Re: [Regression 6.1.y] From "cifs: Fix flushing, invalidation and file size with copy_file_range()"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi, Thorsten here, the Linux kernel's regression tracker. Top-posting
for once, to make this easily accessible to everyone.

Thank's for CCIng the regression list and telling regzbot about the
issue. There is one important thing that afaics[1] is missing and would
be really good to know[2]:

Does this problem also happen in mainline, e.g. with 6.7-rc8?

Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)

[1] I hope I didn't miss this
[2] as explained here:
https://docs.kernel.org/admin-guide/reporting-issues.html
https://linux-regtracking.leemhuis.info/post/frequent-reasons-why-linux-kernel-bug-reports-are-ignored/#you-reported-a-regression-in-a-stable-or-longterm-series-without-checking-if-mainline-is-affected-as-well

--
Everything you wanna know about Linux kernel regression tracking:
https://linux-regtracking.leemhuis.info/about/#tldr
If I did something stupid, please tell me, as explained on that page.

On 05.01.24 21:50, Salvatore Bonaccorso wrote:
> 
> Looping in as well regressions@xxxxxxxxxxxxxxx list (and add
> linux-cifs@xxxxxxxxxxxxxxx as well here).
> 
> On Wed, Jan 03, 2024 at 11:40:04PM +0000, Jitindar Singh, Suraj wrote:
>> Hi,
>>
>> When testing the v6.1.69 kernel I bisected an issue to the below commit
>> which was added in v6.1.68. When running the xfstests[1] on cifs I
>> observe a null pointer dereference in cifs_flush_folio() because folio
>> is null and dereferenced in size = folio_size(folio).
>>
>> [1] https://github.com/kdave/xfstests
>>
>> This can be reproduced using many of the xfstests but reproduces with
>> generic/001 like below:
>>
>> $ ./check -cifs generic/001
>>
>> FSTYP         -- cifs
>> PLATFORM      -- Linux/x86_64 ip-172-31-36-150 6.1.69 #2 SMP
>> PREEMPT_DYNAMIC Wed Jan  3 22:36:43 UTC 2024
>> MKFS_OPTIONS  -- //172.31.34.66/scratch
>> MOUNT_OPTIONS -- -ousername=ec2-
>> user,password=abc123,noperm,mfsymlinks,cifsacl,actimeo=0 -o
>> context=system_u:object_r:root_t:s0 //172.31.34.66/scratch /mnt/scratch
>>
>> generic/001 10s ...  
>>
>> [  244.135555] run fstests generic/001 at 2024-01-03 22:44:59
>> [  244.637499] BUG: kernel NULL pointer dereference, address:
>> 0000000000000000
>> [  244.638204] #PF: supervisor read access in kernel mode
>> [  244.638698] #PF: error_code(0x0000) - not-present page
>> [  244.639194] PGD 0 P4D 0 
>> [  244.639466] Oops: 0000 [#1] PREEMPT SMP NOPTI
>> [  244.698047] CPU: 11 PID: 4123 Comm: cp Not tainted 6.1.69 #2
>> [  244.698598] Hardware name: Amazon EC2 m6i.4xlarge/, BIOS 1.0
>> 10/16/2017
>> [  244.699228] RIP: 0010:cifs_flush_folio+0x3f/0x100 [cifs]
>> [  244.699782] Code: d2 41 54 89 cc 31 c9 55 53 48 89 f3 48 c1 ee 0c 48
>> 83 ec 08 48 8b 7f 30 e8 7d 2c a6 f8 48 3d 00 f0 ff ff 0f 87 a5 00 00 00
>> <48> 8b 10 48 89 c5 b8 00 10 00 00 f7 c2 00 00 01 00 74 07 0f b6 4d
>> [  244.799263] RSP: 0018:ffffc25441ffbd20 EFLAGS: 00010207
>> [  244.888911] RAX: 0000000000000000 RBX: 0000000000000000 RCX:
>> 0000000000000000
>> [  244.898446] RDX: 0000000000000000 RSI: 0000000000000000 RDI:
>> ffff9ed945eac000
>> [  244.899136] RBP: 00000000000003a1 R08: 0000000000000001 R09:
