Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp9241684rwl;
        Wed, 11 Jan 2023 03:24:54 -0800 (PST)
X-Google-Smtp-Source: AMrXdXt2SFTbv0pkLYppdCazyR5Ir0pE49Fa5qmrKd+QQPJQfcEWve9FDOEpnt0zaOyaVOaB17XL
X-Received: by 2002:a05:6a20:13a6:b0:af:9c75:6699 with SMTP id w38-20020a056a2013a600b000af9c756699mr116915616pzh.1.1673436293829;
        Wed, 11 Jan 2023 03:24:53 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673436293; cv=none;
        d=google.com; s=arc-20160816;
        b=Xju0fe+iLR5OpY4UHu+ID0FlUERTQwcdXLbkLyYM2PIPcy9VOqPyCf9M1K0mDzEeU8
         xBklGfMi9vLNxiyIQ4DNjObk7qHDDFHq4CtczWYjuytEzZAEL0tUp/XoNc8NyMQXAHzq
         Tk6rBNpyOkabYQGIvaJSr/q2vRlcCS05q9U3YGliVxZ7VcCc3mDB2nMmthQ88FGLYBjA
         UQ2ycRLNMffu5Z8WKr3qT33WQbk9SoSF32Mtfnxpyu5ZgMP9jjm7qMDHLYq3Z1pC1X3C
         vVcC9F7h3zvcL3HIfhzALXshNG8Jx7zNR2DZIghZVuWiWIIr8Z2AhtXvLi98eBg4qyTK
         2SCg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:ui-outboundreport:content-transfer-encoding
         :mime-version:user-agent:references:in-reply-to:date:cc:to:from
         :subject:message-id:dkim-signature;
        bh=2Sj8vPCDITj9+reb4KjhIO/K4KqakYOakZpWLJJEoBg=;
        b=Cg3bkO/HVk2uhd9/Ubf2ogVzvVsMZbAq/d0R9M58hdEzh7v4OIrItDvhNHO2MODqbl
         H47A1sVky2Ms47hb5IwxQ0bNX1rzDJ0JndOXuo3+OFnIfw+tKDwIckabkn9Ldl3ltn3D
         mEPJ8iCLLni2jBShQU7Qku9Uz7DVcd2lbGijw6BfwH+E2SceiGEkZhTqjpAh/bwIlu3A
         U4UD4+9MF0I2nJcyRRwR8nl0Hz1Nol105AOv/gi+i8lJn8Frl/VrRNdBcuSeIxskB6IK
         a26bW4jDhju/w6ltEnDRcAPGN9IEOEIzXDZcwA2XDH1ID05UysNzH1Y/0BQLPk//1rO4
         TxTg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmx.de header.s=s31663417 header.b=MBv4Mby+;
       spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmx.de
Return-Path: <linux-nfs-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id j3-20020a170903028300b001932a3bc38esi9668461plr.340.2023.01.11.03.24.37;
        Wed, 11 Jan 2023 03:24:53 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmx.de header.s=s31663417 header.b=MBv4Mby+;
       spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmx.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231730AbjAKLVK (ORCPT <rfc822;rick.macklem@gmail.com>
        + 99 others); Wed, 11 Jan 2023 06:21:10 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51366 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232173AbjAKLU0 (ORCPT
        <rfc822;linux-nfs@vger.kernel.org>); Wed, 11 Jan 2023 06:20:26 -0500
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2566A17051
        for <linux-nfs@vger.kernel.org>; Wed, 11 Jan 2023 03:19:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417;
        t=1673435984; bh=dubC0wQ7DS4idEJ+dnNiASsilSxcDXaXpxb6WdBF8dk=;
        h=X-UI-Sender-Class:Subject:From:To:Cc:Date:In-Reply-To:References;
        b=MBv4Mby+bpxfqOuFPaLwpCThKK9AKvCobIksHbTfrDRznbPCQie9EWfm2hBbBoglm
         uMAdmHdX/U+HFyHJN7xdiBfPlzt2LNgmWSVzI0UE7efWLT8NRzNTACdA9pbitkGRWd
         XC/qeFvzDww4ZoGz7u5R1i0EXSBk61isOGsGu5bDMGcgm5l3lAP2p81qvqefU0YRnM
         yNfWZj1Bg5sxuAQ+DMgW4yzREHNS/T9pthD6KNamA2Xyb5DOylzY+PCAH1FTiJw30r
         au27RxRf18OP+B9MwT+Rmop/cOcJb1sTWCDhcDBLW2mA12D7F93qH6yeXSoyFTNSb9
         rKf0QvKOb3fEA==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from homer.fritz.box ([185.146.48.212]) by mail.gmx.net (mrgmx005
 [212.227.17.190]) with ESMTPSA (Nemesis) id 1Mirna-1oaic009MS-00ev7E; Wed, 11
 Jan 2023 12:19:44 +0100
Message-ID: <ec6593bce96f8a6a7928394f19419fb8a4725413.camel@gmx.de>
Subject: Re: [PATCH 1/1] NFSD: fix WARN_ON_ONCE in __queue_delayed_work
From:   Mike Galbraith <efault@gmx.de>
To:     Jeff Layton <jlayton@kernel.org>, dai.ngo@oracle.com,
        Chuck Lever III <chuck.lever@oracle.com>
Cc:     Linux NFS Mailing List <linux-nfs@vger.kernel.org>
Date:   Wed, 11 Jan 2023 12:19:43 +0100
In-Reply-To: <2067b4b4ce029ab5be982820b81241cd457ff475.camel@kernel.org>
References: <1673333310-24837-1-git-send-email-dai.ngo@oracle.com>
         <57dc06d57b4b643b4bf04daf28acca202c9f7a85.camel@kernel.org>
         <71672c07-5e53-31e6-14b1-e067fd56df57@oracle.com>
         <8C3345FB-6EDF-411A-B942-5AFA03A89BA2@oracle.com>
         <5e34288720627d2a09ae53986780b2d293a54eea.camel@kernel.org>
         <42876697-ba42-c38f-219d-f760b94e5fed@oracle.com>
         <f0f56b451287d17426defe77aee1b1240d2a1b31.camel@kernel.org>
         <8e0cb925-9f73-720d-b402-a7204659ff7f@oracle.com>
         <37c80eaf2f6d8a5d318e2b10e737a1c351b27427.camel@gmx.de>
         <ce3724b88bb2987ac773057f523aa0ed2abacaed.camel@kernel.org>
         <2067b4b4ce029ab5be982820b81241cd457ff475.camel@kernel.org>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.42.4 
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:cnbduTp1j/tX412NbVc8ObxHtN9HvfwsrOsj8SrLkrgldRwKYB3
 trULjkHy04Nu6uUyK/iNWsuP+BYVjzPzUb0+aIIlj56ZtFSM9omppMh8sFpXoRcJau9c2uy
 flZHuUCbXGCnY7iHHKZu1HgYObRP6ZbvRnxvEdTalsDOcnxJ4LvomIsCJWrBzrEN7/t1sNi
 Zzwlauey7vfXg3UcQ4+EA==
UI-OutboundReport: notjunk:1;M01:P0:8p17egdBOlw=;HPn6JfCRaTM1TWuzvbu9/SJyezc
 +3ZkogOk93qFpmtEhMPIxi9h3yIHGVcr6bdUxL4IUcp2BtQvFNoUCRoST1to8BaB9ZPuAA7JW
 58lOYSyWfB/ChUPvnLNSZNsjogKEorg7PZd9hYkfQIjduijgAmugk4QXiP5iAfdHJxv7E1Rt0
 71K2iiyRW2cFjfxSHSerEynJGzHch8hAV24vbej9wuKrwBrakmRVyJgDoxO223SYwHlx4DeHe
 NoXejlwc6VAXL6NaCh+vOaGnnSrNzIphBEJeO1dGtsxSSvCfZr9zQt5DYqAnpjhao2G0Y1xpG
 qFbvf3Y7gU0HqtnMnT9hn1XAjHijzRAjWtOFs1T/bk9r/YSjyAtFCzm0BX1OoDOnmkadNnd4k
 I/DVPnCBriPbhafPVCC3wRIXh9lVUVwpA5NgO71I8+QjX4ndEIHBGPnAdUtDhZb+7RXq7tFEK
 /TzvAn3o7wTrudgBHw2tuZmmMd9evxhivbBQMWviR7W6EAzCxXWFuaBCVFsTdHrI1K0IwVb6R
 i0XUPdlJ46FMC+an1j2xmGnqO9d9pXje3svw81BmMZVi5XRo7C7ep8wJvmT5H0UQTNrlsRCtK
 edS1rAz5GuIvqc3QRLXF/ysq69b/ZITRo/XaiZScmkU+QTQ+bq7C277gCKB90lqwtJre8FHTc
 rPWa6n+6ov3rJZAS5GY3TYrfEDEqLf1ATo7t7NzoNjm4mPvfyCO6u47bRc4GeM7GcovHiev5D
 9gS8mWAJTk1PHHZe9z8rP8i4gx4cPB/V0rEnamezN+kZEIomRJv+bjM7KMb5mWM6TAqI2Aqm/
 w8zfASc+1zUeFgljbxPM4iNK9BdHV9v7WLmtQIeVPEjTbNW9y7tB7TFheeIi+1V+/F5CwXLAs
 2gOygSuz1h4HHzNmwCD9ZbPqgRHG+I82mHBo+M03vejsM+vNU5cSgdCRClQvL54XIK1lKdgzt
 UnChgNds2U8YwTOg5GHPgF3J7Z4=
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,
        RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org

