Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

access to .zfs directory via samba causes smbd NULL deref #626

Closed
pyavdr opened this Issue · 19 comments

8 participants

@pyavdr

I am testing two instances of VM´s (Ubuntu 11.04 2.6.38.13 64 bit and OpenSuse 12.1 3.1.9-1.4 64 bit) with latest zfs/spl .56-rc8 and a simple zpool. I configured a zfs dir to share with samba. Created a snapshot. Accessing the .zfs directory from/with Windows 7 causes smbd to fail with a NULL deref.

SUSE: (dmesg)
[19849.673506] BUG: unable to handle kernel NULL pointer dereference at 000000000000005f
[19849.673510] IP: [] follow_managed+0x37/0x140
[19849.673516] PGD 0
[19849.673517] Oops: 0000 [#76] SMP
[19849.673519] CPU 0
[19849.673520] Modules linked in: binfmt_misc iscsi_trgt crc32c_intel zfs(P) zcommon(P) znvpair(P) zavl(P) zunicode(P) spl zlib_deflate fuse vmhgfs vsock acpiphp mperf joydev snd_ens1371 ppdev parport_pc parport shpchp gameport snd_rawmidi e1000 pci_hotplug snd_seq_device sr_mod cdrom floppy sg snd_ac97_codec ac97_bus snd_pcm snd_timer snd mptctl i2c_piix4 pcspkr soundcore vmci vmw_balloon snd_page_alloc button container ac autofs4 usbhid uhci_hcd ehci_hcd processor usbcore thermal_sys ata_generic mptspi mptscsih mptbase scsi_transport_spi vmxnet vmw_pvscsi vmxnet3 [last unloaded: crc32c_intel]
[19849.673547]
[19849.673549] Pid: 9092, comm: smbd Tainted: P D 3.1.9-1.4-default #1 VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
[19849.673551] RIP: 0010:[] [] follow_managed+0x37/0x140
[19849.673554] RSP: 0018:ffff8803a0977c78 EFLAGS: 00010246
[19849.673555] RAX: ffff8804239f92c0 RBX: ffff8803a0977d58 RCX: 0000000000000037
[19849.673557] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000005f
[19849.673558] RBP: ffff8804239f92c0 R08: 0000000000000000 R09: dead000000200200
[19849.673559] R10: 000000000000000b R11: ffff8802ad58300c R12: 0000000000000001
[19849.673560] R13: 0000000000000001 R14: 0000000000000000 R15: ffff8803ec35e2c0
[19849.673561] FS: 00007f302fba97c0(0000) GS:ffff88043f200000(0000) knlGS:0000000000000000
[19849.673563] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[19849.673564] CR2: 000000000000005f CR3: 0000000352380000 CR4: 00000000000406f0
[19849.673567] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[19849.673570] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[19849.673571] Process smbd (pid: 9092, threadinfo ffff8803a0976000, task ffff8802984e2300)
[19849.673572] Stack:
[19849.673573] ffff8803d4954670 00ff8803a0977e08 0000000000000001 ffff8803a0977e08
[19849.673576] ffff8803a0977d58 000000000000005f 0000000000000001 ffff8803a0977d80
[19849.673578] ffff8803ec35e2c0 ffffffff81157d05 ffff880300000000 ffff8803a0977e18
[19849.673580] Call Trace:
[19849.673587] [] do_lookup+0x155/0x310
[19849.673591] [] path_lookupat+0x114/0x740
[19849.673594] [] do_path_lookup+0x2c/0xc0
[19849.673598] [] user_path_at_empty+0x5c/0xb0
[19849.673601] [] vfs_fstatat+0x32/0x60
[19849.673603] [] sys_newstat+0x12/0x30
[19849.673607] [] system_call_fastpath+0x16/0x1b
[19849.673610] [<00007f302ca29935>] 0x7f302ca29934
[19849.673611] Code: 24 28 48 89 fb 4c 89 74 24 38 48 89 6c 24 20 41 89 f4 4c 89 6c 24 30 4c 89 7c 24 40 45 31 f6 48 8b 2f c6 44 24 0f 00 48 8b 7b 08 <8b> 07 41 89 c5 41 81 e5 00 00 07 00 75 55 80 7c 24 0f 00 74 05
[19849.673626] RIP [] follow_managed+0x37/0x140
[19849.673628] RSP
[19849.673629] CR2: 000000000000005f
[19849.673631] ---[ end trace 0df84687749fd0a0 ]---

Ubuntu 11.04: (dmesg)

[ 1856.293088] BUG: unable to handle kernel NULL pointer dereference at 000000000000005f
[ 1856.293093] IP: [] follow_managed+0x35/0x130
[ 1856.293099] PGD 0
[ 1856.293100] Oops: 0000 [#50] SMP
[ 1856.293102] last sysfs file: /sys/devices/system/cpu/cpu3/cache/index2/shared_cpu_map
[ 1856.293104] CPU 0
[ 1856.293105] Modules linked in: dm_crypt vesafb binfmt_misc ppdev vmw_balloon snd_ens1371 gameport snd_ac97_codec ac97_bus psmouse serio_raw snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device joydev snd soundcore snd_page_alloc i2c_piix4 shpchp parport_pc lp parport zfs(P) zcommon(P) znvpair(P) zavl(P) zunicode(P) spl zlib_deflate raid10 raid456 async_pq async_xor async_memcpy async_raid6_recov raid6_pq async_tx raid1 raid0 multipath linear dm_raid45 xor e1000 floppy mptspi mptscsih mptbase scsi_transport_spi usbhid hid
[ 1856.293136]
[ 1856.293138] Pid: 3108, comm: smbd Tainted: P D 2.6.38-13-generic #57-Ubuntu VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
[ 1856.293141] RIP: 0010:[] [] follow_managed+0x35/0x130
[ 1856.293144] RSP: 0018:ffff880123cf1c08 EFLAGS: 00010246
[ 1856.293145] RAX: 000000000000005f RBX: ffff880123cf1d28 RCX: 0000000000000000
[ 1856.293147] RDX: 000000000000005f RSI: 0000000000000001 RDI: 000000000000005f
[ 1856.293148] RBP: ffff880123cf1c58 R08: dead000000200200 R09: 0000000000000000
[ 1856.293149] R10: dead000000100100 R11: dead000000200200 R12: ffff880138ee6f00
[ 1856.293150] R13: ffff880131d3b8c0 R14: 0000000000000001 R15: 0000000000000000
[ 1856.293152] FS: 00007f795e360740(0000) GS:ffff8800bf600000(0000) knlGS:0000000000000000
[ 1856.293153] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1856.293154] CR2: 000000000000005f CR3: 0000000123c88000 CR4: 00000000000406f0
[ 1856.293158] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1856.293160] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1856.293162] Process smbd (pid: 3108, threadinfo ffff880123cf0000, task ffff8801298e0000)
[ 1856.293163] Stack:
[ 1856.293164] ffff880123cf1dc8 ffff880123cf1d40 ffff880123cf1c58 00ffffff8116f210
[ 1856.293166] ffff880123cf1c58 ffff880123cf1dc8 ffff880123cf1d28 ffff880131d3b8c0
[ 1856.293168] ffff880123cf1d40 ffff880138ee6f00 ffff880123cf1cc8 ffffffff811715c3
[ 1856.293170] Call Trace:
[ 1856.293173] [] do_lookup+0x113/0x2e0
[ 1856.293176] [] ? in_group_p+0x31/0x40
[ 1856.293178] [] link_path_walk+0x656/0xc40
[ 1856.293180] [] ? __do_fault+0x449/0x520
[ 1856.293182] [] do_path_lookup+0x5b/0x160
[ 1856.293184] [] user_path_at+0x57/0xa0
[ 1856.293187] [] ? mutex_lock+0x1e/0x50
[ 1856.293210] [] ? zpl_shares_getattr+0x10a/0x150 [zfs]
[ 1856.293213] [] ? apparmor_inode_getattr+0x54/0x60
[ 1856.293216] [] ? cp_new_stat+0xf8/0x110
[ 1856.293218] [] vfs_fstatat+0x39/0x70
[ 1856.293220] [] vfs_stat+0x1b/0x20
[ 1856.293222] [] sys_newstat+0x1a/0x40
[ 1856.293224] [] system_call_fastpath+0x16/0x1b
[ 1856.293225] Code: 5d d8 4c 89 65 e0 4c 89 6d e8 4c 89 75 f0 4c 89 7d f8 0f 1f 44 00 00 4c 8b 27 45 31 ff 48 89 fb 41 89 f6 c6 45 cf 00 48 8b 7b 08 <8b> 07 41 89 c5 41 81 e5 00 00 07 00 75 3f 80 7d cf 00 74 05 4c
[ 1856.293242] RIP [] follow_managed+0x35/0x130
[ 1856.293244] RSP
[ 1856.293245] CR2: 000000000000005f
[ 1856.293247] ---[ end trace 454df8b6fb14de9b ]---

@pyavdr

The same failure can be seen with Ubuntu 11.10 kernel 3.0.0-17.

