J. Bruce Fields 23fcf2ec93 nfsd4: fix oops on lock failure ... Lock stateid's can have access_bmap 0 if they were only partially initialized (due to a failed lock request); handle that case in free_generic_stateid. ------------[ cut here ]------------ kernel BUG at fs/nfsd/nfs4state.c:380! invalid opcode: 0000 [#1] SMP last sysfs file: /sys/kernel/mm/ksm/run Modules linked in: nfs fscache md4 nls_utf8 cifs ip6table_filter ip6_tables ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat bridge stp llc nfsd lockd nfs_acl auth_rpcgss sunrpc ipv6 ppdev parport_pc parport pcnet32 mii pcspkr microcode i2c_piix4 BusLogic floppy [last unloaded: mperf] Pid: 1468, comm: nfsd Not tainted 2.6.38+ #120 VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform EIP: 0060:[<e24f180d>] EFLAGS: 00010297 CPU: 0 EIP is at nfs4_access_to_omode+0x1c/0x29 [nfsd] EAX: ffffffff EBX: dd758120 ECX: 00000000 EDX: 00000004 ESI: dd758120 EDI: ddfe657c EBP: dd54dde0 ESP: dd54dde0 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 Process nfsd (pid: 1468, ti=dd54c000 task=ddc92580 task.ti=dd54c000) Stack: dd54ddf0 e24f19ca 00000000 ddfe6560 dd54de08 e24f1a5d dd758130 deee3a20 ddfe6560 31270000 dd54df1c e24f52fd 0000000f dd758090 e2505dd0 0be304cf dbb51d68 0000000e ddfe657c ddcd8020 dd758130 dd758128 dd7580d8 dd54de68 Call Trace: [<e24f19ca>] free_generic_stateid+0x1c/0x3e [nfsd] [<e24f1a5d>] release_lockowner+0x71/0x8a [nfsd] [<e24f52fd>] nfsd4_lock+0x617/0x66c [nfsd] [<e24e57b6>] ? nfsd_setuser+0x199/0x1bb [nfsd] [<e24e056c>] ? nfsd_setuser_and_check_port+0x65/0x81 [nfsd] [<c07a0052>] ? _cond_resched+0x8/0x1c [<c04ca61f>] ? slab_pre_alloc_hook.clone.33+0x23/0x27 [<c04cac01>] ? kmem_cache_alloc+0x1a/0xd2 [<c04835a0>] ? __call_rcu+0xd7/0xdd [<e24e0dfb>] ? fh_verify+0x401/0x452 [nfsd] [<e24f0b61>] ? nfsd4_encode_operation+0x52/0x117 [nfsd] [<e24ea0d7>] ? nfsd4_putfh+0x33/0x3b [nfsd] [<e24f4ce6>] ? nfsd4_delegreturn+0xd4/0xd4 [nfsd] [<e24ea2c9>] nfsd4_proc_compound+0x1ea/0x33e [nfsd] [<e24de6ee>] nfsd_dispatch+0xd1/0x1a5 [nfsd] [<e1d6e1c7>] svc_process_common+0x282/0x46f [sunrpc] [<e1d6e578>] svc_process+0xdc/0xfa [sunrpc] [<e24de0fa>] nfsd+0xd6/0x115 [nfsd] [<e24de024>] ? nfsd_shutdown+0x24/0x24 [nfsd] [<c0454322>] kthread+0x62/0x67 [<c04542c0>] ? kthread_worker_fn+0x114/0x114 [<c07a6ebe>] kernel_thread_helper+0x6/0x10 Code: eb 05 b8 00 00 27 4f 8d 65 f4 5b 5e 5f 5d c3 83 e0 03 55 83 f8 02 89 e5 74 17 83 f8 03 74 05 48 75 09 eb 09 b8 02 00 00 00 eb 0b <0f> 0b 31 c0 eb 05 b8 01 00 00 00 5d c3 55 89 e5 57 56 89 d6 8d EIP: [<e24f180d>] nfs4_access_to_omode+0x1c/0x29 [nfsd] SS:ESP 0068:dd54dde0 ---[ end trace 2b0bf6c6557cb284 ]--- The trace route is: -> nfsd4_lock() -> if (lock->lk_is_new) { -> alloc_init_lock_stateid() 3739: stp->st_access_bmap = 0; ->if (status && lock->lk_is_new && lock_sop) -> release_lockowner() -> free_generic_stateid() -> nfs4_access_bmap_to_omode() -> nfs4_access_to_omode() 380: BUG(); ***** This problem was introduced by 0997b17360. Reported-by: Mi Jinlong <mijinlong@cn.fujitsu.com> Tested-by: Mi Jinlong <mijinlong@cn.fujitsu.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>		2011-04-10 12:21:27 -04:00
..
