Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261585AbVCOWYc (ORCPT ); Tue, 15 Mar 2005 17:24:32 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261990AbVCOWXd (ORCPT ); Tue, 15 Mar 2005 17:23:33 -0500 Received: from ZIVLNX17.UNI-MUENSTER.DE ([128.176.188.79]:56000 "EHLO ZIVLNX17.uni-muenster.de") by vger.kernel.org with ESMTP id S261947AbVCOWVz (ORCPT ); Tue, 15 Mar 2005 17:21:55 -0500 From: Borislav Petkov Subject: Re: 2.6.11-mm3: BUG: atomic counter underflow at: rpcauth_destroy Date: Tue, 15 Mar 2005 23:21:52 +0100 User-Agent: KMail/1.7.2 To: linux-kernel@vger.kernel.org MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200503152321.52799.petkov@uni-muenster.de> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 5704 Lines: 110 On Tuesday 15 March 2005 13:32, you wrote: > Hi there! Hi, I got those too.. > I got some atomic counter underflows in the nfs code: > > Mar 14 17:19:15 phoebee rpc.statd[6890]: Received erroneous SM_UNMON > request from phoebee for 192.168.0.1 Mar 14 17:19:15 phoebee BUG: atomic > counter underflow at: > Mar 14 17:19:15 phoebee [] rpcauth_destroy+0x41/0x50 > Mar 14 17:19:15 phoebee [] rpc_destroy_client+0x9c/0xf0 > Mar 14 17:19:15 phoebee [] rpc_free+0x18/0x40 > Mar 14 17:19:15 phoebee [] rpc_release_task+0xad/0x120 > Mar 14 17:19:15 phoebee [] __rpc_execute+0x2e3/0x360 > Mar 14 17:19:15 phoebee [] xprt_init_autodisconnect+0x0/0xd0 > Mar 14 17:19:15 phoebee [] autoremove_wake_function+0x0/0x50 > Mar 14 17:19:15 phoebee [] rpc_create_client+0x167/0x240 > Mar 14 17:19:15 phoebee [] autoremove_wake_function+0x0/0x50 > Mar 14 17:19:15 phoebee [] rpc_call_sync+0x5a/0xa0 > Mar 14 17:19:15 phoebee [] nsm_mon_unmon+0xb4/0xe0 > Mar 14 17:19:15 phoebee [] nsm_unmonitor+0x26/0x70 > Mar 14 17:19:15 phoebee [] nlm_gc_hosts+0x168/0x190 > Mar 14 17:19:15 phoebee [] nlm_lookup_host+0x46/0x270 > Mar 14 17:19:15 phoebee [] nlmclnt_lookup_host+0x11/0x20 > Mar 14 17:19:15 phoebee [] nlmclnt_proc+0x4a/0x310 > Mar 14 17:19:15 phoebee [] autoremove_wake_function+0x0/0x50 > Mar 14 17:19:15 phoebee [] kernel_sendmsg+0x2e/0x40 > Mar 14 17:19:15 phoebee [] xdr_sendpages+0xc9/0x270 > Mar 14 17:19:15 phoebee [] mempool_free+0x4c/0xa0 > Mar 14 17:19:15 phoebee [] rpc_release_client+0x4b/0x90 > Mar 14 17:19:15 phoebee [] rpc_release_task+0xa6/0x120 > Mar 14 17:19:15 phoebee [] __rpc_execute+0x2e3/0x360 > Mar 14 17:19:15 phoebee [] autoremove_wake_function+0x0/0x50 > Mar 14 17:19:15 phoebee [] autoremove_wake_function+0x0/0x50 > Mar 14 17:19:15 phoebee [] rpc_call_sync+0x65/0xa0 > Mar 14 17:19:15 phoebee [] nfs3_rpc_wrapper+0x63/0x70 > Mar 14 17:19:15 phoebee [] nfs3_proc_setattr+0x93/0xd0 > Mar 14 17:19:15 phoebee [] nfs_scan_commit+0x2c/0x70 > Mar 14 17:19:15 phoebee [] nfs_setattr+0xd0/0x1c0 > Mar 14 17:19:15 phoebee [] __filemap_fdatawrite_range+0xbc/0xc0 > Mar 14 17:19:15 phoebee [] nfs_scan_commit+0x2c/0x70 > Mar 14 17:19:15 phoebee [] nfs_commit_inode+0x3f/0xc0 > Mar 14 17:19:15 phoebee [] nfs_sync_inode+0x54/0x70 > Mar 14 17:19:15 phoebee [] do_setlk+0x77/0x170 > Mar 14 17:19:15 phoebee [] nfs_lock+0x0/0x130 > Mar 14 17:19:15 phoebee [] fcntl_setlk64+0x25b/0x2b0 > Mar 14 17:19:15 phoebee [] dput+0x1e/0x250 > Mar 14 17:19:15 phoebee [] path_release+0x10/0x60 > Mar 14 17:19:15 phoebee [] sys_chown+0x49/0x50 > Mar 14 17:19:15 phoebee [] sys_fcntl64+0x44/0x90 > Mar 14 17:19:15 phoebee [] syscall_call+0x7/0xb > Mar 14 17:19:15 phoebee BUG: atomic counter underflow at: > Mar 14 17:19:15 phoebee [] rpcauth_destroy+0x41/0x50 > Mar 14 17:19:15 phoebee [] rpc_destroy_client+0x9c/0xf0 > Mar 14 17:19:15 phoebee [] rpc_free+0x18/0x40 > Mar 14 17:19:15 phoebee [] rpc_release_task+0xad/0x120 > Mar 14 17:19:15 phoebee [] __rpc_execute+0x2e3/0x360 > Mar 14 17:19:15 phoebee [] xprt_init_autodisconnect+0x0/0xd0 > Mar 14 17:19:15 phoebee [] autoremove_wake_function+0x0/0x50 > Mar 14 17:19:15 phoebee [] rpc_create_client+0x167/0x240 > Mar 14 17:19:15 phoebee [] autoremove_wake_function+0x0/0x50 > Mar 14 17:19:15 phoebee [] rpc_call_sync+0x5a/0xa0 > Mar 14 17:19:15 phoebee [] nsm_mon_unmon+0xb4/0xe0 > Mar 14 17:19:15 phoebee [] extract_entropy+0x4f/0xa0 > Mar 14 17:19:15 phoebee [] nsm_monitor+0x26/0x70 > Mar 14 17:19:15 phoebee [] nlmclnt_lock+0x2b/0xd0 > Mar 14 17:19:15 phoebee [] nlmclnt_proc+0x207/0x310 > Mar 14 17:19:15 phoebee [] autoremove_wake_function+0x0/0x50 > Mar 14 17:19:15 phoebee [] do_setlk+0x77/0x170 > Mar 14 17:19:15 phoebee [] nfs_lock+0x0/0x130 > Mar 14 17:19:15 phoebee [] fcntl_setlk64+0x25b/0x2b0 > Mar 14 17:19:15 phoebee [] dput+0x1e/0x250 > Mar 14 17:19:15 phoebee [] path_release+0x10/0x60 > Mar 14 17:19:15 phoebee [] sys_chown+0x49/0x50 > Mar 14 17:19:15 phoebee [] sys_fcntl64+0x44/0x90 > Mar 14 17:19:15 phoebee [] syscall_call+0x7/0xb > > > Regardless of the "erroneous SM_UNMON request", the atomic counter > should not underflow ;) > > > Regards, > Martin After some rookie debugging I think I've found the evildoer: rpcauth_create used to have a line that inits rpc_auth->au_count to one atomically. This line is now missing so when you release the rpc authentication handle, the au_count underflows. Here's a fix: Signed-off-by: Borislav Petkov --- net/sunrpc/auth.c.orig 2005-03-15 22:34:58.000000000 +0100 +++ net/sunrpc/auth.c 2005-03-15 22:36:23.000000000 +0100 @@ -70,6 +70,7 @@ rpcauth_create(rpc_authflavor_t pseudofl auth = ops->create(clnt, pseudoflavor); if (!auth) return NULL; + atomic_set(&auth->au_count, 1); if (clnt->cl_auth) rpcauth_destroy(clnt->cl_auth); clnt->cl_auth = auth; - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/