[ 234.089112] BUG: unable to handle kernel NULL pointer dereference at 000000000000005f
[ 234.089119] IP: [] follow_managed+0x35/0x140
[ 234.089128] PGD 0
[ 234.089130] Oops: 0000 [#10] SMP
[ 234.089134] CPU 2
[ 234.089135] Modules linked in: rfcomm bnep bluetooth snd_atiixp_modem snd_via82xx_modem snd_intel8x0m dm_crypt joydev snd_ens1371 gameport snd_ac97_codec ac97_bus snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device snd soundcore vmw_balloon psmouse serio_raw snd_page_alloc shpchp ppdev parport_pc lp parport zfs(P) zcommon(P) znvpair(P) zavl(P) zunicode(P) spl zlib_deflate raid10 raid456 async_pq async_xor xor async_memcpy async_raid6_recov raid6_pq async_tx raid1 raid0 multipath linear vmw_pvscsi usbhid hid floppy vmxnet3 mptspi mptscsih mptbase scsi_transport_spi [last unloaded: ipmi_msghandler]
[ 234.089175]
[ 234.089177] Pid: 3206, comm: smbd Tainted: P D 3.0.0-17-generic #30-Ubuntu VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
[ 234.089182] RIP: 0010:[] [] follow_managed+0x35/0x140
[ 234.089187] RSP: 0018:ffff88010b3e7c08 EFLAGS: 00010246
[ 234.089189] RAX: ffff880134356900 RBX: ffff88010b3e7d18 RCX: 0000000000007d1f
[ 234.089191] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000005f
[ 234.089193] RBP: ffff88010b3e7c58 R08: ffffffff8117ce8b R09: 0000000000000000
[ 234.089195] R10: 0000000000000000 R11: 000000000000000a R12: ffff880134356900
[ 234.089197] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
[ 234.089199] FS: 00007f42b5693740(0000) GS:ffff88013f240000(0000) knlGS:0000000000000000
[ 234.089202] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 234.089203] CR2: 000000000000005f CR3: 0000000131106000 CR4: 00000000000406e0
[ 234.089209] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 234.089214] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 234.089217] Process smbd (pid: 3206, threadinfo ffff88010b3e6000, task ffff8800b3469720)
[ 234.089218] Stack:
[ 234.089220] 0000000000000001 ffff88010b3e7d40 ffff88010b3e7c58 00ffffff81172f30
[ 234.089224] ffff88010b3e7c58 ffff88010b3e7dc8 ffff88010b3e7d18 000000000000005f
[ 234.089227] 0000000000000001 ffff88010b3e7d40 ffff88010b3e7cd8 ffffffff81175082
[ 234.089230] Call Trace:
[ 234.089236] [] do_lookup+0x122/0x2c0
[ 234.089239] [] path_lookupat+0x11c/0x700
[ 234.089242] [] ? __do_fault+0x439/0x510
[ 234.089245] [] do_path_lookup+0x31/0xc0
[ 234.089248] [] user_path_at_empty+0x59/0xa0
[ 234.089252] [] ? handle_mm_fault+0x1f8/0x350
[ 234.089257] [] ? do_page_fault+0x218/0x530
[ 234.089260] [] user_path_at+0x11/0x20
[ 234.089263] [] vfs_fstatat+0x44/0x70
[ 234.089267] [] ? vfsmount_lock_local_unlock+0x1e/0x30
[ 234.089270] [] ? mntput_no_expire+0x30/0xf0
[ 234.089273] [] vfs_stat+0x1b/0x20
[ 234.089275] [] sys_newstat+0x1a/0x40
[ 234.089278] [] ? mntput_no_expire+0x30/0xf0
[ 234.089282] [] ? page_fault+0x25/0x30
[ 234.089286] [] system_call_fastpath+0x16/0x1b
[ 234.089287] Code: 5d d8 4c 89 65 e0 4c 89 6d e8 4c 89 75 f0 4c 89 7d f8 66 66 66 66 90 4c 8b 27 45 31 ff 48 89 fb 41 89 f5 c6 45 cf 00 48 8b 7b 08 <8b> 07 41 89 c6 41 81 e6 00 00 07 00 75 47 80 7d cf 00 74 05 4c
[ 234.089316] RIP [] follow_managed+0x35/0x140
[ 234.089320] RSP
[ 234.089321] CR2: 000000000000005f
[ 234.089324] ---[ end trace 25454c072c3b1c25 ]---
[ 234.103069] BUG: unable to handle kernel NULL pointer dereference at 000000000000005f
[ 234.103077] IP: [] follow_managed+0x35/0x140
[ 234.103086] PGD 0
[ 234.103089] Oops: 0000 [#11] SMP
[ 234.103092] CPU 2
[ 234.103093] Modules linked in: rfcomm bnep bluetooth snd_atiixp_modem snd_via82xx_modem snd_intel8x0m dm_crypt joydev snd_ens1371 gameport snd_ac97_codec ac97_bus snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device snd soundcore vmw_balloon psmouse serio_raw snd_page_alloc shpchp ppdev parport_pc lp parport zfs(P) zcommon(P) znvpair(P) zavl(P) zunicode(P) spl zlib_deflate raid10 raid456 async_pq async_xor xor async_memcpy async_raid6_recov raid6_pq async_tx raid1 raid0 multipath linear vmw_pvscsi usbhid hid floppy vmxnet3 mptspi mptscsih mptbase scsi_transport_spi [last unloaded: ipmi_msghandler]
[ 234.103171]
[ 234.103174] Pid: 3207, comm: smbd Tainted: P D 3.0.0-17-generic #30-Ubuntu VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
[ 234.103179] RIP: 0010:[] [] follow_managed+0x35/0x140
[ 234.103184] RSP: 0018:ffff8801363afc08 EFLAGS: 00010246
[ 234.103186] RAX: ffff880134356900 RBX: ffff8801363afd18 RCX: 0000000000007d32
[ 234.103188] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000005f
[ 234.103190] RBP: ffff8801363afc58 R08: ffffffff8117ce8b R09: 0000000000000000
[ 234.103192] R10: 0000000000000000 R11: 000000000000000a R12: ffff880134356900
[ 234.103194] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
[ 234.103196] FS: 00007f42b5693740(0000) GS:ffff88013f240000(0000) knlGS:0000000000000000
[ 234.103199] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 234.103200] CR2: 000000000000005f CR3: 000000010b256000 CR4: 00000000000406e0
[ 234.103206] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 234.103211] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 234.103214] Process smbd (pid: 3207, threadinfo ffff8801363ae000, task ffff8800b346ae40)
[ 234.103216] Stack:
[ 234.103217] 0000000000000001 ffff8801363afd40 ffff8801363afc58 00ffffff81172f30
[ 234.103221] ffff8801363afc58 ffff8801363afdc8 ffff8801363afd18 000000000000005f
[ 234.103224] 0000000000000001 ffff8801363afd40 ffff8801363afcd8 ffffffff81175082
[ 234.103228] Call Trace:
[ 234.103233] [] do_lookup+0x122/0x2c0
[ 234.103236] [] path_lookupat+0x11c/0x700
[ 234.103239] [] ? __do_fault+0x439/0x510
[ 234.103242] [] do_path_lookup+0x31/0xc0
[ 234.103245] [] user_path_at_empty+0x59/0xa0
[ 234.103249] [] ? handle_mm_fault+0x1f8/0x350
[ 234.103254] [] ? do_page_fault+0x218/0x530
[ 234.103257] [] user_path_at+0x11/0x20
[ 234.103260] [] vfs_fstatat+0x44/0x70
[ 234.103264] [] ? vfsmount_lock_local_unlock+0x1e/0x30
[ 234.103267] [] ? mntput_no_expire+0x30/0xf0
[ 234.103270] [] vfs_stat+0x1b/0x20
[ 234.103273] [] sys_newstat+0x1a/0x40
[ 234.103275] [] ? mntput_no_expire+0x30/0xf0
[ 234.103279] [] ? page_fault+0x25/0x30
[ 234.103283] [] system_call_fastpath+0x16/0x1b
[ 234.103297] Code: 5d d8 4c 89 65 e0 4c 89 6d e8 4c 89 75 f0 4c 89 7d f8 66 66 66 66 90 4c 8b 27 45 31 ff 48 89 fb 41 89 f5 c6 45 cf 00 48 8b 7b 08 <8b> 07 41 89 c6 41 81 e6 00 00 07 00 75 47 80 7d cf 00 74 05 4c
[ 234.103325] RIP [] follow_managed+0x35/0x140
[ 234.103329] RSP
[ 234.103330] CR2: 000000000000005f
[ 234.103333] ---[ end trace 25454c072c3b1c26 ]---
[ 234.115344] BUG: unable to handle kernel NULL pointer dereference at 000000000000005f
[ 234.115351] IP: [] follow_managed+0x35/0x140
[ 234.115360] PGD 0
[ 234.115362] Oops: 0000 [#12] SMP
[ 234.115365] CPU 2
[ 234.115366] Modules linked in: rfcomm bnep bluetooth snd_atiixp_modem snd_via82xx_modem snd_intel8x0m dm_crypt joydev snd_ens1371 gameport snd_ac97_codec ac97_bus snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device snd soundcore vmw_balloon psmouse serio_raw snd_page_alloc shpchp ppdev parport_pc lp parport zfs(P) zcommon(P) znvpair(P) zavl(P) zunicode(P) spl zlib_deflate raid10 raid456 async_pq async_xor xor async_memcpy async_raid6_recov raid6_pq async_tx raid1 raid0 multipath linear vmw_pvscsi usbhid hid floppy vmxnet3 mptspi mptscsih mptbase scsi_transport_spi [last unloaded: ipmi_msghandler]
[ 234.115402]
[ 234.115404] Pid: 3208, comm: smbd Tainted: P D 3.0.0-17-generic #30-Ubuntu VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
[ 234.115408] RIP: 0010:[] [] follow_managed+0x35/0x140
[ 234.115412] RSP: 0018:ffff88013655bc08 EFLAGS: 00010246
[ 234.115414] RAX: ffff880134356900 RBX: ffff88013655bd18 RCX: 0000000000007d45
[ 234.115416] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000005f
[ 234.115417] RBP: ffff88013655bc58 R08: ffffffff8117ce8b R09: 0000000000000000
[ 234.115419] R10: 0000000000000000 R11: 000000000000000a R12: ffff880134356900
[ 234.115420] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
[ 234.115422] FS: 00007f42b5693740(0000) GS:ffff88013f240000(0000) knlGS:0000000000000000
[ 234.115424] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 234.115426] CR2: 000000000000005f CR3: 000000013107b000 CR4: 00000000000406e0
[ 234.115431] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 234.115435] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 234.115437] Process smbd (pid: 3208, threadinfo ffff88013655a000, task ffff8800b346c560)
[ 234.115438] Stack:
[ 234.115439] 0000000000000001 ffff88013655bd40 ffff88013655bc58 00ffffff81172f30
[ 234.115442] ffff88013655bc58 ffff88013655bdc8 ffff88013655bd18 000000000000005f
[ 234.115445] 0000000000000001 ffff88013655bd40 ffff88013655bcd8 ffffffff81175082
[ 234.115448] Call Trace:
[ 234.115452] [] do_lookup+0x122/0x2c0
[ 234.115455] [] path_lookupat+0x11c/0x700
[ 234.115458] [] ? __do_fault+0x439/0x510
[ 234.115461] [] do_path_lookup+0x31/0xc0
[ 234.115463] [] user_path_at_empty+0x59/0xa0
