Re: parallel lookups on NFS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2016-04-30 at 19:23 -0400, Jeff Layton wrote:
> On Sat, 2016-04-30 at 21:57 +0100, Al Viro wrote:
> > 
> > On Sat, Apr 30, 2016 at 04:39:25PM -0400, Jeff Layton wrote:
> > 
> > > 
> > > 
> > > Attached. Also I ran the same test on a 4.6.0-rc1 kernel and it
> > > worked
> > > fine, so it does seem to be a regression introduced somewhere in
> > > your
> > > patch pile. Also, FWIW the machine is a KVM guest.
> > OK...  Could you try #work.lookups on your setup?  That doesn't
> > contain the
> > last commit; the deadlock ought to be dealt with, though.  I'm trying
> > to
> > reproduce the corruption with KASAN enabled, will try your config
> > once that's
> > finished...
> 
> Here's what I got with your untested.nfs branch + KASAN:
> 
> [  192.453252] BUG: unable to handle kernel paging request at ffff814bf270ffff
> [  192.454102] IP: [] deactivate_slab+0xab/0x3e0
> [  192.454795] PGD 0 
> [  192.455040] Oops: 0000 [#1] SMP KASAN
> [  192.455469] Modules linked in: nfsv3 nfs fscache xfs snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core libcrc32c snd_hwdep snd_seq snd_seq_device snd_pcm snd_timer nfsd joydev snd acpi_cpufreq ppdev parport_pc tpm_tis virtio_net soundcore parport tpm pcspkr virtio_balloon pvpanic i2c_piix4 nfs_acl lockd auth_rpcgss grace sunrpc qxl drm_kms_helper virtio_console virtio_blk ttm drm serio_raw virtio_pci ata_generic virtio_ring pata_acpi virtio floppy
> [  192.460993] CPU: 0 PID: 8628 Comm: rm Not tainted 4.6.0-rc1+ #29
> [  192.461679] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
> [  192.462359] task: ffff8801bf990000 ti: ffff8800c7e88000 task.ti: ffff8800c7e88000
> [  192.463372] RIP: 0010:[]  [] deactivate_slab+0xab/0x3e0
> [  192.464266] RSP: 0018:ffff8800c7e8f550  EFLAGS: 00010002
> [  192.464839] RAX: 0000000000000000 RBX: ffff8801d6c02200 RCX: 00000001801a0019
> [  192.465646] RDX: ffff8800c5949c2e RSI: ffffea0003165200 RDI: ffffea0003165200
> [  192.466443] RBP: ffff8800c7e8f650 R08: ffff8800c5948750 R09: 000000000000801a
> [  192.467319] R10: ffff8800c5948750 R11: ffffed0037f53c7f R12: ffff8801d6c02208
> [  192.468282] R13: ffff814bf270ffff R14: ffff814bf270ffff R15: ffffea0003165200
> [  192.469064] FS:  00007f8ae54d7700(0000) GS:ffff8801d7000000(0000) knlGS:0000000000000000
> [  192.469919] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [  192.470528] CR2: ffff814bf270ffff CR3: 00000000c5950000 CR4: 00000000000006f0
> [  192.471337] Stack:
> [  192.471567]  ffff8800c7e8f58c 00000000801a001a ffff8801d7007fc0 ffff8801bf990000
> [  192.472453]  0000000000000000 ffff8800c7e88000 ffff8800c7e8f5c0 0000000003165200
> [  192.473388]  0000000fc7e8f650 ffff8801d6c01e00 ffffffffa098b3df ffff8801bf990000
> [  192.474349] Call Trace:
> [  192.474641]  [] ? nfs_readdir_page_filler+0x65f/0x1430 [nfs]
