RHEL6.3 / 6.4: kernel may crash in rb_erase called from nfs_access_get_cached, nautilus crashes too while copying a file from NFS to local filesystem

Solution Verified - Updated -

Issue

  • The cut and paste within Nautilus causes Nautilus to crash and often system instabilities occur thereafter. The Nautilus version number is 2.28.4.
  • When I copy a file from an NFSv4 share on our network to a local directory (such as /tmp) it will most of the time crash nautilus and also quite often cause a kernel panic and bring down the entire machine.
  • We have tested this with regular files and nautilus crashes but for cut/paste for directories it does not crash nautilus.
  • When I did the tests it crashed Nautilus almost every time and brought the machine down quite often too. The crashes happened almost all of the time when I ran the tests but there were one or two instances where nautilus did not crash (I don't know why Nautilus did not crash on those rare occasions).
  • Machine crashes while nautilus is trying to copy a file from NFSv4 share to local filesystem. Sometimes nautilus just crashes with glibc stack corruption, and other times the whole machine crashes in addition.
FS-Cache: Netfs 'nfs' registered for caching
NFS: v4 server mynfsserver does not accept raw uid/gids. Reenabling the idmapper.
Bridge firewalling registered
BUG: unable to handle kernel paging request at 00000040454e4f59
RIP: [<ffffffff8127da7a>] rb_erase+0x1fa/0x310
PGD 412b12067 PUD 0 
Oops: 0000 [#1] SMP 
last sysfs file: /sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.2/1-1.2:1.0/host6/target6:0:0/6:0:0:0/block/sdb/queue/logical_block_size
CPU 0 
Modules linked in: bridge nfs fscache ip6table_filter ip6_tables ebtable_nat ebtables nfsd nfs_acl auth_rpcgss exportfs autofs4 
target_core_iblock target_core_file target_core_pscsi target_core_mod 8021q garp stp llc configfs vmnet(U) ppdev parport_pc parport fuse 
vsock(U) vmci(U) vmmon(U) lockd sunrpc cpufreq_ondemand acpi_cpufreq freq_table mperf nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack
 iptable_filter ip_tables xt_physdev ipt_REJECT vhost_net macvtap macvlan tun kvm_intel kvm uinput sg microcode dcdbas serio_raw i2c_i801 
iTCO_wdt iTCO_vendor_support nvidia(P)(U) snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device
 snd_pcm snd_timer snd soundcore snd_page_alloc xhci_hcd ext4 mbcache jbd2 sr_mod cdrom sd_mod crc_t10dif usb_storage ahci e1000e nouveau ttm 
drm_kms_helper drm i2c_algo_bit i2c_core mxm_wmi video output wmi dm_mirror dm_region_hash dm_log dm_mod be2iscsi bnx2i cnic uio ipv6 cxgb4i
cxgb4 cxgb3i libcxgbi cxgb3 mdio libiscsi_tcp qla4xxx iscsi_boot_sysfs libiscsi scsi_transport_iscsi [last unloaded: nf_conntrack]

Pid: 15219, comm: nautilus Tainted: P           ---------------    2.6.32-358.0.1.el6.x86_64 #1 Dell Inc. OptiPlex 7010/0KRC95
RIP: 0010:[<ffffffff8127da7a>]  [<ffffffff8127da7a>] rb_erase+0x1fa/0x310
RSP: 0018:ffff88041194fe08  EFLAGS: 00010206
RAX: 00000040454e4f59 RBX: 5245564509000000 RCX: ffff88041181d480
RDX: 5245564509000000 RSI: ffff8803fbf4a940 RDI: ffff88041181d480
RBP: ffff88041194fe18 R08: 0000000000000000 R09: ffffffffdb340933
R10: 0000000000000001 R11: 0000000000000202 R12: ffff8803fbf4a940
R13: ffff8803fbf4aae8 R14: ffff8803fbf4a870 R15: 0000000000000014
FS:  00007f6b94b2c700(0000) GS:ffff880028200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000040454e4f59 CR3: 0000000413100000 CR4: 00000000001407f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process nautilus (pid: 15219, threadinfo ffff88041194e000, task ffff880414adcaa0)
Stack:
 ffff8804112b79c0 ffff8803fbf4aa38 ffff88041194feb8 ffffffffa113b376
<d> ffff8804101b4780 ffff8803fbf4aa38 ffff88041194ff28 ffff88041181d480
<d> ffff88041194fe58 ffffffffa0f30305 ffff88041194fea8 ffffffffa0f2f2e0
Call Trace:
 [<ffffffffa113b376>] nfs_do_access+0x326/0x3c0 [nfs]
 [<ffffffffa0f30305>] ? generic_lookup_cred+0x15/0x20 [sunrpc]
 [<ffffffffa0f2f2e0>] ? rpcauth_lookupcred+0x70/0xc0 [sunrpc]
 [<ffffffffa113b4b8>] nfs_permission+0xa8/0x1e0 [nfs]
 [<ffffffff8118e7ce>] inode_permission+0x8e/0xd0
 [<ffffffff8117ee4f>] sys_faccessat+0x10f/0x1d0
 [<ffffffff8117ef28>] sys_access+0x18/0x20
 [<ffffffff8100b072>] system_call_fastpath+0x16/0x1b
Code: 01 48 89 10 5b 41 5c c9 c3 0f 1f 84 00 00 00 00 00 4c 8b 07 48 8b 47 08 4c 89 c2 41 83 e0 01 48 83 e2 fc 48 85 c0 48 89 d3 74 0c <48> 8b 08 83 e1 03 48 09 d1 48 89 08 48 85 d2 0f 84 ba 00 00 00 
RIP  [<ffffffff8127da7a>] rb_erase+0x1fa/0x310
 RSP <ffff88041194fe08>
CR2: 00000040454e4f59

Environment

  • Red Hat Enterprise Linux 6
    • RHEL6.3: kernels from 2.6.32-279.19.1.el6 to at least 2.6.32-279.25.1.el6 (later versions may be affected)
    • RHEL6.4: kernels from 2.6.32-358.el6 to at least 2.6.32-358.6.1.el6 (later versions may be affected)
  • NFSv4 client
  • The NFS mount options are as follows for the test system that we used nautilus on
rw,hard,intr,sloppy,vers=4
  • The NFS server system that exports the mount is:
Red Hat Enterprise Linux Server release 6.3 (Santiago).
$ cat /etc/exports
/home 10.1.1.4(rw,sync) on that system in /etc/exports
  • The following nautilus packages are installed:
brasero-nautilus-2.28.3-6.el6.x86_64                        Thu 17 Jan 2013 16:40:20 GMT
nautilus-2.28.4-19.el6.x86_64                               Thu 17 Jan 2013 16:38:23 GMT
nautilus-extensions-2.28.4-19.el6.x86_64                    Thu 17 Jan 2013 16:38:22 GMT
nautilus-open-terminal-0.17-4.el6.x86_64                    Thu 17 Jan 2013 16:40:01 GMT
nautilus-sendto-2.28.2-3.el6.x86_64                         Thu 17 Jan 2013 16:40:17 GMT
totem-nautilus-2.28.6-2.el6.x86_64                          Thu 17 Jan 2013 16:39:24 GMT

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In