Re: 2.6.35.2: NFS related Oops

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Bian Naimeng <biannm@cn.fujitsu.com>
To: Adam Lackorzynski <adam@os.inf.tu-dresden.de>
Cc: linux-kernel@vger.kernel.org, linux-nfs@vger.kernel.org,
	Trond Myklebust <Trond.Myklebust@netapp.com>
Subject: Re: 2.6.35.2: NFS related Oops
Date: Tue, 17 Aug 2010 18:09:53 +0800	[thread overview]
Message-ID: <4C6A5FF1.3070209@cn.fujitsu.com> (raw)
In-Reply-To: <20100816215056.GA5376@os.inf.tu-dresden.de>

> Hi,
> 
> with 2.6.35.2 I'm getting this reproducible Oops:
> 

  Please try to apply the followed patch.

  ----

   We we open a positive file just with O_EXCL but no O_CREAT, may cause kernel crash.

  Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>

---
 fs/nfs/dir.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
index 29539ce..1a672dd 100644
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -1100,7 +1100,7 @@ static int nfs_open_revalidate(struct dentry *dentry, struct nameidata *nd)
 		goto no_open_dput;
 	openflags = nd->intent.open.flags;
 	/* We cannot do exclusive creation on a positive dentry */
-	if ((openflags & (O_CREAT|O_EXCL)) == (O_CREAT|O_EXCL))
+	if (openflags & O_EXCL)
 		goto no_open_dput;
 	/* We can't create new files, or truncate existing ones here */
 	openflags &= ~(O_CREAT|O_TRUNC);
-- 
1.7.0



> [  110.825396] BUG: unable to handle kernel NULL pointer dereference at (null)
> [  110.828638] IP: [<ffffffff811247b7>] encode_attrs+0x1a/0x2a4
> [  110.828638] PGD be89f067 PUD bf18f067 PMD 0
> [  110.828638] Oops: 0000 [#1] SMP
> [  110.828638] last sysfs file: /sys/class/net/lo/operstate
> [  110.828638] CPU 2
> [  110.828638] Modules linked in: rtc_cmos rtc_core rtc_lib amd64_edac_mod i2c_amd756 edac_core i2c_core dm_mirror dm_region_hash dm_log dm_snapshot sg sr_mod usb_storage ohci_hcd mptspi tg3 mptscsih mptbase usbcore nls_base [last unloaded: scsi_wait_scan] 
> [  110.828638] 
> [  110.828638] Pid: 11264, comm: setchecksum Not tainted 2.6.35.2 #1
> [  110.828638] RIP: 0010:[<ffffffff811247b7>]  [<ffffffff811247b7>] encode_attrs+0x1a/0x2a4
> [  110.828638] RSP: 0000:ffff88003bf5b878  EFLAGS: 00010296
> [  110.828638] RAX: ffff8800bddb48a8 RBX: ffff88003bf5bb18 RCX: 0000000000000000
> [  110.828638] RDX: ffff8800be258800 RSI: 0000000000000000 RDI: ffff88003bf5b9f8
> [  110.828638] RBP: 0000000000000000 R08: ffff8800bddb48a8 R09: 0000000000000004
> [  110.828638] R10: 0000000000000003 R11: ffff8800be779000 R12: ffff8800be258800
> [  110.828638] R13: ffff88003bf5b9f8 R14: ffff88003bf5bb20 R15: ffff8800be258800
> [  110.828638] FS:  0000000000000000(0000) GS:ffff880041e00000(0063) knlGS:00000000556bd6b0
> [  110.828638] CS:  0010 DS: 002b ES: 002b CR0: 000000008005003b
> [  110.828638] CR2: 0000000000000000 CR3: 00000000be8ef000 CR4: 00000000000006e0
> [  110.828638] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [  110.828638] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> [  110.828638] Process setchecksum (pid: 11264, threadinfo ffff88003bf5a000, task ffff88003f232210)
> [  110.828638] Stack:
> [  110.828638]  0000000000000000 ffff8800bfbcf920 0000000000000000 0000000000000ffe
> [  110.828638] <0> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [  110.828638] <0> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [  110.828638] Call Trace:
> [  110.828638]  [<ffffffff81124c1f>] ? nfs4_xdr_enc_setattr+0x90/0xb4
> [  110.828638]  [<ffffffff81371161>] ? call_transmit+0x1c3/0x24a
> [  110.828638]  [<ffffffff813774d9>] ? __rpc_execute+0x78/0x22a
> [  110.828638]  [<ffffffff81371a91>] ? rpc_run_task+0x21/0x2b
> [  110.828638]  [<ffffffff81371b7e>] ? rpc_call_sync+0x3d/0x5d
> [  110.828638]  [<ffffffff8111e284>] ? _nfs4_do_setattr+0x11b/0x147
> [  110.828638]  [<ffffffff81109466>] ? nfs_init_locked+0x0/0x32
> [  110.828638]  [<ffffffff810ac521>] ? ifind+0x4e/0x90
> [  110.828638]  [<ffffffff8111e2fb>] ? nfs4_do_setattr+0x4b/0x6e
> [  110.828638]  [<ffffffff8111e634>] ? nfs4_do_open+0x291/0x3a6
> [  110.828638]  [<ffffffff8111ed81>] ? nfs4_open_revalidate+0x63/0x14a
> [  110.828638]  [<ffffffff811056c4>] ? nfs_open_revalidate+0xd7/0x161
> [  110.828638]  [<ffffffff810a2de4>] ? do_lookup+0x1a4/0x201
> [  110.828638]  [<ffffffff810a4733>] ? link_path_walk+0x6a/0x9d5
> [  110.828638]  [<ffffffff810a42b6>] ? do_last+0x17b/0x58e
> [  110.828638]  [<ffffffff810a5fbe>] ? do_filp_open+0x1bd/0x56e
> [  110.828638]  [<ffffffff811cd5e0>] ? _atomic_dec_and_lock+0x30/0x48
> [  110.828638]  [<ffffffff810a9b1b>] ? dput+0x37/0x152
> [  110.828638]  [<ffffffff810ae063>] ? alloc_fd+0x69/0x10a
> [  110.828638]  [<ffffffff81099f39>] ? do_sys_open+0x56/0x100
> [  110.828638]  [<ffffffff81027a22>] ? ia32_sysret+0x0/0x5
> [  110.828638] Code: 83 f1 01 e8 f5 ca ff ff 48 83 c4 50 5b 5d 41 5c c3 41 57 41 56 41 55 49 89 fd 41 54 49 89 d4 55 48 89 f5 53 48 81 ec 18 01 00 00 <8b> 06 89 c2 83 e2 08 83 fa 01 19 db 83 e3 f8 83 c3 18 a8 01 8d
> [  110.828638] RIP  [<ffffffff811247b7>] encode_attrs+0x1a/0x2a4
> [  110.828638]  RSP <ffff88003bf5b878>
> [  110.828638] CR2: 0000000000000000
> [  112.840396] ---[ end trace 95282e83fd77358f ]---
> 
> 
> Looks like arg->iap in encode_setattr() in nfs4xdr.c is 0.
> 
> 
> 
> Adam

-- 
Regards
Bian Naimeng

next prev parent reply	other threads:[~2010-08-17 10:11 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-08-16 21:50 2.6.35.2: NFS related Oops Adam Lackorzynski
2010-08-17 10:09 ` Bian Naimeng [this message]
2010-08-17 17:14   ` Adam Lackorzynski
2010-08-17 22:43     ` Trond Myklebust
2010-08-18  2:12       ` Bian Naimeng
2010-08-18  2:49         ` Bian Naimeng
2010-08-18 11:36           ` Adam Lackorzynski
2010-08-18 13:36             ` Trond Myklebust
2010-08-18 15:44               ` Adam Lackorzynski

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:29539ce dfblob:1a672dd )
 OR (
bs:"Re: 2.6.35.2: NFS related Oops" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4C6A5FF1.3070209@cn.fujitsu.com \
    --to=biannm@cn.fujitsu.com \
    --cc=Trond.Myklebust@netapp.com \
    --cc=adam@os.inf.tu-dresden.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.