> [  192.475456]  [] ? nfs_readdir_page_filler+0x65f/0x1430 [nfs]
> [  192.476246]  [] ? save_stack_trace+0x2b/0x50
> [  192.476872]  [] ? set_track+0x74/0x120
> [  192.477453]  [] ? alloc_debug_processing+0x73/0x1b0
> [  192.478143]  [] ___slab_alloc+0x4ff/0x520
> [  192.478742]  [] ? memcpy+0x36/0x40
> [  192.479309]  [] ? nfs_readdir_page_filler+0x65f/0x1430 [nfs]
> [  192.480084]  [] ? nfs3_decode_dirent+0x773/0xd90 [nfsv3]
> [  192.480846]  [] ? nfs_readdir_page_filler+0x65f/0x1430 [nfs]
> [  192.481642]  [] __slab_alloc+0x20/0x40
> [  192.482209]  [] __kmalloc_track_caller+0x167/0x1d0
> [  192.482884]  [] kmemdup+0x20/0x50
> [  192.483478]  [] nfs_readdir_page_filler+0x65f/0x1430 [nfs]
> [  192.484226]  [] ? __slab_free+0x9a/0x250
> [  192.484851]  [] ? nfs_do_filldir+0x730/0x730 [nfs]
> [  192.485916]  [] ? nfs3_proc_readdir+0x2a7/0x4e0 [nfsv3]
> [  192.486990]  [] ? ___slab_alloc+0x4ff/0x520
> [  192.487965]  [] ? nfs3_proc_rmdir+0x2f0/0x2f0 [nfsv3]
> [  192.489009]  [] ? kasan_unpoison_shadow+0x36/0x50
> [  192.490075]  [] ? alloc_pages_current+0xd3/0x290
> [  192.491144]  [] nfs_readdir_xdr_to_array+0x59d/0xaa0 [nfs]
> [  192.492346]  [] ? nfs_readdir_page_filler+0x1430/0x1430 [nfs]
> [  192.493506]  [] ? radix_tree_lookup_slot+0x58/0x90
> [  192.494564]  [] ? alloc_pages_current+0x44/0x290
> [  192.495558]  [] ? add_to_page_cache_locked+0x20/0x20
> [  192.496593]  [] nfs_readdir_filler+0x6a/0x1c0 [nfs]
> [  192.497595]  [] do_read_cache_page+0x22e/0x6a0
> [  192.498568]  [] ? nfs_readdir_xdr_to_array+0xaa0/0xaa0 [nfs]
> [  192.499646]  [] read_cache_page+0x40/0x70
> [  192.500547]  [] nfs_readdir+0x456/0x1680 [nfs]
> [  192.501501]  [] ? lru_cache_add_active_or_unevictable+0xcb/0x260
> [  192.502616]  [] ? nfs_readdir_filler+0x1c0/0x1c0 [nfs]
> [  192.503634]  [] ? nfs3_xdr_dec_getattr3res+0xb0/0xb0 [nfsv3]
> [  192.504714]  [] iterate_dir+0x3f3/0x5b0
> [  192.505591]  [] SyS_getdents+0xf8/0x1a0
> [  192.506473]  [] ? enter_from_user_mode+0x50/0x50
> [  192.507454]  [] ? SyS_old_readdir+0x100/0x100
> [  192.508412]  [] ? iterate_dir+0x5b0/0x5b0
> [  192.509332]  [] ? syscall_trace_enter_phase2+0xf1/0x510
> [  192.510377]  [] ? SyS_old_readdir+0x100/0x100
> [  192.511351]  [] do_syscall_64+0x19a/0x410
> [  192.512258]  [] ? context_tracking_enter+0x1d/0x20
> [  192.513275]  [] entry_SYSCALL64_slow_path+0x25/0x25
> [  192.514271] Code: 8b 57 10 49 8b 4f 18 49 89 54 05 00 48 89 4c 24 68 66 83 6c 24 68 01 80 7c 24 6b 00 78 c6 0f 0b 48 63 43 20 49 8b 57 10 4d 89 f5 <49> 8b 0c 06 48 85 c9 74 05 49 89 ce eb ca 48 8b 7c 24 48 45 31 
> [  192.518193] RIP  [] deactivate_slab+0xab/0x3e0
> [  192.519099]  RSP 
> [  192.519738] CR2: ffff814bf270ffff
> [  192.520410] ---[ end trace a406a29677c40c04 ]---
> 
> Same spot, apparently:
> 
> (gdb) list *(deactivate_slab+0xab)
> 0xffffffff8156622b is in deactivate_slab (mm/slub.c:245).
