[pnfs] bug in nfs4_fill_super?

Iyer, Rahul Rahul.Iyer at netapp.com
Wed Jun 6 17:03:38 EDT 2007 

That's odd. When I was checking this, I changed the setup_session to
return -1. Despite this it worked fine.
What you say shouldn't happen because nfs_callback_up is called before
setup_session is called. So, you should have a mempool. 
Regards
Rahul


> -----Original Message-----
> From: William A. (Andy) Adamson [mailto:andros at citi.umich.edu] 
> Sent: Wednesday, June 06, 2007 7:45 AM
> To: Iyer, Rahul
> Cc: Benny Halevy; pnfs at linux-nfs.org
> Subject: Re: [pnfs] bug in nfs4_fill_super?
> 
> 
> 
> On 6/5/07, Iyer, Rahul <Rahul.Iyer at netapp.com> wrote:
> 
> 	Hi Benny,
> 	I think I've traced why this has happened. I think this 
> will fail if in
> 	nfs4_create_client, if the creation of an rpc_xprt or 
> an rpc_clnt fails.
> 	In this case this would happen.
> 
> 
> 
> it happened to me in the minorversion1 path when exchange_id 
> failed, and nfs_callback_down is called.
> 
> -->Andy
> 
> 
> 
> 	There is a bigger issue here. The allocation/deallocation of the
> 	backchannel is tied to the nfs4_client struct even 
> though it is part of
> 	the rpc_xprt. There is no reason to have the 
> allocation/deallocation
> 	routines called in nfs_callback_up/down. 
> 	
> 	I was planning on doing this today with the 
> synchronization patch, but
> 	it didn't work out. Will update and send this is tomorrow or so.
> 	Regards
> 	Rahul
> 	
> 	
> 	> -----Original Message-----
> 	> From: Benny Halevy [mailto: bhalevy at panasas.com]
> 	> Sent: Tuesday, June 05, 2007 4:54 PM
> 	> To: Iyer, Rahul
> 	> Cc: pnfs at linux-nfs.org
> 	> Subject: [pnfs] bug in nfs4_fill_super? 
> 	>
> 	> I saw the following crash after not being able to
> 	> mount with minorversion1.  It looks like 
> xprt->bc_mempool is NULL
> 	> in the nfs_callback_down path.
> 	>
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [   751.033157] waking up
> 	> waiters on slot 0
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033183]
> 	> nfs41_free_session: freeing session ffff81001e9115e8
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033206 ] Couldn't
> 	> mount using minorversion 1
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033234] Unable to
> 	> handle kernel NULL pointer dereference at 
> 0000000000000004 RIP:
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [   751.033240]
> 	> [<ffffffff8024d737>] mempool_destroy+0x0/0x1d
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033295] PGD
> 	> 16f5f067 PUD 16f22067 PMD 0
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033319 ] 
> Oops: 0000 [1] SMP
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033339] CPU 0
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033357] Modules
> 	> linked in: panfs nfsd exportfs ipv6 autofs4 nfs lockd nfs_acl 
> 	> sunrpc forcedeth ext3 jbd sata_nv libata sd_mod scsi_mod
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033426] Pid: 3208,
> 	> comm: mount Tainted: PF     2.6.18.3-largeio-pnfs-bh #13
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [   751.033459] RIP:
> 	> 0010:[<ffffffff8024d737>]  [<ffffffff8024d737>]
> 	> mempool_destroy+0x0/0x1d
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033495] RSP:
> 	> 0018:ffff810017791b70  EFLAGS: 00010246 
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033516] RAX:
> 	> ffff8100170a1270 RBX: ffff8100135072b8 RCX: 0000000000000001
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033540] RDX:
> 	> 00000000ffffff01 RSI: ffff8100135072b8 RDI: 0000000000000000 
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033563] RBP:
> 	> ffff810017791b88 R08: 0000000000000001 R09: 0000000000000000
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033585] R10:
> 	> 0000000000000000 R11: ffff810001012000 R12: 0000000000000001 
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033609] R13:
> 	> 0000000000000001 R14: ffff810019ad48c8 R15: 00000000fffffe00
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033632] FS:
> 	> 00002b23474a3b00(0000) GS:ffffffff8053b000(0000) 
> 	> knlGS:0000000000000000
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033666] CS:  0010
> 	> DS: 0000 ES: 0000 CR0: 000000008005003b
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033687] CR2:
> 	> 0000000000000004 CR3: 00000000177d8000 CR4: 00000000000006e0 
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033711] Process
> 	> mount (pid: 3208, threadinfo ffff810017790000, task 
> ffff81001f214830)
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033745] Stack:
> 	> ffffffff880a44e3 00000000ffffff01 ffff810017088d28 
> ffff810017791b98 
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033786]
> 	> ffffffff8810664e ffff810017791ba8 ffffffff88106672 
> ffff810017791c18
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033826]
> 	> ffffffff880e321f ffff81001fb6a338 000000018026b6e1 
> 0000000000003a98 
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033852] Call Trace:
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.033909]
> 	> [<ffffffff880a44e3>] 
> :sunrpc:xprt_destroy_backchannel+0x15/0x25
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [   751.033970]
> 	> [<ffffffff8810664e>] :nfs:nfs41_callback_down+0x9/0x10
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034017]
> 	> [<ffffffff88106672>] :nfs:nfs_callback_down+0x1d/0x24
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [   751.034059]
> 	> [<ffffffff880e321f>] :nfs:nfs4_get_sb+0x52c/0x5bf
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034085]
> 	> [<ffffffff8027661d>] vfs_kern_mount+0x51/0x90
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [   751.034108]
> 	> [<ffffffff80276695>] do_kern_mount+0x39/0x50
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034130]
> 	> [<ffffffff8028a96d>] do_mount+0x680/0x6c6
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [   751.034153]
> 	> [<ffffffff8033a0b0>] __alloc_skb+0x33/0x125
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034176]
> 	> [<ffffffff802690c7>] check_poison_obj+0xc5/0x1d5
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [   751.034200]
> 	> [<ffffffff802ca565>] __up_read+0x92/0x9a
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034221]
> 	> [<ffffffff8028a297>] copy_mount_options+0xd8/0x12e
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [   751.034245]
> 	> [<ffffffff8023a81a>] search_exception_tables+0x22/0x33
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034268]
> 	> [<ffffffff8039a220>] do_page_fault+0x603/0x80a
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [   751.034291]
> 	> [<ffffffff80269610>] cache_free_debugcheck+0x1fe/0x20d
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034316]
> 	> [<ffffffff803353af>] sock_destroy_inode+0x14/0x16
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [   751.034339]
> 	> [<ffffffff8025490c>] zone_statistics+0x70/0x75
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034362]
> 	> [<ffffffff8020a415>] error_exit+0x0/0x84
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [   751.034385]
> 	> [<ffffffff8039c4da>] bad_gs+0xf74/0x1a6e
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034407]
> 	> [<ffffffff8028ac9a>] sys_mount+0x8a/0xd3
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [   751.034429]
> 	> [<ffffffff80209746>] system_call+0x7e/0x83
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034450]
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034465]
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [   751.034466] Code: 8b
> 	> 47 04 39 47 08 55 48 89 e5 74 0a 0f 0b 68 da 5d 3b 80 c2
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034547] RIP
> 	> [<ffffffff8024d737>] mempool_destroy+0x0/0x1d
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [   751.034570]  RSP
> 	> <ffff810017791b70>
> 	> Jun  6 02:23:41 bh-testlin1 kernel: [  751.034587] CR2:
> 	> 0000000000000004
> 	> _______________________________________________
> 	> pNFS mailing list
> 	> pNFS at linux-nfs.org
> 	> http://linux-nfs.org/cgi-bin/mailman/listinfo/pnfs
> 	>
> 	_______________________________________________ 
> 	pNFS mailing list
> 	pNFS at linux-nfs.org
> 	http://linux-nfs.org/cgi-bin/mailman/listinfo/pnfs
> 	
> 	
> 
> 
>

More information about the pNFS mailing list