RHEL6.3 / 6.4: kernel may crash in rb_erase called from nfs_access_get_cached, nautilus crashes too while copying a file from NFS to local filesystem
Issue
- The cut and paste within Nautilus causes Nautilus to crash and often system instabilities occur thereafter. The Nautilus version number is 2.28.4.
- When I copy a file from an NFSv4 share on our network to a local directory (such as /tmp) it will most of the time crash nautilus and also quite often cause a kernel panic and bring down the entire machine.
- We have tested this with regular files and nautilus crashes but for cut/paste for directories it does not crash nautilus.
- When I did the tests it crashed Nautilus almost every time and brought the machine down quite often too. The crashes happened almost all of the time when I ran the tests but there were one or two instances where nautilus did not crash (I don't know why Nautilus did not crash on those rare occasions).
- Machine crashes while nautilus is trying to copy a file from NFSv4 share to local filesystem. Sometimes nautilus just crashes with glibc stack corruption, and other times the whole machine crashes in addition.
FS-Cache: Netfs 'nfs' registered for caching
NFS: v4 server mynfsserver does not accept raw uid/gids. Reenabling the idmapper.
Bridge firewalling registered
BUG: unable to handle kernel paging request at 00000040454e4f59
RIP: [<ffffffff8127da7a>] rb_erase+0x1fa/0x310
PGD 412b12067 PUD 0
Oops: 0000 [#1] SMP
last sysfs file: /sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.2/1-1.2:1.0/host6/target6:0:0/6:0:0:0/block/sdb/queue/logical_block_size
CPU 0
Modules linked in: bridge nfs fscache ip6table_filter ip6_tables ebtable_nat ebtables nfsd nfs_acl auth_rpcgss exportfs autofs4
target_core_iblock target_core_file target_core_pscsi target_core_mod 8021q garp stp llc configfs vmnet(U) ppdev parport_pc parport fuse
vsock(U) vmci(U) vmmon(U) lockd sunrpc cpufreq_ondemand acpi_cpufreq freq_table mperf nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack
iptable_filter ip_tables xt_physdev ipt_REJECT vhost_net macvtap macvlan tun kvm_intel kvm uinput sg microcode dcdbas serio_raw i2c_i801
iTCO_wdt iTCO_vendor_support nvidia(P)(U) snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device
snd_pcm snd_timer snd soundcore snd_page_alloc xhci_hcd ext4 mbcache jbd2 sr_mod cdrom sd_mod crc_t10dif usb_storage ahci e1000e nouveau ttm
drm_kms_helper drm i2c_algo_bit i2c_core mxm_wmi video output wmi dm_mirror dm_region_hash dm_log dm_mod be2iscsi bnx2i cnic uio ipv6 cxgb4i
cxgb4 cxgb3i libcxgbi cxgb3 mdio libiscsi_tcp qla4xxx iscsi_boot_sysfs libiscsi scsi_transport_iscsi [last unloaded: nf_conntrack]
Pid: 15219, comm: nautilus Tainted: P --------------- 2.6.32-358.0.1.el6.x86_64 #1 Dell Inc. OptiPlex 7010/0KRC95
RIP: 0010:[<ffffffff8127da7a>] [<ffffffff8127da7a>] rb_erase+0x1fa/0x310
RSP: 0018:ffff88041194fe08 EFLAGS: 00010206
RAX: 00000040454e4f59 RBX: 5245564509000000 RCX: ffff88041181d480
RDX: 5245564509000000 RSI: ffff8803fbf4a940 RDI: ffff88041181d480
RBP: ffff88041194fe18 R08: 0000000000000000 R09: ffffffffdb340933
R10: 0000000000000001 R11: 0000000000000202 R12: ffff8803fbf4a940
R13: ffff8803fbf4aae8 R14: ffff8803fbf4a870 R15: 0000000000000014
FS: 00007f6b94b2c700(0000) GS:ffff880028200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000040454e4f59 CR3: 0000000413100000 CR4: 00000000001407f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process nautilus (pid: 15219, threadinfo ffff88041194e000, task ffff880414adcaa0)
Stack:
ffff8804112b79c0 ffff8803fbf4aa38 ffff88041194feb8 ffffffffa113b376
<d> ffff8804101b4780 ffff8803fbf4aa38 ffff88041194ff28 ffff88041181d480
<d> ffff88041194fe58 ffffffffa0f30305 ffff88041194fea8 ffffffffa0f2f2e0
Call Trace:
[<ffffffffa113b376>] nfs_do_access+0x326/0x3c0 [nfs]
[<ffffffffa0f30305>] ? generic_lookup_cred+0x15/0x20 [sunrpc]
[<ffffffffa0f2f2e0>] ? rpcauth_lookupcred+0x70/0xc0 [sunrpc]
[<ffffffffa113b4b8>] nfs_permission+0xa8/0x1e0 [nfs]
[<ffffffff8118e7ce>] inode_permission+0x8e/0xd0
[<ffffffff8117ee4f>] sys_faccessat+0x10f/0x1d0
[<ffffffff8117ef28>] sys_access+0x18/0x20
[<ffffffff8100b072>] system_call_fastpath+0x16/0x1b
Code: 01 48 89 10 5b 41 5c c9 c3 0f 1f 84 00 00 00 00 00 4c 8b 07 48 8b 47 08 4c 89 c2 41 83 e0 01 48 83 e2 fc 48 85 c0 48 89 d3 74 0c <48> 8b 08 83 e1 03 48 09 d1 48 89 08 48 85 d2 0f 84 ba 00 00 00
RIP [<ffffffff8127da7a>] rb_erase+0x1fa/0x310
RSP <ffff88041194fe08>
CR2: 00000040454e4f59
Environment
- Red Hat Enterprise Linux 6
- RHEL6.3: kernels from 2.6.32-279.19.1.el6 to at least 2.6.32-279.25.1.el6 (later versions may be affected)
- RHEL6.4: kernels from 2.6.32-358.el6 to at least 2.6.32-358.6.1.el6 (later versions may be affected)
- NFSv4 client
- The NFS mount options are as follows for the test system that we used nautilus on
rw,hard,intr,sloppy,vers=4
- The NFS server system that exports the mount is:
Red Hat Enterprise Linux Server release 6.3 (Santiago).
$ cat /etc/exports
/home 10.1.1.4(rw,sync) on that system in /etc/exports
- The following nautilus packages are installed:
brasero-nautilus-2.28.3-6.el6.x86_64 Thu 17 Jan 2013 16:40:20 GMT
nautilus-2.28.4-19.el6.x86_64 Thu 17 Jan 2013 16:38:23 GMT
nautilus-extensions-2.28.4-19.el6.x86_64 Thu 17 Jan 2013 16:38:22 GMT
nautilus-open-terminal-0.17-4.el6.x86_64 Thu 17 Jan 2013 16:40:01 GMT
nautilus-sendto-2.28.2-3.el6.x86_64 Thu 17 Jan 2013 16:40:17 GMT
totem-nautilus-2.28.6-2.el6.x86_64 Thu 17 Jan 2013 16:39:24 GMT
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.