Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 4 Sep 2020 18:27:48 -0600
From:      Alan Somers <asomers@freebsd.org>
To:        FreeBSD Hackers <freebsd-hackers@freebsd.org>
Subject:   panic!("docallb") in nfsrv_docallback
Message-ID:  <CAOtMX2h3ZTVaZB8bdMg3QeGXCLtJLAuOCEQQm-WNTVaJz1HEDA@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 
I just saw this panic on a 12-stable machine.  Unfortunately, I don't have
a core dump, just a stack trace.  It was serving NFS v4.0, with delegations
enabled.  The clients were all Debian, with Linux 3.16.0.

The proximal cause of the panic seems to be that the file had a write
delegation issued to an unconfirmed client.  Root cause is harder to
determine.  Did the kernel previously issue a delegation to an unconfirmed
client?  Or did the client somehow change to an unconfirmed state after the
delegation was issued, perhaps due to a race?

It's hard to tell, but I don't see any checks for lc_flags &
LCL_NEEDSCONFIRM in nfsrv_openctrl (which issues the delegations), so I'm
guessing that that's the problem.  If so, then the event trace would look
like this:

1) Client Alice sends SETCLIENTID.  The server creates a client state
structure
   for her.
_) Client Alice should've sent SETCLIENTID_CONFIRM, but doesn't.  Bad Alice!
2) Client Alice sends OPEN for some file, and is issued a write delegation.
   The server shouldn't have issued it, because Alice's client ID is
   unconfirmed.  Bad server!
3) Client Bob tries to do a GETATTR on that same file.
4) In nfsrv_checkgetattr, the kernel finds a write delegation for that file,
   owned by client Alice.
5) The kernel tries to send a NFSV4OP_CBGETATTR callback to Alice, to see
if the
   file's attributes have changed.
6) But Alice's client ID is unconfirmed.  Oh no!  Panic!

Does this sound plausible?  Should there be a check for LCL_NEEDSCONFIRM
somewhere around line 3166 in nfs_nfsdstate.c?  Grateful for any help.

-Alan

P.S.: stack trace

kdb_backtrace
vpanic
panic
nfsrv_docallback
nfsrv_checkgetattr
nfsrvd_getattr
nfsrvd_dorpc
nfssvc_program
svc_run_internal
svc_thread_start
fork_exit
fork_trampoline

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOtMX2h3ZTVaZB8bdMg3QeGXCLtJLAuOCEQQm-WNTVaJz1HEDA>