Bug 247120

Summary: NFSd oops when exporting krb5p mounts
Product: Red Hat Enterprise Linux 5 Reporter: Steve Dickson <steved>
Component: kernelAssignee: Steve Dickson <steved>
Status: CLOSED ERRATA QA Contact: Martin Jenner <mjenner>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 5.0CC: dzickus, jlayton, staubach
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: RHBA-2007-0959 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-11-07 19:55:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Description Flags
export file that caused the oops
UPstream patch that stops the problem none

Description Steve Dickson 2007-07-05 15:04:40 UTC
Description of problem:
The following oops occurs when exporting a krb5p export:
kernel BUG at mm/slab.c:594!
invalid opcode: 0000 [#1]
last sysfs file: /block/ram0/range
Modules linked in: nfsd exportfs lockd nfs_acl autofs4 i2c_dev i2c_core hidp
rfcomm l2cap bluetooth rpcsec_gss_krb5 auth_rpcgss des sunrpc xennet ipv6
dm_mirror dm_mod parport_pc lp parport pcspkr xenblk ext3 jbd ehci_hcd ohci_hcd
CPU:    0
EIP:    0061:[<c0461e92>]    Not tainted VLI
EFLAGS: 00010046   (2.6.18-30.el5xen #1) 
EIP is at kfree+0x32/0x77
eax: 00000400   ebx: d28d3940   ecx: 00000000   edx: c1025180
esi: c128c380   edi: 00000000   ebp: d5d77c40   esp: d4b6af70
ds: 007b   es: 007b   ss: 0069
Process nfsd (pid: 2154, ti=d4b6a000 task=d37f4550 task.ti=d4b6a000)
Stack: d28d3940 d28d394c d35eec00 e0c2d3b2 d28d394c e0c2d380 c04d864d d28d3940 
       00000001 e0b75e6f e0c4da20 d4b6a000 e0b75ea9 e0b75ed3 d5d77c40 e0c2e827 
       e0b710a5 00000009 e0c27746 00100100 00200200 d37f4550 fffffeff ffffffff 
Call Trace:
 [<e0c2d3b2>] svc_export_put+0x32/0x43 [nfsd]
 [<e0c2d380>] svc_export_put+0x0/0x43 [nfsd]
 [<c04d864d>] kref_put+0x5a/0x64
 [<e0b75e6f>] cache_clean+0x16a/0x198 [sunrpc]
 [<e0b75ea9>] cache_flush+0xc/0x1f [sunrpc]
 [<e0b75ed3>] cache_purge+0x17/0x20 [sunrpc]
 [<e0c2e827>] nfsd_export_flush+0x1e/0x2b [nfsd]
 [<e0b710a5>] svc_destroy+0x66/0x95 [sunrpc]
 [<e0c27746>] nfsd+0x282/0x294 [nfsd]
 [<e0c274c4>] nfsd+0x0/0x294 [nfsd]
 [<c0402771>] kernel_thread_helper+0x5/0xb
Code: 74 6a e8 f2 2b fb ff 8d 96 00 00 00 40 c1 ea 0c c1 e2 05 03 15 90 ed 87 c0
89 c7 8b 02 f6 c4 40 74 03 8b 52 0c 8b 02 84 c0 78 08 <0f> 0b 52 02 0f a5 61 c0
89 e0 8b 4a 18 25 00 f0 ff ff 8b 40 10 
EIP: [<c0461e92>] kfree+0x32/0x77 SS:ESP 0069:d4b6af70
 <0>Kernel panic - not syncing: Fatal exception

Version-Release number of selected component (if applicable):
Kernel 2.6.18-30.el5xen on an i686

How reproducible:
All the time on a xen guest.

Steps to Reproduce:
1. Use the attached exports file.
2. Start NFS during boot time (i.e. chkconfig nfs yes)
3. reboot machine
    (Note: the "gss/krb5:/home: Cannot allocate memory" failure
     when machine is coming up)
4. log in and bring the NFS server down (i.e. service nfs stop)
Actual results:

Expected results:
The NFS server comes down peacefully

Additional info:

Comment 1 Steve Dickson 2007-07-05 15:04:40 UTC
Created attachment 158597 [details]
export file that caused the oops

Comment 2 Steve Dickson 2007-07-05 15:08:15 UTC
Created attachment 158599 [details]
UPstream patch that stops the problem

commit f988443a84528bd30c2f474efa5e2c511959f19b
Author: NeilBrown <neilb@suse.de>
Date:	Wed Dec 13 00:35:45 2006 -0800

    [PATCH] knfsd: Fix up some bit-rot in exp_export

    The nfsservctl system call isn't used but recent nfs-utils releases for
    exporting filesystems, and consequently the code that is uses - exp_export
    has suffered some bitrot.

      - some newly added fields in 'struct svc_export' are being initialised
      - the return value is now always -ENOMEM ...

    This patch fixes both these problems.

    Signed-off-by: Neil Brown <neilb@suse.de>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>

Comment 3 RHEL Product and Program Management 2007-07-05 15:17:03 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update

Comment 4 Tom Coughlan 2007-07-06 19:19:36 UTC
Posted to rhkernel-list on Thu, 05 Jul 2007. Received three ACKs on that list.  

Comment 6 Don Zickus 2007-07-10 16:20:11 UTC
in 2.6.18-33.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5

Comment 8 Mike Gahagan 2007-07-31 15:20:34 UTC
I wasn't able to reproduce the crash, but I can verify the patch is in the -36

Comment 10 errata-xmlrpc 2007-11-07 19:55:10 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.