726355 – nfs: rpc_peeraddr2str+0x16/0x30, NULL pointer dereference at 0000000000000610

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 726355 - nfs: rpc_peeraddr2str+0x16/0x30, NULL pointer dereference at 0000000000000610

Summary: nfs: rpc_peeraddr2str+0x16/0x30, NULL pointer dereference at 0000000000000610

Keywords:
Status:	CLOSED DUPLICATE of bug 637278
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	6.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Red Hat Kernel Manager
QA Contact:	Red Hat Kernel QE team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-07-28 11:14 UTC by Jan Stancek
Modified:	2011-09-28 19:19 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-09-28 19:19:18 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Jan Stancek 2011-07-28 11:14:18 UTC

Description of problem:
While running automated nfs4 server tests using pynfs40 suite, server side panic'd.

Version-Release number of selected component (if applicable):
2.6.32-71.34.1.el6.x86_64

How reproducible:
sporadically ~20%

Steps to Reproduce:
1. run pynfs40 servertest with kernel 2.6.32-71.34.1.el6.x86_64,
using sys and krb5p security

Actual results:
server-side panic

Expected results:
no panic

Additional info:
I haven't been able to reproduce the panic with 2.6.32-169.el6.
I see panics happening in both multi-host and single-host mode of test.

Comment 1 Jan Stancek 2011-07-28 11:15:03 UTC

BUG: unable to handle kernel NULL pointer dereference at 0000000000000610 
IP: [<ffffffffa052f046>] rpc_peeraddr2str+0x16/0x30 [sunrpc] 
PGD 0  
Oops: 0000 [#1] SMP  
last sysfs file: /sys/devices/system/cpu/cpu3/cache/index2/shared_cpu_map 
CPU 1  
Modules linked in: cryptd aes_x86_64 aes_generic cbc cts bluetooth rfkill nfsd exportfs des_generic nfs lockd fscache nfs_acl rpcsec_gss_krb5 auth_rpcgss sunrpc cpufreq_ondemand acpi_cpufreq freq_table ipv6 dm_mirror dm_region_hash dm_log wmi sg serio_raw iTCO_wdt iTCO_vendor_support tg3 snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm snd_timer snd soundcore snd_page_alloc i5k_amb hwmon i5400_edac edac_core shpchp ext4 mbcache jbd2 sr_mod cdrom sd_mod crc_t10dif firewire_ohci firewire_core crc_itu_t mptsas mptscsih mptbase scsi_transport_sas pata_acpi ata_generic ata_piix ahci nouveau ttm drm_kms_helper drm i2c_algo_bit video output i2c_core dm_mod [last unloaded: microcode] 
 
