* [jlayton:kdevops] [nfs] 6f1433fc8d: WARNING:at_fs/nfsd/nfs4state.c:#nfs4_free_deleg[nfsd]
@ 2025-05-29 6:10 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2025-05-29 6:10 UTC (permalink / raw)
To: Jeff Layton; +Cc: oe-lkp, lkp, linux-nfs, oliver.sang
Hello,
kernel test robot noticed "WARNING:at_fs/nfsd/nfs4state.c:#nfs4_free_deleg[nfsd]" on:
commit: 6f1433fc8dc25b1007e349200da374ccd81793aa ("nfs: allow client to request NOTIFY4_REMOVE_ENTRY")
https://git.kernel.org/cgit/linux/kernel/git/jlayton/linux.git kdevops
in testcase: filebench
version: filebench-x86_64-22620e6-1_20241103
with following parameters:
disk: 1HDD
fs: xfs
fs2: nfsv4
test: cvar_example.f
cpufreq_governor: performance
config: x86_64-rhel-9.4
compiler: gcc-12
test machine: 128 threads 2 sockets Intel(R) Xeon(R) Platinum 8358 CPU @ 2.60GHz (Ice Lake) with 128G memory
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202505291332.f6944aed-lkp@intel.com
[ 202.803913][ T801] ------------[ cut here ]------------
[ 202.809599][ T801] refcount_t: underflow; use-after-free.
[ 202.815386][ T801] WARNING: CPU: 30 PID: 801 at lib/refcount.c:87 refcount_dec_and_lock (lib/refcount.c:87 lib/refcount.c:146)
[ 202.824562][ T801] Modules linked in: kmem rpcsec_gss_krb5 nfsv4 dns_resolver nfsd auth_rpcgss xfs intel_rapl_msr intel_rapl_common intel_uncore_frequency intel_uncore_frequency_common device_dax nd_pmem nd_btt dax_pmem i10nm_edac skx_edac_common x86_pkg_temp_thermal intel_powerclamp btrfs blake2b_generic coretemp xor raid6_pq sd_mod kvm_intel sg kvm snd_pcm irqbypass ghash_clmulni_intel snd_timer ahci dax_hmem rapl ast snd cxl_acpi libahci ipmi_ssif intel_cstate acpi_power_meter drm_client_lib cxl_port cxl_core intel_th_gth drm_shmem_helper mei_me soundcore isst_if_mmio isst_if_mbox_pci intel_uncore ipmi_si i2c_i801 ioatdma acpi_ipmi libata intel_th_pci einj pcspkr drm_kms_helper mei isst_if_common i2c_smbus intel_pch_thermal intel_th intel_vsec nfit wmi dca ipmi_devintf libnvdimm ipmi_msghandler acpi_pad joydev binfmt_misc drm fuse dm_mod loop ip_tables
[ 202.828256][ T815] ------------[ cut here ]------------
[ 202.900301][ T801] CPU: 30 UID: 0 PID: 801 Comm: kworker/u513:4 Not tainted 6.15.0-rc7-00105-g6f1433fc8dc2 #1 VOLUNTARY
[ 202.905608][ T815] WARNING: CPU: 70 PID: 815 at fs/nfsd/nfs4state.c:1047 nfs4_free_deleg (fs/nfsd/nfs4state.c:1047 (discriminator 1)) nfsd
[ 202.916555][ T801] Workqueue: rpciod rpc_async_schedule
[ 202.926199][ T815] Modules linked in: kmem rpcsec_gss_krb5 nfsv4 dns_resolver nfsd
[ 202.931511][ T801]
[ 202.931512][ T801] RIP: 0010:refcount_dec_and_lock (lib/refcount.c:87 lib/refcount.c:146)
[ 202.932691][ T815] auth_rpcgss xfs
[ 202.940344][ T801] Code: 55 1e 9d 01 01 e8 82 fd 94 ff 0f 0b eb c8 80 3d 42 1e 9d 01 00 75 9c 48 c7 c7 30 d8 ac 82 c6 05 32 1e 9d 01 01 e8 62 fd 94 ff <0f> 0b eb 85 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90
All code
========
0: 55 push %rbp
1: 1e (bad)
