panic in nfsd in freebsd7-release and -stable
Kostik Belousov
kostikbel at gmail.com
Mon May 26 13:45:50 UTC 2008
On Sun, May 25, 2008 at 09:28:36PM -0400, Andrew Edwards wrote:
> I have a system that was running some version of redhat (I don't
> remember now) and I upgraded it to freebsd7 and I would get an immediate
> panic when nfsd is started. I then updated to 7-stable (on May 24th)
> and built a new kerenl and userland and the panic continued.
>
> This was happening 100% of the time whenever nfsd is started but what I
> later discovered was that because I had used the same IP's as the linux
> host there were some systems that still had a filesystem mounted from
> before the conversion. I put in an ipfw rule to block those hosts and
> then I was able to start nfsd without crashing and then create new
> mounts. I have been able to work-around the issue by forcing all of the
> servers that were mounting from the linux os to remount, I am only
> including this information just in case someone else runs into a similar
> problem.
>
> Thanks,
> Andrew
>
> Here's the backtrace
>
> Fatal trap 12: page fault while in kernel mode
> cpuid = 1; apic id = 06
> fault virtual address = 0x18
> fault code = supervisor read, page not present
> instruction pointer = 0x20:0xc06ce915
> stack pointer = 0x28:0xe8f32a48
> frame pointer = 0x28:0xe8f32a64
> code segment = base 0x0, limit 0xfffff, type 0x1b
> = DPL 0, pres 1, def32 1, gran 1
> processor eflags = resume, IOPL = 0
> current process = 755 (nfsd)
> trap number = 12
> panic: page fault
> cpuid = 1
> Uptime: 40m22s
> Physical memory: 3318 MB
> Dumping 93 MB: 78 62 46 30 14
>
> #0 doadump () at pcpu.h:195
> 195 pcpu.h: No such file or directory.
> in pcpu.h
> (kgdb) bt
> #0 doadump () at pcpu.h:195
> #1 0xc069a917 in boot (howto=260) at
> /usr/src/sys/kern/kern_shutdown.c:418
> #2 0xc069ac13 in panic (fmt=Variable "fmt" is not available.
> ) at /usr/src/sys/kern/kern_shutdown.c:572
> #3 0xc0926763 in trap_fatal (frame=0xe8f32a08, eva=24)
> at /usr/src/sys/i386/i386/trap.c:899
> #4 0xc09270ff in trap (frame=0xe8f32a08) at
> /usr/src/sys/i386/i386/trap.c:280
> #5 0xc090c84b in calltrap () at /usr/src/sys/i386/i386/exception.s:139
> #6 0xc06ce915 in turnstile_broadcast (ts=0x0, queue=0)
> at /usr/src/sys/kern/subr_turnstile.c:835
> #7 0xc068d292 in _mtx_unlock_sleep (m=0xc0a47e10, opts=0, file=0x0,
> line=0)
> at /usr/src/sys/kern/kern_mutex.c:611
> #8 0xc0849b79 in nfsrv3_access (nfsd=0xc6ba5d00, slp=0xc6b7f700,
> td=0xc6856c60, mrq=0xe8f32c58) at
> /usr/src/sys/nfsserver/nfs_serv.c:253
> #9 0xc085bc71 in nfssvc (td=0xc6856c60, uap=0xe8f32cfc)
> at /usr/src/sys/nfsserver/nfs_syscalls.c:461
> #10 0xc0926d35 in syscall (frame=0xe8f32d38)
> at /usr/src/sys/i386/i386/trap.c:1035
> #11 0xc090c8b0 in Xint0x80_syscall ()
> at /usr/src/sys/i386/i386/exception.s:196
> #12 0x00000033 in ?? ()
Please, test the change below.
The nfsm_srvmtofh() may execute nfsm_reply(), that contains the goto nfsmout.
Since the code under the label includes conditional unlock of the Giant,
vfslocked must be initialized prior to the nfsm_srvmtofh. I found three
ommissions.
The patch also contains the removal of the duplicated code for the rev. 1.179.
diff --git a/sys/nfsserver/nfs_serv.c b/sys/nfsserver/nfs_serv.c
index 5343627..6e716e4 100644
--- a/sys/nfsserver/nfs_serv.c
+++ b/sys/nfsserver/nfs_serv.c
@@ -210,6 +210,7 @@ nfsrv3_access(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
if (!v3)
panic("nfsrv3_access: v3 proc called on a v2 connection");
+ vfslocked = 0;
fhp = &nfh.fh_generic;
nfsm_srvmtofh(fhp);
tl = nfsm_dissect_nonblock(u_int32_t *, NFSX_UNSIGNED);
@@ -1285,6 +1286,7 @@ nfsrv_writegather(struct nfsrv_descript **ndp, struct nfssvc_sock *slp,
i = 0;
len = 0;
#endif
+ vfslocked = 0;
*mrq = NULL;
if (*ndp) {
nfsd = *ndp;
@@ -2146,7 +2148,7 @@ nfsrv_remove(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
nfsfh_t nfh;
fhandle_t *fhp;
struct mount *mp = NULL;
- int vfslocked, vfslocked1;
+ int vfslocked;
nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
ndclear(&nd);
@@ -2168,11 +2170,7 @@ nfsrv_remove(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
nd.ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF | MPSAFE;
error = nfs_namei(&nd, fhp, len, slp, nam, &md, &dpos,
&dirp, v3, &dirfor, &dirfor_ret, td, FALSE);
- vfslocked1 = NDHASGIANT(&nd);
- if (vfslocked && vfslocked1)
- VFS_UNLOCK_GIANT(vfslocked1);
- if (vfslocked || vfslocked1)
- vfslocked = 1;
+ vfslocked = nfsrv_lockedpair_nd(vfslocked, &nd);
if (dirp && !v3) {
vrele(dirp);
dirp = NULL;
@@ -4132,6 +4130,7 @@ nfsrv_pathconf(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
if (!v3)
panic("nfsrv_pathconf: v3 proc called on a v2 connection");
+ vfslocked = 0;
fhp = &nfh.fh_generic;
nfsm_srvmtofh(fhp);
error = nfsrv_fhtovp(fhp, 1, &vp, &vfslocked, cred, slp,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20080526/82e007cc/attachment.pgp
More information about the freebsd-net
mailing list