Bug 726355

Summary: nfs: rpc_peeraddr2str+0x16/0x30, NULL pointer dereference at 0000000000000610
Product: Red Hat Enterprise Linux 6 Reporter: Jan Stancek <jstancek>
Component: kernelAssignee: Red Hat Kernel Manager <kernel-mgr>
Status: CLOSED DUPLICATE QA Contact: Red Hat Kernel QE team <kernel-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.0CC: bfields, dhowells, jburke, jlayton, rwheeler, steved
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-28 19:19:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Stancek 2011-07-28 11:14:18 UTC 
Description of problem:
While running automated nfs4 server tests using pynfs40 suite, server side panic'd.

Version-Release number of selected component (if applicable):
2.6.32-71.34.1.el6.x86_64

How reproducible:
sporadically ~20%

Steps to Reproduce:
1. run pynfs40 servertest with kernel 2.6.32-71.34.1.el6.x86_64,
using sys and krb5p security

Actual results:
server-side panic

Expected results:
no panic

Additional info:
I haven't been able to reproduce the panic with 2.6.32-169.el6.
I see panics happening in both multi-host and single-host mode of test.
Comment 1 Jan Stancek 2011-07-28 11:15:03 UTC 
BUG: unable to handle kernel NULL pointer dereference at 0000000000000610 
IP: [<ffffffffa052f046>] rpc_peeraddr2str+0x16/0x30 [sunrpc] 
PGD 0  
Oops: 0000 [#1] SMP  
last sysfs file: /sys/devices/system/cpu/cpu3/cache/index2/shared_cpu_map 
CPU 1  
Modules linked in: cryptd aes_x86_64 aes_generic cbc cts bluetooth rfkill nfsd exportfs des_generic nfs lockd fscache nfs_acl rpcsec_gss_krb5 auth_rpcgss sunrpc cpufreq_ondemand acpi_cpufreq freq_table ipv6 dm_mirror dm_region_hash dm_log wmi sg serio_raw iTCO_wdt iTCO_vendor_support tg3 snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm snd_timer snd soundcore snd_page_alloc i5k_amb hwmon i5400_edac edac_core shpchp ext4 mbcache jbd2 sr_mod cdrom sd_mod crc_t10dif firewire_ohci firewire_core crc_itu_t mptsas mptscsih mptbase scsi_transport_sas pata_acpi ata_generic ata_piix ahci nouveau ttm drm_kms_helper drm i2c_algo_bit video output i2c_core dm_mod [last unloaded: microcode] 
 
Modules linked in: cryptd aes_x86_64 aes_generic cbc cts bluetooth rfkill nfsd exportfs des_generic nfs lockd fscache nfs_acl rpcsec_gss_krb5 auth_rpcgss sunrpc cpufreq_ondemand acpi_cpufreq freq_table ipv6 dm_mirror dm_region_hash dm_log wmi sg serio_raw iTCO_wdt iTCO_vendor_support tg3 snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm snd_timer snd soundcore snd_page_alloc i5k_amb hwmon i5400_edac edac_core shpchp ext4 mbcache jbd2 sr_mod cdrom sd_mod crc_t10dif firewire_ohci firewire_core crc_itu_t mptsas mptscsih mptbase scsi_transport_sas pata_acpi ata_generic ata_piix ahci nouveau ttm drm_kms_helper drm i2c_algo_bit video output i2c_core dm_mod [last unloaded: microcode] 
Pid: 3434, comm: rpc.gssd Tainted: G        W  ----------------  2.6.32-71.34.1.el6.x86_64 #1 HP xw8600 Workstation 
RIP: 0010:[<ffffffffa052f046>]  [<ffffffffa052f046>] rpc_peeraddr2str+0x16/0x30 [sunrpc] 
RSP: 0018:ffff88007b019e48  EFLAGS: 00010246 
RAX: 0000000000000000 RBX: ffff880079fc9a00 RCX: 0000000000000001 
RDX: ffffffffa054dc50 RSI: 0000000000000000 RDI: ffff880079fc9a00 
RBP: ffff88007b019e48 R08: 00000000fffffffb R09: 00000000fffffffe 
R10: 0000000000000000 R11: 0000000000000246 R12: ffff880079b5f540 
R13: 0000000000000001 R14: ffff88007f910440 R15: ffff88007b019eb0 
FS:  00007fa4d7cf87c0(0000) GS:ffff880001e40000(0000) knlGS:0000000000000000 
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 
CR2: 0000000000000610 CR3: 000000007bf43000 CR4: 00000000000406e0 
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 
Process rpc.gssd (pid: 3434, threadinfo ffff88007b018000, task ffff88007af60b30) 
Stack: 
 ffff88007b019e68 ffffffffa054865b ffff880079b5f540 ffff88004384e9c0 
<0> ffff88007b019ee8 ffffffff8118f535 ffff88007b019ea8 00007fff4c2a3580 
<0> ffff880079b5f578 ffff88007b019f48 0000000000000100 0000000000000000 
Call Trace: 
 [<ffffffffa054865b>] rpc_show_info+0x4b/0xb0 [sunrpc] 
 [<ffffffff8118f535>] seq_read+0xe5/0x3f0 
 [<ffffffff8116dbf5>] vfs_read+0xb5/0x1a0 
 [<ffffffff8116dd31>] sys_read+0x51/0x90 
 [<ffffffff81013172>] system_call_fastpath+0x16/0x1b 
Code: 47 50 30 fa 52 a0 c9 c3 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 0f 1f 44 00 00 48 8b 47 30 48 c7 c2 50 dc 54 a0 89 f6 <48> 8b 84 f0 10 06 00 00 c9 48 85 c0 48 0f 44 c2 c3 66 0f 1f 84  
RIP  [<ffffffffa052f046>] rpc_peeraddr2str+0x16/0x30 [sunrpc] 
 RSP <ffff88007b019e48> 
CR2: 0000000000000610 
---[ end trace fe74b08e09e7b7bd ]--- 
Kernel panic - not syncing: Fatal exception 
Pid: 3434, comm: rpc.gssd Tainted: G      D W  ----------------  2.6.32-71.34.1.el6.x86_64 #1 
Call Trace: 
 [<ffffffff814c8c14>] panic+0x78/0x137 
 [<ffffffff814ccce4>] oops_end+0xe4/0x100 
 [<ffffffff8104656b>] no_context+0xfb/0x260 
 [<ffffffff810467f5>] __bad_area_nosemaphore+0x125/0x1e0 
 [<ffffffff8104691e>] bad_area+0x4e/0x60 
 [<ffffffff814ce830>] do_page_fault+0x390/0x3a0 
 [<ffffffff814cc035>] page_fault+0x25/0x30 
 [<ffffffffa052f046>] ? rpc_peeraddr2str+0x16/0x30 [sunrpc] 
 [<ffffffffa054865b>] rpc_show_info+0x4b/0xb0 [sunrpc] 
 [<ffffffff8118f535>] seq_read+0xe5/0x3f0 
 [<ffffffff8116dbf5>] vfs_read+0xb5/0x1a0 
 [<ffffffff8116dd31>] sys_read+0x51/0x90 
 [<ffffffff81013172>] system_call_fastpath+0x16/0x1b 
panic occurred, switching back to text console
Comment 4 J. Bruce Fields 2011-09-28 19:19:18 UTC 
Assuming this got fixed, most likely by "SUNRPC: Fix a race in rpc_info_open".

*** This bug has been marked as a duplicate of bug 637278 ***