On Sat, 2021-10-09 at 09:34 -0400, David Wysochanski wrote: > Trond, > > I wonder if you are aware of this or not. > > This week I ran a lot of xfstests with hammerspace and other servers > without any issues and just now seeing this oops (after rebuilding > from a base of your testing branch at 0abb8895b065). I then re-built > with just your testing branch and got the same oops. Same test passes > on 5.14.0-rc4 (vanilla), as well as previous kernels I used at > BakeAthon with the fscache and readahead patches only. It reliably > panics for me so let me know if you want any more info or a > reproduction with tracepoints, etc. FYI, I don't think the server > matters because I can also reproduce with a rhel8 server > (kernel-4.18.0-305.19.1.el8_4) and I can also just run 'generic/005' > directly - previous tests don't matter. > > [ 15.767423] nfs4filelayout_init: NFSv4 File Layout Driver > Registering... > [ 28.614447] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver > Registering... > [ 30.024616] run fstests generic/001 at 2021-10-09 09:01:14 > [ 37.188167] run fstests generic/002 at 2021-10-09 09:01:21 > [ 38.372767] run fstests generic/003 at 2021-10-09 09:01:23 > [ 38.713218] run fstests generic/004 at 2021-10-09 09:01:23 > [ 39.065705] run fstests generic/005 at 2021-10-09 09:01:23 > [ 39.799076] general protection fault, probably for non-canonical > address 0xffe826e8e8e7897c: 0000 [#1] SMP PTI > [ 39.805058] CPU: 0 PID: 6213 Comm: rm Kdump: loaded Not tainted > 5.15.0-rc4-trond-testing+ #76 > [ 39.808300] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), > BIOS 1.14.0-4.fc34 04/01/2014 > [ 39.810819] RIP: 0010:__mutex_lock.constprop.0+0x97/0x3e0 > [ 39.812438] Code: 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 65 48 8b > 04 25 c0 7b 01 00 48 8b 00 a8 08 75 1d 49 8b 06 48 83 e0 f8 0f 84 79 > 02 00 00 <8b> 50 34 85 d2 0f 85 5c 02 00 00 e8 59 8f 55 ff 65 48 8b 04 > 25 c0 > [ 39.817418] RSP: 0018:ffffbb8e4558bcd0 EFLAGS: 00010286 > [ 39.818546] RAX: ffe826e8e8e78948 RBX: ffffbb8e4558bd70 RCX: > ffff932e89300000 > [ 39.820087] RDX: ffff932e89300000 RSI: ffe826e8e8e78948 RDI: > ffff932eae01edf0 > [ 39.821583] RBP: ffffbb8e4558bd28 R08: 0000000000000001 R09: > ffffbb8e4558bca0 > [ 39.823091] R10: 000000000000001d R11: ffffffffffffcfcf R12: > 0000000000000000 > [ 39.824796] R13: 0000000000000000 R14: ffff932eae01edf0 R15: > 0000000000000000 > [ 39.826318] FS: 00007fac7df09740(0000) GS:ffff932ff7c00000(0000) > knlGS:0000000000000000 > [ 39.828037] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 39.829275] CR2: 0000555f9b7e2018 CR3: 000000011dc96005 CR4: > 0000000000770ef0 > [ 39.830787] DR0: 0000000000000000 DR1: 0000000000000000 DR2: > 0000000000000000 > [ 39.832275] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: > 0000000000000400 > [ 39.833756] PKRU: 55555554 > [ 39.834377] Call Trace: > [ 39.836219] ? security_inode_permission+0x30/0x50 > [ 39.837365] nfs_scan_commit+0x36/0xa0 [nfs] > [ 39.838367] __nfs_commit_inode+0xf8/0x160 [nfs] > [ 39.839417] nfs_wb_all+0xa6/0xf0 [nfs] > [ 39.840309] nfs4_inode_return_delegation+0x58/0x80 [nfsv4] > [ 39.841554] nfs4_proc_remove+0xd1/0xe0 [nfsv4] > [ 39.842589] nfs_unlink+0xec/0x2d0 [nfs] > [ 39.843461] vfs_unlink+0x113/0x230 > [ 39.844245] do_unlinkat+0x170/0x280 > [ 39.845040] __x64_sys_unlinkat+0x33/0x60 > [ 39.845922] do_syscall_64+0x3b/0x90 > [ 39.846726] entry_SYSCALL_64_after_hwframe+0x44/0xae > Whoops... I believe the following patch ought to fix it. Thanks for reporting this! 8<--------------------------------------------------- >From 64a082064b7b375263960c4f011bc9875ef50f6a Mon Sep 17 00:00:00 2001 From: Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx> Date: Sun, 10 Oct 2021 10:58:12 +0200 Subject: [PATCH] NFSv4: Fixes for nfs4_inode_return_delegation() We mustn't call nfs_wb_all() on anything other than a regular file. Furthermore, we can exit early when we don't hold a delegation. Reported-by: David Wysochanski <dwysocha@xxxxxxxxxx> Signed-off-by: Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx> --- fs/nfs/delegation.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/fs/nfs/delegation.c b/fs/nfs/delegation.c index 11118398f495..7c9eb679dbdb 100644 --- a/fs/nfs/delegation.c +++ b/fs/nfs/delegation.c @@ -755,11 +755,13 @@ int nfs4_inode_return_delegation(struct inode *inode) struct nfs_delegation *delegation; delegation = nfs_start_delegation_return(nfsi); - /* Synchronous recall of any application leases */ - break_lease(inode, O_WRONLY | O_RDWR); - nfs_wb_all(inode); - if (delegation != NULL) + if (delegation != NULL) { + /* Synchronous recall of any application leases */ + break_lease(inode, O_WRONLY | O_RDWR); + if (S_ISREG(inode->i_mode)) + nfs_wb_all(inode); return nfs_end_delegation_return(inode, delegation, 1); + } return 0; } -- 2.31.1 -- Trond Myklebust Linux NFS client maintainer, Hammerspace trond.myklebust@xxxxxxxxxxxxxxx