On Thu, 2013-08-29 at 11:41 -0400, Bryan Schumaker wrote:
> Hi Trond,
>
> This patch is causing this bug for me on my testing server:
>
> [ 6.742695] BUG: unable to handle kernel NULL pointer dereference at (null)
> [ 6.742791] IP: [<ffffffff812de260>] skip_spaces+0x30/0x30
> [ 6.742848] PGD 1d719067 PUD 1de21067 PMD 0
> [ 6.742900] Oops: 0000 [#1] PREEMPT SMP
> [ 6.742949] Modules linked in: nfsd auth_rpcgss oid_registry nfs_acl snd_hda_intel pcspkr snd_hda_codec cirrus syscopyarea snd_hwdep sysfillrect psmouse snd_pcm serio_raw snd_page_alloc sysimgblt evdev snd_timer snd soundcore drm_kms_helper ttm drm i2c_piix4 i2c_core intel_agp intel_gtt button processor nfs lockd sunrpc fscache ata_generic pata_acpi btrfs libcrc32c xor zlib_deflate ata_piix crc32c_intel uhci_hcd libata scsi_mod usbcore usb_common raid6_pq floppy virtio_balloon virtio_net virtio_pci virtio_blk virtio_ring virtio
> [ 6.743339] CPU: 0 PID: 211 Comm: rpc.nfsd Not tainted 3.11.0-rc2-ARCH+ #250
> [ 6.743339] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
> [ 6.743339] task: ffff88001bfc5c20 ti: ffff88001dff2000 task.ti: ffff88001dff2000
> [ 6.743339] RIP: 0010:[<ffffffff812de260>] [<ffffffff812de260>] skip_spaces+0x30/0x30
> [ 6.743339] RSP: 0018:ffff88001dff3bc8 EFLAGS: 00010282
> [ 6.743339] RAX: ffffffffa025cb20 RBX: 0000000000000000 RCX: 0000000000000000
> [ 6.743339] RDX: ffff88001de62838 RSI: 0000000000000000 RDI: 0000000000000000
> [ 6.743339] RBP: ffff88001dff3bf0 R08: 0000000000017360 R09: 0000000000000000
> [ 6.743339] R10: ffff88001e401700 R11: ffff88001dff3fd8 R12: ffff88001df2a000
> [ 6.743339] R13: ffff88001cebca00 R14: 0000000000000000 R15: 0000000000000000
> [ 6.743339] FS: 00007f04a4159700(0000) GS:ffff88001fc00000(0000) knlGS:0000000000000000
> [ 6.743339] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 6.743339] CR2: 0000000000000000 CR3: 000000001df02000 CR4: 00000000000407f0
> [ 6.743339] Stack:
> [ 6.743339] ffffffffa0255dbe 0000000000000000 0000000000000000 ffff88001dff3d38
> [ 6.743339] ffff88001cebca00 ffff88001dff3c38 ffffffffa023a0d9 ffffffff81511052
> [ 6.743339] ffff88001de62800 00000000b2b4b509 ffff88001dff3d38 ffff88001cebca00
> [ 6.743339] Call Trace:
> [ 6.743339] [<ffffffffa0255dbe>] ? rpc_d_lookup_sb+0x2e/0x50 [sunrpc]
> [ 6.743339] [<ffffffffa023a0d9>] rpc_setup_pipedir_sb+0x39/0xf0 [sunrpc]
> [ 6.743339] [<ffffffff81511052>] ? mutex_lock+0x12/0x30
> [ 6.743339] [<ffffffffa023c653>] rpc_new_client+0x233/0x450 [sunrpc]
> [ 6.743339] [<ffffffffa023d3ec>] rpc_create+0xcc/0x250 [sunrpc]
> [ 6.743339] [<ffffffffa024f1ec>] rpcb_create_local_unix+0x5c/0xe0 [sunrpc]