[ 234.115466] [] ? handle_mm_fault+0x1f8/0x350
[ 234.115471] [] ? do_page_fault+0x218/0x530
[ 234.115473] [] user_path_at+0x11/0x20
[ 234.115476] [] vfs_fstatat+0x44/0x70
[ 234.115479] [] ? vfsmount_lock_local_unlock+0x1e/0x30
[ 234.115482] [] ? mntput_no_expire+0x30/0xf0
[ 234.115484] [] vfs_stat+0x1b/0x20
[ 234.115487] [] sys_newstat+0x1a/0x40
[ 234.115489] [] ? mntput_no_expire+0x30/0xf0
[ 234.115492] [] ? page_fault+0x25/0x30
[ 234.115495] [] system_call_fastpath+0x16/0x1b
[ 234.115497] Code: 5d d8 4c 89 65 e0 4c 89 6d e8 4c 89 75 f0 4c 89 7d f8 66 66 66 66 90 4c 8b 27 45 31 ff 48 89 fb 41 89 f5 c6 45 cf 00 48 8b 7b 08 <8b> 07 41 89 c6 41 81 e6 00 00 07 00 75 47 80 7d cf 00 74 05 4c
[ 234.115520] RIP [] follow_managed+0x35/0x140
[ 234.115523] RSP
[ 234.115524] CR2: 000000000000005f
[ 234.115527] ---[ end trace 25454c072c3b1c27 ]---
[ 234.937307] BUG: unable to handle kernel NULL pointer dereference at 000000000000005f
[ 234.937320] IP: [] follow_managed+0x35/0x140
[ 234.937335] PGD 0
[ 234.937339] Oops: 0000 [#13] SMP
[ 234.937345] CPU 2
[ 234.937347] Modules linked in: rfcomm bnep bluetooth snd_atiixp_modem snd_via82xx_modem snd_intel8x0m dm_crypt joydev snd_ens1371 gameport snd_ac97_codec ac97_bus snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device snd soundcore vmw_balloon psmouse serio_raw snd_page_alloc shpchp ppdev parport_pc lp parport zfs(P) zcommon(P) znvpair(P) zavl(P) zunicode(P) spl zlib_deflate raid10 raid456 async_pq async_xor xor async_memcpy async_raid6_recov raid6_pq async_tx raid1 raid0 multipath linear vmw_pvscsi usbhid hid floppy vmxnet3 mptspi mptscsih mptbase scsi_transport_spi [last unloaded: ipmi_msghandler]
[ 234.937412]
[ 234.937443] Pid: 3209, comm: smbd Tainted: P D 3.0.0-17-generic #30-Ubuntu VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
[ 234.937451] RIP: 0010:[] [] follow_managed+0x35/0x140
[ 234.937460] RSP: 0018:ffff880133e43c08 EFLAGS: 00010246
[ 234.937463] RAX: ffff880134356900 RBX: ffff880133e43d18 RCX: 0000000000007d68
[ 234.937466] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000005f
[ 234.937470] RBP: ffff880133e43c58 R08: ffffffff8117ce8b R09: 0000000000000000
[ 234.937473] R10: 0000000000000000 R11: 000000000000000b R12: ffff880134356900
[ 234.937476] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
[ 234.937481] FS: 00007f42b5693740(0000) GS:ffff88013f240000(0000) knlGS:0000000000000000
[ 234.937484] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 234.937487] CR2: 000000000000005f CR3: 000000013845e000 CR4: 00000000000406e0
[ 234.937496] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 234.937504] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 234.937508] Process smbd (pid: 3209, threadinfo ffff880133e42000, task ffff880036bf8000)
[ 234.937511] Stack:
[ 234.937513] 0000000000000001 ffff880133e43d40 ffff880133e43c58 00ffffff81172f30
[ 234.937519] ffff880133e43c58 ffff880133e43dc8 ffff880133e43d18 000000000000005f
[ 234.937525] 0000000000000001 ffff880133e43d40 ffff880133e43cd8 ffffffff81175082
[ 234.937530] Call Trace:
[ 234.937539] [] do_lookup+0x122/0x2c0
[ 234.937545] [] path_lookupat+0x11c/0x700
[ 234.937550] [] do_path_lookup+0x31/0xc0
[ 234.937555] [] user_path_at_empty+0x59/0xa0
[ 234.937564] [] ? simple_getattr+0x27/0x50
[ 234.937571] [] ? _raw_spin_lock+0xe/0x20
[ 234.937577] [] ? cp_new_stat+0xf8/0x110
[ 234.937581] [] user_path_at+0x11/0x20
[ 234.937586] [] vfs_fstatat+0x44/0x70
[ 234.937591] [] vfs_stat+0x1b/0x20
[ 234.937595] [] sys_newstat+0x1a/0x40
[ 234.937602] [] system_call_fastpath+0x16/0x1b
[ 234.937605] Code: 5d d8 4c 89 65 e0 4c 89 6d e8 4c 89 75 f0 4c 89 7d f8 66 66 66 66 90 4c 8b 27 45 31 ff 48 89 fb 41 89 f5 c6 45 cf 00 48 8b 7b 08 <8b> 07 41 89 c6 41 81 e6 00 00 07 00 75 47 80 7d cf 00 74 05 4c
[ 234.937651] RIP [] follow_managed+0x35/0x140
[ 234.937658] RSP
[ 234.937660] CR2: 000000000000005f
[ 234.937665] ---[ end trace 25454c072c3b1c28 ]---
[ 234.956104] BUG: unable to handle kernel NULL pointer dereference at 000000000000005f
[ 234.956114] IP: [] follow_managed+0x35/0x140
[ 234.956126] PGD 0
[ 234.956130] Oops: 0000 [#14] SMP
[ 234.956135] CPU 2
[ 234.956137] Modules linked in: rfcomm bnep bluetooth snd_atiixp_modem snd_via82xx_modem snd_intel8x0m dm_crypt joydev snd_ens1371 gameport snd_ac97_codec ac97_bus snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device snd soundcore vmw_balloon psmouse serio_raw snd_page_alloc shpchp ppdev parport_pc lp parport zfs(P) zcommon(P) znvpair(P) zavl(P) zunicode(P) spl zlib_deflate raid10 raid456 async_pq async_xor xor async_memcpy async_raid6_recov raid6_pq async_tx raid1 raid0 multipath linear vmw_pvscsi usbhid hid floppy vmxnet3 mptspi mptscsih mptbase scsi_transport_spi [last unloaded: ipmi_msghandler]
[ 234.956193]
[ 234.956196] Pid: 3210, comm: smbd Tainted: P D 3.0.0-17-generic #30-Ubuntu VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
[ 234.956203] RIP: 0010:[] [] follow_managed+0x35/0x140
[ 234.956210] RSP: 0018:ffff880133a8bc08 EFLAGS: 00010246
[ 234.956213] RAX: ffff880134356900 RBX: ffff880133a8bd18 RCX: 0000000000007d7f
[ 234.956216] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000005f
[ 234.956219] RBP: ffff880133a8bc58 R08: ffffffff8117ce8b R09: 0000000000000000
[ 234.956221] R10: 0000000000000000 R11: 000000000000000b R12: ffff880134356900
[ 234.956224] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
[ 234.956228] FS: 00007f42b5693740(0000) GS:ffff88013f240000(0000) knlGS:0000000000000000
[ 234.956231] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 234.956233] CR2: 000000000000005f CR3: 000000013845e000 CR4: 00000000000406e0
[ 234.956242] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 234.956248] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 234.956252] Process smbd (pid: 3210, threadinfo ffff880133a8a000, task ffff880036bfc560)
[ 234.956254] Stack:
[ 234.956257] 0000000000000001 ffff880133a8bd40 ffff880133a8bc58 00ffffff81172f30
[ 234.956262] ffff880133a8bc58 ffff880133a8bdc8 ffff880133a8bd18 000000000000005f
[ 234.956267] 0000000000000001 ffff880133a8bd40 ffff880133a8bcd8 ffffffff81175082
[ 234.956272] Call Trace:
[ 234.956280] [] do_lookup+0x122/0x2c0
[ 234.956284] [] path_lookupat+0x11c/0x700
[ 234.956290] [] ? __do_fault+0x439/0x510
[ 234.956294] [] do_path_lookup+0x31/0xc0
[ 234.956299] [] user_path_at_empty+0x59/0xa0
[ 234.956304] [] ? handle_mm_fault+0x1f8/0x350
[ 234.956311] [] ? do_page_fault+0x218/0x530
[ 234.956315] [] user_path_at+0x11/0x20
[ 234.956319] [] vfs_fstatat+0x44/0x70
[ 234.956325] [] ? vfsmount_lock_local_unlock+0x1e/0x30
[ 234.956329] [] ? mntput_no_expire+0x30/0xf0
[ 234.956333] [] vfs_stat+0x1b/0x20
[ 234.956337] [] sys_newstat+0x1a/0x40
[ 234.956341] [] ? mntput_no_expire+0x30/0xf0
[ 234.956346] [] ? page_fault+0x25/0x30
[ 234.956351] [] system_call_fastpath+0x16/0x1b
[ 234.956353] Code: 5d d8 4c 89 65 e0 4c 89 6d e8 4c 89 75 f0 4c 89 7d f8 66 66 66 66 90 4c 8b 27 45 31 ff 48 89 fb 41 89 f5 c6 45 cf 00 48 8b 7b 08 <8b> 07 41 89 c6 41 81 e6 00 00 07 00 75 47 80 7d cf 00 74 05 4c
[ 234.956431] RIP [] follow_managed+0x35/0x140
[ 234.956437] RSP
[ 234.956439] CR2: 000000000000005f
[ 234.956443] ---[ end trace 25454c072c3b1c29 ]---
[ 234.974500] BUG: unable to handle kernel NULL pointer dereference at 000000000000005f
[ 234.974509] IP: [] follow_managed+0x35/0x140
[ 234.974520] PGD 0
[ 234.974523] Oops: 0000 [#15] SMP
[ 234.974528] CPU 2
[ 234.974529] Modules linked in: rfcomm bnep bluetooth snd_atiixp_modem snd_via82xx_modem snd_intel8x0m dm_crypt joydev snd_ens1371 gameport snd_ac97_codec ac97_bus snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device snd soundcore vmw_balloon psmouse serio_raw snd_page_alloc shpchp ppdev parport_pc lp parport zfs(P) zcommon(P) znvpair(P) zavl(P) zunicode(P) spl zlib_deflate raid10 raid456 async_pq async_xor xor async_memcpy async_raid6_recov raid6_pq async_tx raid1 raid0 multipath linear vmw_pvscsi usbhid hid floppy vmxnet3 mptspi mptscsih mptbase scsi_transport_spi [last unloaded: ipmi_msghandler]
[ 234.974583]
[ 234.974586] Pid: 3211, comm: smbd Tainted: P D 3.0.0-17-generic #30-Ubuntu VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
[ 234.974593] RIP: 0010:[] [] follow_managed+0x35/0x140
[ 234.974600] RSP: 0018:ffff88010b3bbc08 EFLAGS: 00010246
[ 234.974602] RAX: ffff880134356900 RBX: ffff88010b3bbd18 RCX: 0000000000007d91
[ 234.974605] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000005f
[ 234.974608] RBP: ffff88010b3bbc58 R08: ffffffff8117ce8b R09: 0000000000000000
[ 234.974611] R10: 0000000000000000 R11: 000000000000000b R12: ffff880134356900
[ 234.974613] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
[ 234.974617] FS: 00007f42b5693740(0000) GS:ffff88013f240000(0000) knlGS:0000000000000000
[ 234.974620] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 234.974623] CR2: 000000000000005f CR3: 0000000135b1b000 CR4: 00000000000406e0
