715049 – hang during mount of GFS2 in Fedora 15

Bug 715049 - hang during mount of GFS2 in Fedora 15

Summary: hang during mount of GFS2 in Fedora 15

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	15
Hardware:	i686
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Steve Whitehouse
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-06-21 17:37 UTC by David Booher
Modified:	2011-07-15 07:52 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-07-15 07:52:40 UTC
Type:	---
Dependent Products:

Attachments	(Terms of Use)
Proposed fix (2.08 KB, patch) 2011-06-22 11:58 UTC, Steve Whitehouse	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Description David Booher 2011-06-21 17:37:38 UTC

Attempting to mount a GFS2 file system on Fedora 15 hangs on the mount but causes the following: 

[  355.310255] GFS2 (built Jun 13 2011 20:03:20) installed
[  355.404014] BUG: unable to handle kernel NULL pointer dereference at 00000004
[  355.404014] IP: [<f7f949d7>] lkfirst_store+0x5e/0x83 [gfs2]
[  355.404014] *pde = 3dada067 
[  355.404014] Oops: 0000 [#1] SMP 
[  355.404014] last sysfs file: /sys/fs/gfs2/DaveCluster:gfsvol1/lock_module/first
[  355.404014] Modules linked in: gfs2 dlm configfs sunrpc 8021q garp stp llc be2iscsi iscsi_boot_sysfs bnx2i cnic uio cxgb3i libcxgbi cxgb3 mdio ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi snd_ens1371 gameport snd_rawmidi snd_ac97_codec ac97_bus snd_seq snd_seq_device snd_pcm e1000 snd_timer snd soundcore ppdev parport_pc parport microcode snd_page_alloc vmw_balloon i2c_piix4 i2c_core ipv6 mptspi mptscsih mptbase scsi_transport_spi [last unloaded: mperf]
[  355.404014] 
[  355.404014] Pid: 1585, comm: gfs_controld Not tainted 2.6.38.8-32.fc15.i686 #1 VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
[  355.404014] EIP: 0060:[<f7f949d7>] EFLAGS: 00010246 CPU: 0
[  355.404014] EIP is at lkfirst_store+0x5e/0x83 [gfs2]
[  355.404014] EAX: 00000000 EBX: f3cff000 ECX: 00000008 EDX: ffffffea
[  355.404014] ESI: 00000001 EDI: f3eae000 EBP: f3df7f30 ESP: f3df7f18
[  355.404014]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[  355.404014] Process gfs_controld (pid: 1585, ti=f3df6000 task=f3df8c90 task.ti=f3df6000)
[  355.404014] Stack:
[  355.404014]  f3eae000 f7f9b852 f3df7f24 00000001 f7f94979 f3cff000 f3df7f44 f7f94726
[  355.404014]  f7f98c3c ffffffed 00000001 f3df7f70 c052c69d 00000001 bfa12edc f7f98c3c
[  355.404014]  f3edaf54 f3cff004 f3eee540 f42ea180 00000001 bfa12edc f3df7f8c c04e497a
[  355.404014] Call Trace:
[  355.404014]  [<f7f94979>] ? lkfirst_store+0x0/0x83 [gfs2]
[  355.404014]  [<f7f94726>] gfs2_attr_store+0x24/0x29 [gfs2]
[  355.404014]  [<c052c69d>] sysfs_write_file+0xc3/0xee
[  355.404014]  [<c04e497a>] vfs_write+0x8f/0xd7
[  355.404014]  [<c052c5da>] ? sysfs_write_file+0x0/0xee
[  355.404014]  [<c04e4b3c>] sys_write+0x42/0x63
[  355.404014]  [<c07d68cc>] syscall_call+0x7/0xb
[  355.404014] Code: 01 77 44 8d 83 d4 03 00 00 e8 ad 1a 84 c8 8b 43 28 ba f0 ff ff ff a8 40 74 22 f6 83 98 02 00 00 01 b2 ea 75 17 8b 83 ec 02 00 00 
[  355.404014]  78 04 00 74 0b 8b 45 f4 31 d2 89 83 e0 02 00 00 fe 83 d4 03 
[  355.404014] EIP: [<f7f949d7>] lkfirst_store+0x5e/0x83 [gfs2] SS:ESP 0068:f3df7f18
[  355.404014] CR2: 0000000000000004
[  355.442454] ---[ end trace fca290d3c6458e02 ]---
[  355.443256] GFS2: fsid=: Trying to join cluster "lock_dlm", "DaveCluster:gfsvol1"
[  355.514720] GFS2: fsid=DaveCluster:gfsvol1.0: Joined cluster. Now mounting FS...