2: 9d popf
3: 01 01 add %eax,(%rcx)
5: e8 82 fd 94 ff call 0xffffffffff94fd8c
a: 0f 0b ud2
c: eb c8 jmp 0xffffffffffffffd6
e: 80 3d 42 1e 9d 01 00 cmpb $0x0,0x19d1e42(%rip) # 0x19d1e57
15: 75 9c jne 0xffffffffffffffb3
17: 48 c7 c7 30 d8 ac 82 mov $0xffffffff82acd830,%rdi
1e: c6 05 32 1e 9d 01 01 movb $0x1,0x19d1e32(%rip) # 0x19d1e57
25: e8 62 fd 94 ff call 0xffffffffff94fd8c
2a:* 0f 0b ud2 <-- trapping instruction
2c: eb 85 jmp 0xffffffffffffffb3
2e: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
35: 00 00 00
38: 0f 1f 40 00 nopl 0x0(%rax)
3c: 90 nop
3d: 90 nop
3e: 90 nop
3f: 90 nop
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: eb 85 jmp 0xffffffffffffff89
4: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
b: 00 00 00
e: 0f 1f 40 00 nopl 0x0(%rax)
12: 90 nop
13: 90 nop
14: 90 nop
15: 90 nop
[ 202.942535][ T815] intel_rapl_msr intel_rapl_common intel_uncore_frequency
[ 202.948281][ T801] RSP: 0018:ffa0000008987d90 EFLAGS: 00010282
[ 202.949557][ T1502] /usr/bin/wget -q --timeout=3600 --tries=1 --local-encoding=UTF-8 http://internal-lkp-server:80/~lkp/cgi-bin/lkp-jobfile-append-var?job_file=/lkp/jobs/scheduled/lkp-icl-2sp6/filebench-performance-1HDD-xfs-nfsv4-cvar_example.f-debian-12-x86_64-20240206.cgz-6f1433fc8dc2-20250528-100439-vlpvt2-0.yaml&job_state=post_run -O /dev/null
[ 202.949560][ T1502]
[ 202.951860][ T815] intel_uncore_frequency_common device_dax nd_pmem
[ 202.971301][ T801]
[ 202.978343][ T815] nd_btt dax_pmem i10nm_edac
[ 202.984263][ T801] RAX: 0000000000000000 RBX: ff110002564719d0 RCX: 0000000000000000
[ 203.014960][ T815] skx_edac_common x86_pkg_temp_thermal intel_powerclamp btrfs blake2b_generic coretemp
[ 203.017153][ T801] RDX: ff1100103f9a9f40 RSI: ff1100103f99bd80 RDI: ff1100103f99bd80
[ 203.017154][ T801] RBP: ff1100109035a330 R08: 0000000000000000 R09: 0000000000000003
[ 203.023593][ T815] xor raid6_pq sd_mod kvm_intel sg
[ 203.025784][ T801] R10: ffa0000008987c30 R11: ffffffff831e50c8 R12: ff11001090359fb0
[ 203.030308][ T815] kvm snd_pcm irqbypass ghash_clmulni_intel
[ 203.038136][ T801] R13: ff110002566d9728 R14: 0000000000000001 R15: 0000000004248060
[ 203.047695][ T815] snd_timer ahci dax_hmem rapl
[ 203.055520][ T801] FS: 0000000000000000(0000) GS:ff110010bbb55000(0000) knlGS:0000000000000000
[ 203.063348][ T815] ast snd cxl_acpi
[ 203.068400][ T801] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 203.076223][ T815] libahci ipmi_ssif intel_cstate acpi_power_meter drm_client_lib
[ 203.082056][ T801] CR2: 00005555555733c0 CR3: 000000207de24002 CR4: 0000000000773ef0
[ 203.089881][ T815] cxl_port cxl_core intel_th_gth
[ 203.094581][ T801] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 203.103361][ T815] drm_shmem_helper
[ 203.107026][ T801] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 203.113464][ T815] mei_me soundcore isst_if_mmio
[ 203.121118][ T801] PKRU: 55555554
[ 203.128942][ T815] isst_if_mbox_pci intel_uncore ipmi_si i2c_i801 ioatdma