> [ 6.743339] [<ffffffffa024ff98>] rpcb_create_local+0x68/0x80 [sunrpc]
> [ 6.743339] [<ffffffffa0249a3e>] svc_rpcb_setup+0x1e/0x40 [sunrpc]
> [ 6.743339] [<ffffffffa0249a89>] svc_bind+0x29/0x30 [sunrpc]
> [ 6.743339] [<ffffffffa0498475>] nfsd_create_serv+0xd5/0x1a0 [nfsd]
> [ 6.743339] [<ffffffffa049a000>] write_ports+0x2f0/0x350 [nfsd]
> [ 6.743339] [<ffffffff811335ae>] ? __get_free_pages+0xe/0x50
> [ 6.743339] [<ffffffff81133606>] ? get_zeroed_page+0x16/0x20
> [ 6.743339] [<ffffffffa0499d10>] ? write_leasetime+0xa0/0xa0 [nfsd]
> [ 6.743339] [<ffffffffa0499178>] nfsctl_transaction_write+0x48/0x80 [nfsd]
> [ 6.743339] [<ffffffff811997cd>] vfs_write+0xbd/0x1e0
> [ 6.743339] [<ffffffff8119a229>] SyS_write+0x49/0xa0
> [ 6.743339] [<ffffffff8151b99d>] system_call_fastpath+0x1a/0x1f
> [ 6.743339] Code: 89 f8 48 89 e5 f6 82 00 2a 64 81 20 74 15 0f 1f 44 00 00 48 83 c0 01 0f b6 10 f6 82 00 2a 64 81 20 75 f0 5d c3 66 0f 1f 44 00 00 <80> 3f 00 55 48 89 e5 74 15 48 89 f8 0f 1f 40 00 48 83 c0 01 80
> [ 6.743339] RIP [<ffffffff812de260>] skip_spaces+0x30/0x30
> [ 6.743339] RSP <ffff88001dff3bc8>
> [ 6.743339] CR2: 0000000000000000
> [ 6.750025] ---[ end trace 112065af093b07b3 ]---
Argh! Thanks for bisecting that... The attached patch should fix it...
--
Trond Myklebust
Linux NFS client maintainer
NetApp
Trond.Myklebust@xxxxxxxxxx
www.netapp.com
From 44848796c30ab924a748f27d121623e6283127b6 Mon Sep 17 00:00:00 2001
From: Trond Myklebust <Trond.Myklebust@xxxxxxxxxx>
Date: Thu, 29 Aug 2013 12:14:47 -0400
Subject: [PATCH] fixup! SUNRPC: Cleanup rpc_setup_pipedir
---
net/sunrpc/clnt.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
index f1c3896..b1ff429 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -160,6 +160,9 @@ rpc_setup_pipedir(struct super_block *pipefs_sb, struct rpc_clnt *clnt)
static inline int rpc_clnt_skip_event(struct rpc_clnt *clnt, unsigned long event)
{
+ if (clnt->cl_program->pipe_dir_name == NULL)
+ return 1;
+
switch (event) {
case RPC_PIPEFS_MOUNT:
if (clnt->cl_pipedir_objects.pdh_dentry != NULL)
@@ -220,8 +223,6 @@ static struct rpc_clnt *rpc_get_client_for_event(struct net *net, int event)
spin_lock(&sn->rpc_client_lock);
list_for_each_entry(clnt, &sn->all_clients, cl_clients) {
- if (clnt->cl_program->pipe_dir_name == NULL)
- continue;
if (rpc_clnt_skip_event(clnt, event))
continue;
spin_unlock(&sn->rpc_client_lock);
@@ -282,7 +283,7 @@ static int rpc_client_register(const struct rpc_create_args *args,
int err;
pipefs_sb = rpc_get_sb_net(net);
- if (pipefs_sb) {
+ if (pipefs_sb && args->program->pipe_dir_name != NULL) {
err = rpc_setup_pipedir(pipefs_sb, clnt);
if (err)
goto out;
--
1.8.3.1