[ 234.974631] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 234.974637] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 234.974641] Process smbd (pid: 3211, threadinfo ffff88010b3ba000, task ffff880131138000)
[ 234.974643] Stack:
[ 234.974645] 0000000000000001 ffff88010b3bbd40 ffff88010b3bbc58 00ffffff81172f30
[ 234.974651] ffff88010b3bbc58 ffff88010b3bbdc8 ffff88010b3bbd18 000000000000005f
[ 234.974655] 0000000000000001 ffff88010b3bbd40 ffff88010b3bbcd8 ffffffff81175082
[ 234.974660] Call Trace:
[ 234.974667] [] do_lookup+0x122/0x2c0
[ 234.974671] [] path_lookupat+0x11c/0x700
[ 234.974677] [] ? __do_fault+0x439/0x510
[ 234.974681] [] do_path_lookup+0x31/0xc0
[ 234.974685] [] user_path_at_empty+0x59/0xa0
[ 234.974689] [] ? handle_mm_fault+0x1f8/0x350
[ 234.974696] [] ? do_page_fault+0x218/0x530
[ 234.974700] [] user_path_at+0x11/0x20
[ 234.974704] [] vfs_fstatat+0x44/0x70
[ 234.974709] [] ? vfsmount_lock_local_unlock+0x1e/0x30
[ 234.974714] [] ? mntput_no_expire+0x30/0xf0
[ 234.974718] [] vfs_stat+0x1b/0x20
[ 234.974722] [] sys_newstat+0x1a/0x40
[ 234.974726] [] ? mntput_no_expire+0x30/0xf0
[ 234.974731] [] ? page_fault+0x25/0x30
[ 234.974736] [] system_call_fastpath+0x16/0x1b
[ 234.974738] Code: 5d d8 4c 89 65 e0 4c 89 6d e8 4c 89 75 f0 4c 89 7d f8 66 66 66 66 90 4c 8b 27 45 31 ff 48 89 fb 41 89 f5 c6 45 cf 00 48 8b 7b 08 <8b> 07 41 89 c6 41 81 e6 00 00 07 00 75 47 80 7d cf 00 74 05 4c
[ 234.974778] RIP [] follow_managed+0x35/0x140
[ 234.974783] RSP
[ 234.974785] CR2: 000000000000005f
[ 234.974789] ---[ end trace 25454c072c3b1c2a ]---
[ 234.993483] BUG: unable to handle kernel NULL pointer dereference at 000000000000005f
[ 234.993493] IP: [] follow_managed+0x35/0x140
[ 234.993505] PGD 0
[ 234.993509] Oops: 0000 [#16] SMP
[ 234.993514] CPU 2
[ 234.993516] Modules linked in: rfcomm bnep bluetooth snd_atiixp_modem snd_via82xx_modem snd_intel8x0m dm_crypt joydev snd_ens1371 gameport snd_ac97_codec ac97_bus snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device snd soundcore vmw_balloon psmouse serio_raw snd_page_alloc shpchp ppdev parport_pc lp parport zfs(P) zcommon(P) znvpair(P) zavl(P) zunicode(P) spl zlib_deflate raid10 raid456 async_pq async_xor xor async_memcpy async_raid6_recov raid6_pq async_tx raid1 raid0 multipath linear vmw_pvscsi usbhid hid floppy vmxnet3 mptspi mptscsih mptbase scsi_transport_spi [last unloaded: ipmi_msghandler]
[ 234.993572]
[ 234.993576] Pid: 3212, comm: smbd Tainted: P D 3.0.0-17-generic #30-Ubuntu VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
[ 234.993582] RIP: 0010:[] [] follow_managed+0x35/0x140
[ 234.993589] RSP: 0018:ffff880110fe3c08 EFLAGS: 00010246
[ 234.993592] RAX: ffff880134356900 RBX: ffff880110fe3d18 RCX: 0000000000007da4
[ 234.993595] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000005f
[ 234.993598] RBP: ffff880110fe3c58 R08: ffffffff8117ce8b R09: 0000000000000000
[ 234.993600] R10: 0000000000000000 R11: 000000000000000b R12: ffff880134356900
[ 234.993603] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
[ 234.993607] FS: 00007f42b5693740(0000) GS:ffff88013f240000(0000) knlGS:0000000000000000
[ 234.993610] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 234.993613] CR2: 000000000000005f CR3: 000000012f90b000 CR4: 00000000000406e0
[ 234.993622] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 234.993628] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 234.993632] Process smbd (pid: 3212, threadinfo ffff880110fe2000, task ffff88010b334560)
[ 234.993635] Stack:
[ 234.993637] 0000000000000001 ffff880110fe3d40 ffff880110fe3c58 00ffffff81172f30
[ 234.993642] ffff880110fe3c58 ffff880110fe3dc8 ffff880110fe3d18 000000000000005f
[ 234.993646] 0000000000000001 ffff880110fe3d40 ffff880110fe3cd8 ffffffff81175082
[ 234.993651] Call Trace:
[ 234.993658] [] do_lookup+0x122/0x2c0
[ 234.993662] [] path_lookupat+0x11c/0x700
[ 234.993667] [] ? __do_fault+0x439/0x510
[ 234.993672] [] do_path_lookup+0x31/0xc0
[ 234.993676] [] user_path_at_empty+0x59/0xa0
[ 234.993680] [] ? handle_mm_fault+0x1f8/0x350
[ 234.993688] [] ? do_page_fault+0x218/0x530
[ 234.993691] [] user_path_at+0x11/0x20
[ 234.993696] [] vfs_fstatat+0x44/0x70
[ 234.993701] [] ? vfsmount_lock_local_unlock+0x1e/0x30
[ 234.993705] [] ? mntput_no_expire+0x30/0xf0
[ 234.993709] [] vfs_stat+0x1b/0x20
[ 234.993713] [] sys_newstat+0x1a/0x40
[ 234.993718] [] ? mntput_no_expire+0x30/0xf0
[ 234.993722] [] ? page_fault+0x25/0x30
[ 234.993728] [] system_call_fastpath+0x16/0x1b
[ 234.993730] Code: 5d d8 4c 89 65 e0 4c 89 6d e8 4c 89 75 f0 4c 89 7d f8 66 66 66 66 90 4c 8b 27 45 31 ff 48 89 fb 41 89 f5 c6 45 cf 00 48 8b 7b 08 <8b> 07 41 89 c6 41 81 e6 00 00 07 00 75 47 80 7d cf 00 74 05 4c
[ 234.993770] RIP [] follow_managed+0x35/0x140
[ 234.993775] RSP
[ 234.993777] CR2: 000000000000005f
[ 234.993781] ---[ end trace 25454c072c3b1c2b ]---
[ 235.048416] BUG: unable to handle kernel NULL pointer dereference at 000000000000005f
[ 235.048421] IP: [] follow_managed+0x35/0x140
[ 235.048429] PGD 0
[ 235.048431] Oops: 0000 [#17] SMP
[ 235.048434] CPU 2
[ 235.048435] Modules linked in: rfcomm bnep bluetooth snd_atiixp_modem snd_via82xx_modem snd_intel8x0m dm_crypt joydev snd_ens1371 gameport snd_ac97_codec ac97_bus snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device snd soundcore vmw_balloon psmouse serio_raw snd_page_alloc shpchp ppdev parport_pc lp parport zfs(P) zcommon(P) znvpair(P) zavl(P) zunicode(P) spl zlib_deflate raid10 raid456 async_pq async_xor xor async_memcpy async_raid6_recov raid6_pq async_tx raid1 raid0 multipath linear vmw_pvscsi usbhid hid floppy vmxnet3 mptspi mptscsih mptbase scsi_transport_spi [last unloaded: ipmi_msghandler]
[ 235.048466]
[ 235.048468] Pid: 3213, comm: smbd Tainted: P D 3.0.0-17-generic #30-Ubuntu VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
[ 235.048471] RIP: 0010:[] [] follow_managed+0x35/0x140
[ 235.048475] RSP: 0018:ffff880133877c08 EFLAGS: 00010246
[ 235.048476] RAX: ffff880134356900 RBX: ffff880133877d18 RCX: 0000000000007db6
[ 235.048477] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000005f
[ 235.048479] RBP: ffff880133877c58 R08: ffffffff8117ce8b R09: 0000000000000000
[ 235.048480] R10: 0000000000000000 R11: 000000000000000b R12: ffff880134356900
[ 235.048482] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
[ 235.048483] FS: 00007f42b5693740(0000) GS:ffff88013f240000(0000) knlGS:0000000000000000
[ 235.048485] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 235.048486] CR2: 000000000000005f CR3: 0000000138bcd000 CR4: 00000000000406e0
[ 235.048491] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 235.048494] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 235.048496] Process smbd (pid: 3213, threadinfo ffff880133876000, task ffff880130f98000)
[ 235.048497] Stack:
[ 235.048498] 0000000000000001 ffff880133877d40 ffff880133877c58 00ffffff81172f30
[ 235.048501] ffff880133877c58 ffff880133877dc8 ffff880133877d18 000000000000005f
[ 235.048503] 0000000000000001 ffff880133877d40 ffff880133877cd8 ffffffff81175082
[ 235.048506] Call Trace:
[ 235.048510] [] do_lookup+0x122/0x2c0
[ 235.048512] [] path_lookupat+0x11c/0x700
[ 235.048515] [] ? __do_fault+0x439/0x510
[ 235.048517] [] do_path_lookup+0x31/0xc0
[ 235.048519] [] user_path_at_empty+0x59/0xa0
[ 235.048522] [] ? handle_mm_fault+0x1f8/0x350
[ 235.048526] [] ? do_page_fault+0x218/0x530
[ 235.048528] [] user_path_at+0x11/0x20
[ 235.048530] [] vfs_fstatat+0x44/0x70
[ 235.048533] [] ? vfsmount_lock_local_unlock+0x1e/0x30
[ 235.048536] [] ? mntput_no_expire+0x30/0xf0
[ 235.048538] [] vfs_stat+0x1b/0x20
[ 235.048540] [] sys_newstat+0x1a/0x40
[ 235.048542] [] ? mntput_no_expire+0x30/0xf0
[ 235.048544] [] ? page_fault+0x25/0x30
[ 235.048548] [] system_call_fastpath+0x16/0x1b
[ 235.048549] Code: 5d d8 4c 89 65 e0 4c 89 6d e8 4c 89 75 f0 4c 89 7d f8 66 66 66 66 90 4c 8b 27 45 31 ff 48 89 fb 41 89 f5 c6 45 cf 00 48 8b 7b 08 <8b> 07 41 89 c6 41 81 e6 00 00 07 00 75 47 80 7d cf 00 74 05 4c
[ 235.048569] RIP [] follow_managed+0x35/0x140
[ 235.048572] RSP
[ 235.048573] CR2: 000000000000005f
[ 235.048575] ---[ end trace 25454c072c3b1c2c ]---
[ 235.066613] BUG: unable to handle kernel NULL pointer dereference at 000000000000005f
[ 235.066618] IP: [] follow_managed+0x35/0x140
[ 235.066626] PGD 0
[ 235.066628] Oops: 0000 [#18] SMP
[ 235.066631] CPU 2
[ 235.066631] Modules linked in: rfcomm bnep bluetooth snd_atiixp_modem snd_via82xx_modem snd_intel8x0m dm_crypt joydev snd_ens1371 gameport snd_ac97_codec ac97_bus snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device snd soundcore vmw_balloon psmouse serio_raw snd_page_alloc shpchp ppdev parport_pc lp parport zfs(P) zcommon(P) znvpair(P) zavl(P) zunicode(P) spl zlib_deflate raid10 raid456 async_pq async_xor xor async_memcpy async_raid6_recov raid6_pq async_tx raid1 raid0 multipath linear vmw_pvscsi usbhid hid floppy vmxnet3 mptspi mptscsih mptbase scsi_transport_spi [last unloaded: ipmi_msghandler]
[ 235.066661]
