[pnfs] bug in nfs4_fill_super?

Iyer, Rahul Rahul.Iyer at netapp.com
Tue Jun 5 20:59:36 EDT 2007 

Hi Benny,
I think I've traced why this has happened. I think this will fail if in
nfs4_create_client, if the creation of an rpc_xprt or an rpc_clnt fails.
In this case this would happen. 

There is a bigger issue here. The allocation/deallocation of the
backchannel is tied to the nfs4_client struct even though it is part of
the rpc_xprt. There is no reason to have the allocation/deallocation
routines called in nfs_callback_up/down.

I was planning on doing this today with the synchronization patch, but
it didn't work out. Will update and send this is tomorrow or so.
Regards
Rahul


> -----Original Message-----
> From: Benny Halevy [mailto:bhalevy at panasas.com] 
> Sent: Tuesday, June 05, 2007 4:54 PM
> To: Iyer, Rahul
> Cc: pnfs at linux-nfs.org
> Subject: [pnfs] bug in nfs4_fill_super?
> 
> I saw the following crash after not being able to
> mount with minorversion1.  It looks like xprt->bc_mempool is NULL
> in the nfs_callback_down path.
> 
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033157] waking up 
> waiters on slot 0
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033183] 
> nfs41_free_session: freeing session ffff81001e9115e8
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033206] Couldn't 
> mount using minorversion 1
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033234] Unable to 
> handle kernel NULL pointer dereference at 0000000000000004 RIP: 
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033240]  
> [<ffffffff8024d737>] mempool_destroy+0x0/0x1d
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033295] PGD 
> 16f5f067 PUD 16f22067 PMD 0 
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033319] Oops: 0000 [1] SMP 
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033339] CPU 0 
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033357] Modules 
> linked in: panfs nfsd exportfs ipv6 autofs4 nfs lockd nfs_acl 
> sunrpc forcedeth ext3 jbd sata_nv libata sd_mod scsi_mod
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033426] Pid: 3208, 
> comm: mount Tainted: PF     2.6.18.3-largeio-pnfs-bh #13
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033459] RIP: 
> 0010:[<ffffffff8024d737>]  [<ffffffff8024d737>] 
> mempool_destroy+0x0/0x1d
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033495] RSP: 
> 0018:ffff810017791b70  EFLAGS: 00010246
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033516] RAX: 
> ffff8100170a1270 RBX: ffff8100135072b8 RCX: 0000000000000001
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033540] RDX: 
> 00000000ffffff01 RSI: ffff8100135072b8 RDI: 0000000000000000
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033563] RBP: 
> ffff810017791b88 R08: 0000000000000001 R09: 0000000000000000
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033585] R10: 
> 0000000000000000 R11: ffff810001012000 R12: 0000000000000001
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033609] R13: 
> 0000000000000001 R14: ffff810019ad48c8 R15: 00000000fffffe00
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033632] FS:  
> 00002b23474a3b00(0000) GS:ffffffff8053b000(0000) 
> knlGS:0000000000000000
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033666] CS:  0010 
> DS: 0000 ES: 0000 CR0: 000000008005003b
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033687] CR2: 
> 0000000000000004 CR3: 00000000177d8000 CR4: 00000000000006e0
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033711] Process 
> mount (pid: 3208, threadinfo ffff810017790000, task ffff81001f214830)
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033745] Stack:  
> ffffffff880a44e3 00000000ffffff01 ffff810017088d28 ffff810017791b98
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033786]  
> ffffffff8810664e ffff810017791ba8 ffffffff88106672 ffff810017791c18
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033826]  
> ffffffff880e321f ffff81001fb6a338 000000018026b6e1 0000000000003a98
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033852] Call Trace:
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033909]  
> [<ffffffff880a44e3>] :sunrpc:xprt_destroy_backchannel+0x15/0x25
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033970]  
> [<ffffffff8810664e>] :nfs:nfs41_callback_down+0x9/0x10
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034017]  
> [<ffffffff88106672>] :nfs:nfs_callback_down+0x1d/0x24
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034059]  
> [<ffffffff880e321f>] :nfs:nfs4_get_sb+0x52c/0x5bf
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034085]  
> [<ffffffff8027661d>] vfs_kern_mount+0x51/0x90
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034108]  
> [<ffffffff80276695>] do_kern_mount+0x39/0x50
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034130]  
> [<ffffffff8028a96d>] do_mount+0x680/0x6c6
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034153]  
> [<ffffffff8033a0b0>] __alloc_skb+0x33/0x125
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034176]  
> [<ffffffff802690c7>] check_poison_obj+0xc5/0x1d5
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034200]  
> [<ffffffff802ca565>] __up_read+0x92/0x9a
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034221]  
> [<ffffffff8028a297>] copy_mount_options+0xd8/0x12e
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034245]  
> [<ffffffff8023a81a>] search_exception_tables+0x22/0x33
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034268]  
> [<ffffffff8039a220>] do_page_fault+0x603/0x80a
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034291]  
> [<ffffffff80269610>] cache_free_debugcheck+0x1fe/0x20d
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034316]  
> [<ffffffff803353af>] sock_destroy_inode+0x14/0x16
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034339]  
> [<ffffffff8025490c>] zone_statistics+0x70/0x75
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034362]  
> [<ffffffff8020a415>] error_exit+0x0/0x84
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034385]  
> [<ffffffff8039c4da>] bad_gs+0xf74/0x1a6e
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034407]  
> [<ffffffff8028ac9a>] sys_mount+0x8a/0xd3
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034429]  
> [<ffffffff80209746>] system_call+0x7e/0x83
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034450] 
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034465] 
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034466] Code: 8b 
> 47 04 39 47 08 55 48 89 e5 74 0a 0f 0b 68 da 5d 3b 80 c2 
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034547] RIP  
> [<ffffffff8024d737>] mempool_destroy+0x0/0x1d
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034570]  RSP 
> <ffff810017791b70>
> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034587] CR2: 
> 0000000000000004
> _______________________________________________
> pNFS mailing list
> pNFS at linux-nfs.org
> http://linux-nfs.org/cgi-bin/mailman/listinfo/pnfs
>

More information about the pNFS mailing list