On Wed, Jul 01, 2020 at 05:51:44PM +1000, Dave Chinner wrote:
> From: Dave Chinner <dchinner@xxxxxxxxxx>
>
> Found by inspection after having xfs/305 hang 1 in ~50 iterations
> in a quotaoff operation:
>
> [ 8872.301115] xfs_quota D13888 92262 91813 0x00004002
> [ 8872.302538] Call Trace:
> [ 8872.303193] __schedule+0x2d2/0x780
> [ 8872.304108] ? do_raw_spin_unlock+0x57/0xd0
> [ 8872.305198] schedule+0x6e/0xe0
> [ 8872.306021] schedule_timeout+0x14d/0x300
> [ 8872.307060] ? __next_timer_interrupt+0xe0/0xe0
> [ 8872.308231] ? xfs_qm_dqusage_adjust+0x200/0x200
> [ 8872.309422] schedule_timeout_uninterruptible+0x2a/0x30
> [ 8872.310759] xfs_qm_dquot_walk.isra.0+0x15a/0x1b0
> [ 8872.311971] xfs_qm_dqpurge_all+0x7f/0x90
> [ 8872.313022] xfs_qm_scall_quotaoff+0x18d/0x2b0
> [ 8872.314163] xfs_quota_disable+0x3a/0x60
> [ 8872.315179] kernel_quotactl+0x7e2/0x8d0
> [ 8872.316196] ? __do_sys_newstat+0x51/0x80
> [ 8872.317238] __x64_sys_quotactl+0x1e/0x30
> [ 8872.318266] do_syscall_64+0x46/0x90
> [ 8872.319193] entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [ 8872.320490] RIP: 0033:0x7f46b5490f2a
> [ 8872.321414] Code: Bad RIP value.
>
> Returning -EAGAIN from xfs_qm_dqpurge() without clearing the
> XFS_DQ_FREEING flag means the xfs_qm_dqpurge_all() code can never
> free the dquot, and we loop forever waiting for the XFS_DQ_FREEING
> flag to go away on the dquot that leaked it via -EAGAIN.
>
> Fixes: 8d3d7e2b35ea ("xfs: trylock underlying buffer on dquot flush")
> Signed-off-by: Dave Chinner <dchinner@xxxxxxxxxx>
> ---
Reviewed-by: Brian Foster <bfoster@xxxxxxxxxx>
> fs/xfs/xfs_qm.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/fs/xfs/xfs_qm.c b/fs/xfs/xfs_qm.c
> index d6cd83317344..938023dd8ce5 100644
> --- a/fs/xfs/xfs_qm.c
> +++ b/fs/xfs/xfs_qm.c
> @@ -148,6 +148,7 @@ xfs_qm_dqpurge(
> error = xfs_bwrite(bp);
> xfs_buf_relse(bp);
> } else if (error == -EAGAIN) {
> + dqp->dq_flags &= ~XFS_DQ_FREEING;
> goto out_unlock;
> }
> xfs_dqflock(dqp);
> --
> 2.26.2.761.g0e0b3e54be
>
