Running iozone using the windows client consistently crashes nfsd (nfsd from latest pnfs tree). Before the oops kernel prints a number of "state lock taken by pid = xxxx fun=nfsd4_read". BUG: unable to handle kernel NULL pointer dereference at 00000000000002ac IP: [<ffffffffa02d5fe7>] __nfs4_lock_state+0x33/0x68 [nfsd] PGD 0 Oops: 0000 [#1] SMP CPU 1 Modules linked in: nfs fscache tcp_lp deflate zlib_deflate ctr camellia cast5 rm d160 crypto_null ccm serpent blowfish twofish_x86_64 twofish_common ecb xcbc cbc sha256_generic sha512_generic aes_x86_64 aes_generic ah6 ah4 esp6 esp4 xfrm4_mo de_beet xfrm4_tunnel tunnel4 xfrm4_mode_tunnel xfrm4_mode_transport xfrm6_mode_t ransport xfrm6_mode_ro xfrm6_mode_beet nfsd lockd xfrm6_mode_tunnel ipcomp ipcom p6 xfrm_ipcomp xfrm6_tunnel tunnel6 exportfs nfs_acl af_key rpcsec_gss_krb5 auth _rpcgss des_generic sunrpc cpufreq_ondemand acpi_cpufreq freq_table mperf ip6t_R EJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables snd_hda_codec_ analog joydev snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_p cm snd_timer snd soundcore snd_page_alloc r8169 iTCO_wdt i2c_i801 iTCO_vendor_su pport mii serio_raw pcspkr asus_atk0110 microcode ipv6 autofs4 firewire_ohci fir ewire_core ata_generic pata_acpi crc_itu_t pata_jmicron i915 drm_kms_helper drm i2c_algo_bit i2c_core video [last unloaded: scsi_wait_scan] Pid: 16982, comm: nfsd Not tainted 3.0.0-rc5-pnfs #1 System manufacturer System Product Name/P5B-BN RIP: 0010:[<ffffffffa02d5fe7>] [<ffffffffa02d5fe7>] __nfs4_lock_state+0x33/0x68 [nfsd] RSP: 0018:ffff88017477fd30 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffffffa02e3ac8 RCX: 00000000ffffffff RDX: ffffffffa02e3ac8 RSI: ffff8800514ca040 RDI: ffffffffa02e69a4 RBP: ffff88017477fd40 R08: 0000000000000000 R09: ffff8800516e0500 R10: ffff88017477fd00 R11: ffff88017477fd00 R12: ffff8800514ca040 R13: ffff880174698000 R14: 0000000016000000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88017bc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 00000000000002ac CR3: 0000000051640000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process nfsd (pid: 16982, threadinfo ffff88017477e000, task ffff880051692e40) Stack: ffff8800514ce2c0 ffff8800514ce2c0 ffff88017477fd70 ffffffffa02cc593 ffff8800514ca000 ffff8800514ce2b8 ffff8800514ce000 ffff880174698000 ffff88017477fdc0 ffffffffa02cb975 ffff8800514ca180 ffff8800514ca040 Call Trace: [<ffffffffa02cc593>] nfsd4_read+0x43/0x9e [nfsd] [<ffffffffa02cb975>] nfsd4_proc_compound+0x22e/0x416 [nfsd] [<ffffffffa02bd83c>] nfsd_dispatch+0xed/0x1d2 [nfsd] [<ffffffffa01f7325>] svc_process_common+0x2d4/0x4d5 [sunrpc] [<ffffffffa01f7746>] svc_process+0x11d/0x13b [sunrpc] [<ffffffffa02bd0f3>] nfsd+0xf3/0x13c [nfsd] [<ffffffffa02bd000>] ? 0xffffffffa02bcfff [<ffffffff810647fb>] kthread+0x84/0x8c [<ffffffff814621a4>] kernel_thread_helper+0x4/0x10 [<ffffffff81064777>] ? kthread_worker_fn+0x148/0x148 [<ffffffff814621a0>] ? gs_change+0x13/0x13 Code: 66 66 90 48 89 fb 48 c7 c7 70 c7 2e a0 e8 12 3b 18 e1 85 c0 75 2e 48 8b 05 67 95 01 00 48 8b 15 58 95 01 00 48 c7 c7 a4 69 2e a0 <8b> b0 ac 02 00 00 31 c0 e8 c4 c1 17 e1 48 c7 c7 70 c7 2e a0 e8 RIP [<ffffffffa02d5fe7>] __nfs4_lock_state+0x33/0x68 [nfsd] RSP <ffff88017477fd30> CR2: 00000000000002ac ---[ end trace 9b7c9e0f99f5ee03 ]--- -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html