[ 235.066663] Pid: 3214, comm: smbd Tainted: P D 3.0.0-17-generic #30-Ubuntu VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
[ 235.066667] RIP: 0010:[] [] follow_managed+0x35/0x140
[ 235.066670] RSP: 0018:ffff880110fe3c08 EFLAGS: 00010246
[ 235.066672] RAX: ffff880134356900 RBX: ffff880110fe3d18 RCX: 0000000000007dcb
[ 235.066673] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000005f
[ 235.066674] RBP: ffff880110fe3c58 R08: ffffffff8117ce8b R09: 0000000000000000
[ 235.066676] R10: 0000000000000000 R11: 000000000000000b R12: ffff880134356900
[ 235.066677] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
[ 235.066679] FS: 00007f42b5693740(0000) GS:ffff88013f240000(0000) knlGS:0000000000000000
[ 235.066680] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 235.066682] CR2: 000000000000005f CR3: 0000000110f7c000 CR4: 00000000000406e0
[ 235.066686] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 235.066689] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 235.066691] Process smbd (pid: 3214, threadinfo ffff880110fe2000, task ffff8801318bdc80)
[ 235.066692] Stack:
[ 235.066693] 0000000000000001 ffff880110fe3d40 ffff880110fe3c58 00ffffff81172f30
[ 235.066696] ffff880110fe3c58 ffff880110fe3dc8 ffff880110fe3d18 000000000000005f
[ 235.066698] 0000000000000001 ffff880110fe3d40 ffff880110fe3cd8 ffffffff81175082
[ 235.066701] Call Trace:
[ 235.066705] [] do_lookup+0x122/0x2c0
[ 235.066707] [] path_lookupat+0x11c/0x700
[ 235.066710] [] ? __do_fault+0x439/0x510
[ 235.066712] [] do_path_lookup+0x31/0xc0
[ 235.066715] [] user_path_at_empty+0x59/0xa0
[ 235.066717] [] ? handle_mm_fault+0x1f8/0x350
[ 235.066722] [] ? do_page_fault+0x218/0x530
[ 235.066723] [] user_path_at+0x11/0x20
[ 235.066726] [] vfs_fstatat+0x44/0x70
[ 235.066729] [] ? vfsmount_lock_local_unlock+0x1e/0x30
[ 235.066731] [] ? mntput_no_expire+0x30/0xf0
[ 235.066733] [] vfs_stat+0x1b/0x20
[ 235.066735] [] sys_newstat+0x1a/0x40
[ 235.066737] [] ? mntput_no_expire+0x30/0xf0
[ 235.066739] [] ? page_fault+0x25/0x30
[ 235.066742] [] system_call_fastpath+0x16/0x1b
[ 235.066743] Code: 5d d8 4c 89 65 e0 4c 89 6d e8 4c 89 75 f0 4c 89 7d f8 66 66 66 66 90 4c 8b 27 45 31 ff 48 89 fb 41 89 f5 c6 45 cf 00 48 8b 7b 08 <8b> 07 41 89 c6 41 81 e6 00 00 07 00 75 47 80 7d cf 00 74 05 4c
[ 235.066764] RIP [] follow_managed+0x35/0x140
[ 235.066766] RSP
[ 235.066767] CR2: 000000000000005f
[ 235.066769] ---[ end trace 25454c072c3b1c2d ]---
[ 235.084191] BUG: unable to handle kernel NULL pointer dereference at 000000000000005f
[ 235.084196] IP: [] follow_managed+0x35/0x140
[ 235.084204] PGD 0
[ 235.084206] Oops: 0000 [#19] SMP
[ 235.084209] CPU 2
[ 235.084210] Modules linked in: rfcomm bnep bluetooth snd_atiixp_modem snd_via82xx_modem snd_intel8x0m dm_crypt joydev snd_ens1371 gameport snd_ac97_codec ac97_bus snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device snd soundcore vmw_balloon psmouse serio_raw snd_page_alloc shpchp ppdev parport_pc lp parport zfs(P) zcommon(P) znvpair(P) zavl(P) zunicode(P) spl zlib_deflate raid10 raid456 async_pq async_xor xor async_memcpy async_raid6_recov raid6_pq async_tx raid1 raid0 multipath linear vmw_pvscsi usbhid hid floppy vmxnet3 mptspi mptscsih mptbase scsi_transport_spi [last unloaded: ipmi_msghandler]
[ 235.084239]
[ 235.084241] Pid: 3215, comm: smbd Tainted: P D 3.0.0-17-generic #30-Ubuntu VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
[ 235.084245] RIP: 0010:[] [] follow_managed+0x35/0x140
[ 235.084248] RSP: 0018:ffff880110f75c08 EFLAGS: 00010246
[ 235.084250] RAX: ffff880134356900 RBX: ffff880110f75d18 RCX: 0000000000007ddc
[ 235.084251] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000005f
[ 235.084252] RBP: ffff880110f75c58 R08: ffffffff8117ce8b R09: 0000000000000000
[ 235.084254] R10: 0000000000000000 R11: 000000000000000b R12: ffff880134356900
[ 235.084255] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
[ 235.084257] FS: 00007f42b5693740(0000) GS:ffff88013f240000(0000) knlGS:0000000000000000
[ 235.084258] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 235.084260] CR2: 000000000000005f CR3: 0000000112ff6000 CR4: 00000000000406e0
[ 235.084264] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 235.084268] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 235.084270] Process smbd (pid: 3215, threadinfo ffff880110f74000, task ffff88013119ae40)
[ 235.084271] Stack:
[ 235.084272] 0000000000000001 ffff880110f75d40 ffff880110f75c58 00ffffff81172f30
[ 235.084275] ffff880110f75c58 ffff880110f75dc8 ffff880110f75d18 000000000000005f
[ 235.084277] 0000000000000001 ffff880110f75d40 ffff880110f75cd8 ffffffff81175082
[ 235.084279] Call Trace:
[ 235.084284] [] do_lookup+0x122/0x2c0
[ 235.084286] [] path_lookupat+0x11c/0x700
[ 235.084289] [] ? __do_fault+0x439/0x510
[ 235.084291] [] do_path_lookup+0x31/0xc0
[ 235.084294] [] user_path_at_empty+0x59/0xa0
[ 235.084296] [] ? handle_mm_fault+0x1f8/0x350
[ 235.084300] [] ? do_page_fault+0x218/0x530
[ 235.084302] [] user_path_at+0x11/0x20
[ 235.084304] [] vfs_fstatat+0x44/0x70
[ 235.084307] [] ? vfsmount_lock_local_unlock+0x1e/0x30
[ 235.084310] [] ? mntput_no_expire+0x30/0xf0
[ 235.084312] [] vfs_stat+0x1b/0x20
[ 235.084314] [] sys_newstat+0x1a/0x40
[ 235.084315] [] ? mntput_no_expire+0x30/0xf0
[ 235.084318] [] ? page_fault+0x25/0x30
[ 235.084321] [] system_call_fastpath+0x16/0x1b
[ 235.084322] Code: 5d d8 4c 89 65 e0 4c 89 6d e8 4c 89 75 f0 4c 89 7d f8 66 66 66 66 90 4c 8b 27 45 31 ff 48 89 fb 41 89 f5 c6 45 cf 00 48 8b 7b 08 <8b> 07 41 89 c6 41 81 e6 00 00 07 00 75 47 80 7d cf 00 74 05 4c
[ 235.084342] RIP [] follow_managed+0x35/0x140
[ 235.084345] RSP
[ 235.084346] CR2: 000000000000005f
[ 235.084348] ---[ end trace 25454c072c3b1c2e ]---
[ 235.104542] BUG: unable to handle kernel NULL pointer dereference at 000000000000005f
[ 235.104547] IP: [] follow_managed+0x35/0x140
[ 235.104554] PGD 0
[ 235.104556] Oops: 0000 [#20] SMP
[ 235.104558] CPU 2
[ 235.104559] Modules linked in: rfcomm bnep bluetooth snd_atiixp_modem snd_via82xx_modem snd_intel8x0m dm_crypt joydev snd_ens1371 gameport snd_ac97_codec ac97_bus snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device snd soundcore vmw_balloon psmouse serio_raw snd_page_alloc shpchp ppdev parport_pc lp parport zfs(P) zcommon(P) znvpair(P) zavl(P) zunicode(P) spl zlib_deflate raid10 raid456 async_pq async_xor xor async_memcpy async_raid6_recov raid6_pq async_tx raid1 raid0 multipath linear vmw_pvscsi usbhid hid floppy vmxnet3 mptspi mptscsih mptbase scsi_transport_spi [last unloaded: ipmi_msghandler]
[ 235.104588]
[ 235.104590] Pid: 3216, comm: smbd Tainted: P D 3.0.0-17-generic #30-Ubuntu VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
[ 235.104593] RIP: 0010:[] [] follow_managed+0x35/0x140
[ 235.104597] RSP: 0018:ffff880133877c08 EFLAGS: 00010246
[ 235.104598] RAX: ffff880134356900 RBX: ffff880133877d18 RCX: 0000000000007df4
[ 235.104600] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000005f
[ 235.104601] RBP: ffff880133877c58 R08: ffffffff8117ce8b R09: 0000000000000000
[ 235.104602] R10: 0000000000000000 R11: 000000000000000b R12: ffff880134356900
[ 235.104604] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
[ 235.104606] FS: 00007f42b5693740(0000) GS:ffff88013f240000(0000) knlGS:0000000000000000
[ 235.104607] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 235.104609] CR2: 000000000000005f CR3: 0000000135f99000 CR4: 00000000000406e0
[ 235.104613] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 235.104616] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 235.104618] Process smbd (pid: 3216, threadinfo ffff880133876000, task ffff8800b35f8000)
[ 235.104619] Stack:
[ 235.104621] 0000000000000001 ffff880133877d40 ffff880133877c58 00ffffff81172f30
[ 235.104623] ffff880133877c58 ffff880133877dc8 ffff880133877d18 000000000000005f
[ 235.104625] 0000000000000001 ffff880133877d40 ffff880133877cd8 ffffffff81175082
[ 235.104628] Call Trace:
[ 235.104632] [] do_lookup+0x122/0x2c0
[ 235.104634] [] path_lookupat+0x11c/0x700
[ 235.104637] [] ? __do_fault+0x439/0x510
[ 235.104639] [] do_path_lookup+0x31/0xc0
[ 235.104641] [] user_path_at_empty+0x59/0xa0
[ 235.104643] [] ? handle_mm_fault+0x1f8/0x350
[ 235.104647] [] ? do_page_fault+0x218/0x530
[ 235.104649] [] user_path_at+0x11/0x20
[ 235.104651] [] vfs_fstatat+0x44/0x70
[ 235.104654] [] ? vfsmount_lock_local_unlock+0x1e/0x30
[ 235.104657] [] ? mntput_no_expire+0x30/0xf0
[ 235.104659] [] vfs_stat+0x1b/0x20
[ 235.104661] [] sys_newstat+0x1a/0x40
[ 235.104662] [] ? mntput_no_expire+0x30/0xf0
[ 235.104665] [] ? page_fault+0x25/0x30
[ 235.104668] [] system_call_fastpath+0x16/0x1b
[ 235.104669] Code: 5d d8 4c 89 65 e0 4c 89 6d e8 4c 89 75 f0 4c 89 7d f8 66 66 66 66 90 4c 8b 27 45 31 ff 48 89 fb 41 89 f5 c6 45 cf 00 48 8b 7b 08 <8b> 07 41 89 c6 41 81 e6 00 00 07 00 75 47 80 7d cf 00 74 05 4c
[ 235.104689] RIP [] follow_managed+0x35/0x140
[ 235.104692] RSP
[ 235.104693] CR2: 000000000000005f
[ 235.104695] ---[ end trace 25454c072c3b1c2f ]---