Comment 1 Steve Whitehouse 2011-06-21 20:05:40 UTC

It looks like gfs_controld is doing the right thing, but for some reason the kernel is having problems with what has been sent. We need to try to figure out exactly what the object is that is NULL here.

If you are able to get an strace from gfs_controld when this is happening, that might be helpful. Otherwise I'll try and take a look at this tomorrow.

Comment 2 Steve Whitehouse 2011-06-21 20:08:04 UTC

Also it would be useful to know the mount command line, or at least what the lock protocol was that was in use (lock_nolock or lock_dlm).

Comment 3 David Booher 2011-06-21 20:08:18 UTC

It's easy for me to get it in this state.  If you tell me how to take the strace, I'll be glad to send it along.

Comment 4 David Booher 2011-06-21 20:36:15 UTC

OK.  I was able to get the PID of the gfs_controld and issue: 
strace -o /home/dbooher/strace.txt -p pid

The strange this is that the mount succeeds when strace is attached to the gfs_controld process.  If I unmount the GFS, terminate the strace and then try to mount it again, it will hang. 

Very strange. 
Just to note: 
lock_dlm is in use.
The mount command is: 
mount /dev/mapper/DaveLV-DaveGFS /test 

I have two straces of 2 succesful mounts if needed.

Comment 5 Steve Whitehouse 2011-06-22 09:09:18 UTC

So it sounds like it is highly timing dependent... in f15, gfs2 uses a different scheme for mounting than it did in earlier versions. Instead of using mount.gfs2, it communicates directly with the kernel (through gfs_controld). I've been running that code on my test system for some time before it was merged, and I'd not hit this issue.

The main clue from the oops is that whatever is NULL is at offset 4 in some structure. I don't think that this can be the superblock. The first field that is accessed is not at offset 4. On the other hand lm_mount is at offset 4 since you are on a 32 bit platform.

So I suspect that gfs_controld might have managed to get to the point of trying to set the "first" parameter before the kernel has set the lock operations on the superblock.

I suspect that stracing gfs_controld adds just enough delay to prevent the race. Should be fairly easy to fix at least, at worst we can just add a completion to be set once the lock operations are valid in the superblock.

Comment 6 Steve Whitehouse 2011-06-22 11:58:03 UTC

Created attachment 505984 [details]
Proposed fix

If you are in a position to test a patch, then this should fix your issue.

Comment 7 David Booher 2011-06-22 13:33:10 UTC

Since this was an "Install to HD" from the LIVE system, my expertise level isn't probably quite up-to-snuff.  However, I assume I would need to: 

1).  Get the correct devel packages
2).  Apply the patch
3).  Rebuild GFS2

I've probably over-simplified it, but I'd be willing to give it a shot :)

Comment 8 Steve Whitehouse 2011-06-22 13:40:50 UTC

You'd need the srpm for the kernel and install that, add the patch and use rpmbuild to recreate the binary rpm. It can be a bit of a long & involved process if you've not done it before. We can still fix the issue anyway for upstream, but its always nice to get confirmation from the original reporter that it does do the right thing :-)

I've been trying to think up another workaround too, aside from using strace, but I'm not sure at the moment how else we could slow down gfs_controld a bit... I've not come up with anything so far.

Comment 9 David Booher 2011-06-22 13:50:20 UTC

You're right...a little too involved for me (not that I wouldn't like to tackle something like that in the future).  If you had the binary rpm built, I would certainly test that on my systems.  I have at least two that are exhibiting these symptoms and I agree that leaving strace attached is probably not the best option.  Thanks for your help.

Comment 10 Steve Whitehouse 2011-07-11 10:26:22 UTC

Patch now in the GFS2 -nmw tree.

Comment 11 Steve Whitehouse 2011-07-15 07:52:40 UTC

Patch in upstream kernel now.

Note You need to log in before you can comment on or make changes to this bug.