Bug 247120 - NFSd oops when exporting krb5p mounts
Summary: NFSd oops when exporting krb5p mounts
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.0
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Steve Dickson
QA Contact: Martin Jenner
Depends On:
TreeView+ depends on / blocked
Reported: 2007-07-05 15:04 UTC by Steve Dickson
Modified: 2007-11-30 22:07 UTC (History)
3 users (show)

Clone Of:
Last Closed: 2007-11-07 19:55:10 UTC

Attachments (Terms of Use)
export file that caused the oops (174 bytes, text/plain)
2007-07-05 15:04 UTC, Steve Dickson
no flags Details
UPstream patch that stops the problem (1.73 KB, patch)
2007-07-05 15:08 UTC, Steve Dickson
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2007:0959 normal SHIPPED_LIVE Updated kernel packages for Red Hat Enterprise Linux 5 Update 1 2007-11-08 00:47:37 UTC

Description Steve Dickson 2007-07-05 15:04:40 UTC
Description of problem:
The following oops occurs when exporting a krb5p export:
kernel BUG at mm/slab.c:594!
invalid opcode: 0000 [#1]
last sysfs file: /block/ram0/range
Modules linked in: nfsd exportfs lockd nfs_acl autofs4 i2c_dev i2c_core hidp
rfcomm l2cap bluetooth rpcsec_gss_krb5 auth_rpcgss des sunrpc xennet ipv6
dm_mirror dm_mod parport_pc lp parport pcspkr xenblk ext3 jbd ehci_hcd ohci_hcd
CPU:    0
EIP:    0061:[<c0461e92>]    Not tainted VLI
EFLAGS: 00010046   (2.6.18-30.el5xen #1) 
EIP is at kfree+0x32/0x77
eax: 00000400   ebx: d28d3940   ecx: 00000000   edx: c1025180
esi: c128c380   edi: 00000000   ebp: d5d77c40   esp: d4b6af70
ds: 007b   es: 007b   ss: 0069
Process nfsd (pid: 2154, ti=d4b6a000 task=d37f4550 task.ti=d4b6a000)
Stack: d28d3940 d28d394c d35eec00 e0c2d3b2 d28d394c e0c2d380 c04d864d d28d3940 
       00000001 e0b75e6f e0c4da20 d4b6a000 e0b75ea9 e0b75ed3 d5d77c40 e0c2e827 
       e0b710a5 00000009 e0c27746 00100100 00200200 d37f4550 fffffeff ffffffff 
Call Trace:
 [<e0c2d3b2>] svc_export_put+0x32/0x43 [nfsd]
 [<e0c2d380>] svc_export_put+0x0/0x43 [nfsd]
 [<c04d864d>] kref_put+0x5a/0x64
 [<e0b75e6f>] cache_clean+0x16a/0x198 [sunrpc]
 [<e0b75ea9>] cache_flush+0xc/0x1f [sunrpc]
 [<e0b75ed3>] cache_purge+0x17/0x20 [sunrpc]
 [<e0c2e827>] nfsd_export_flush+0x1e/0x2b [nfsd]
 [<e0b710a5>] svc_destroy+0x66/0x95 [sunrpc]
 [<e0c27746>] nfsd+0x282/0x294 [nfsd]
 [<e0c274c4>] nfsd+0x0/0x294 [nfsd]
 [<c0402771>] kernel_thread_helper+0x5/0xb
Code: 74 6a e8 f2 2b fb ff 8d 96 00 00 00 40 c1 ea 0c c1 e2 05 03 15 90 ed 87 c0
89 c7 8b 02 f6 c4 40 74 03 8b 52 0c 8b 02 84 c0 78 08 <0f> 0b 52 02 0f a5 61 c0
89 e0 8b 4a 18 25 00 f0 ff ff 8b 40 10 
EIP: [<c0461e92>] kfree+0x32/0x77 SS:ESP 0069:d4b6af70
 <0>Kernel panic - not syncing: Fatal exception

Version-Release number of selected component (if applicable):
Kernel 2.6.18-30.el5xen on an i686

How reproducible:
All the time on a xen guest.

Steps to Reproduce:
1. Use the attached exports file.
2. Start NFS during boot time (i.e. chkconfig nfs yes)
3. reboot machine
    (Note: the "gss/krb5:/home: Cannot allocate memory" failure
     when machine is coming up)
4. log in and bring the NFS server down (i.e. service nfs stop)
Actual results:

Expected results:
The NFS server comes down peacefully

Additional info:

Comment 1 Steve Dickson 2007-07-05 15:04:40 UTC
Created attachment 158597 [details]
export file that caused the oops

Comment 2 Steve Dickson 2007-07-05 15:08:15 UTC
Created attachment 158599 [details]
UPstream patch that stops the problem

commit f988443a84528bd30c2f474efa5e2c511959f19b
Author: NeilBrown <neilb@suse.de>
Date:	Wed Dec 13 00:35:45 2006 -0800

    [PATCH] knfsd: Fix up some bit-rot in exp_export

    The nfsservctl system call isn't used but recent nfs-utils releases for
    exporting filesystems, and consequently the code that is uses - exp_export
    has suffered some bitrot.

      - some newly added fields in 'struct svc_export' are being initialised
      - the return value is now always -ENOMEM ...

    This patch fixes both these problems.

    Signed-off-by: Neil Brown <neilb@suse.de>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>

Comment 3 RHEL Product and Program Management 2007-07-05 15:17:03 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update

Comment 4 Tom Coughlan 2007-07-06 19:19:36 UTC
Posted to rhkernel-list on Thu, 05 Jul 2007. Received three ACKs on that list.  

Comment 6 Don Zickus 2007-07-10 16:20:11 UTC
in 2.6.18-33.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5

Comment 8 Mike Gahagan 2007-07-31 15:20:34 UTC
I wasn't able to reproduce the crash, but I can verify the patch is in the -36

Comment 10 errata-xmlrpc 2007-11-07 19:55:10 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.