@behlendorf
Owner

Are you only hitting this issue when using smbd? Or are you also able to hit it simply by manually traversing in to the directories from the shell?

@pyavdr

I tried to access/traverse the .zfs directories locally from the shell, no problems at all. Access from another linux with smbd works too. Only access from windows causes smbd to fail. Maybe windows is trying to write to .zfs or reading some attributes?

@pyavdr

I updated my Opensuse 12.1 to kernel 3.3.0-1 and samba version 3.6.3. New make for spl and zfs .56-rc8. Same problem when accessing the .zfs directory from windows. Smbd fails wih NULL deref.

[ 1553.415448] BUG: unable to handle kernel NULL pointer dereference at 000000000000005f
[ 1553.415452] IP: [] follow_managed+0x33/0x160
[ 1553.415458] PGD 0
[ 1553.415460] Oops: 0000 [#35] SMP
[ 1553.415462] CPU 0
[ 1553.415463] Modules linked in: zfs(PO) zcommon(PO) znvpair(PO) zavl(PO) zunicode(PO) spl(O) zlib_deflate crc32c_intel fuse acpiphp mperf joydev snd_ens1371 gameport snd_rawmidi snd_seq_device snd_ac97_codec ac97_bus snd_pcm snd_timer snd soundcore snd_page_alloc sr_mod sg ppdev cdrom floppy mptctl parport_pc parport pcspkr shpchp pci_hotplug container button e1000 i2c_piix4 vmw_balloon ac autofs4 usbhid uhci_hcd ehci_hcd usbcore usb_common processor thermal_sys ata_generic mptspi mptscsih mptbase scsi_transport_spi vmw_pvscsi vmxnet3
[ 1553.415486]
[ 1553.415487] Pid: 13888, comm: smbd Tainted: P D O 3.3.0-1-vanilla #1 VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
[ 1553.415490] RIP: 0010:[] [] follow_managed+0x33/0x160
[ 1553.415493] RSP: 0018:ffff88025d1f9c18 EFLAGS: 00010286
[ 1553.415494] RAX: ffff88031ab153a0 RBX: ffff88025d1f9d28 RCX: 00000000008f008e
[ 1553.415495] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000005f
[ 1553.415497] RBP: ffff88025d1f9c68 R08: 0000000000000000 R09: 0000000000000000
[ 1553.415498] R10: 00000000c49fdc4f R11: ffff88025d1f9d38 R12: ffff88031ab153a0
[ 1553.415499] R13: ffff88025d1f9c37 R14: 0000000000000001 R15: 000000000000005f
[ 1553.415501] FS: 00007f5ca38dd7c0(0000) GS:ffff88032d200000(0000) knlGS:0000000000000000
[ 1553.415502] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1553.415503] CR2: 000000000000005f CR3: 0000000262afc000 CR4: 00000000000406f0
[ 1553.415507] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1553.415510] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1553.415511] Process smbd (pid: 13888, threadinfo ffff88025d1f8000, task ffff880263986280)
[ 1553.415512] Stack:
[ 1553.415513] ffff88025d1f9dc8 ffff88031bb2ce00 ffff88025d1f9c68 00ffffff81160f3b
[ 1553.415516] ffff88025d1f9c68 ffff88025d1f9d28 ffff88025d1f9dc8 ffff88025d1f9d38
[ 1553.415518] ffff88031bb2ce00 000000000000005f ffff88025d1f9ce8 ffffffff811630cc
[ 1553.415521] Call Trace:
[ 1553.415523] [] do_lookup+0x1ac/0x3a0
[ 1553.415526] [] path_lookupat+0x134/0x700
[ 1553.415529] [] ? strncpy_from_user+0x2d/0x40
[ 1553.415532] [] do_path_lookup+0x2c/0xc0
[ 1553.415534] [] ? path_lookupat+0x66/0x700
[ 1553.415536] [] user_path_at_empty+0x54/0xa0
[ 1553.415539] [] ? handle_mm_fault+0x1d2/0x320
[ 1553.415542] [] ? do_page_fault+0x1cc/0x4d0
[ 1553.415545] [] user_path_at+0xc/0x10
[ 1553.415546] [] vfs_fstatat+0x3f/0x80
[ 1553.415549] [] ? mntput_no_expire+0x32/0x150
[ 1553.415551] [] vfs_stat+0x16/0x20
[ 1553.415552] [] sys_newstat+0x1f/0x40
[ 1553.415554] [] ? mntput+0x1c/0x30
[ 1553.415556] [] ? page_fault+0x1f/0x30
[ 1553.415558] [] system_call_fastpath+0x16/0x1b
[ 1553.415559] Code: ec 50 48 89 5d d8 4c 89 6d e8 4c 8d 6d cf 4c 89 75 f0 4c 89 65 e0 48 89 fb 4c 89 7d f8 4c 8b 27 41 89 f6 c6 45 cf 00 48 8b 7b 08 <8b> 07 41 89 c7 41 81 e7 00 00 07 00 75 47 80 7d cf 00 74 05 4c
[ 1553.415576] RIP [] follow_managed+0x33/0x160
[ 1553.415578] RSP
[ 1553.415579] CR2: 000000000000005f
[ 1553.415581] ---[ end trace 87fd1267227464e7 ]---

@pyavdr

Finally traversing the directory tree with find shows a problem:

find / -name test.txt
find: WARNING: Hard link count is wrong for `/stor1/.zfs/snapshot' (saw only st_nlink=2 but we already saw 0 subdirectories): this may be a bug in your file system driver. Automatically turning on find's -noleaf option. Earlier results may have failed to include directories that should have been searched.

@behlendorf
Owner

Thanks for following up with additional detail. It's surprising that only a windows client hits the first issue since smbd is just a userspace process like everything else. It must be doing something slightly different.

The second problem with find is an unrelated issue we'll need to fix as well.

@pyavdr

Im sure you know, within Solaris ZFS and samba, Windows can access shares and the snapshots via "recent versions" in windows explorer. This needs some lines of code for samba, which has been written some time ago (for samba 3.4.3) , but i cant adapt it for the current samba version 3.6.3. The access to the .zfs directory via samba & windows is a useful workaround and makes life easier. I hope you guys can solve this issue. Maybe there is someone which can adapt the samba-zfs patches (see the links) for the current samba version and the integration into ZOL. Issue #621 is maybe a good starting point. This will be a huge advantage for ZOL on Linux Servers and the huge community of Windows users.

http://www.edplese.com/blog/2009/12/02/samba-shadow_copy2-enhancements/
http://www.edplese.com/samba-with-zfs.html

@FransUrbo
Collaborator

Well, #621 doesn't touch samba at all. It only uses the 'net' command to add/delete shares, nothing else. So I fail to see that that could solve the problem.