On Wed, 2023-01-11 at 05:55 -0500, Jeff Layton wrote:
> >
> > > crash> delayed_work ffff8881601fab48
> > > struct delayed_work {
> > > =C2=A0 work =3D {
> > > =C2=A0=C2=A0=C2=A0 data =3D {
> > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 counter =3D 1
> > > =C2=A0=C2=A0=C2=A0 },
> > > =C2=A0=C2=A0=C2=A0 entry =3D {
> > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 next =3D 0x0,
> > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 prev =3D 0x0
> > > =C2=A0=C2=A0=C2=A0 },
> > > =C2=A0=C2=A0=C2=A0 func =3D 0x0
> > > =C2=A0 },
> > > =C2=A0 timer =3D {
> > > =C2=A0=C2=A0=C2=A0 entry =3D {
> > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 next =3D 0x0,
> > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 pprev =3D 0x0
> > > =C2=A0=C2=A0=C2=A0 },
> > > =C2=A0=C2=A0=C2=A0 expires =3D 0,
> > > =C2=A0=C2=A0=C2=A0 function =3D 0x0,
> > > =C2=A0=C2=A0=C2=A0 flags =3D 0
> > > =C2=A0 },
> > > =C2=A0 wq =3D 0x0,
> > > =C2=A0 cpu =3D 0
> > > }
> >
> > That looks more like a memory scribble or UAF. Merely having multiple
> > tasks calling queue_work at the same time wouldn't be enough to trigge=
r
> > this, IMO. It's more likely that the extra locking is changing the
> > timing of your reproducer somehow.
> >
> > It might be interesting to turn up KASAN if you're able.

