From: Oleg Drokin <green@linuxhacker.ru>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: "<linux-kernel@vger.kernel.org> Mailing List"
<linux-kernel@vger.kernel.org>,
"<linux-fsdevel@vger.kernel.org>" <linux-fsdevel@vger.kernel.org>
Subject: Dcache oops
Date: Fri, 3 Jun 2016 12:38:40 -0400 [thread overview]
Message-ID: <74306F63-DBDF-4DED-85D2-5C3FB21B8A1E@linuxhacker.ru> (raw)
In-Reply-To: <20160603042648.GN14480@ZenIV.linux.org.uk>
I am dropping NFS people since it seems to be converting into a generic VFS/dcache bug even though you need NFS or the like to trigger it - the lookup_open path.
On Jun 3, 2016, at 12:26 AM, Al Viro wrote:
> Looks like the right thing to do would be to do d_drop() at no_open:,
> just before we call nfs_lookup(). If not earlier, actually... How
> about the following?
So with the below patch applied I get the same crash as with the patch from me
that allowed unhashed dentries to come through.
Same workload, but this time it takes much longer to trigger, so must be some
race.
[ 2642.364383] BUG: unable to handle kernel paging request at ffff880113f82000
[ 2642.365014] IP: [<ffffffff817f87d4>] bad_gs+0xd1d/0x1ba9
[ 2642.365590] PGD 2dca067 PUD 2dcd067 PMD 11ff61067 PTE 8000000113f82060
[ 2642.366200] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
[ 2642.366719] Modules linked in: loop rpcsec_gss_krb5 acpi_cpufreq tpm_tis joydev i2c_piix4 pcspkr tpm nfsd drm_kms_helper ttm drm virtio_blk serio_raw
[ 2642.367852] CPU: 2 PID: 18446 Comm: cat Not tainted 4.7.0-rc1-vm-nfs+ #103
[ 2642.368372] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 2642.368873] task: ffff8800d6956280 ti: ffff8800d7274000 task.ti: ffff8800d7274000
[ 2642.369810] RIP: 0010:[<ffffffff817f87d4>] [<ffffffff817f87d4>] bad_gs+0xd1d/0x1ba9
[ 2642.370750] RSP: 0018:ffff8800d7277ba0 EFLAGS: 00010286
[ 2642.371239] RAX: ffff8800c3a6ff30 RBX: ffff8800c3a6ff00 RCX: ffff880113f82000
[ 2642.371765] RDX: ffff880113f82000 RSI: 0000000000000000 RDI: 0000000000000002
[ 2642.372286] RBP: ffff8800d7277be8 R08: 0000000000000000 R09: ffff8800c3a6fed0
[ 2642.372818] R10: 0000000000000059 R11: ffff8800d6956dd0 R12: ffff880111567ed0
[ 2642.373415] R13: ffff8800d7277df0 R14: ffff8800c3a6ff50 R15: 0000000084832a57
[ 2642.373940] FS: 00007fa1814a4700(0000) GS:ffff88011f480000(0000) knlGS:0000000000000000
[ 2642.374877] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2642.375378] CR2: ffff880113f82000 CR3: 00000000d605c000 CR4: 00000000000006e0
[ 2642.375881] Stack:
[ 2642.376295] ffffffff81243a55 0000000000000096 ffff880113f82000 ffffffff00000002
[ 2642.377204] 000000000000bc04 ffff8800d7277df0 ffff880111567ed0 ffff8800d7277de0
[ 2642.378113] ffff8800d7277df0 ffff8800d7277c18 ffffffff81243c84 ffffffff81236c4e
[ 2642.379022] Call Trace:
[ 2642.379451] [<ffffffff81243a55>] ? __d_lookup+0x5/0x1b0
[ 2642.379920] [<ffffffff81243c84>] d_lookup+0x84/0xb0
[ 2642.380388] [<ffffffff81236c4e>] ? lookup_open+0xfe/0x7a0
[ 2642.380862] [<ffffffff81236c4e>] lookup_open+0xfe/0x7a0
[ 2642.381374] [<ffffffff81237c3f>] path_openat+0x94f/0xfc0
[ 2642.381852] [<ffffffff8123935e>] do_filp_open+0x7e/0xe0
[ 2642.382182] [<ffffffff81233110>] ? lock_rename+0x100/0x100
[ 2642.382747] [<ffffffff817f4947>] ? _raw_spin_unlock+0x27/0x40
[ 2642.383324] [<ffffffff8124877c>] ? __alloc_fd+0xbc/0x170
[ 2642.383864] [<ffffffff81226896>] do_sys_open+0x116/0x1f0
[ 2642.384230] [<ffffffff8122698e>] SyS_open+0x1e/0x20
[ 2642.384569] [<ffffffff817f5136>] entry_SYSCALL_64_fastpath+0x1e/0xad
[ 2642.398718] Code: e1 03 49 d3 e8 e9 61 ae a4 ff 48 8d 0a 48 83 e1 f8 4c 8b 01 8d 0a 83 e1 07 c1 e1 03 49 d3 e8 e9 20 af a4 ff 48 8d 0a 48 83 e1 f8 <4c> 8b 01 8d 0a 83 e1 07 c1 e1 03 49 d3 e8 e9 9b b3 a4 ff b9 f2
[ 2642.400892] RIP [<ffffffff817f87d4>] bad_gs+0xd1d/0x1ba9
[ 2642.401417] RSP <ffff8800d7277ba0>
[ 2642.401856] CR2: ffff880113f82000
Hm, somehow crashdumping support is broken for the newish kernels on my test box, I guess
I'll try to fix it and then re-reproduce to better understand what's going on here,
this trace is all I have for now in case anybody has any immediate ideas.
>
> diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
> index aaf7bd0..6e3a6f4 100644
> --- a/fs/nfs/dir.c
> +++ b/fs/nfs/dir.c
> @@ -1536,9 +1536,9 @@ int nfs_atomic_open(struct inode *dir, struct dentry *dentry,
> err = PTR_ERR(inode);
> trace_nfs_atomic_open_exit(dir, ctx, open_flags, err);
> put_nfs_open_context(ctx);
> + d_drop(dentry);
> switch (err) {
> case -ENOENT:
> - d_drop(dentry);
> d_add(dentry, NULL);
> nfs_set_verifier(dentry, nfs_save_change_attribute(dir));
> break;
next prev parent reply other threads:[~2016-06-03 16:38 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-02 22:46 NFS/d_splice_alias breakage Oleg Drokin
2016-06-02 23:59 ` [PATCH] Allow d_splice_alias to accept hashed dentries green
2016-06-03 0:25 ` Oleg Drokin
2016-06-03 0:44 ` NFS/d_splice_alias breakage Trond Myklebust
2016-06-03 0:54 ` Oleg Drokin
2016-06-03 3:26 ` Al Viro
2016-06-03 3:38 ` Al Viro
2016-06-03 3:28 ` Al Viro
2016-06-03 3:37 ` Al Viro
2016-06-03 3:43 ` Oleg Drokin
2016-06-03 4:26 ` Al Viro
2016-06-03 4:42 ` Al Viro
2016-06-03 4:53 ` Al Viro
2016-06-03 4:58 ` Oleg Drokin
2016-06-03 5:56 ` Al Viro
2016-06-06 23:36 ` Oleg Drokin
2016-06-10 1:33 ` Oleg Drokin
2016-06-10 16:49 ` Oleg Drokin
2016-06-20 13:25 ` Oleg Drokin
2016-06-20 14:08 ` Al Viro
2016-06-20 14:54 ` Trond Myklebust
2016-06-20 15:28 ` Al Viro
2016-06-20 15:43 ` Anna Schumaker
2016-06-20 15:45 ` Oleg Drokin
2016-06-20 15:47 ` Trond Myklebust
2016-06-03 16:38 ` Oleg Drokin [this message]
2016-06-03 18:22 ` Dcache oops Al Viro
2016-06-03 18:35 ` Oleg Drokin
2016-06-03 20:07 ` Al Viro
2016-06-03 21:17 ` Oleg Drokin
2016-06-03 21:46 ` Al Viro
2016-06-03 22:17 ` Al Viro
2016-06-03 21:18 ` Linus Torvalds
2016-06-03 21:26 ` Al Viro
2016-06-03 22:00 ` Linus Torvalds
2016-06-03 22:23 ` Al Viro
2016-06-03 22:29 ` Al Viro
2016-06-03 22:36 ` Linus Torvalds
2016-06-03 22:42 ` Oleg Drokin
2016-06-03 22:43 ` Al Viro
2016-06-03 22:37 ` Al Viro
2016-06-03 22:49 ` Oleg Drokin
2016-06-03 23:58 ` Oleg Drokin
2016-06-04 0:56 ` Al Viro
2016-06-04 12:25 ` Jeff Layton
2016-06-04 16:12 ` Oleg Drokin
2016-06-04 16:21 ` [PATCH] nfs4: Fix potential use after free of state in nfs4_do_reclaim green
2016-06-04 19:57 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=74306F63-DBDF-4DED-85D2-5C3FB21B8A1E@linuxhacker.ru \
--to=green@linuxhacker.ru \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).