Modules linked in: cryptd aes_x86_64 aes_generic cbc cts bluetooth rfkill nfsd exportfs des_generic nfs lockd fscache nfs_acl rpcsec_gss_krb5 auth_rpcgss sunrpc cpufreq_ondemand acpi_cpufreq freq_table ipv6 dm_mirror dm_region_hash dm_log wmi sg serio_raw iTCO_wdt iTCO_vendor_support tg3 snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm snd_timer snd soundcore snd_page_alloc i5k_amb hwmon i5400_edac edac_core shpchp ext4 mbcache jbd2 sr_mod cdrom sd_mod crc_t10dif firewire_ohci firewire_core crc_itu_t mptsas mptscsih mptbase scsi_transport_sas pata_acpi ata_generic ata_piix ahci nouveau ttm drm_kms_helper drm i2c_algo_bit video output i2c_core dm_mod [last unloaded: microcode] 
Pid: 3434, comm: rpc.gssd Tainted: G        W  ----------------  2.6.32-71.34.1.el6.x86_64 #1 HP xw8600 Workstation 
RIP: 0010:[<ffffffffa052f046>]  [<ffffffffa052f046>] rpc_peeraddr2str+0x16/0x30 [sunrpc] 
RSP: 0018:ffff88007b019e48  EFLAGS: 00010246 
RAX: 0000000000000000 RBX: ffff880079fc9a00 RCX: 0000000000000001 
RDX: ffffffffa054dc50 RSI: 0000000000000000 RDI: ffff880079fc9a00 
RBP: ffff88007b019e48 R08: 00000000fffffffb R09: 00000000fffffffe 
R10: 0000000000000000 R11: 0000000000000246 R12: ffff880079b5f540 
R13: 0000000000000001 R14: ffff88007f910440 R15: ffff88007b019eb0 
FS:  00007fa4d7cf87c0(0000) GS:ffff880001e40000(0000) knlGS:0000000000000000 
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 
CR2: 0000000000000610 CR3: 000000007bf43000 CR4: 00000000000406e0 
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 
Process rpc.gssd (pid: 3434, threadinfo ffff88007b018000, task ffff88007af60b30) 
Stack: 
 ffff88007b019e68 ffffffffa054865b ffff880079b5f540 ffff88004384e9c0 
<0> ffff88007b019ee8 ffffffff8118f535 ffff88007b019ea8 00007fff4c2a3580 
<0> ffff880079b5f578 ffff88007b019f48 0000000000000100 0000000000000000 
Call Trace: 
 [<ffffffffa054865b>] rpc_show_info+0x4b/0xb0 [sunrpc] 
 [<ffffffff8118f535>] seq_read+0xe5/0x3f0 
 [<ffffffff8116dbf5>] vfs_read+0xb5/0x1a0 
 [<ffffffff8116dd31>] sys_read+0x51/0x90 
 [<ffffffff81013172>] system_call_fastpath+0x16/0x1b 
Code: 47 50 30 fa 52 a0 c9 c3 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 0f 1f 44 00 00 48 8b 47 30 48 c7 c2 50 dc 54 a0 89 f6 <48> 8b 84 f0 10 06 00 00 c9 48 85 c0 48 0f 44 c2 c3 66 0f 1f 84  
RIP  [<ffffffffa052f046>] rpc_peeraddr2str+0x16/0x30 [sunrpc] 
 RSP <ffff88007b019e48> 
CR2: 0000000000000610 
---[ end trace fe74b08e09e7b7bd ]--- 
Kernel panic - not syncing: Fatal exception 
Pid: 3434, comm: rpc.gssd Tainted: G      D W  ----------------  2.6.32-71.34.1.el6.x86_64 #1 
Call Trace: 
 [<ffffffff814c8c14>] panic+0x78/0x137 
 [<ffffffff814ccce4>] oops_end+0xe4/0x100 
 [<ffffffff8104656b>] no_context+0xfb/0x260 
 [<ffffffff810467f5>] __bad_area_nosemaphore+0x125/0x1e0 
 [<ffffffff8104691e>] bad_area+0x4e/0x60 
 [<ffffffff814ce830>] do_page_fault+0x390/0x3a0 
 [<ffffffff814cc035>] page_fault+0x25/0x30 
 [<ffffffffa052f046>] ? rpc_peeraddr2str+0x16/0x30 [sunrpc] 
 [<ffffffffa054865b>] rpc_show_info+0x4b/0xb0 [sunrpc] 
 [<ffffffff8118f535>] seq_read+0xe5/0x3f0 
 [<ffffffff8116dbf5>] vfs_read+0xb5/0x1a0 
 [<ffffffff8116dd31>] sys_read+0x51/0x90 
 [<ffffffff81013172>] system_call_fastpath+0x16/0x1b 
panic occurred, switching back to text console

Comment 4 J. Bruce Fields 2011-09-28 19:19:18 UTC

Assuming this got fixed, most likely by "SUNRPC: Fix a race in rpc_info_open".

*** This bug has been marked as a duplicate of bug 637278 ***

Note You need to log in before you can comment on or make changes to this bug.