> 240	 * 			Core slab cache functions
> 241	 *******************************************************************/
> 242	
> 243	static inline void *get_freepointer(struct kmem_cache *s, void *object)
> 244	{
> 245		return *(void **)(object + s->offset);
> 246	}
> 247	
> 248	static void prefetch_freepointer(const struct kmem_cache *s, void *object)
> 249	{
> 
> IIRC, when I looked at this code last time, my take was that it wasn't
> so much that the slab objects were getting corrupted, but rather the
> cache metadata.
> 

...and then a little while later, this pops:

[  650.375768] ==================================================================
[  650.378114] BUG: KASAN: slab-out-of-bounds in memcpy+0x28/0x40 at addr ffff8800c5949c2e
[  650.380379] Write of size 6 by task systemd/1
[  650.381756] =============================================================================
[  650.383894] BUG kmalloc-8 (Tainted: G      D        ): kasan: bad access detected
[  650.386032] -----------------------------------------------------------------------------
[  650.386032] 
[  650.389053] INFO: Allocated in nfs_readdir_page_filler+0x65f/0x1430 [nfs] age=457944 cpu=0 pid=8626
[  650.391395] 	___slab_alloc+0x4de/0x520
[  650.392730] 	__slab_alloc+0x20/0x40
[  650.393986] 	0x8750ffff8156a837
[  650.395171] 	0xffffffff8800c594
[  650.396387] 	nfs_readdir_page_filler+0x65f/0x1430 [nfs]
[  650.397871] 	nfs_readdir_xdr_to_array+0x59d/0xaa0 [nfs]
[  650.399455] 	nfs_readdir_filler+0x6a/0x1c0 [nfs]
[  650.400856] 	do_read_cache_page+0x22e/0x6a0
[  650.402183] 	read_cache_page+0x40/0x70
[  650.403539] 	nfs_readdir+0x456/0x1680 [nfs]
[  650.404971] 	iterate_dir+0x3f3/0x5b0
[  650.406172] 	SyS_getdents+0xf8/0x1a0
[  650.407323] 	do_syscall_64+0x19a/0x410
[  650.408453] 	return_from_SYSCALL_64+0x0/0x6a
[  650.409699] INFO: Freed in nfs_readdir_clear_array+0xdf/0x1d0 [nfs] age=457957 cpu=0 pid=8626
[  650.411805] 	__slab_free+0x17f/0x250
[  650.412935] 	kfree+0x173/0x190
[  650.413983] 	nfs_readdir_clear_array+0xdf/0x1d0 [nfs]
[  650.415364] 	cache_page_release.isra.27+0xf2/0x160 [nfs]
[  650.416794] 	nfs_do_filldir+0x3af/0x730 [nfs]
[  650.418011] 	nfs_readdir+0x764/0x1680 [nfs]
[  650.419165] 	iterate_dir+0x3f3/0x5b0
[  650.420260] 	SyS_getdents+0xf8/0x1a0
[  650.421320] 	do_syscall_64+0x19a/0x410
[  650.422401] 	return_from_SYSCALL_64+0x0/0x6a
[  650.423564] INFO: Slab 0xffffea0003165200 objects=26 used=26 fp=0x          (null) flags=0x3fff8000004080
[  650.425673] INFO: Object 0xffff8800c5949c08 @offset=7176 fp=0xffff8800c5948fd8
[  650.425673] 
[  650.427984] Bytes b4 ffff8800c5949bf8: 00 00 00 00 b2 21 00 00 10 59 fe ff 00 00 00 00  .....!...Y......
[  650.430030] Object ffff8800c5949c08: d8 8f 94 c5 00 88 ff ff                          ........