@craig-sanders

Dunno if it's the same problem or not, but I was getting a similar NULL deref issues during rsync backups of my zfs /export filesystem. rsync died so the backup didn't complete.

I figured out how to avoid triggering the bug by excluding .zfs from rsync (on both src and dest) as described here: http://blog.taz.net.au/2012/04/01/rsync-and-zfs-snapshot-directories/ (which is what i want to do anyway, bug or no bug)

system is running debian sid, kernel package linux-image-3.2.0-2-amd64 , zfs ubuntu-ppa 0.6.0.55 (recompiled for debian), linux 3.2.

Apr  1 09:39:08 ganesh kernel: [593708.881748] BUG: unable to handle kernel NULL pointer dereference at 000000000000005f
Apr  1 09:39:08 ganesh kernel: [593708.881763] IP: [] follow_managed+0x19a/0x1fb
Apr  1 09:39:08 ganesh kernel: [593708.881779] PGD 24c2a2067 PUD 23d86f067 PMD 0
Apr  1 09:39:08 ganesh kernel: [593708.881790] Oops: 0000 [#9] SMP
Apr  1 09:39:08 ganesh kernel: [593708.881797] CPU 5
Apr  1 09:39:08 ganesh kernel: [593708.881801] Modules linked in: nfnetlink_log ipt_MASQUERADE xt_CHECKSUM iptable_mangle nf_conntrack_netlink nfnetlink xt_comment xt_pkttype xt_recent ipt_REDIRECT xt_tcpudp xt_multiport xt_state ipt_REJECT ipt_LOG iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack ip6table_filter ip6_tables iptable_filter ip_tables ebtable_nat ebtables sch_sfq cls_u32 sch_cbq pppoe pppox ppp_generic slhc ipt_ULOG powernow_k8 mperf cpufreq_stats cpufreq_userspace cpufreq_powersave cpufreq_conservative parport_pc ppdev lp parport bnep rfcomm bluetooth binfmt_misc uinput deflate ctr twofish_generic twofish_x86_64_3way twofish_x86_64 twofish_common camellia serpent blowfish_generic blowfish_x86_64 blowfish_common cast5 des_generic cbc cryptd aes_x86_64 aes_generic xcbc rmd160 sha512_generic sha256_generic sha1_generic hmac crypto_null af_key fuse nfsd nfs nfs_acl auth_rpcgss fscache lockd sunrpc bridge stp ext4 crc16 jbd2 mbcache virtio_balloon virtio_pci virtio_ring virtio it87 hwmon
Apr  1 09:39:08 ganesh kernel: _vid snd_usb_audio snd_usbmidi_lib xt_mac x_tables tun kvm_amd kvm snd_hda_codec_hdmi zfs(P) zunicode(P) zavl(P) zcommon(P) znvpair(P) spl(O) mt2060 ir_lirc_codec lirc_dev ir_mce_kbd_decoder snd_hda_codec_realtek ir_sony_decoder ir_jvc_decoder ir_rc6_decoder ir_rc5_decoder dvb_usb_dib0700 dib8000 dib7000m dib0090 dib0070 dib7000p dib3000mc dibx000_common dvb_usb ir_nec_decoder snd_hda_intel dvb_core rc_core snd_pcm_oss snd_hda_codec snd_mixer_oss snd_hwdep snd_seq_midi snd_pcm snd_seq_midi_event snd_page_alloc snd_rawmidi joydev snd_seq snd_seq_device snd_timer snd eeepc_wmi psmouse asus_wmi sp5100_tco sparse_keymap rfkill i2c_piix4 evdev serio_raw soundcore pcspkr k10temp mxm_wmi edac_mce_amd edac_core wmi button processor xfs btrfs crc32c libcrc32c zlib_deflate dm_mod thermal fan thermal_sys raid456 async_raid6_recov async_memcpy async_pq async_xor xor async_tx raid6_pq raid1 md_mod sata_mv usbhid hid usb_storage uas sd_mod crc_t10dif nvidia(P) uhci_hcd ohci_hcd firewire_ohci firewi
Apr  1 09:39:08 ganesh kernel: re_core crc_itu_t r8169 mii ahci libahci ehci_hcd mpt2sas raid_class scsi_transport_sas libata xhci_hcd i2c_core usbcore scsi_mod usb_common [last unloaded: scsi_wait_scan]
Apr  1 09:39:08 ganesh kernel: [593708.882133]
Apr  1 09:39:08 ganesh kernel: [593708.882139] Pid: 30254, comm: rsync Tainted: P      D    O 3.2.0-2-amd64 #1 To be filled by O.E.M. To be filled by O.E.M./SABERTOOTH 990FX
Apr  1 09:39:08 ganesh kernel: [593708.882154] RIP: 0010:[]  [] follow_managed+0x19a/0x1fb
Apr  1 09:39:08 ganesh kernel: [593708.882166] RSP: 0018:ffff880186923ca8  EFLAGS: 00010292
Apr  1 09:39:08 ganesh kernel: [593708.882172] RAX: 0000000000000100 RBX: ffff880186923e00 RCX: 0000000000160015
Apr  1 09:39:08 ganesh kernel: [593708.882179] RDX: 0000000000000000 RSI: 0000000000000101 RDI: 000000000000005f
Apr  1 09:39:08 ganesh kernel: [593708.882186] RBP: ffff880186923e00 R08: ffff88030ce312c0 R09: 0000000000000000
Apr  1 09:39:08 ganesh kernel: [593708.882193] R10: ffff8803e8eb2880 R11: ffff8803e8eb2880 R12: 0000000000000000
Apr  1 09:39:08 ganesh kernel: [593708.882200] R13: ffff88018af9d160 R14: ffff88041aee12c0 R15: 0000000000000000
Apr  1 09:39:08 ganesh kernel: [593708.882209] FS:  00007ffff7fb2700(0000) GS:ffff88042fd40000(0000) knlGS:00000000f7ca4b70
Apr  1 09:39:08 ganesh kernel: [593708.882216] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Apr  1 09:39:08 ganesh kernel: [593708.882222] CR2: 000000000000005f CR3: 000000017b072000 CR4: 00000000000006e0
Apr  1 09:39:08 ganesh kernel: [593708.882230] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Apr  1 09:39:08 ganesh kernel: [593708.882237] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Apr  1 09:39:08 ganesh kernel: [593708.882245] Process rsync (pid: 30254, threadinfo ffff880186922000, task ffff88018af9d160)
Apr  1 09:39:08 ganesh kernel: [593708.882251] Stack:
Apr  1 09:39:08 ganesh kernel: [593708.882255]  ffff8802fd969480 ffffffff811090d3 ffff88030ce312c0 000001000000005f
Apr  1 09:39:08 ganesh kernel: [593708.882268]  000000000000005f ffff880186923e68 ffff880186923e00 ffff880186923e78
Apr  1 09:39:08 ganesh kernel: [593708.882279]  ffff8802fd969480 ffff88041aee12c0 000000000000005f ffffffff81101dc8
Apr  1 09:39:08 ganesh kernel: [593708.882290] Call Trace:
Apr  1 09:39:08 ganesh kernel: [593708.882301]  [] ? dput+0x27/0xee
Apr  1 09:39:08 ganesh kernel: [593708.882310]  [] ? walk_component+0x2d4/0x406
Apr  1 09:39:08 ganesh kernel: [593708.882320]  [] ? do_last+0x108/0x58d
Apr  1 09:39:08 ganesh kernel: [593708.882329]  [] ? path_openat+0xce/0x32a
Apr  1 09:39:08 ganesh kernel: [593708.882352]  [] ? tsd_hash_search+0x78/0x146 [spl]
Apr  1 09:39:08 ganesh kernel: [593708.882362]  [] ? do_filp_open+0x2a/0x6e
Apr  1 09:39:08 ganesh kernel: [593708.882372]  [] ? _cond_resched+0x7/0x1c
Apr  1 09:39:08 ganesh kernel: [593708.882382]  [] ? __strncpy_from_user+0x18/0x48
Apr  1 09:39:08 ganesh kernel: [593708.882391]  [] ? alloc_fd+0x64/0x109
Apr  1 09:39:08 ganesh kernel: [593708.882400]  [] ? do_sys_open+0x5e/0xe5
Apr  1 09:39:08 ganesh kernel: [593708.882409]  [] ? system_call_fastpath+0x16/0x1b
Apr  1 09:39:08 ganesh kernel: [593708.882415] Code: f0 89 c2 74 6e 85 c0 75 1a 48 89 df e8 68 fd ff ff 48 89 2b 48 8b 7d 20 e8 c3 fa ff ff 48 89 43 08 eb 50 85 d2 78 14 48 8b 7b 08 <8b> 07 89 c5 81 e5 00 00 07 00 0f 85 8f fe ff ff 45 84 e4 74 15

Apr  1 09:39:08 ganesh kernel: [593708.882489] RIP  [] follow_managed+0x19a/0x1fb
Apr  1 09:39:08 ganesh kernel: [593708.882498]  RSP 
Apr  1 09:39:08 ganesh kernel: [593708.882502] CR2: 000000000000005f
Apr  1 09:39:08 ganesh kernel: [593708.882508] ---[ end trace c8e4fc1a7428f71a ]---
@behlendorf
Owner

It sure does look similar. A slightly different call path but probably the same issue.

As an aside, you can set the .zfs directory to be hidden so things like rsync won't try and traverse in to it. It just won't appear in the directory list but you can still always manually change in to that directory.

 zfs set snapdir=hidden tank/fish
@craig-sanders

thanks for the tip. i should have remembered that. i've added it to my blog page.

@rlaager

I'm seeing the same thing in my VM when I use bash completion of a snapshot directory from a level up.

@behlendorf
Owner

@rlaager If your able to consistently reproduce this can you post in the exact command. If I could reproduce it that would help me considerably debugging it.

@rlaager

@behlendorf: zfs snapshot rpool/srv@test; cd /srv/.zfs/snapshot; cd test

It seems that any access to the snapshot filesystem leads to the BUG dump. But it's only the first access to the snapshot filesystem that causes this.

@ryanolf

I am seeing the same smbd NULL deference bug accessing from Windows XP to kernel 3.5.2 machine running Samba 3.6.6 with the rc10 release of ZOL.

[43774.232852] BUG: unable to handle kernel NULL pointer dereference at 000000000000005f
[43774.235057] IP: [<ffffffff8118d899>] follow_managed+0x49/0x2d0
[43774.236321] PGD 0 
[43774.237431] Oops: 0000 [#1] SMP 
[43774.238532] CPU 2 
[43774.238545] Modules linked in: bnep rfcomm bluetooth parport_pc ppdev snd_hda_codec_hdmi snd_hda_codec_realtek zfs(PO) zcommon(PO) znvpair(PO) zavl(PO) zunicode(PO) spl(O) snd_hda_intel snd_hda_codec i915 coretemp snd_hwdep drm_kms_helper snd_pcm kvm_intel kvm drm snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer ghash_clmulni_intel snd_seq_device zlib_deflate i2c_algo_bit cryptd psmouse snd serio_raw lpc_ich dcdbas mei soundcore snd_page_alloc microcode video mac_hid lp parport raid10 raid456 async_pq async_xor xor async_memcpy async_raid6_recov raid6_pq async_tx raid0 multipath linear uas usb_storage hid_generic usbhid hid raid1 e1000e pata_marvell rr62x(PO)
[43774.246455] 
[43774.247836] Pid: 23672, comm: smbd Tainted: P           O 3.5.2-zfs #1 Dell Inc. Precision T1650/0X9M3X
[43774.249303] RIP: 0010:[<ffffffff8118d899>]  [<ffffffff8118d899>] follow_managed+0x49/0x2d0
[43774.250820] RSP: 0018:ffff88016c561c48  EFLAGS: 00010246
[43774.253260] RAX: ffff88021010a720 RBX: 0000000000000000 RCX: 0000000000000000
[43774.255260] RDX: ffff880211284500 RSI: 0000000000000001 RDI: 000000000000005f
[43774.256764] RBP: ffff88016c561c98 R08: 0000000000000000 R09: ffff88021e3170b0
[43774.258288] R10: ffffffff811970bb R11: ffffff96ff969196 R12: ffff88016c561d28
[43774.259827] R13: 0000000000000000 R14: 000000000000005f R15: ffff88021010a720
[43774.261404] FS:  00007f2a2eec2740(0000) GS:ffff88021e300000(0000) knlGS:0000000000000000
[43774.262978] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[43774.264564] CR2: 000000000000005f CR3: 0000000205a43000 CR4: 00000000000407e0
[43774.266131] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[43774.267707] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[43774.269287] Process smbd (pid: 23672, threadinfo ffff88016c560000, task ffff880211284500)
[43774.270910] Stack:
[43774.272531]  ffff88016c561dd8 ffff88016c561dc8 ffff88016c561c98 ffffffff8118d132
[43774.274220]  ffff88016c561cd8 ffff88016c561dc8 ffff88016c561d28 ffff880060cc2e40
[43774.275913]  000000000000005f 00007f2a3170e960 ffff88016c561cd8 ffffffff8167a68e
[43774.277621] Call Trace:
[43774.279331]  [<ffffffff8118d132>] ? __lookup_hash+0x72/0x120
[43774.281092]  [<ffffffff8167a68e>] lookup_slow+0x7d/0xab
[43774.282844]  [<ffffffff81191718>] path_lookupat+0x6f8/0x720
[43774.284637]  [<ffffffff8155e0b2>] ? sock_aio_read.part.8+0x142/0x170
[43774.286422]  [<ffffffff8116e681>] ? kmem_cache_alloc+0x31/0x130
[43774.288199]  [<ffffffff81191771>] do_path_lookup+0x31/0xc0
[43774.289976]  [<ffffffff8118d373>] ? getname_flags+0x53/0xf0
[43774.291759]  [<ffffffff811922dd>] user_path_at_empty+0x5d/0xa0
[43774.293547]  [<ffffffff811a6bf7>] ? simple_getattr+0x27/0x50
[43774.295341]  [<ffffffff8107e84a>] ? lg_local_unlock+0x1a/0x20
[43774.297142]  [<ffffffff81187150>] ? cp_new_stat+0x120/0x140
[43774.298949]  [<ffffffff81192331>] user_path_at+0x11/0x20
[43774.300777]  [<ffffffff811873e5>] vfs_fstatat+0x35/0x70
[43774.302592]  [<ffffffff8118745b>] vfs_stat+0x1b/0x20
[43774.304408]  [<ffffffff8118768a>] sys_newstat+0x1a/0x40
[43774.306217]  [<ffffffff8168ae2d>] system_call_fastpath+0x1a/0x1f
[43774.308028] Code: 66 66 90 4c 8b 3f 45 31 ed 31 db 41 89 f0 89 f1 49 89 fc 41 81 e0 16 03 00 00 83 e1 10 65 48 8b 14 25 00 c7 00 00 49 8b 7c 24 08 <44> 8b 37 41 f7 c6 00 00 07 00 75 3d 45 84 ed 74 06 4d 39 3c 24 
[43774.312065] RIP  [<ffffffff8118d899>] follow_managed+0x49/0x2d0
[43774.314055]  RSP <ffff88016c561c48>
[43774.316050] CR2: 000000000000005f
[43774.336421] ---[ end trace 0fbe70e0a60bfc55 ]---
@Phoenixxl

I just ran into the same issue today . When accessing the .zfs folder from a windows 7 computer this error shows up in syslog a few times. However , there is an added twist, when I reboot , the volume in question doesn't automount . (I use PPA/Daily with mountall on ubuntu server 12.04.1) I tried this 3 times to be sure it's not a fluke. Access .zfs , wait for the log to fill up a bit , sudo reboot .. file system isn't automounted.

I hope someone is able to reproduce this as well.. I don't see how the two things are related tbh..

Regards Phoenixxl.

PS: Admit it ! you devs all love it when people report weird shit like this.

@mailinglists35

Please see my comment #947 (comment) , except that I get spl panic on a simple bash "cd" command completion
I misthought that #626 and #947 were merged into a single issue.

@pyavdr

As using zfs/spl in Debug mode i catched a VERIFY situation today, while accessing .zfs from Windows 7 via a samba share. Maybe this helps to locate the problem.

[ 106.252194] SPLError: 4520:0:(zpl_ctldir.c:423:zpl_shares_lookup()) VERIFY3(error <= 0) failed (95 <= 0)
[ 106.252198] SPLError: 4520:0:(zpl_ctldir.c:423:zpl_shares_lookup()) SPL PANIC
[ 106.252199] SPL: Showing stack for process 4520
[ 106.252201] Pid: 4520, comm: smbd Tainted: P 3.1.10-1.16-default #1
[ 106.252202] Call Trace:
[ 106.252214] [] dump_trace+0x9a/0x270
[ 106.252219] [] dump_stack+0x69/0x6f
[ 106.252227] [] spl_debug_bug+0x79/0xe0 [spl]
[ 106.252261] [] zpl_shares_lookup+0xba/0x120 [zfs]
[ 106.252368] [] d_alloc_and_lookup+0x3c/0x90
[ 106.252372] [] do_lookup+0x208/0x310
[ 106.252375] [] path_lookupat+0x114/0x740
[ 106.252378] [] do_path_lookup+0x2c/0xc0
[ 106.252381] [] user_path_at_empty+0x5c/0xb0
[ 106.252384] [] vfs_fstatat+0x32/0x60
[ 106.252386] [] sys_newstat+0x12/0x30
[ 106.252389] [] system_call_fastpath+0x16/0x1b
[ 106.252401] [<00007f7115369405>] 0x7f7115369404

@yshui yshui referenced this issue from a commit
Commit has since been removed from the repository and is no longer available.
@yshui yshui referenced this issue from a commit in yshui/zfs
@yshui yshui Return positive error number in zfsctl_shares_lookup.
Otherwise it will cause zpl_shares_lookup to return a invalid pointer
when an error occurs.

Signed-off-by: Yuxuan Shui <yshuiv7@gmail.com>
Closes #626 #885 #947 #977
f973244
@pyavdr

I tested these patch and can confirm that there are no more stacks/bugs while accessing the .zfs directory from samba.

The error while running a simple find over the snapshot directories is already there:

The command: find / -name foo.txt
gives:
find: WARNING: Hard link count is wrong for /stor1/zfstest/.zfs/snapshot' (saw only st_nlink=5 but we already saw 3 subdirectories): this may be a bug in your file system driver. Automatically turning on find's -noleaf option. Earlier results may have failed to include directories that should have been searched.
find:
/stor1/zfstest2/.zfs/snapshot/now': Too many levels of symbolic links
find: `/stor1/zfstest3/.zfs/snapshot/now': Too many levels of symbolic links

@behlendorf

This is short "How to to use zfs snapshots with samba" ( > 3.6.7) within windows 7
for "recent versions" in a share. Maybe (please) you can incorporate this in the ZFS FAQ Section.

Assuming that the snapshots in zfs are created with this schema :

tank/shared@AutoH-2012-10-14T19:00

tank/shared@AutoH-2012-10-14T20:00

tank/shared@AutoH-2012-10-14T21:00

then we can add a few lines into the samba config file (smb.conf):

[global]
unix extensions = off

[shared]
comment = ZFS Test share
inherit acls = Yes
path = /tank/shared
read only = No
follow symlinks = yes
wide links = yes
vfs objects = shadow_copy2
shadow: snapdir = .zfs/snapshot
shadow: sort = desc
shadow: format = AutoH-%Y-%m-%dT%H:%M

with that done, Windows 7 will show the share (shared) and the snapshots under "recent versions", which can be accessed
from windows.

@behlendorf behlendorf closed this issue from a commit
@yshui yshui Return positive error number in zfsctl_shares_lookup.
Otherwise it will cause zpl_shares_lookup() to return a invalid
pointer when an error occurs.

Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Yuxuan Shui <yshuiv7@gmail.com>
Closes #626 #885 #947 #977
45ca2d9
@ryao ryao referenced this issue from a commit
Commit has since been removed from the repository and is no longer available.
@unya unya referenced this issue from a commit in unya/zfs
@yshui yshui Return positive error number in zfsctl_shares_lookup.
Otherwise it will cause zpl_shares_lookup() to return a invalid
pointer when an error occurs.

Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Yuxuan Shui <yshuiv7@gmail.com>
Closes #626 #885 #947 #977
f73e2ad
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.