I also experience this problem using the Xenial kernel 4.4.0-18.34~14.04.1 on Ubuntu 14.04. I can even reproduce it as a non-root user by creating an overlay mount inside a user namespace.
After mounting an overlay over an NFS mount, I can successfully traverse existing directories and create, write, read, and remove new files. As soon as I try to read an existing file (from the lower layer NFS mount), the application that attempts the read dies and the syslog shows the kernel bug. The system continues running afterwards. Furthermore, a similar crash occurs for NFS 4 mounts: Apr 13 09:49:20 tortuga kernel: [ 4611.794037] BUG: unable to handle kernel NULL pointer dereference at 0000000000000160 Apr 13 09:49:20 tortuga kernel: [ 4611.794144] IP: [<ffffffffc088cd5d>] nfs4_file_open+0xcd/0x1d0 [nfsv4] Apr 13 09:49:20 tortuga kernel: [ 4611.794202] PGD 414777067 PUD 302045067 PMD 0 Apr 13 09:49:20 tortuga kernel: [ 4611.794233] Oops: 0000 [#1] SMP Apr 13 09:49:20 tortuga kernel: [ 4611.794255] Modules linked in: overlay rpcsec_gss_krb5 nfsv4 ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT nf_reject_ipv4 xt_CHECKSUM iptable_mangle xt_tcpudp ip6table_filter ip6_tables iptable_filter ip_tables ebtable_nat ebtables x_tables autofs4 bridge stp llc bnep rfcomm bluetooth nfsd auth_rpcgss nfs_acl nfs binfmt_misc lockd grace sunrpc fscache dm_crypt input_leds joydev snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec_hdmi snd_hda_intel snd_hda_codec hid_generic snd_hda_core snd_hwdep intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp dcdbas snd_pcm kvm_intel snd_seq_midi snd_seq_midi_event kvm snd_rawmidi usbhid dm_multipath hid snd_seq snd_seq_device irqbypass crct10dif_pclmul snd_timer crc32_pclmul serio_raw snd aesni_intel mei_me aes_x86_64 soundcore lrw gf128mul mei glue_helper ablk_helper shpchp cryptd ppdev msr lpc_ich cpuid pa rport_pc 8250_fintek mac_hid lp parport amdkfd amd_iommu_v2 radeon i2c_algo_bit ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops e1000e drm ahci psmouse ptp libahci pps_core fjes video [last unloaded: ipmi_msghandler] Apr 13 09:49:20 tortuga kernel: [ 4611.794983] CPU: 4 PID: 14306 Comm: cat Not tainted 4.4.0-18-generic #34~14.04.1-Ubuntu Apr 13 09:49:20 tortuga kernel: [ 4611.795027] Hardware name: Dell Inc. OptiPlex 790/0HY9JP, BIOS A07 09/10/2011 Apr 13 09:49:20 tortuga kernel: [ 4611.795067] task: ffff8800a9822940 ti: ffff8803e9d30000 task.ti: ffff8803e9d30000 Apr 13 09:49:20 tortuga kernel: [ 4611.795108] RIP: 0010:[<ffffffffc088cd5d>] [<ffffffffc088cd5d>] nfs4_file_open+0xcd/0x1d0 [nfsv4] Apr 13 09:49:20 tortuga kernel: [ 4611.795171] RSP: 0018:ffff8803e9d33c18 EFLAGS: 00010246 Apr 13 09:49:20 tortuga kernel: [ 4611.795200] RAX: 0000000000000000 RBX: ffff8803e7d78700 RCX: ffff8803e9d33c38 Apr 13 09:49:20 tortuga kernel: [ 4611.795239] RDX: 0000000000008000 RSI: ffff8803f09a8540 RDI: ffff88041873a148 Apr 13 09:49:20 tortuga kernel: [ 4611.795278] RBP: ffff8803e9d33cb0 R08: 0000000000000000 R09: ffff88041cc03800 Apr 13 09:49:20 tortuga kernel: [ 4611.795317] R10: ffffffffc06c9230 R11: ffffea000f9f5e00 R12: 0000000000000000 Apr 13 09:49:20 tortuga kernel: [ 4611.795356] R13: ffff880317e9b680 R14: 0000000000000000 R15: ffff88041873a148 Apr 13 09:49:20 tortuga kernel: [ 4611.795396] FS: 00007f8678c77740(0000) GS:ffff88041d300000(0000) knlGS:0000000000000000 Apr 13 09:49:20 tortuga kernel: [ 4611.795440] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Apr 13 09:49:20 tortuga kernel: [ 4611.795472] CR2: 0000000000000160 CR3: 0000000374f2b000 CR4: 00000000000406e0 Apr 13 09:49:20 tortuga kernel: [ 4611.795510] Stack: Apr 13 09:49:20 tortuga kernel: [ 4611.795523] ffff8803850868f0 ffffffff00008000 ffff880317d39740 ffff8803f09a8540 Apr 13 09:49:20 tortuga kernel: [ 4611.795568] ffff880300008000 ffffffff00010000 ffff8803850868f0 0000000000000000 Apr 13 09:49:20 tortuga kernel: [ 4611.795612] 0000000000000000 ffff8803850868f0 ffff8803e7d78700 ffff8803e7d78710 Apr 13 09:49:20 tortuga kernel: [ 4611.795656] Call Trace: Apr 13 09:49:20 tortuga kernel: [ 4611.795677] [<ffffffff811fb397>] do_dentry_open+0x227/0x320 Apr 13 09:49:20 tortuga kernel: [ 4611.795720] [<ffffffffc088cc90>] ? nfs4_file_fsync+0x180/0x180 [nfsv4] Apr 13 09:49:20 tortuga kernel: [ 4611.795757] [<ffffffff811fc467>] vfs_open+0x57/0x60 Apr 13 09:49:20 tortuga kernel: [ 4611.795787] [<ffffffff8120ae8d>] path_openat+0x1ad/0x1310 Apr 13 09:49:20 tortuga kernel: [ 4611.795820] [<ffffffff8120d05e>] do_filp_open+0x7e/0xd0 Apr 13 09:49:20 tortuga kernel: [ 4611.795852] [<ffffffff812025bd>] ? cp_new_stat+0x13d/0x160 Apr 13 09:49:20 tortuga kernel: [ 4611.795885] [<ffffffff8121a1e6>] ? __alloc_fd+0x46/0x180 Apr 13 09:49:20 tortuga kernel: [ 4611.795916] [<ffffffff811fc7c9>] do_sys_open+0x129/0x270 Apr 13 09:49:20 tortuga kernel: [ 4611.795947] [<ffffffff811fc92e>] SyS_open+0x1e/0x20 Apr 13 09:49:20 tortuga kernel: [ 4611.795978] [<ffffffff817ee8f6>] entry_SYSCALL_64_fastpath+0x16/0x75 Apr 13 09:49:20 tortuga kernel: [ 4611.796013] Code: 00 00 49 8b 47 28 45 31 c0 48 8d 4d 88 8b 95 70 ff ff ff 48 8b 75 80 4c 89 ff 48 8b 80 58 04 00 00 48 8b 00 48 8b 80 e0 00 00 00 <ff> 90 60 01 00 00 48 3d 00 f0 ff ff 0f 87 ac 00 00 00 49 3b 45 Apr 13 09:49:20 tortuga kernel: [ 4611.796194] RIP [<ffffffffc088cd5d>] nfs4_file_open+0xcd/0x1d0 [nfsv4] Apr 13 09:49:20 tortuga kernel: [ 4611.796242] RSP <ffff8803e9d33c18> Apr 13 09:49:20 tortuga kernel: [ 4611.796262] CR2: 0000000000000160 Apr 13 09:49:20 tortuga kernel: [ 4611.812656] ---[ end trace 7e26f22aae4f8eb6 ]--- I reproduced this crash also with the mainline 4.5 kernel. I suspect that in both cases the actual bug is in overlayfs, and it might very well be the same bug, thus I am adding this here. If I should instead create a fresh bug, please tell me. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1566471 Title: kernel oops: NULL pointer dereference in nfs_inode_attach_open_context+0x37/0x70 [nfs] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1566471/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