acl.h	nfsd4: remove outdated pathname-comments	2011-01-04 18:22:10 -05:00
auth.c	nfsd: remove pointless paths in file headers	2009-12-15 15:01:47 -05:00
auth.h	nfsd: minor fs/nfsd/auth.h cleanup	2008-02-01 16:42:05 -05:00
cache.h	nfsd: remove pointless paths in file headers	2009-12-15 15:01:47 -05:00
export.c	nfsd: kill unused macro definition	2011-03-07 12:05:09 -05:00
idmap.h	nfsd4: return nfs errno from name_to_id functions	2011-01-04 18:22:11 -05:00
Kconfig	lockd: push lock_flocks down	2010-10-27 21:39:39 +02:00
lockd.c	nfsd: fix auth_domain reference leak on nlm operations	2011-03-24 23:11:27 -04:00
Makefile	knfsd: trivial makefile cleanup	2007-05-09 12:30:54 -07:00
nfs2acl.c	include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h	2010-03-30 22:02:32 +09:00
nfs3acl.c	include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h	2010-03-30 22:02:32 +09:00
nfs3proc.c	nfsd: fix offset printk's in nfsd3 read/write	2010-12-17 15:48:18 -05:00
nfs3xdr.c	nfsd: Fix possible BUG_ON firing in set_change_info	2010-12-08 11:44:04 -05:00
nfs4acl.c	nfsd4: move idmap and acl header files into fs/nfsd	2011-01-04 18:22:09 -05:00
nfs4callback.c	NFSD: fix decode_cb_sequence4resok	2011-02-22 15:55:09 -08:00
nfs4idmap.c	nfsd: kill unused macro definition	2011-03-07 12:05:09 -05:00
nfs4proc.c	nfsd41: modify the members value of nfsd4_op_flags	2011-03-07 12:10:33 -05:00
nfs4recover.c	nfsd4: fix mixed 4.0/4.1 handling, 4.1 reboot	2010-12-17 15:48:01 -05:00
nfs4state.c	nfsd4: fix oops on lock failure	2011-04-10 12:21:27 -04:00
nfs4xdr.c	nfsd: wrong index used in inner loop	2011-03-17 13:09:19 -04:00
nfscache.c	include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h	2010-03-30 22:02:32 +09:00
nfsctl.c	nfsd: fix compile error	2011-03-14 20:57:44 -04:00
nfsd.h	nfsd4: name->id mapping should fail with BADOWNER not BADNAME	2011-01-04 18:21:36 -05:00
nfsfh.c	nfsd: fix "insecure" export option	2009-12-20 20:19:51 -08:00
nfsfh.h	nfsd: fix BUG at fs/nfsd/nfsfh.h:199 on unlink	2010-10-13 15:48:55 -04:00
nfsproc.c	nfsd4: return nfs errno from name_to_id functions	2011-01-04 18:22:11 -05:00
nfssvc.c	svcrpc: simpler request dropping	2011-01-04 16:49:22 -05:00
nfsxdr.c	nfsd: remove pointless paths in file headers	2009-12-15 15:01:47 -05:00
state.h	nfsd4: fix comment and remove unused nfsd4_file fields	2011-03-17 12:52:33 -04:00
stats.c	nfsd: remove pointless paths in file headers	2009-12-15 15:01:47 -05:00
vfs.c	NFSD, VFS: Remove dead code in nfsd_rename()	2011-03-07 12:05:14 -05:00
vfs.h	nfsd: minor nfsd read api cleanup	2010-07-30 12:54:54 -04:00
xdr.h	nfsd: remove pointless paths in file headers	2009-12-15 15:01:47 -05:00
xdr3.h	nfsd: remove pointless paths in file headers	2009-12-15 15:01:47 -05:00
xdr4.h	nfsd4: set sequence flag when backchannel is down	2011-01-11 15:04:10 -05:00