Actions
Bug #9432
closedkcephfs: null pointer deref in posix_acl_create
% Done:
0%
Source:
Development
Tags:
Backport:
Regression:
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):
Description
[ 4998.873919] BUG: unable to handle kernel NULL pointer dereference at (null) [ 4998.881855] IP: [<ffffffff81227673>] posix_acl_create+0x23/0x190 [ 4998.888012] PGD 3ab330067 PUD 2909ca067 PMD 0 [ 4998.892569] Oops: 0000 [#1] SMP [ 4998.895861] Modules linked in: ipmi_devintf(E) ipmi_si(E) ipmi_msghandler(E) ip6table_filter(E) ip6_tables(E) ebtable_nat(E) ebtables(E) ipt_MASQUERADE(E) iptable_nat(E) nf_nat_ipv4(E) nf_nat(E) nf_conntrack_ipv4(E) nf_defrag_ipv4(E) xt_state(E) nf_conntrack(E) ipt_REJECT(E) xt_CHECKSUM(E) iptable_mangle(E) xt_tcpudp(E) iptable_filter(E) ip_tables(E) x_tables(E) bridge(E) stp(E) llc(E) ceph(E) libceph(E) fscache(E) gpio_ich(E) psmouse(E) joydev(E) serio_raw(E) i7core_edac(E) edac_core(E) lpc_ich(E) tpm_infineon(E) tpm_tis(E) xfs(E) lp(E) parport(E) hid_generic(E) usbhid(E) hid(E) btrfs(E) e1000e(E) ahci(E) raid6_pq(E) ptp(E) libahci(E) pps_core(E) arcmsr(E) xor(E) libcrc32c(E) [ 4998.957415] CPU: 2 PID: 23972 Comm: teuthology Tainted: G E 3.16.0-ceph-00005-gd8f31c8 #1 [ 4998.966626] Hardware name: Supermicro X8SIL/X8SIL, BIOS 1.1 05/27/2010 [ 4998.973222] task: ffff8803ab15a1f0 ti: ffff8802cbf84000 task.ti: ffff8802cbf84000 [ 4998.980887] RIP: 0010:[<ffffffff81227673>] [<ffffffff81227673>] posix_acl_create+0x23/0x190 [ 4998.989412] RSP: 0018:ffff8802cbf87e28 EFLAGS: 00010286 [ 4998.994788] RAX: ffff88024e59b001 RBX: 0000000000000000 RCX: ffff8802cbf87e70 [ 4999.001981] RDX: ffff8802cbf87e68 RSI: 0000000000000000 RDI: ffff8800b94d5480 [ 4999.009207] RBP: ffff8802cbf87e48 R08: 0000000000000000 R09: 0000000000000000 [ 4999.016497] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8802cbf87e68 [ 4999.023706] R13: ffff8802abfdf8c0 R14: 0000000000000000 R15: 00000000000001ff [ 4999.030957] FS: 00007f2aff780700(0000) GS:ffff88043fc80000(0000) knlGS:0000000000000000 [ 4999.039107] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4999.044978] CR2: 0000000000000000 CR3: 00000002cbf0a000 CR4: 00000000000007e0 [ 4999.052161] Stack: [ 4999.054244] 0000000000000000 ffff8800b94d5480 ffff8802abfdf8c0 0000000000000000 [ 4999.061801] ffff8802cbf87e88 ffffffffa0384891 0000000000000000 00000000000001ff [ 4999.069364] ffff8802cbf87e88 ffffffffa037dd5e ffff88024e59ec00 ffff88024e59ec00 [ 4999.076960] Call Trace: [ 4999.079438] [<ffffffffa0384891>] ceph_init_acl+0x21/0xd4 [ceph] [ 4999.085509] [<ffffffffa037dd5e>] ? ceph_mdsc_release_request+0x16e/0x1b0 [ceph] [ 4999.093008] [<ffffffffa036d5b0>] ceph_mkdir+0x130/0x170 [ceph] [ 4999.099035] [<ffffffff811dc02d>] vfs_mkdir+0xcd/0x170 [ 4999.104201] [<ffffffff811dcbeb>] SyS_mkdirat+0xab/0xf0 [ 4999.109494] [<ffffffff811dcc49>] SyS_mkdir+0x19/0x20 [ 4999.114613] [<ffffffff8170d0d6>] system_call_fastpath+0x1a/0x1f [ 4999.120788] Code: 0f 1f 84 00 00 00 00 00 66 66 66 66 90 55 48 89 e5 48 83 ec 20 48 89 5d e0 4c 89 65 e8 48 89 f3 4c 89 6d f0 4c 89 75 f8 49 89 d4 <0f> b7 06 49 89 cd 25 00 f0 00 00 3d 00 a0 00 00 74 0a 48 8b 47 [ 4999.141423] RIP [<ffffffff81227673>] posix_acl_create+0x23/0x190 [ 4999.147559] RSP <ffff8802cbf87e28> [ 4999.151108] CR2: 0000000000000000 [ 4999.154804] ---[ end trace 8587215ed7fe9f74 ]---
Updated by Zheng Yan over 9 years ago
- Status changed from New to In Progress
it seems that ACL code can't handle traceless reply.
Updated by Zheng Yan over 9 years ago
- Status changed from 7 to Resolved
fixed by commit b1ee94aa593abd03634bc3887b8e189840e42c12
Actions