[ 203.133822][ T801] Call Trace:
[ 203.141649][ T815] acpi_ipmi libata intel_th_pci
[ 203.145314][ T801] <TASK>
[ 203.153138][ T815] einj pcspkr drm_kms_helper mei isst_if_common i2c_smbus
[ 203.157935][ T801] nfs4_put_stid (fs/nfsd/nfs4state.c:1264) nfsd
[ 203.161338][ T815] intel_pch_thermal intel_th intel_vsec nfit
[ 203.168299][ T801] nfsd41_destroy_cb (fs/nfsd/nfs4callback.c:1167 fs/nfsd/nfs4callback.c:1403) nfsd
[ 203.171442][ T815] wmi dca ipmi_devintf libnvdimm
[ 203.176239][ T801] rpc_free_task (net/sunrpc/sched.c:1190)
[ 203.179037][ T815] ipmi_msghandler acpi_pad joydev
[ 203.186082][ T801] __rpc_execute (include/linux/sched.h:1842 net/sunrpc/sched.c:1005)
[ 203.190962][ T815] binfmt_misc
[ 203.196882][ T801] rpc_async_schedule (include/linux/sched/mm.h:339 include/linux/sched/mm.h:399 net/sunrpc/sched.c:1035)
[ 203.202192][ T815] drm fuse dm_mod loop ip_tables
[ 203.207073][ T801] process_one_work (kernel/workqueue.c:3243)
[ 203.211343][ T815] CPU: 70 UID: 0 PID: 815 Comm: kworker/u513:15 Not tainted 6.15.0-rc7-00105-g6f1433fc8dc2 #1 VOLUNTARY
[ 203.216311][ T801] worker_thread (kernel/workqueue.c:3313 kernel/workqueue.c:3400)
[ 203.220758][ T815] Workqueue: rpciod rpc_async_schedule
[ 203.223990][ T801] ? __pfx_worker_thread (kernel/workqueue.c:3346)
[ 203.228696][ T815]
[ 203.228698][ T815] RIP: 0010:nfs4_free_deleg (fs/nfsd/nfs4state.c:1047 (discriminator 1)) nfsd
[ 203.233576][ T801] kthread (kernel/kthread.c:464)
[ 203.238279][ T815] Code: 75 46 48 8b 3d c9 50 1e 00 e8 b4 33 0b c0 f0 48 ff 0d a4 50 1e 00 c3 cc cc cc cc 0f 0b 48 8b 56 48 48 8d 46 48 48 39 c2 74 be <0f> 0b 48 8b 56 58 48 8d 46 58 48 39 c2 74 bc 0f 0b 48 8b 56 68 48
All code
========
0: 75 46 jne 0x48
2: 48 8b 3d c9 50 1e 00 mov 0x1e50c9(%rip),%rdi # 0x1e50d2
9: e8 b4 33 0b c0 call 0xffffffffc00b33c2
e: f0 48 ff 0d a4 50 1e lock decq 0x1e50a4(%rip) # 0x1e50ba
15: 00
16: c3 ret
17: cc int3
18: cc int3
19: cc int3
1a: cc int3
1b: 0f 0b ud2
1d: 48 8b 56 48 mov 0x48(%rsi),%rdx
21: 48 8d 46 48 lea 0x48(%rsi),%rax
25: 48 39 c2 cmp %rax,%rdx
28: 74 be je 0xffffffffffffffe8
2a:* 0f 0b ud2 <-- trapping instruction
2c: 48 8b 56 58 mov 0x58(%rsi),%rdx
30: 48 8d 46 58 lea 0x58(%rsi),%rax
34: 48 39 c2 cmp %rax,%rdx
37: 74 bc je 0xfffffffffffffff5
39: 0f 0b ud2
3b: 48 8b 56 68 mov 0x68(%rsi),%rdx
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 48 8b 56 58 mov 0x58(%rsi),%rdx
6: 48 8d 46 58 lea 0x58(%rsi),%rax
a: 48 39 c2 cmp %rax,%rdx
d: 74 bc je 0xffffffffffffffcb
f: 0f 0b ud2
11: 48 8b 56 68 mov 0x68(%rsi),%rdx
15: 48 rex.W
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250529/202505291332.f6944aed-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-05-29 6:10 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-05-29 6:10 [jlayton:kdevops] [nfs] 6f1433fc8d: WARNING:at_fs/nfsd/nfs4state.c:#nfs4_free_deleg[nfsd] kernel test robot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox