[pnfs] bug in nfs4_fill_super?

William A. (Andy) Adamson andros at citi.umich.edu
Wed Jun 6 10:45:13 EDT 2007 

On 6/5/07, Iyer, Rahul <Rahul.Iyer at netapp.com> wrote:
>
> Hi Benny,
> I think I've traced why this has happened. I think this will fail if in
> nfs4_create_client, if the creation of an rpc_xprt or an rpc_clnt fails.
> In this case this would happen.



it happened to me in the minorversion1 path when exchange_id failed, and
nfs_callback_down is called.

-->Andy

There is a bigger issue here. The allocation/deallocation of the
> backchannel is tied to the nfs4_client struct even though it is part of
> the rpc_xprt. There is no reason to have the allocation/deallocation
> routines called in nfs_callback_up/down.
>
> I was planning on doing this today with the synchronization patch, but
> it didn't work out. Will update and send this is tomorrow or so.
> Regards
> Rahul
>
>
> > -----Original Message-----
> > From: Benny Halevy [mailto:bhalevy at panasas.com]
> > Sent: Tuesday, June 05, 2007 4:54 PM
> > To: Iyer, Rahul
> > Cc: pnfs at linux-nfs.org
> > Subject: [pnfs] bug in nfs4_fill_super?
> >
> > I saw the following crash after not being able to
> > mount with minorversion1.  It looks like xprt->bc_mempool is NULL
> > in the nfs_callback_down path.
> >
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033157] waking up
> > waiters on slot 0
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033183]
> > nfs41_free_session: freeing session ffff81001e9115e8
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033206] Couldn't
> > mount using minorversion 1
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033234] Unable to
> > handle kernel NULL pointer dereference at 0000000000000004 RIP:
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033240]
> > [<ffffffff8024d737>] mempool_destroy+0x0/0x1d
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033295] PGD
> > 16f5f067 PUD 16f22067 PMD 0
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033319] Oops: 0000 [1] SMP
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033339] CPU 0
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033357] Modules
> > linked in: panfs nfsd exportfs ipv6 autofs4 nfs lockd nfs_acl
> > sunrpc forcedeth ext3 jbd sata_nv libata sd_mod scsi_mod
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033426] Pid: 3208,
> > comm: mount Tainted: PF     2.6.18.3-largeio-pnfs-bh #13
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033459] RIP:
> > 0010:[<ffffffff8024d737>]  [<ffffffff8024d737>]
> > mempool_destroy+0x0/0x1d
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033495] RSP:
> > 0018:ffff810017791b70  EFLAGS: 00010246
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033516] RAX:
> > ffff8100170a1270 RBX: ffff8100135072b8 RCX: 0000000000000001
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033540] RDX:
> > 00000000ffffff01 RSI: ffff8100135072b8 RDI: 0000000000000000
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033563] RBP:
> > ffff810017791b88 R08: 0000000000000001 R09: 0000000000000000
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033585] R10:
> > 0000000000000000 R11: ffff810001012000 R12: 0000000000000001
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033609] R13:
> > 0000000000000001 R14: ffff810019ad48c8 R15: 00000000fffffe00
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033632] FS:
> > 00002b23474a3b00(0000) GS:ffffffff8053b000(0000)
> > knlGS:0000000000000000
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033666] CS:  0010
> > DS: 0000 ES: 0000 CR0: 000000008005003b
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033687] CR2:
> > 0000000000000004 CR3: 00000000177d8000 CR4: 00000000000006e0
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033711] Process
> > mount (pid: 3208, threadinfo ffff810017790000, task ffff81001f214830)
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033745] Stack:
> > ffffffff880a44e3 00000000ffffff01 ffff810017088d28 ffff810017791b98
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033786]
> > ffffffff8810664e ffff810017791ba8 ffffffff88106672 ffff810017791c18
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033826]
> > ffffffff880e321f ffff81001fb6a338 000000018026b6e1 0000000000003a98
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033852] Call Trace:
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033909]
> > [<ffffffff880a44e3>] :sunrpc:xprt_destroy_backchannel+0x15/0x25
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.033970]
> > [<ffffffff8810664e>] :nfs:nfs41_callback_down+0x9/0x10
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.034017]
> > [<ffffffff88106672>] :nfs:nfs_callback_down+0x1d/0x24
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.034059]
> > [<ffffffff880e321f>] :nfs:nfs4_get_sb+0x52c/0x5bf
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.034085]
> > [<ffffffff8027661d>] vfs_kern_mount+0x51/0x90
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.034108]
> > [<ffffffff80276695>] do_kern_mount+0x39/0x50
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.034130]
> > [<ffffffff8028a96d>] do_mount+0x680/0x6c6
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.034153]
> > [<ffffffff8033a0b0>] __alloc_skb+0x33/0x125
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.034176]
> > [<ffffffff802690c7>] check_poison_obj+0xc5/0x1d5
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.034200]
> > [<ffffffff802ca565>] __up_read+0x92/0x9a
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.034221]
> > [<ffffffff8028a297>] copy_mount_options+0xd8/0x12e
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.034245]
> > [<ffffffff8023a81a>] search_exception_tables+0x22/0x33
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.034268]
> > [<ffffffff8039a220>] do_page_fault+0x603/0x80a
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.034291]
> > [<ffffffff80269610>] cache_free_debugcheck+0x1fe/0x20d
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.034316]
> > [<ffffffff803353af>] sock_destroy_inode+0x14/0x16
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.034339]
> > [<ffffffff8025490c>] zone_statistics+0x70/0x75
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.034362]
> > [<ffffffff8020a415>] error_exit+0x0/0x84
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.034385]
> > [<ffffffff8039c4da>] bad_gs+0xf74/0x1a6e
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.034407]
> > [<ffffffff8028ac9a>] sys_mount+0x8a/0xd3
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.034429]
> > [<ffffffff80209746>] system_call+0x7e/0x83
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.034450]
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.034465]
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.034466] Code: 8b
> > 47 04 39 47 08 55 48 89 e5 74 0a 0f 0b 68 da 5d 3b 80 c2
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.034547] RIP
> > [<ffffffff8024d737>] mempool_destroy+0x0/0x1d
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.034570]  RSP
> > <ffff810017791b70>
> > Jun  6 02:23:41 bh-testlin1 kernel: [  751.034587] CR2:
> > 0000000000000004
> > _______________________________________________
> > pNFS mailing list
> > pNFS at linux-nfs.org
> > http://linux-nfs.org/cgi-bin/mailman/listinfo/pnfs
> >
> _______________________________________________
> pNFS mailing list
> pNFS at linux-nfs.org
> http://linux-nfs.org/cgi-bin/mailman/listinfo/pnfs
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://linux-nfs.org/pipermail/pnfs/attachments/20070606/7dd0d451/attachment.htm

More information about the pNFS mailing list