Re: upstream server crash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Oct 24, 2016, at 11:24 AM, Jeff Layton <jlayton@xxxxxxxxxx> wrote:
> 
> On Mon, 2016-10-24 at 11:19 -0400, Jeff Layton wrote:
>> On Mon, 2016-10-24 at 09:51 -0400, Chuck Lever wrote:
>>> 
>>>> 
>>>> 
>>>> On Oct 24, 2016, at 9:31 AM, Jeff Layton <jlayton@xxxxxxxxxx> wrote:
>>>> 
>>>> On Mon, 2016-10-24 at 11:15 +0800, Eryu Guan wrote:
>>>>> 
>>>>> 
>>>>> On Sun, Oct 23, 2016 at 02:21:15PM -0400, J. Bruce Fields wrote:
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> I'm getting an intermittent crash in the nfs server as of
>>>>>> 68778945e46f143ed7974b427a8065f69a4ce944 "SUNRPC: Separate buffer
>>>>>> pointers for RPC Call and Reply messages".
>>>>>> 
>>>>>> I haven't tried to understand that commit or why it would be a problem yet, I
>>>>>> don't see an obvious connection--I can take a closer look Monday.
>>>>>> 
>>>>>> Could even be that I just landed on this commit by chance, the problem is a
>>>>>> little hard to reproduce so I don't completely trust my testing.
>>>>> 
>>>>> I've hit the same crash on 4.9-rc1 kernel, and it's reproduced for me
>>>>> reliably by running xfstests generic/013 case, on a loopback mounted
>>>>> NFSv4.1 (or NFSv4.2), XFS is the underlying exported fs. More details
>>>>> please see
>>>>> 
>>>>> http://marc.info/?l=linux-nfs&m=147714320129362&w=2
>>>>> 
>>>> 
>>>> Looks like you landed at the same commit as Bruce, so that's probably
>>>> legit. That commit is very small though. The only real change that
>>>> doesn't affect the new field is this:
>>>> 
>>>> 
>>>> @@ -1766,7 +1766,7 @@ rpc_xdr_encode(struct rpc_task *task)
>>>>                     req->rq_buffer,
>>>>                     req->rq_callsize);
>>>>        xdr_buf_init(&req->rq_rcv_buf,
>>>> -                    (char *)req->rq_buffer + req->rq_callsize,
>>>> +                    req->rq_rbuffer,
>>>>                     req->rq_rcvsize);
>>>> 
>>>> 
>>>> So I'm guessing this is breaking the callback channel somehow?
>>> 
>>> Could be the TCP backchannel code is using rq_buffer in a different
>>> way than RDMA backchannel or the forward channel code.
>>> 
>> 
>> Well, it basically allocates a page per rpc_rqst and then maps that.
>> 
>> One thing I notice is that this patch ensures that rq_rbuffer gets set
>> up in rpc_malloc and xprt_rdma_allocate, but it looks like
>> xprt_alloc_bc_req didn't get the same treatment.
>> 
>> I suspect that that may be the problem...
>> 
> In fact, maybe we just need this here? (untested and probably
> whitespace damaged):
> 
> diff --git a/net/sunrpc/backchannel_rqst.c b/net/sunrpc/backchannel_rqst.c
> index ac701c28f44f..c561aa8ce05b 100644
> --- a/net/sunrpc/backchannel_rqst.c
> +++ b/net/sunrpc/backchannel_rqst.c
> @@ -100,6 +100,7 @@ struct rpc_rqst *xprt_alloc_bc_req(struct rpc_xprt *xprt, gfp_t gfp_flags)
>                goto out_free;
>        }
>        req->rq_rcv_buf.len = PAGE_SIZE;
> +       req->rq_rbuffer = req->rq_rcv_buf.head[0].iov_base;

That looks plausible! Basically that is needed after xdr_buf_init()
is done for a backchannel rpc_rqst's receive buffer.

net/sunrpc/xprtrdma/backchannel.c might need a similar change. I saw
crashes with generic/013 at bake-a-thon last week, but as the iommu
was involved with those, I've been looking in a different place. Will
give this a try.


>        /* Preallocate one XDR send buffer */
>        if (xprt_alloc_xdr_buf(&req->rq_snd_buf, gfp_flags) < 0) {

--
Chuck Lever



--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux