NULL pointer dereference bug in 2.6.18-rc6-CITI_NFS4_ALL-1

J. Bruce Fields bfields at fieldses.org
Tue Sep 26 17:53:45 EDT 2006 

On Thu, Sep 14, 2006 at 03:55:40PM -0700, Bryce Harrington wrote:
> Jason noticed that in the latest CITI patch the kernel hits a bug during
> the LTP run with a krb5p mount.  There's also some interesting looking
> console output during the LTP runs with the other security flavors as
> well.
> 
> BUG: unable to handle kernel NULL pointer dereference at virtual address
> 00000000
> printing eip:
> c040d211
> *pde = 00000000
> Oops: 0000 [#1]
> PREEMPT SMP 
> Modules linked in:
> CPU:    0
> EIP:    0060:[<c040d211>]    Not tainted VLI
> EFLAGS: 00010212   (2.6.18-rc6-CITI_NFS4_ALL-1 #1) 
> EIP is at svc_process+0x40/0x5c5
> eax: 00000000   ebx: f366c070   ecx: f7b50550   edx: f6bf8720
> esi: 00000001   edi: f366c000   ebp: f3894fb0   esp: f3894f7c
> ds: 007b   es: 007b   ss: 0068
> Process nfsd (pid: 15671, ti=f3894000 task=f7b50550 task.ti=f3894000)
> Stack: 00000000 00000213 f3894f98 c041c380 00000002 00000002 f6bf8720
> f366c04c 
> c041c6d1 f3894fb4 000ca365 00000001 000ca365 f3894fe4 c01e131b f366c000 
> 00000002 f3894fc8 00000000 fffffeff ffffffff fffffef8 ffffffff c01e11a2 
> Call Trace:
> [<c01037d6>] show_stack_log_lvl+0x8a/0x92
> [<c0103937>] show_registers+0x11d/0x186
> [<c0103b23>] die+0x10c/0x1c2
> [<c0113f1d>] do_page_fault+0x3e0/0x4bc
> [<c01034a9>] error_code+0x39/0x40
> [<c01e131b>] nfsd+0x179/0x283
> 
> 
> Is this a known issue?  I haven't narrowed to which testcase in LTP is
> causing the failure but would guess it's likely to be either fsx or
> fsstress.  We can work on isolating these, if it might be useful?

Does this help?

>From 25ee7fc3be6310105a30fc57212c3c81c6b639fb Mon Sep 17 00:00:00 2001
From: J. Bruce Fields <bfields at fieldses.org>
Date: Tue, 26 Sep 2006 17:47:28 -0400
Subject: [PATCH] nfsd4: fix svc_deferred_recv

We should be setting up the respages array here, as in the udp and tcp
cases.

Signed-off-by: J. Bruce Fields <bfields at citi.umich.edu>
---
 net/sunrpc/svcsock.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c
index fbcd23c..b5979dd 100644
--- a/net/sunrpc/svcsock.c
+++ b/net/sunrpc/svcsock.c
@@ -1716,6 +1716,7 @@ static int svc_deferred_recv(struct svc_
 	rqstp->rq_arg.head[0].iov_len = dr->argslen<<2;
 	rqstp->rq_arg.page_len = 0;
 	rqstp->rq_arg.len = dr->argslen<<2;
+	rqstp->rq_respages = rqstp->rq_pages;
 	rqstp->rq_prot        = dr->prot;
 	rqstp->rq_addr        = dr->addr;
 	rqstp->rq_daddr       = dr->daddr;
-- 
1.4.2.g55c3

More information about the NFSv4 mailing list