I can try that.

> If you still have this vmcore, it might be interesting to do the pointer
> math and find the nfsd_net structure that contains the above
> delayed_work. Does the rest of it also seem to be corrupt? My guess is
> that the corrupted structure extends beyond just the delayed_work above.
>
> Also, it might be helpful to do this:
>
> =C2=A0=C2=A0=C2=A0=C2=A0 kmem -s ffff8881601fab48
>
> ...which should tell us whether and what part of the slab this object is
> now a part of. That said, net-namespace object allocations are somewhat
> weird, and I'm not 100% sure they come out of the slab.

I tossed the vmcore, but can generate another.  I had done kmem sans -s
previously, still have that.

crash> kmem ffff8881601fab48
CACHE             OBJSIZE  ALLOCATED     TOTAL  SLABS  SSIZE  NAME
kmem: kmalloc-1k: partial list slab: ffffea0005b20c08 invalid page.inuse: =
-1
ffff888100041840     1024       2329      2432     76    32k  kmalloc-1k
  SLAB              MEMORY            NODE  TOTAL  ALLOCATED  FREE
  ffffea0005807e00  ffff8881601f8000     0     32         32     0
  FREE / [ALLOCATED]
  [ffff8881601fa800]

      PAGE        PHYSICAL      MAPPING       INDEX CNT FLAGS
ffffea0005807e80 1601fa000 dead000000000400        0  0 200000000000000
crash