[jlayton:kdevops] [nfs] 6f1433fc8d: WARNING:at_fs/nfsd/nfs4state.c:#nfs4_free_deleg[nfsd]

All of lore.kernel.org
 help / color / mirror / Atom feed

From: kernel test robot <oliver.sang@intel.com>
To: Jeff Layton <jlayton@kernel.org>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>,
	<linux-nfs@vger.kernel.org>, <oliver.sang@intel.com>
Subject: [jlayton:kdevops] [nfs]  6f1433fc8d: WARNING:at_fs/nfsd/nfs4state.c:#nfs4_free_deleg[nfsd]
Date: Thu, 29 May 2025 14:10:16 +0800	[thread overview]
Message-ID: <202505291332.f6944aed-lkp@intel.com> (raw)



Hello,

kernel test robot noticed "WARNING:at_fs/nfsd/nfs4state.c:#nfs4_free_deleg[nfsd]" on:

commit: 6f1433fc8dc25b1007e349200da374ccd81793aa ("nfs: allow client to request NOTIFY4_REMOVE_ENTRY")
https://git.kernel.org/cgit/linux/kernel/git/jlayton/linux.git kdevops

in testcase: filebench
version: filebench-x86_64-22620e6-1_20241103
with following parameters:

	disk: 1HDD
	fs: xfs
	fs2: nfsv4
	test: cvar_example.f
	cpufreq_governor: performance



config: x86_64-rhel-9.4
compiler: gcc-12
test machine: 128 threads 2 sockets Intel(R) Xeon(R) Platinum 8358 CPU @ 2.60GHz (Ice Lake) with 128G memory

(please refer to attached dmesg/kmsg for entire log/backtrace)


If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202505291332.f6944aed-lkp@intel.com


[  202.803913][  T801] ------------[ cut here ]------------
[  202.809599][  T801] refcount_t: underflow; use-after-free.
[ 202.815386][ T801] WARNING: CPU: 30 PID: 801 at lib/refcount.c:87 refcount_dec_and_lock (lib/refcount.c:87 lib/refcount.c:146) 
[  202.824562][  T801] Modules linked in: kmem rpcsec_gss_krb5 nfsv4 dns_resolver nfsd auth_rpcgss xfs intel_rapl_msr intel_rapl_common intel_uncore_frequency intel_uncore_frequency_common device_dax nd_pmem nd_btt dax_pmem i10nm_edac skx_edac_common x86_pkg_temp_thermal intel_powerclamp btrfs blake2b_generic coretemp xor raid6_pq sd_mod kvm_intel sg kvm snd_pcm irqbypass ghash_clmulni_intel snd_timer ahci dax_hmem rapl ast snd cxl_acpi libahci ipmi_ssif intel_cstate acpi_power_meter drm_client_lib cxl_port cxl_core intel_th_gth drm_shmem_helper mei_me soundcore isst_if_mmio isst_if_mbox_pci intel_uncore ipmi_si i2c_i801 ioatdma acpi_ipmi libata intel_th_pci einj pcspkr drm_kms_helper mei isst_if_common i2c_smbus intel_pch_thermal intel_th intel_vsec nfit wmi dca ipmi_devintf libnvdimm ipmi_msghandler acpi_pad joydev binfmt_misc drm fuse dm_mod loop ip_tables
[  202.828256][  T815] ------------[ cut here ]------------
[  202.900301][  T801] CPU: 30 UID: 0 PID: 801 Comm: kworker/u513:4 Not tainted 6.15.0-rc7-00105-g6f1433fc8dc2 #1 VOLUNTARY
[ 202.905608][ T815] WARNING: CPU: 70 PID: 815 at fs/nfsd/nfs4state.c:1047 nfs4_free_deleg (fs/nfsd/nfs4state.c:1047 (discriminator 1)) nfsd 
[  202.916555][  T801] Workqueue: rpciod rpc_async_schedule
[  202.926199][  T815] Modules linked in: kmem rpcsec_gss_krb5 nfsv4 dns_resolver nfsd
[  202.931511][  T801]
[ 202.931512][ T801] RIP: 0010:refcount_dec_and_lock (lib/refcount.c:87 lib/refcount.c:146) 
[  202.932691][  T815]  auth_rpcgss xfs
[ 202.940344][ T801] Code: 55 1e 9d 01 01 e8 82 fd 94 ff 0f 0b eb c8 80 3d 42 1e 9d 01 00 75 9c 48 c7 c7 30 d8 ac 82 c6 05 32 1e 9d 01 01 e8 62 fd 94 ff <0f> 0b eb 85 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90
All code
========
   0:	55                   	push   %rbp
   1:	1e                   	(bad)
   2:	9d                   	popf
   3:	01 01                	add    %eax,(%rcx)
   5:	e8 82 fd 94 ff       	call   0xffffffffff94fd8c
   a:	0f 0b                	ud2
   c:	eb c8                	jmp    0xffffffffffffffd6
   e:	80 3d 42 1e 9d 01 00 	cmpb   $0x0,0x19d1e42(%rip)        # 0x19d1e57
  15:	75 9c                	jne    0xffffffffffffffb3
  17:	48 c7 c7 30 d8 ac 82 	mov    $0xffffffff82acd830,%rdi
  1e:	c6 05 32 1e 9d 01 01 	movb   $0x1,0x19d1e32(%rip)        # 0x19d1e57
  25:	e8 62 fd 94 ff       	call   0xffffffffff94fd8c
  2a:*	0f 0b                	ud2		<-- trapping instruction
  2c:	eb 85                	jmp    0xffffffffffffffb3
  2e:	66 2e 0f 1f 84 00 00 	cs nopw 0x0(%rax,%rax,1)
  35:	00 00 00 
  38:	0f 1f 40 00          	nopl   0x0(%rax)
  3c:	90                   	nop
  3d:	90                   	nop
  3e:	90                   	nop
  3f:	90                   	nop

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2
   2:	eb 85                	jmp    0xffffffffffffff89
   4:	66 2e 0f 1f 84 00 00 	cs nopw 0x0(%rax,%rax,1)
   b:	00 00 00 
   e:	0f 1f 40 00          	nopl   0x0(%rax)
  12:	90                   	nop
  13:	90                   	nop
  14:	90                   	nop
  15:	90                   	nop
[  202.942535][  T815]  intel_rapl_msr intel_rapl_common intel_uncore_frequency
[  202.948281][  T801] RSP: 0018:ffa0000008987d90 EFLAGS: 00010282
[  202.949557][ T1502] /usr/bin/wget -q --timeout=3600 --tries=1 --local-encoding=UTF-8 http://internal-lkp-server:80/~lkp/cgi-bin/lkp-jobfile-append-var?job_file=/lkp/jobs/scheduled/lkp-icl-2sp6/filebench-performance-1HDD-xfs-nfsv4-cvar_example.f-debian-12-x86_64-20240206.cgz-6f1433fc8dc2-20250528-100439-vlpvt2-0.yaml&job_state=post_run -O /dev/null
[  202.949560][ T1502]
[  202.951860][  T815]  intel_uncore_frequency_common device_dax nd_pmem
[  202.971301][  T801]
[  202.978343][  T815]  nd_btt dax_pmem i10nm_edac
[  202.984263][  T801] RAX: 0000000000000000 RBX: ff110002564719d0 RCX: 0000000000000000
[  203.014960][  T815]  skx_edac_common x86_pkg_temp_thermal intel_powerclamp btrfs blake2b_generic coretemp
[  203.017153][  T801] RDX: ff1100103f9a9f40 RSI: ff1100103f99bd80 RDI: ff1100103f99bd80
[  203.017154][  T801] RBP: ff1100109035a330 R08: 0000000000000000 R09: 0000000000000003
[  203.023593][  T815]  xor raid6_pq sd_mod kvm_intel sg
[  203.025784][  T801] R10: ffa0000008987c30 R11: ffffffff831e50c8 R12: ff11001090359fb0
[  203.030308][  T815]  kvm snd_pcm irqbypass ghash_clmulni_intel
[  203.038136][  T801] R13: ff110002566d9728 R14: 0000000000000001 R15: 0000000004248060
[  203.047695][  T815]  snd_timer ahci dax_hmem rapl
[  203.055520][  T801] FS:  0000000000000000(0000) GS:ff110010bbb55000(0000) knlGS:0000000000000000
[  203.063348][  T815]  ast snd cxl_acpi
[  203.068400][  T801] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  203.076223][  T815]  libahci ipmi_ssif intel_cstate acpi_power_meter drm_client_lib
[  203.082056][  T801] CR2: 00005555555733c0 CR3: 000000207de24002 CR4: 0000000000773ef0
[  203.089881][  T815]  cxl_port cxl_core intel_th_gth
[  203.094581][  T801] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  203.103361][  T815]  drm_shmem_helper
[  203.107026][  T801] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  203.113464][  T815]  mei_me soundcore isst_if_mmio
[  203.121118][  T801] PKRU: 55555554
[  203.128942][  T815]  isst_if_mbox_pci intel_uncore ipmi_si i2c_i801 ioatdma
[  203.133822][  T801] Call Trace:
[  203.141649][  T815]  acpi_ipmi libata intel_th_pci
[  203.145314][  T801]  <TASK>
[  203.153138][  T815]  einj pcspkr drm_kms_helper mei isst_if_common i2c_smbus
[ 203.157935][ T801] nfs4_put_stid (fs/nfsd/nfs4state.c:1264) nfsd 
[  203.161338][  T815]  intel_pch_thermal intel_th intel_vsec nfit
[ 203.168299][ T801] nfsd41_destroy_cb (fs/nfsd/nfs4callback.c:1167 fs/nfsd/nfs4callback.c:1403) nfsd 
[  203.171442][  T815]  wmi dca ipmi_devintf libnvdimm
[ 203.176239][ T801] rpc_free_task (net/sunrpc/sched.c:1190) 
[  203.179037][  T815]  ipmi_msghandler acpi_pad joydev
[ 203.186082][ T801] __rpc_execute (include/linux/sched.h:1842 net/sunrpc/sched.c:1005) 
[  203.190962][  T815]  binfmt_misc
[ 203.196882][ T801] rpc_async_schedule (include/linux/sched/mm.h:339 include/linux/sched/mm.h:399 net/sunrpc/sched.c:1035) 
[  203.202192][  T815]  drm fuse dm_mod loop ip_tables
[ 203.207073][ T801] process_one_work (kernel/workqueue.c:3243) 
[  203.211343][  T815] CPU: 70 UID: 0 PID: 815 Comm: kworker/u513:15 Not tainted 6.15.0-rc7-00105-g6f1433fc8dc2 #1 VOLUNTARY
[ 203.216311][ T801] worker_thread (kernel/workqueue.c:3313 kernel/workqueue.c:3400) 
[  203.220758][  T815] Workqueue: rpciod rpc_async_schedule
[ 203.223990][ T801] ? __pfx_worker_thread (kernel/workqueue.c:3346) 
[  203.228696][  T815]
[ 203.228698][ T815] RIP: 0010:nfs4_free_deleg (fs/nfsd/nfs4state.c:1047 (discriminator 1)) nfsd 
[ 203.233576][ T801] kthread (kernel/kthread.c:464) 
[ 203.238279][ T815] Code: 75 46 48 8b 3d c9 50 1e 00 e8 b4 33 0b c0 f0 48 ff 0d a4 50 1e 00 c3 cc cc cc cc 0f 0b 48 8b 56 48 48 8d 46 48 48 39 c2 74 be <0f> 0b 48 8b 56 58 48 8d 46 58 48 39 c2 74 bc 0f 0b 48 8b 56 68 48
All code
========
   0:	75 46                	jne    0x48
   2:	48 8b 3d c9 50 1e 00 	mov    0x1e50c9(%rip),%rdi        # 0x1e50d2
   9:	e8 b4 33 0b c0       	call   0xffffffffc00b33c2
   e:	f0 48 ff 0d a4 50 1e 	lock decq 0x1e50a4(%rip)        # 0x1e50ba
  15:	00 
  16:	c3                   	ret
  17:	cc                   	int3
  18:	cc                   	int3
  19:	cc                   	int3
  1a:	cc                   	int3
  1b:	0f 0b                	ud2
  1d:	48 8b 56 48          	mov    0x48(%rsi),%rdx
  21:	48 8d 46 48          	lea    0x48(%rsi),%rax
  25:	48 39 c2             	cmp    %rax,%rdx
  28:	74 be                	je     0xffffffffffffffe8
  2a:*	0f 0b                	ud2		<-- trapping instruction
  2c:	48 8b 56 58          	mov    0x58(%rsi),%rdx
  30:	48 8d 46 58          	lea    0x58(%rsi),%rax
  34:	48 39 c2             	cmp    %rax,%rdx
  37:	74 bc                	je     0xfffffffffffffff5
  39:	0f 0b                	ud2
  3b:	48 8b 56 68          	mov    0x68(%rsi),%rdx
  3f:	48                   	rex.W

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2
   2:	48 8b 56 58          	mov    0x58(%rsi),%rdx
   6:	48 8d 46 58          	lea    0x58(%rsi),%rax
   a:	48 39 c2             	cmp    %rax,%rdx
   d:	74 bc                	je     0xffffffffffffffcb
   f:	0f 0b                	ud2
  11:	48 8b 56 68          	mov    0x68(%rsi),%rdx
  15:	48                   	rex.W


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250529/202505291332.f6944aed-lkp@intel.com



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

                 reply	other threads:[~2025-05-29  6:10 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202505291332.f6944aed-lkp@intel.com \
    --to=oliver.sang@intel.com \
    --cc=jlayton@kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=lkp@intel.com \
    --cc=oe-lkp@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.