Re: nfsd, v4: oops in find_acceptable_alias, ppc32 Linux, post-2.6.27-rc1

linuxppc-dev.lists.ozlabs.org archive mirror
 help / color / mirror / Atom feed

From: Neil Brown <neilb@suse.de>
To: Paul Collins <paul@burly.ondioline.org>
Cc: "J. Bruce Fields" <bfields@fieldses.org>,
	linuxppc-dev@ozlabs.org, nfsv4@linux-nfs.org,
	linux-kernel@vger.kernel.org
Subject: Re: nfsd, v4: oops in find_acceptable_alias, ppc32 Linux, post-2.6.27-rc1
Date: Sun, 3 Aug 2008 22:09:36 +1000	[thread overview]
Message-ID: <18581.40960.737792.454035@notabene.brown> (raw)
In-Reply-To: message from Paul Collins on Sunday August 3

On Sunday August 3, paul@burly.ondioline.org wrote:
> 
> I can trigger it reliably with a 2.6.26 client.  I've also triggered it
> with 496d6c32d4d057cb44272d9bd587ff97d023ee92 reverted on the server.
> 
> It's harder to trigger with 2.6.27-rc1+ but I managed to get an Oops
> on the fourth build after three successful builds on the NFS4 mount.
> 
> One of the Oopses I got with 2.6.26 had a slightly different call trace:
> 
> Unable to handle kernel paging request for instruction fetch
> Faulting instruction address: 0x00000000

So we have called a function pointer which was NULL.

There a lots of function pointers in use in this code.
There is the 'acceptable' function.  There is ->fh_to_dentry
and ->fh_to_parent.  And various inode operations line ->lookup, but
that is a bit further away.

> NIP [00000000] 0x0
> LR [c0159bb0] exportfs_decode_fh+0xa8/0x200

I guess this is where the call came from.
exportfs_decode_fh is never passed NULL for 'acceptable'.  Only
ever 'nfsd_acceptable'.
->fh_to_parent is tested for NULL before being called, and
->fh_to_dentry is called very early in exportfs_decode_fh, where as
the bad call is 0xa8 in to the function.

Is it possible that ->fh_to_parent is being changed immediately after
being tested for NULL and before being dereferenced.  That seems
unlikely.

What filesystem is being exported here?

Can you get an assembly version of exportfs_decode_fh, so we can check
what is happening at 0xa8 (and 0x4c).
Either "disassemble exportfs_decode_fh" in gdb, or 
make fs/exportfs/expfs.i
(I think).

NeilBrown


> Call Trace:
> [c1f79d50] [c0159b54] exportfs_decode_fh+0x4c/0x200 (unreliable)
> [c1f79e80] [c015d568] fh_verify+0x2e8/0x578
> [c1f79ed0] [c016b1ec] nfsd4_putfh+0x60/0x78
> [c1f79ef0] [c016afd0] nfsd4_proc_compound+0x1e4/0x34c
> [c1f79f30] [c015a060] nfsd_dispatch+0xfc/0x220
> [c1f79f50] [c0400c70] svc_process+0x3e4/0x6e8
> [c1f79f90] [c015a8bc] nfsd+0x1c4/0x294
> [c1f79fd0] [c0049e48] kthread+0x5c/0x9c
> [c1f79ff0] [c00125c0] kernel_thread+0x44/0x60

next prev parent reply	other threads:[~2008-08-03 12:09 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-08-02 12:03 nfsd, v4: oops in find_acceptable_alias, ppc32 Linux, post-2.6.27-rc1 Paul Collins
2008-08-02 18:45 ` J. Bruce Fields
2008-08-02 22:36   ` Paul Collins
2008-08-03  6:47     ` Paul Collins
2008-08-03 12:09       ` Neil Brown [this message]
2008-08-03 12:25         ` Paul Collins
2008-08-04  4:08           ` Neil Brown
2008-08-04  5:11             ` Paul Collins
2008-08-04 10:00               ` Paul Collins
2008-08-04 14:36                 ` Michael Ellerman
2008-08-04 20:51                   ` Paul Collins
2008-08-04 20:59                     ` J. Bruce Fields
2008-08-05  0:16                       ` Michael Ellerman
2008-08-05  3:43                         ` Paul Collins
2008-08-05  4:34                           ` Michael Ellerman
2008-08-05  4:47                             ` Paul Collins
2008-08-05  7:16                               ` Benjamin Herrenschmidt
2008-08-06  6:29                                 ` Benjamin Herrenschmidt
2008-08-25 20:12                               ` Bill Davidsen
2008-08-05  9:43                             ` Paul Collins
2008-08-05 11:53                               ` Michael Ellerman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=18581.40960.737792.454035@notabene.brown \
    --to=neilb@suse.de \
    --cc=bfields@fieldses.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linuxppc-dev@ozlabs.org \
    --cc=nfsv4@linux-nfs.org \
    --cc=paul@burly.ondioline.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).