[  650.431896] CPU: 0 PID: 1 Comm: systemd Tainted: G    B D         4.6.0-rc1+ #29
[  650.433537] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  650.434982]  ffffea0003165200 ffff8801d5e97978 ffffffff81a72334 ffff8801d6c02200
[  650.436722]  ffff8800c5949c08 ffff8801d5e979a8 ffffffff815641a2 ffff8801d6c02200
[  650.438416]  ffffea0003165200 ffff8800c5949c08 0000000000000002 ffff8801d5e979d0
[  650.440271] Call Trace:
[  650.441108]  [<ffffffff81a72334>] dump_stack+0x63/0x8f
[  650.442345]  [<ffffffff815641a2>] print_trailer+0x112/0x1a0
[  650.443669]  [<ffffffff81569a04>] object_err+0x34/0x40
[  650.444908]  [<ffffffff8156bd54>] kasan_report_error+0x224/0x530
[  650.446297]  [<ffffffff8271dd0e>] ? _raw_spin_unlock_irqrestore+0xe/0x10
[  650.447975]  [<ffffffff8156c459>] kasan_report+0x39/0x40
[  650.449195]  [<ffffffff8156b701>] ? kasan_poison_slab+0x61/0x70
[  650.450687]  [<ffffffff8156b5e8>] ? memcpy+0x28/0x40
[  650.451815]  [<ffffffff8156b1dd>] __asan_storeN+0x12d/0x180
[  650.453059]  [<ffffffff8156b5e8>] memcpy+0x28/0x40
[  650.454194]  [<ffffffff814bf209>] kstrdup+0x49/0x60
[  650.455333]  [<ffffffff814bf243>] kstrdup_const+0x23/0x30
[  650.456513]  [<ffffffff817059dc>] __kernfs_new_node+0x2c/0x280
[  650.457690]  [<ffffffff81708b03>] kernfs_new_node+0x63/0xf0
[  650.458822]  [<ffffffff8170d42c>] __kernfs_create_file+0x2c/0x1e0
[  650.460062]  [<ffffffff81317657>] cgroup_addrm_files+0x2a7/0x850
[  650.461303]  [<ffffffff813173b0>] ? cgroup_idr_alloc.constprop.34+0x70/0x70
[  650.462672]  [<ffffffff81312ef0>] ? cgroup_file_name+0x1f0/0x1f0
[  650.463853]  [<ffffffff81318082>] css_populate_dir+0x2f2/0x3d0
[  650.464918]  [<ffffffff81325a74>] cgroup_mkdir+0x5a4/0x7b0
[  650.466003]  [<ffffffff813254d0>] ? cgroup_rmdir+0x40/0x40
[  650.467107]  [<ffffffff8170891d>] kernfs_iop_mkdir+0x14d/0x240
[  650.468261]  [<ffffffff815c8bbf>] vfs_mkdir+0x25f/0x470
[  650.469331]  [<ffffffff815d9366>] SyS_mkdir+0x196/0x200
[  650.470407]  [<ffffffff815d91d0>] ? SyS_mkdirat+0x200/0x200
[  650.471526]  [<ffffffff815d91d0>] ? SyS_mkdirat+0x200/0x200
[  650.472635]  [<ffffffff810072fa>] do_syscall_64+0x19a/0x410
[  650.473699]  [<ffffffff81460bfd>] ? context_tracking_enter+0x1d/0x20
[  650.474872]  [<ffffffff8271e321>] entry_SYSCALL64_slow_path+0x25/0x25
[  650.476083] Memory state around the buggy address:
[  650.477101]  ffff8800c5949b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  650.478412]  ffff8800c5949b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  650.479687] >ffff8800c5949c00: fc fb fc fc fc 00 fc fc fc fc fc fc fc fc fc fc
[  650.480929]                                      ^
[  650.481896]  ffff8800c5949c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  650.483227]  ffff8800c5949d00: fc fc fc fc fc fc fc fc fb fc fc fc fc fc fc fc
[  650.484541] ==================================================================

-- 
Jeff Layton <jlayton@xxxxxxxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux