3118 – another crash on my nfs-server

Bug 3118 - another crash on my nfs-server

Summary: another crash on my nfs-server

Status:	CLOSED PATCH_ALREADY_AVAILABLE

Alias:	None

Product:	File System
Classification:	Unclassified
Component:	XFS (show other bugs)
Hardware:	i386 Linux

Importance:	P2 high
Assignee:	XFS Guru

URL:
Keywords:

Depends on:
Blocks:

Reported:	2004-07-25 02:42 UTC by Jan-Frode Myklebust
Modified:	2006-02-25 06:23 UTC (History)
CC List:	2 users (show)

See Also:
Kernel Version:	2.6.8-rc2
Subsystem:
Regression:	---
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Jan-Frode Myklebust 2004-07-25 02:42:55 UTC

Distribution:Whitebox linux 3.0
Hardware Environment:IBM xseries 330, dual cpu Pentium III, 2 GB memory, qla2300
FC-HBA.
Software Environment: Very much a plain whitebox 3.0, plus the 2.6-kernel and
xfs-bits. Working as NFS-server for the home-directories of about 50 active
clients, mostly linux but also solaris.
Problem Description:

I got this oops on my NFS-server. This NFS-server seems to crash about every
second week :( See bug #2929 and #2840 .

Unable to handle kernel paging request at virtual address 00020004
 printing eip:
c013df80
*pde = 00000000
Oops: 0002 [#1]
SMP
Modules linked in: ipv6 lp ipt_REJECT ipt_state ip_conntrack iptable_filter
ip_tables ohci_hcd
CPU:    1
EIP:    0060:[<c013df80>]    Not tainted
EFLAGS: 00010046   (2.6.7-ql)
EIP is at cache_alloc_refill+0x190/0x220
eax: 00020000   ebx: f7c64098   ecx: e7b18000   edx: f7cb2118
esi: ffffffff   edi: e7b18018   ebp: f7cb2100   esp: f3dc49a8
ds: 007b   es: 007b   ss: 0068
Process nfsd (pid: 2806, threadinfo=f3dc4000 task=f3f5c230)
Stack: e7b18018 f7cb2118 f7c640a8 f7cb2120 000000d0 00000246 000000d0 f7cb2100
       f46df400 c013e248 0002e00b 541cd624 f7cb2100 c02273e3 c0211ba2 ffffffff
       ffffffff f3dc4a1c 00000000 00000000 541cd624 00000000 00000000 f3dc4a1c
Call Trace:
 [<c013e248>] kmem_cache_alloc+0x58/0x70
 [<c02273e3>] xfs_iread+0x53/0x240
 [<c0211ba2>] xfs_dir2_block_lookup_int+0x52/0x1a0
 [<c0224781>] xfs_iget_core+0x111/0x5e0
 [<c0224d90>] xfs_iget+0x140/0x180
 [<c02409f4>] xfs_dir_lookup_int+0x94/0x100
 [<c0245da6>] xfs_lookup+0x66/0x90
 [<c02517b4>] linvfs_lookup+0x64/0xa0
 [<c0160c69>] __lookup_hash+0x89/0xb0
 [<c0160cf0>] lookup_one_len+0x50/0x60
 [<c01d5afe>] compose_entry_fh+0x5e/0x130
 [<c01d6024>] encode_entry+0x454/0x580
 [<c024dbe7>] pagebuf_iostart+0x67/0xb0
 [<c020e429>] xfs_da_buf_make+0x1e9/0x1f0
 [<c020da95>] xfs_da_do_buf+0x485/0x990
 [<c0382110>] ip_finish_output2+0x0/0x18a
 [<c036e852>] nf_hook_slow+0xb2/0xf0
 [<c0382110>] ip_finish_output2+0x0/0x18a
 [<c024f4c6>] linvfs_readdir+0x196/0x240
 [<c015fb26>] permission+0x36/0x40
 [<c01d61a0>] nfs3svc_encode_entry_plus+0x0/0x50
 [<c0153c4c>] open_private_file+0x1c/0x90
 [<c01648b9>] vfs_readdir+0x99/0xb0
 [<c01d61a0>] nfs3svc_encode_entry_plus+0x0/0x50
 [<c01cd1d9>] nfsd_readdir+0x79/0xc0
 [<c03cfe86>] svcauth_unix_accept+0x286/0x2a0
 [<c01d2f20>] nfsd3_proc_readdirplus+0xe0/0x1c0
 [<c01d61a0>] nfs3svc_encode_entry_plus+0x0/0x50
 [<c01d50f0>] nfs3svc_decode_readdirplusargs+0x0/0x180
 [<c01c777e>] nfsd_dispatch+0xbe/0x19c
 [<c03ceb92>] svc_authenticate+0xb2/0xd0
 [<c03cc0f2>] svc_process+0x4d2/0x5f9
 [<c0119db0>] default_wake_function+0x0/0x10
 [<c01c7530>] nfsd+0x1b0/0x340
 [<c01c7380>] nfsd+0x0/0x340
 [<c0103fad>] kernel_thread_helper+0x5/0x18
 
Code: 89 50 04 89 02 66 83 79 14 ff c7 01 00 01 10 00 c7 41 04 00


Steps to reproduce:

Comment 1 Jan-Frode Myklebust 2004-07-25 08:20:47 UTC

It crashed again shortly after I brought it back up:


Unable to handle kernel paging request at virtual address ffffff83
 printing eip:
c013df80
*pde = 00003067
*pte = 00000000
Oops: 0002 [#1]
SMP
Modules linked in: ipv6 lp ipt_REJECT ipt_state ip_conntrack iptable_filter
ip_tables ohci_hcd
CPU:    0
EIP:    0060:[<c013df80>]    Not tainted
EFLAGS: 00010046   (2.6.7-ql)
EIP is at cache_alloc_refill+0x190/0x220
eax: ffffff7f   ebx: f7c65078   ecx: dc432000   edx: f7cb2118
esi: 00000009   edi: dc432018   ebp: f7cb2100   esp: f625d9a8
ds: 007b   es: 007b   ss: 0068
Process nfsd (pid: 2804, threadinfo=f625d000 task=c20ba680)
Stack: dc432018 f7cb2118 f7c65088 f7cb2120 000000d0 00000246 000000d0 f7cb2100
       f65ba400 c013e248 000007b6 0b3bd42c f7cb2100 c02273e3 c67043bc 0c608b60
       00000000 c313b9e0 00000000 00000000 0b3bd42c 00000000 00000000 c020e6b5
Call Trace:
 [<c013e248>] kmem_cache_alloc+0x58/0x70
 [<c02273e3>] xfs_iread+0x53/0x240
 [<c020e6b5>] xfs_da_brelse+0xc5/0x110
 [<c0224781>] xfs_iget_core+0x111/0x5e0
 [<c0224d90>] xfs_iget+0x140/0x180
 [<c02409f4>] xfs_dir_lookup_int+0x94/0x100
 [<c0245da6>] xfs_lookup+0x66/0x90
 [<c02517b4>] linvfs_lookup+0x64/0xa0
 [<c0160c69>] __lookup_hash+0x89/0xb0
 [<c0160cf0>] lookup_one_len+0x50/0x60
 [<c01d5afe>] compose_entry_fh+0x5e/0x130
 [<c01d6024>] encode_entry+0x454/0x580
 [<c024f4c6>] linvfs_readdir+0x196/0x240
 [<c015fb26>] permission+0x36/0x40
 [<c01d61a0>] nfs3svc_encode_entry_plus+0x0/0x50
 [<c0153c4c>] open_private_file+0x1c/0x90
 [<c01648b9>] vfs_readdir+0x99/0xb0
 [<c01d61a0>] nfs3svc_encode_entry_plus+0x0/0x50
 [<c01cd1d9>] nfsd_readdir+0x79/0xc0
 [<c03cfe86>] svcauth_unix_accept+0x286/0x2a0
 [<c01d2f20>] nfsd3_proc_readdirplus+0xe0/0x1c0
 [<c01d61a0>] nfs3svc_encode_entry_plus+0x0/0x50
 [<c01d50f0>] nfs3svc_decode_readdirplusargs+0x0/0x180
 [<c01c777e>] nfsd_dispatch+0xbe/0x19c
 [<c03ceb92>] svc_authenticate+0xb2/0xd0
 [<c03cc0f2>] svc_process+0x4d2/0x5f9
 [<c0119db0>] default_wake_function+0x0/0x10
 [<c01c7530>] nfsd+0x1b0/0x340
 [<c01c7380>] nfsd+0x0/0x340
 [<c0103fad>] kernel_thread_helper+0x5/0x18
 
Code: 89 50 04 89 02 66 83 79 14 ff c7 01 00 01 10 00 c7 41 04 00


So I upgraded to the 2.6.8-rc2 hoping it has fixed this problem... When taking
down the 2.6.7-kernel, I got another oops:

Unmounting file systems:  Debug: sleeping function called from invalid context
at include/linux/rwsem.h:43
in_atomic():0, irqs_disabled():1
 [<c01163d0>] do_page_fault+0x0/0x521
 [<c011b3cf>] __might_sleep+0x9f/0xb0
 [<c029da32>] __make_request+0x252/0x500
 [<c0116439>] do_page_fault+0x69/0x521
 [<c01163d0>] do_page_fault+0x0/0x521
 [<c01067c1>] error_code+0x2d/0x38
 [<c013e072>] free_block+0x62/0x100
 [<c013e1e5>] cache_flusharray+0xd5/0xe0
 [<c013e619>] kmem_cache_free+0x49/0x50
 [<c0248eb5>] xfs_finish_reclaim+0xe5/0x110
 [<c0254946>] vn_reclaim+0x56/0x60
 [<c0254e28>] vn_purge+0x138/0x160
 [<c0245984>] xfs_inactive+0xf4/0x4b0
 [<c013e0e3>] free_block+0xd3/0x100
 [<c0254fb8>] vn_remove+0x58/0x5a
 [<c0253adf>] linvfs_clear_inode+0xf/0x20
 [<c016ae44>] clear_inode+0xb4/0xd0
 [<c016ae9c>] dispose_list+0x3c/0x80
 [<c016b02d>] invalidate_inodes+0x8d/0xb0
 [<c0158e7a>] generic_shutdown_super+0x8a/0x190
 [<c01599f7>] kill_block_super+0x17/0x40
 [<c0158d2b>] deactivate_super+0x6b/0x90
 [<c016e18b>] sys_umount+0x3b/0x90
 [<c0105cdf>] syscall_call+0x7/0xb
 
Unable to handle kernel paging request at virtual address 00020004
 printing eip:
c013e072
*pde = 00000000
Oops: 0002 [#1]
SMP
Modules linked in: ipv6 lp ipt_REJECT ipt_state ip_conntrack iptable_filter
ip_tables ohci_hcd
CPU:    0
EIP:    0060:[<c013e072>]    Not tainted
EFLAGS: 00010016   (2.6.7-ql)
EIP is at free_block+0x62/0x100
eax: 00020000   ebx: f3ff5000   ecx: f3ff58d0   edx: f4013000
esi: f7cb2100   edi: 00000002   ebp: f7cb2118   esp: c22b4e34
ds: 007b   es: 007b   ss: 0068
Process umount (pid: 27574, threadinfo=c22b4000 task=c2283830)
Stack: f7cb2128 0000001b f7c65088 f7c65088 00000296 f4011480 f7c63c00 c013e1e5
       0000001b f7c65078 f7cb2100 f7c65078 00000296 f4011480 f4c4fc40 c013e619
       f4011480 00000001 00000001 c0248eb5 f4c4fc40 00000000 01afcf60 c0254946
Call Trace:
 [<c013e1e5>] cache_flusharray+0xd5/0xe0
 [<c013e619>] kmem_cache_free+0x49/0x50
 [<c0248eb5>] xfs_finish_reclaim+0xe5/0x110
 [<c0254946>] vn_reclaim+0x56/0x60
 [<c0254e28>] vn_purge+0x138/0x160
 [<c0245984>] xfs_inactive+0xf4/0x4b0
 [<c013e0e3>] free_block+0xd3/0x100
 [<c0254fb8>] vn_remove+0x58/0x5a
 [<c0253adf>] linvfs_clear_inode+0xf/0x20
 [<c016ae44>] clear_inode+0xb4/0xd0
 [<c016ae9c>] dispose_list+0x3c/0x80
 [<c016b02d>] invalidate_inodes+0x8d/0xb0
 [<c0158e7a>] generic_shutdown_super+0x8a/0x190
 [<c01599f7>] kill_block_super+0x17/0x40
 [<c0158d2b>] deactivate_super+0x6b/0x90
 [<c016e18b>] sys_umount+0x3b/0x90
 [<c0105cdf>] syscall_call+0x7/0xb
 
Code: 89 50 04 89 02 8b 43 0c c7 03 00 01 10 00 31 d2 c7 43 04 00

Comment 2 Jan-Frode Myklebust 2004-07-25 08:23:02 UTC

BTW, in case it might matter, the kernel is also complaining about

     nfs warning: mount version older than kernel

and my mount version is:

     # rpm -q mount
     mount-2.11y-31.1

Comment 3 Trond Myklebust 2004-07-25 15:27:01 UTC

The crash is always occuring in the XFS code. Unless it can be reproduced on a
non-XFS filesystem, I suggest reassigning it to the XFS team.

Comment 4 Jan-Frode Myklebust 2004-08-01 11:07:57 UTC

Another crash.. Now while running the 2.6.8-rc2 kernel :(

Unable to handle kernel paging request at virtual address 01000004
 printing eip:
c013e562
*pde = 00000000
Oops: 0002 [#1]
SMP
Modules linked in: ipv6 lp ipt_REJECT ipt_state ip_conntrack iptable_filter
ip_tables ohci_hcd dm_mod
CPU:    1
EIP:    0060:[<c013e562>]    Not tainted
EFLAGS: 00010006   (2.6.8-rc2)
EIP is at free_block+0x52/0xe0
eax: 01000000   ebx: c57b5000   ecx: c57b5e90   edx: ce45f000
esi: f7ca0100   edi: 0000000e   ebp: f7ca0118   esp: f6473754
ds: 007b   es: 007b   ss: 0068
Process nfsd (pid: 2789, threadinfo=f6473000 task=c2289830)
Stack: f7ca0128 0000001b f7cee0b0 f7cee0b0 00000292 df3b5310 f7cefc00 c013e697
       0000001b f7cee0a0 f7ca0100 f7cee0a0 00000292 df3b5310 d606a9c0 c013ea09
       df3b5310 00000001 00000001 c02465a5 d606a9c0 00000000 01af7f60 c0252056
Call Trace:
 [<c013e697>] cache_flusharray+0xa7/0xb0
 [<c013ea09>] kmem_cache_free+0x49/0x50
 [<c02465a5>] xfs_finish_reclaim+0xe5/0x110
 [<c0252056>] vn_reclaim+0x56/0x60
 [<c0252538>] vn_purge+0x138/0x160
 [<c0243074>] xfs_inactive+0xf4/0x4b0
 [<c013e5d3>] free_block+0xc3/0xe0
 [<c02526c8>] vn_remove+0x58/0x5a
 [<c025128f>] linvfs_clear_inode+0xf/0x20
 [<c016bbe4>] clear_inode+0xd4/0x110
 [<c016bc5c>] dispose_list+0x3c/0x80
 [<c016bf7a>] prune_icache+0xca/0x200
 [<c016c0e5>] shrink_icache_memory+0x35/0x40
 [<c01409a6>] shrink_slab+0x126/0x190
 [<c0141c7a>] try_to_free_pages+0xba/0x180
 [<c0139fd5>] __alloc_pages+0x1e5/0x350
 [<c020d7a5>] xfs_da_do_buf+0x405/0x850
 [<c013a15f>] __get_free_pages+0x1f/0x40
 [<c013d63e>] kmem_getpages+0x1e/0xd0
 [<c013e27c>] cache_grow+0x9c/0x130
 [<c013e3d5>] cache_alloc_refill+0xc5/0x200
 [<c013e6f8>] kmem_cache_alloc+0x58/0x70
 [<c0248439>] kmem_zone_alloc+0x49/0xa0
 [<c02149de>] xfs_dir2_leaf_lookup_int+0x16e/0x290
 [<c02484a5>] kmem_zone_zalloc+0x15/0x50
 [<c0225de4>] xfs_iread+0x34/0x1f0
 [<c02232d1>] xfs_iget_core+0x111/0x5d0
 [<c02238d0>] xfs_iget+0x140/0x180
 [<c023e224>] xfs_dir_lookup_int+0x94/0x100
 [<c0243496>] xfs_lookup+0x66/0x90
 [<c024ef74>] linvfs_lookup+0x64/0xa0
 [<c0161589>] __lookup_hash+0x89/0xb0
 [<c0161610>] lookup_one_len+0x50/0x60
 [<c01d6a0e>] compose_entry_fh+0x5e/0x130
 [<c01d6e9b>] encode_entry+0x3bb/0x4f0
 [<c024cbf6>] linvfs_readdir+0x196/0x240
 [<c015ff26>] permission+0x36/0x40
 [<c01d7020>] nfs3svc_encode_entry_plus+0x0/0x50
 [<c0153fdc>] open_private_file+0x1c/0x90
 [<c0165549>] vfs_readdir+0x99/0xb0
 [<c01d7020>] nfs3svc_encode_entry_plus+0x0/0x50
 [<c01ce0a9>] nfsd_readdir+0x79/0xe0
 [<c03d0be6>] svcauth_unix_accept+0x286/0x2a0
 [<c01d3e30>] nfsd3_proc_readdirplus+0xe0/0x1c0
 [<c01d7020>] nfs3svc_encode_entry_plus+0x0/0x50
 [<c01d6000>] nfs3svc_decode_readdirplusargs+0x0/0x180
 [<c01c857e>] nfsd_dispatch+0xbe/0x19c
 [<c03cf8f2>] svc_authenticate+0xb2/0xd0
 [<c03cce62>] svc_process+0x4d2/0x5f9
 [<c0119990>] default_wake_function+0x0/0x10
 [<c01c8330>] nfsd+0x1b0/0x340
 [<c01c8180>] nfsd+0x0/0x340
 [<c0103fdd>] kernel_thread_helper+0x5/0x18
Code: 89 50 04 89 02 8b 43 0c c7 03 00 01 10 00 31 d2 c7 43 04 00

BTW: I'm running with vm.vfs_cache_pressure=10000 because of oom-killer problems.

(I'm leaving for vacation tomorrow, so I probably woun't be able to give more
information for the next two weeks..)

Comment 5 Jan-Frode Myklebust 2004-08-01 11:33:43 UTC

BTW: I'm running with 4KSTACKS. Will remove this and tell the other engineers to
boot this kernel if it crashes again before I'm back from vacation..

Comment 6 Jan-Frode Myklebust 2004-08-01 11:43:34 UTC

Darn.. down again (before the 8Kstack kernel was ready):

Unable to handle kernel paging request at virtual address 00020004
 printing eip:
c013e562
*pde = 00000000
Oops: 0002 [#1]
SMP
Modules linked in: ipv6 lp ipt_REJECT ipt_state ip_conntrack iptable_filter
ip_tables ohci_hcd dm_mod
CPU:    1
EIP:    0060:[<c013e562>]    Not tainted
EFLAGS: 00010016   (2.6.8-rc2)
EIP is at free_block+0x52/0xe0
eax: 00020000   ebx: da46d000   ecx: da46d040   edx: d88540a0
esi: f7ca0380   edi: 00000000   ebp: f7ca0398   esp: f7c52e8c
ds: 007b   es: 007b   ss: 0068
Process kswapd0 (pid: 43, threadinfo=f7c52000 task=f7c7ebd0)
Stack: f7ca03a8 0000001b f7cdf070 f7cdf070 00000296 f2428520 f7cd1000 c013e697
       0000001b f7cdf060 f7ca0380 f7cdf060 00000296 f2428520 00000080 c013ea09
       f2428540 f7c52efc 0000000f c016b968 f2428540 c016bc63 f144b988 f144b980
Call Trace:
 [<c013e697>] cache_flusharray+0xa7/0xb0
 [<c013ea09>] kmem_cache_free+0x49/0x50
 [<c016b968>] destroy_inode+0x28/0x40
 [<c016bc63>] dispose_list+0x43/0x80
 [<c016bf7a>] prune_icache+0xca/0x200
 [<c016c0e5>] shrink_icache_memory+0x35/0x40
 [<c01409a6>] shrink_slab+0x126/0x190
 [<c0141f2a>] balance_pgdat+0x1ea/0x270
 [<c0142085>] kswapd+0xd5/0xe0
 [<c011b3d0>] autoremove_wake_function+0x0/0x50
 [<c011b3d0>] autoremove_wake_function+0x0/0x50
 [<c0141fb0>] kswapd+0x0/0xe0
 [<c0103fdd>] kernel_thread_helper+0x5/0x18
Code: 89 50 04 89 02 8b 43 0c c7 03 00 01 10 00 31 d2 c7 43 04 00

Comment 7 Eric Sandeen 2004-08-01 19:54:23 UTC

I'm going to go with "it's a stack problem."

Trond - cc'ing you, please see below....

If I trust the script kaos wrote a while ago, and if we trust the stack
from the oops, here's the stack usage:

0x20 cache_flusharray
0x20 kmem_cache_free
0x10 xfs_finish_reclaim
0x8 vn_reclaim
0x44 vn_purge
0x4c xfs_inactive
0x8 free_block
0x20 free_block
0x28 vn_remove
0x8 linvfs_clear_inode
0x4 clear_inode
0xc dispose_list
0x14 prune_icache
0x4 shrink_icache_memory
0x34 shrink_slab
0x2c try_to_free_pages
0x38 __alloc_pages
0xac xfs_da_do_buf
0x8 __get_free_pages
0x4 kmem_getpages
0x18 cache_grow
0x20 cache_alloc_refill
0x10 kmem_cache_alloc
0xc kmem_zone_alloc
0x50 xfs_dir2_leaf_lookup_int
0x14 kmem_zone_zalloc
0x2c xfs_iread
0x4c xfs_iget_core
0x38 xfs_iget
0x2c xfs_dir_lookup_int
0x2c xfs_lookup
0x24 linvfs_lookup
0x18 __lookup_hash
0x18 lookup_one_len
0x18 compose_entry_fh
0x214 encode_entry
0x70 linvfs_readdir
0x10 permission
0x8 open_private_file
0x18 vfs_readdir
0xb4 nfsd_readdir
0x54 svcauth_unix_accept
0x24 nfsd3_proc_readdirplus
0xc nfs3svc_decode_readdirplusargs
0xc nfsd_dispatch
0x14 svc_authenticate
0x3c svc_process
0x2c nfsd
0x2c nfsd

If I added this up right, it's around 7k of stack...  Even allowing for
incorrect entries or sizes in there, it's a very long stack.

Note that encode_entry is using 0x213 (532 decimal), or > 25% of your 4k stack
in a single function.  Due in large part to the struct svc_fh plopped in the
middle of the (nfs) function.

nfsd_readdir is also taking 180 bytes off the stack...

On the xfs side, xfs_da_do_buf is using 172 bytes, linvfs_readdir is using 112...

Those seem to be the big hitters.

If this is a stack issue, not sure where to file the "bug" - or if it even
is one.  I'm not a big fan of 4KSTACKS :)

-Eric Sandeen

Comment 8 Eric Sandeen 2004-08-01 20:02:05 UTC

Er, 532 is only 13% of 4K, not 25%... but still.  Pretty big :)

Comment 9 Adrian Bunk 2006-02-25 02:50:39 UTC

Is this issue still present in recent 2.6 kernels?

Comment 10 Jan-Frode Myklebust 2006-02-25 05:45:22 UTC

No, I think it got stable somewher around 2.6.11, and has been happily running
2.6.12.2 for the last 151 days. So please close this ticket.


# uname -a
Linux nfsserver 2.6.12.2 #1 SMP Mon Jul 4 22:28:25 CEST 2005 i686 i686 i386
GNU/Linux
# uptime
 14:43:11  up 151 days, 22:57,  1 user,  load average: 0.01, 0.07, 0.04

Note You need to log in before you can comment on or make changes to this bug.