Bug 247120 - NFSd oops when exporting krb5p mounts
NFSd oops when exporting krb5p mounts
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
5.0
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Steve Dickson
Martin Jenner
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-07-05 11:04 EDT by Steve Dickson
Modified: 2007-11-30 17:07 EST (History)
3 users (show)

See Also:
Fixed In Version: RHBA-2007-0959
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-07 14:55:10 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
export file that caused the oops (174 bytes, text/plain)
2007-07-05 11:04 EDT, Steve Dickson
no flags Details
UPstream patch that stops the problem (1.73 KB, patch)
2007-07-05 11:08 EDT, Steve Dickson
no flags Details | Diff

  None (edit)
Description Steve Dickson 2007-07-05 11:04:40 EDT
Description of problem:
The following oops occurs when exporting a krb5p export:
kernel BUG at mm/slab.c:594!
invalid opcode: 0000 [#1]
SMP 
last sysfs file: /block/ram0/range
Modules linked in: nfsd exportfs lockd nfs_acl autofs4 i2c_dev i2c_core hidp
rfcomm l2cap bluetooth rpcsec_gss_krb5 auth_rpcgss des sunrpc xennet ipv6
dm_mirror dm_mod parport_pc lp parport pcspkr xenblk ext3 jbd ehci_hcd ohci_hcd
uhci_hcd
CPU:    0
EIP:    0061:[<c0461e92>]    Not tainted VLI
EFLAGS: 00010046   (2.6.18-30.el5xen #1) 
EIP is at kfree+0x32/0x77
eax: 00000400   ebx: d28d3940   ecx: 00000000   edx: c1025180
esi: c128c380   edi: 00000000   ebp: d5d77c40   esp: d4b6af70
ds: 007b   es: 007b   ss: 0069
Process nfsd (pid: 2154, ti=d4b6a000 task=d37f4550 task.ti=d4b6a000)
Stack: d28d3940 d28d394c d35eec00 e0c2d3b2 d28d394c e0c2d380 c04d864d d28d3940 
       00000001 e0b75e6f e0c4da20 d4b6a000 e0b75ea9 e0b75ed3 d5d77c40 e0c2e827 
       e0b710a5 00000009 e0c27746 00100100 00200200 d37f4550 fffffeff ffffffff 
Call Trace:
 [<e0c2d3b2>] svc_export_put+0x32/0x43 [nfsd]
 [<e0c2d380>] svc_export_put+0x0/0x43 [nfsd]
 [<c04d864d>] kref_put+0x5a/0x64
 [<e0b75e6f>] cache_clean+0x16a/0x198 [sunrpc]
 [<e0b75ea9>] cache_flush+0xc/0x1f [sunrpc]
 [<e0b75ed3>] cache_purge+0x17/0x20 [sunrpc]
 [<e0c2e827>] nfsd_export_flush+0x1e/0x2b [nfsd]
 [<e0b710a5>] svc_destroy+0x66/0x95 [sunrpc]
 [<e0c27746>] nfsd+0x282/0x294 [nfsd]
 [<e0c274c4>] nfsd+0x0/0x294 [nfsd]
 [<c0402771>] kernel_thread_helper+0x5/0xb
 =======================
Code: 74 6a e8 f2 2b fb ff 8d 96 00 00 00 40 c1 ea 0c c1 e2 05 03 15 90 ed 87 c0
89 c7 8b 02 f6 c4 40 74 03 8b 52 0c 8b 02 84 c0 78 08 <0f> 0b 52 02 0f a5 61 c0
89 e0 8b 4a 18 25 00 f0 ff ff 8b 40 10 
EIP: [<c0461e92>] kfree+0x32/0x77 SS:ESP 0069:d4b6af70
 <0>Kernel panic - not syncing: Fatal exception


Version-Release number of selected component (if applicable):
Kernel 2.6.18-30.el5xen on an i686

How reproducible:
All the time on a xen guest.

Steps to Reproduce:
1. Use the attached exports file.
2. Start NFS during boot time (i.e. chkconfig nfs yes)
3. reboot machine
    (Note: the "gss/krb5:/home: Cannot allocate memory" failure
     when machine is coming up)
4. log in and bring the NFS server down (i.e. service nfs stop)
  
Actual results:
oops

Expected results:
The NFS server comes down peacefully

Additional info:
Comment 1 Steve Dickson 2007-07-05 11:04:40 EDT
Created attachment 158597 [details]
export file that caused the oops
Comment 2 Steve Dickson 2007-07-05 11:08:15 EDT
Created attachment 158599 [details]
UPstream patch that stops the problem

commit f988443a84528bd30c2f474efa5e2c511959f19b
Author: NeilBrown <neilb@suse.de>
Date:	Wed Dec 13 00:35:45 2006 -0800

    [PATCH] knfsd: Fix up some bit-rot in exp_export

    The nfsservctl system call isn't used but recent nfs-utils releases for
    exporting filesystems, and consequently the code that is uses - exp_export
-
    has suffered some bitrot.

    Particular:
      - some newly added fields in 'struct svc_export' are being initialised
	properly.
      - the return value is now always -ENOMEM ...

    This patch fixes both these problems.

    Signed-off-by: Neil Brown <neilb@suse.de>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Comment 3 RHEL Product and Program Management 2007-07-05 11:17:03 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 4 Tom Coughlan 2007-07-06 15:19:36 EDT
Posted to rhkernel-list on Thu, 05 Jul 2007. Received three ACKs on that list.  
Comment 6 Don Zickus 2007-07-10 12:20:11 EDT
in 2.6.18-33.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5
Comment 8 Mike Gahagan 2007-07-31 11:20:34 EDT
I wasn't able to reproduce the crash, but I can verify the patch is in the -36
kernel.
Comment 10 errata-xmlrpc 2007-11-07 14:55:10 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0959.html

Note You need to log in before you can comment on or make changes to this bug.