIP [<ffffffff80034d9a>] vfs_readdir+0x1b/0xa9 RSP <ffff81002fe55e48> crash> bt PID: 5578 TASK: ffff81003f61b0c0 CPU: 0 COMMAND: "make" #0 [ffff81002fe55ba0] crash_kexec at ffffffff800aaaa2 #1 [ffff81002fe55c60] __die at ffffffff800650af #2 [ffff81002fe55ca0] do_page_fault at ffffffff80066aa1 #3 [ffff81002fe55d90] error_exit at ffffffff8005dde9 [exception RIP: vfs_readdir+27] RIP: ffffffff80034d9a RSP: ffff81002fe55e48 RFLAGS: 00010296 RAX: 0000000000000000 RBX: ffff810013043cc0 RCX: 0000000000000000 RDX: ffff81002fe55e88 RSI: ffffffff885ca105 RDI: ffff810013043cc0 RBP: 00000000fffffffe R8: ffff81002fe55d58 R9: 0000000000000000 R10: ffff81002fe55e48 R11: ffff810036dc0000 R12: ffff81001cadad80 R13: ffff810013043cc0 R14: ffffffff885ca105 R15: ffff81002fe55e88 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #4 [ffff81002fe55e80] ecryptfs_readdir at ffffffff885ca3fb #5 [ffff81002fe55ef0] vfs_readdir at ffffffff80034df6 #6 [ffff81002fe55f30] sys_getdents at ffffffff8003869f #7 [ffff81002fe55f80] tracesys at ffffffff8005d28d (via system_call) RIP: 000000354e49499b RSP: 00007fff723ab360 RFLAGS: 00000206 RAX: ffffffffffffffda RBX: ffffffff8005d28d RCX: ffffffffffffffff RDX: 0000000000001000 RSI: 000000001db3c208 RDI: 0000000000000007 RBP: 00002b5438702200 R8: 000000001db3c208 R9: 0000000000000004 R10: 000000736564756c R11: 0000000000000206 R12: 0000000000000000 R13: ffffffffffffffb0 R14: 000000001db3c1d0 R15: 000000001db3c8e8 ORIG_RAX: 000000000000004e CS: 0033 SS: 002b
I hit a 3rd different failure last night during a 'make': crash> log ... Unable to handle kernel NULL pointer dereference at 0000000000000010 RIP: [<ffffffff8858a574>] :nfs:nfs_file_flush+0x15/0x96 PGD 0 Oops: 0000 [1] SMP last sysfs file: /devices/pci0000:00/0000:00:00.0/irq CPU 0 Modules linked in: md5 aes_generic aes_x86_64 ecryptfs(U) nfs lockd fscache nfs_acl ipv6 xfrm_nalgo crypto_api autofs4 hidp l2cap bluetooth sunrpc ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink xt_tcpudp iptable_filter ip_tables x_tables dm_mirror dm_multipath dm_mod video sbs backlight i2c_ec button battery asus_acpi acpi_memhotplug ac lp sg snd_intel8x0 snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss ide_cd floppy parport_pc snd_mixer_oss pcspkr cdrom snd_pcm parport snd_timer snd soundcore e752x_edac serio_raw i2c_i801 i2c_core e1000 snd_page_alloc edac_mc shpchp netxen_nic ata_piix libata sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd Pid: 2940, comm: make Tainted: G 2.6.18-94.el5.bz448787 #1 RIP: 0010:[<ffffffff8858a574>] [<ffffffff8858a574>] :nfs:nfs_file_flush+0x15/0x96 RSP: 0018:ffff810028669ea8 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff81003f4a7880 RCX: 0000000000000004 RDX: ffff81003c866138 RSI: ffff81003f61ac80 RDI: ffff81003f06ed80 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000040000010 R10: 00007fffc5526000 R11: ffffffff8858a55f R12: 0000000000000000 R13: ffff81003f5e68c0 R14: 0000000000000000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffffffff8039f000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000010 CR3: 0000000000201000 CR4: 00000000000006e0 Process make (pid: 2940, threadinfo ffff810028668000, task ffff81003d3960c0) Stack: ffff81003f4a7880 ffff81003f61ac80 0000000000000028 ffffffff800239b0 ffff81003f61ac80 0000000000000005 0000000000000028 ffffffff80038a6c ffff81003cd75bc0 ffff81003f61ac80 ffff81003d3960c0 0000000000000001 Call Trace: [<ffffffff800239b0>] filp_close+0x36/0x64 [<ffffffff80038a6c>] put_files_struct+0x6c/0xc3 [<ffffffff800151fd>] do_exit+0x2d2/0x8d0 [<ffffffff80048a1c>] cpuset_exit+0x0/0x6c [<ffffffff8005d28d>] tracesys+0xd5/0xe0 Code: 48 8b 58 10 74 74 48 8b 83 f8 00 00 00 48 8b 80 40 02 00 00 RIP [<ffffffff8858a574>] :nfs:nfs_file_flush+0x15/0x96 RSP <ffff810028669ea8> crash> bt PID: 2940 TASK: ffff81003d3960c0 CPU: 0 COMMAND: "make" #0 [ffff810028669c00] crash_kexec at ffffffff800aaaa2 #1 [ffff810028669cc0] __die at ffffffff800650af #2 [ffff810028669d00] do_page_fault at ffffffff80066aa1 #3 [ffff810028669df0] error_exit at ffffffff8005dde9 [exception RIP: nfs_file_flush+21] RIP: ffffffff8858a574 RSP: ffff810028669ea8 RFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff81003f4a7880 RCX: 0000000000000004 RDX: ffff81003c866138 RSI: ffff81003f61ac80 RDI: ffff81003f06ed80 RBP: 0000000000000000 R8: 0000000000000000 R9: 0000000040000010 R10: 00007fffc5526000 R11: ffffffff8858a55f R12: 0000000000000000 R13: ffff81003f5e68c0 R14: 0000000000000000 R15: 0000000000000000 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #4 [ffff810028669ea0] mntput_no_expire at ffffffff8002cb15 #5 [ffff810028669ec0] filp_close at ffffffff800239b0 #6 [ffff810028669ee0] put_files_struct at ffffffff80038a6c #7 [ffff810028669f20] do_exit at ffffffff800151fd #8 [ffff810028669f80] tracesys at ffffffff8005d28d (via system_call) RIP: 000000354e49866f RSP: 00007fffc5524068 RFLAGS: 00000246 RAX: ffffffffffffffda RBX: ffffffff8005d28d RCX: ffffffffffffffff RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 RBP: 000000354e749878 R8: 00000000000000e7 R9: ffffffffffffffb0 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000354e749878 R14: ffffffff80048a1c R15: 0000000000000000 ORIG_RAX: 00000000000000e7 CS: 0033 SS: 002b
The fun continues. Some of the tweaks made to improve local overlay performance in bug 429142 now result in a simple 'ls -l' panicking a box when its overlaid ecryptfs on nfs. D'oh. Kernel BUG at fs/ecryptfs/file.c:211 invalid opcode: 0000 [1] SMP last sysfs file: /fs/ecryptfs/version CPU 0 Modules linked in: ecryptfs(U) md5 aes_generic aes_x86_64 nfs lockd fscache nfs_ acl ipv6 xfrm_nalgo crypto_api autofs4 hidp l2cap bluetooth sunrpc ip_conntrack_ netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink xt_tcpudp iptable_filter i p_tables x_tables dm_mirror dm_multipath dm_mod video sbs backlight i2c_ec butto n battery asus_acpi acpi_memhotplug ac lp sg snd_intel8x0 snd_ac97_codec ac97_bu s snd_seq_dummy snd_seq_oss snd_seq_midi_event i2c_i801 ide_cd snd_seq e752x_eda c snd_seq_device i2c_core snd_pcm_oss floppy edac_mc snd_mixer_oss parport_pc e1 000 snd_pcm cdrom serio_raw shpchp snd_timer snd soundcore pcspkr netxen_nic snd _page_alloc parport ata_piix libata sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd e hci_hcd Pid: 5951, comm: ls Tainted: G 2.6.18-94.el5.bz448787 #1 RIP: 0010:[<ffffffff885ce5a0>] [<ffffffff885ce5a0>] :ecryptfs:ecryptfs_open+0xf 7/0x243 RSP: 0018:ffff81001fb81e28 EFLAGS: 00010246 RAX: 000000000000000f RBX: ffff81003f60be80 RCX: ffffffff802ed9a8 RDX: ffffffff802ed9a8 RSI: 0000000000000000 RDI: ffffffff802ed9a0 RBP: ffff8100201e1f70 R08: ffffffff802ed9a8 R09: 0000000000000046 R10: 00000000ffffffff R11: 0000000000000000 R12: ffff8100201e1e58 R13: ffff8100201e1c00 R14: ffff810020013300 R15: ffff81003f60be80 FS: 00002b2580413c10(0000) GS:ffffffff8039f000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 000000354e494290 CR3: 000000002091d000 CR4: 00000000000006e0 Process ls (pid: 5951, threadinfo ffff81001fb80000, task ffff81003f61c7e0) Stack: ffff81002053f888 ffff81003f60be80 ffff8100201e1c00 00000000ffffff9c ffffffff885ce4a9 ffff810034c26cc0 ffff810020013300 ffffffff8001e336 ffff81003cb306b8 0000000000018800 0000000000018800 00000000ffffff9c Call Trace: [<ffffffff885ce4a9>] :ecryptfs:ecryptfs_open+0x0/0x243 [<ffffffff8001e336>] __dentry_open+0xd9/0x1dc [<ffffffff80027338>] do_filp_open+0x2a/0x38 [<ffffffff80019720>] do_sys_open+0x44/0xbe [<ffffffff8005d28d>] tracesys+0xd5/0xe0 Code: 0f 0b 68 a7 81 5d 88 c2 d3 00 48 89 ef e8 9e 54 a9 f7 41 83 RIP [<ffffffff885ce5a0>] :ecryptfs:ecryptfs_open+0xf7/0x243 RSP <ffff81001fb81e28> crash> bt PID: 5951 TASK: ffff81003f61c7e0 CPU: 0 COMMAND: "ls" #0 [ffff81001fb81b80] crash_kexec at ffffffff800aaaa2 #1 [ffff81001fb81c40] __die at ffffffff800650af #2 [ffff81001fb81c80] die at ffffffff8006b7d1 #3 [ffff81001fb81cb0] do_invalid_op at ffffffff8006bd91 #4 [ffff81001fb81d70] error_exit at ffffffff8005dde9 [exception RIP: ecryptfs_open+247] RIP: ffffffff885ce5a0 RSP: ffff81001fb81e28 RFLAGS: 00010246 RAX: 000000000000000f RBX: ffff81003f60be80 RCX: ffffffff802ed9a8 RDX: ffffffff802ed9a8 RSI: 0000000000000000 RDI: ffffffff802ed9a0 RBP: ffff8100201e1f70 R8: ffffffff802ed9a8 R9: 0000000000000046 R10: 00000000ffffffff R11: 0000000000000000 R12: ffff8100201e1e58 R13: ffff8100201e1c00 R14: ffff810020013300 R15: ffff81003f60be80 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #5 [ffff81001fb81e20] ecryptfs_open at ffffffff885ce596 #6 [ffff81001fb81e60] __dentry_open at ffffffff8001e336 #7 [ffff81001fb81ea0] do_filp_open at ffffffff80027338 #8 [ffff81001fb81f50] do_sys_open at ffffffff80019720 #9 [ffff81001fb81f80] tracesys at ffffffff8005d28d (via system_call) RIP: 000000354e4c39d0 RSP: 00007fff2a6a0a88 RFLAGS: 00000246 RAX: ffffffffffffffda RBX: ffffffff8005d28d RCX: ffffffffffffffff RDX: 0000000000000001 RSI: 0000000000010800 RDI: 000000000ab7f790 RBP: 00007fff2a6a10d8 R8: fefefefefefefeff R9: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 R13: 00000000ffffffff R14: 00002b2580413b98 R15: 000000000ab80870 ORIG_RAX: 0000000000000002 CS: 0033 SS: 002b
Just hit another panic similar to, but not quite the same as, the one in comment #3, when simply trying to build a kernel tree. crash> bt PID: 15943 TASK: ffff81000ff2e7e0 CPU: 1 COMMAND: "sh" #0 [ffff81001479ba10] crash_kexec at ffffffff800aaaa2 #1 [ffff81001479bad0] __die at ffffffff800650af #2 [ffff81001479bb10] do_page_fault at ffffffff80066aa1 #3 [ffff81001479bc00] error_exit at ffffffff8005dde9 [exception RIP: nfs_file_flush+21] RIP: ffffffff88583574 RSP: ffff81001479bcb8 RFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff810025d5cb80 RCX: 0000000000000006 RDX: 0000000000000000 RSI: ffff81002accbc80 RDI: ffff81003028b1c0 RBP: 0000000000000000 R8: 0000000000000006 R9: 0000000000000000 R10: ffff81001479bc98 R11: ffffffff8858355f R12: 0000000000000000 R13: 0000000000000000 R14: ffff81000ff2e7e0 R15: ffff810012870600 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #4 [ffff81001479bcd0] filp_close at ffffffff800239b0 #5 [ffff81001479bcf0] sys_close at ffffffff8001d9e5 #6 [ffff81001479bd10] flush_old_exec at ffffffff8002c478 #7 [ffff81001479bd80] load_elf_binary at ffffffff80018097 #8 [ffff81001479beb0] search_binary_handler at ffffffff8003f3e5 #9 [ffff81001479bee0] do_execve at ffffffff8003e950 #10 [ffff81001479bf20] sys_execve at ffffffff80054760 #11 [ffff81001479bf50] stub_execve at ffffffff8005d4d3 RIP: 000000354e498697 RSP: 00007fff8249e4f8 RFLAGS: 00000202 RAX: ffffffffffffffda RBX: 00000000014b6fd0 RCX: ffffffffffffffff RDX: 00000000014b6fd0 RSI: 00000000014ba8b0 RDI: 00000000014c0510 RBP: 00007fff8249e560 R8: fefefefefefefeff R9: 2f2f2f2f2f2f2f2f R10: 0000000000000008 R11: 0000000000000202 R12: 00000000014ba8b0 R13: 00000000014c0510 R14: 00000000014ba8b0 R15: 0000000000000028 ORIG_RAX: 000000000000003b CS: 0033 SS: 002b Unable to handle kernel NULL pointer dereference at 0000000000000010 RIP: [<ffffffff88583574>] :nfs:nfs_file_flush+0x15/0x96 PGD 0 Oops: 0000 [1] SMP last sysfs file: /devices/pci0000:00/0000:00:02.0/0000:01:00.2/0000:03:0e.0/irq CPU 1 Modules linked in: ecryptfs(U) md5 aes_generic aes_x86_64 nfs lockd fscache nfs_ acl ipv6 xfrm_nalgo crypto_api autofs4 hidp l2cap bluetooth sunrpc ip_conntrack_ netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink xt_tcpudp iptable_filter i p_tables x_tables dm_mirror dm_multipath dm_mod video sbs backlight i2c_ec butto n battery asus_acpi acpi_memhotplug ac lp snd_intel8x0 snd_ac97_codec sg ac97_bu s snd_seq_dummy snd_seq_oss snd_seq_midi_event e752x_edac ide_cd snd_seq edac_mc snd_seq_device snd_pcm_oss e1000 snd_mixer_oss serio_raw floppy netxen_nic snd_ pcm cdrom snd_timer snd soundcore pcspkr i2c_i801 snd_page_alloc parport_pc i2c_ core parport shpchp ata_piix libata sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd e hci_hcd Pid: 15943, comm: sh Tainted: G 2.6.18-94.el5.bz448787 #1 RIP: 0010:[<ffffffff88583574>] [<ffffffff88583574>] :nfs:nfs_file_flush+0x15/0x 96 RSP: 0018:ffff81001479bcb8 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff810025d5cb80 RCX: 0000000000000006 RDX: 0000000000000000 RSI: ffff81002accbc80 RDI: ffff81003028b1c0 RBP: 0000000000000000 R08: 0000000000000006 R09: 0000000000000000 R10: ffff81001479bc98 R11: ffffffff8858355f R12: 0000000000000000 R13: 0000000000000000 R14: ffff81000ff2e7e0 R15: ffff810012870600 FS: 00002ba628611250(0000) GS:ffff81003fe667c0(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000010 CR3: 0000000017c2b000 CR4: 00000000000006e0 Process sh (pid: 15943, threadinfo ffff81001479a000, task ffff81000ff2e7e0) Stack: ffff810025d5cb80 ffff81002accbc80 ffff810025d5cb80 ffffffff800239b0 ffff81002accbc80 0000000000000006 ffff810025d5cb80 ffffffff8001d9e5 0000000000000003 0000000000000006 ffff81002accbc80 ffffffff8002c478 Call Trace: [<ffffffff800239b0>] filp_close+0x36/0x64 [<ffffffff8001d9e5>] sys_close+0x88/0xa2 [<ffffffff8002c478>] flush_old_exec+0xa5b/0xb08 [<ffffffff8000b3a8>] vfs_read+0x13c/0x171 [<ffffffff80018097>] load_elf_binary+0x478/0x1809 [<ffffffff800c5b1e>] zone_statistics+0x3e/0x6d [<ffffffff8000f083>] __alloc_pages+0x65/0x2ce [<ffffffff8003f3e5>] search_binary_handler+0xbb/0x26d [<ffffffff8003e950>] do_execve+0x18c/0x243 [<ffffffff80054760>] sys_execve+0x36/0x4c [<ffffffff8005d4d3>] stub_execve+0x67/0xb0 Code: 48 8b 58 10 74 74 48 8b 83 f8 00 00 00 48 8b 80 40 02 00 00 RIP [<ffffffff88583574>] :nfs:nfs_file_flush+0x15/0x96 RSP <ffff81001479bcb8>
Moving this to 5.4; still no resolution upstream and I've not yet been able to resolve it.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Updating PM score.
Moving this off to 5.5. AFAIK it's still broken upstream, and we have patches to prevent nfs mounts, so customers won't see this (with the restricted ability to use nfs, that is)