>> 0000000000000000
>> [  244.997779] R10: 0000000000003e7f R11: 0000000000000000 R12:
>> ffffc25441ffbd90
>> [  244.998564] R13: ffffc25441ffbd88 R14: ffff9ed94af23850 R15:
>> 0000000000000001
>> [  244.999264] FS:  00007f111404d340(0000) GS:ffff9ee7fecc0000(0000)
>> knlGS:0000000000000000
>> [  245.097782] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> [  245.098345] CR2: 0000000000000000 CR3: 00000001211fc001 CR4:
>> 00000000007706e0
>> [  245.099122] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
>> 0000000000000000
>> [  245.099854] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
>> 0000000000000400
>> [  245.198200] PKRU: 55555554
>> [  245.198478] Call Trace:
>> [  245.198735]  <TASK>
>> [  245.198967]  ? show_trace_log_lvl+0x1c4/0x2d2
>> [  245.199399]  ? show_trace_log_lvl+0x1c4/0x2d2
>> [  245.199830]  ? cifs_remap_file_range+0x15d/0x5e0 [cifs]
>> [  245.298029]  ? __die_body.cold+0x8/0xd
>> [  245.298402]  ? page_fault_oops+0xac/0x140
>> [  245.298943]  ? exc_page_fault+0x62/0x140
>> [  245.299336]  ? asm_exc_page_fault+0x22/0x30
>> [  245.299751]  ? cifs_flush_folio+0x3f/0x100 [cifs]
>> [  245.397858]  ? cifs_precopy_set_eof+0x73/0x110 [cifs]
>> [  245.398383]  cifs_remap_file_range+0x15d/0x5e0 [cifs]
>> [  245.398909]  do_clone_file_range+0xe7/0x230
>> [  245.399329]  vfs_clone_file_range+0x37/0x140
>> [  245.399861]  ioctl_file_clone+0x45/0xa0
>> [  245.497918]  do_vfs_ioctl+0x79/0x890
>> [  245.498328]  __x64_sys_ioctl+0x69/0xc0
>> [  245.498706]  do_syscall_64+0x38/0x90
>> [  245.499070]  entry_SYSCALL_64_after_hwframe+0x64/0xce
>> [  245.499568] RIP: 0033:0x7f1113e3ec6b
>> [  245.499929] Code: 73 01 c3 48 8b 0d 9500 f7 d8 64 89 01 48 83 c8 ff
>> c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05
>> <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 65 a1 1b 00 f7 d8 64 89 01 48
>> [  245.599410] RSP: 002b:00007fff140ebb88 EFLAGS: 00000246 ORIG_RAX:
>> 0000000000000010
>> [  245.697930] RAX: ffffffffffffffda RBX: 00007fff140ec3b0 RCX:
>> 00007f1113e3ec6b
>> [  245.698620] RDX: 0000000000000003 RSI: 0000000040049409 RDI:
>> 0000000000000004
>> [  245.699306] RBP: 0000000000000003 R08: 0000000000000001 R09:
>> 0000000000000004
>> [  245.797942] R10: 0000000000001000 R11: 0000000000000246 R12:
>> 00007fff140ed616
>> [  245.798789] R13: 00007fff140ebfa0 R14: 0000000000000000 R15:
>> 0000000000000002
>> [  245.799485]  </TASK>
>> [  245.799720] Modules linked in: cmac nls_utf8 cifs cifs_arc4 cifs_md4
>> dns_lver mousedev sunrpc nls_ascii nls_cp437 vfat fat psmouse
>> ghash_clmulni_intel atkbd libps2 vivaldi_fmap aesni_intel ena i8042
>> crypto_simd serio cryptd button drm sch_fq_codel fuse i2c_core configfs
>> drm_panel_orientation_quirks loop backlight dmi_sysfs crc32_pclmul
>> intel dm_mirror dm_region_hash dm_log dm_mod dax efivarfs
>> [  245.998457] CR2: 0000000000000000
>> [  245.998800] ---[ end trace 0000000000000000 ]---
>> [  246.087916] RIP: 0010:cifs_flush_folio+0x3f/0x100 [cifs]
>> [  246.088794] Code: d2 41 54 49 89 cc 31 c9 55 53 48 89 f3 48 c1 ee 0c
>> 48 83 ec 08 48 8b 7f 30 e8 7d 2c a6 f8 48 3d 00 f0 ff ff 0f 87 a5 00 00
>> 00 <48> 8b 10 48 89 c5 b8 00 10 00 00 f7 c2 00 00 01 00 74 07 0f b6 4d
>> [  246.099436] RSP: 0018:ffffc25441ffbd20 EFLAGS: 00010207
>> [  246.189258] RAX: 0000000000000000 RBX: 0000000000000000 RCX:
>> 0000000000000000
>> [  246.198724] RDX: 0000000000000000 RSI: 0000000000000000 RDI:
>> ffff9ed945eac000
>> [  246.199411] RBP: 00000000000003a1 R08: 0000000000000001 R09:
>> 0000000000000000
>> [  246.298002] R10: 0000000000003e7f R11: 0000000000000000 R12:
>> ffffc25441ffbd90
>> [  246.298687] R13: ffffc25441ffbd88 R14: ffff9ed94af23850 R15:
>> 0000000000000001
>> [  246.299372] FS:  00007f111404d340(0000) GS:ffff9ee7fecc0000(0000)
>> knlGS:0000000000000000
>> [  246.398006] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> [  246.398569] CR2: 0000000000000000 CR3: 00000001211fc001 CR4:
>> 00000000007706e0
>> [  246.399254] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
>> 0000000000000000
>> [  246.399934] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
>> 0000000000000400
>> [  246.498414] PKRU: 55555554
>> [  246.498698] Kernel panic - not syncing: Fatal exception
>> [  246.500042] Kernel Offset: 0x38000000 from 0xffffffff81000000
>> (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
>> [  246.698094] Rebooting in 5 seconds..
>>
>> Any ideas what is causing this and what the resolution is? This doesn't
>> occur on the upstream/master kernel.
>>
>> Thanks,
>> Suraj
>>
>> On Mon, 2023-12-11 at 13:57 +0100, gregkh@xxxxxxxxxxxxxxxxxxx wrote:
>>>
>>> This is a note to let you know that I've just added the patch titled
>>>
>>>     cifs: Fix flushing, invalidation and file size with
>>> copy_file_range()
>>>
>>> to the 6.1-stable tree which can be found at:
>>>    
>>> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
>>>
>>> The filename of the patch is:
>>>      cifs-fix-flushing-invalidation-and-file-size-with-
>>> copy_file_range.patch
>>> and it can be found in the queue-6.1 subdirectory.
>>>
>>> If you, or anyone else, feels it should not be added to the stable
>>> tree,
>>> please let <stable@xxxxxxxxxxxxxxx> know about it.
>>>
>>>
>>>> From 7b2404a886f8b91250c31855d287e632123e1746 Mon Sep 17 00:00:00
>>>> 2001
>>> From: David Howells <dhowells@xxxxxxxxxx>
>>> Date: Fri, 1 Dec 2023 00:22:00 +0000
>>> Subject: cifs: Fix flushing, invalidation and file size with
>>> copy_file_range()
>>>
>>> From: David Howells <dhowells@xxxxxxxxxx>
>>>
>>> commit 7b2404a886f8b91250c31855d287e632123e1746 upstream.
>>>
>>> Fix a number of issues in the cifs filesystem implementation of the
>>> copy_file_range() syscall in cifs_file_copychunk_range().
>>>
>>> Firstly, the invalidation of the destination range is handled
>>> incorrectly:
>>> We shouldn't just invalidate the whole file as dirty data in the file
>>> may
>>> get lost and we can't just call truncate_inode_pages_range() to
>>> invalidate
>>> the destination range as that will erase parts of a partial folio at
>>> each
>>> end whilst invalidating and discarding all the folios in the middle. 
>>> We
>>> need to force all the folios covering the range to be reloaded, but
>>> we
>>> mustn't lose dirty data in them that's not in the destination range.
>>>
>>> Further, we shouldn't simply round out the range to PAGE_SIZE at each
>>> end
>>> as cifs should move to support multipage folios.
>>>
>>> Secondly, there's an issue whereby a write may have extended the file
>>> locally, but not have been written back yet.  This can leaves the
>>> local
>>> idea of the EOF at a later point than the server's EOF.  If a copy
>>> request
>>> is issued, this will fail on the server with STATUS_INVALID_VIEW_SIZE
>>> (which gets translated to -EIO locally) if the copy source extends
>>> past the
>>> server's EOF.
>>>
>>> Fix this by:
>>>
>>>  (0) Flush the source region (already done).  The flush does nothing
>>> and
>>>      the EOF isn't moved if the source region has no dirty data.
>>>
>>>  (1) Move the EOF to the end of the source region if it isn't already
>>> at
>>>      least at this point.  If we can't do this, for instance if the
>>> server
>>>      doesn't support it, just flush the entire source file.
>>>
>>>  (2) Find the folio (if present) at each end of the range, flushing
>>> it and
>>>      increasing the region-to-be-invalidated to cover those in their
>>>      entirety.
>>>
>>>  (3) Fully discard all the folios covering the range as we want them
>>> to be
>>>      reloaded.
>>>
>>>  (4) Then perform the copy.
>>>
>>> Thirdly, set i_size after doing the copychunk_range operation as this
>>> value
>>> may be used by various things internally.  stat() hides the issue
>>> because
>>> setting ->time to 0 causes cifs_getatr() to revalidate the
>>> attributes.
>>>
>>> These were causing the generic/075 xfstest to fail.
>>>
>>> Fixes: 620d8745b35d ("Introduce cifs_copy_file_range()")
>>> Cc: stable@xxxxxxxxxxxxxxx
>>> Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
>>> cc: Paulo Alcantara <pc@xxxxxxxxxxxxx>
>>> cc: Shyam Prasad N <nspmangalore@xxxxxxxxx>
>>> cc: Rohith Surabattula <rohiths.msft@xxxxxxxxx>
>>> cc: Matthew Wilcox <willy@xxxxxxxxxxxxx>
>>> cc: Jeff Layton <jlayton@xxxxxxxxxx>
>>> cc: linux-cifs@xxxxxxxxxxxxxxx
>>> cc: linux-mm@xxxxxxxxx
>>> Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
>>> Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
>>> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
>>> ---
>>>  fs/smb/client/cifsfs.c |  102
>>> +++++++++++++++++++++++++++++++++++++++++++++++--
>>>  1 file changed, 99 insertions(+), 3 deletions(-)
>>>
>>> --- a/fs/smb/client/cifsfs.c
>>> +++ b/fs/smb/client/cifsfs.c
>>> @@ -1191,6 +1191,72 @@ const struct inode_operations cifs_symli
>>>         .listxattr = cifs_listxattr,
>>>  };
>>>  
>>> +/*
>>> + * Advance the EOF marker to after the source range.
>>> + */
>>> +static int cifs_precopy_set_eof(struct inode *src_inode, struct
>>> cifsInodeInfo *src_cifsi,
>>> +                               struct cifs_tcon *src_tcon,
>>> +                               unsigned int xid, loff_t src_end)
>>> +{
>>> +       struct cifsFileInfo *writeable_srcfile;
>>> +       int rc = -EINVAL;
>>> +
>>> +       writeable_srcfile = find_writable_file(src_cifsi,
>>> FIND_WR_FSUID_ONLY);
>>> +       if (writeable_srcfile) {
>>> +               if (src_tcon->ses->server->ops->set_file_size)
>>> +                       rc = src_tcon->ses->server->ops-
>>>> set_file_size(
>>> +                               xid, src_tcon, writeable_srcfile,
>>> +                               src_inode->i_size, true /* no need to
>>> set sparse */);
>>> +               else
>>> +                       rc = -ENOSYS;
>>> +               cifsFileInfo_put(writeable_srcfile);
>>> +               cifs_dbg(FYI, "SetFSize for copychunk rc = %d\n",
>>> rc);
>>> +       }
>>> +
>>> +       if (rc < 0)
>>> +               goto set_failed;
>>> +
>>> +       netfs_resize_file(&src_cifsi->netfs, src_end);
>>> +       fscache_resize_cookie(cifs_inode_cookie(src_inode), src_end);
>>> +       return 0;
>>> +
>>> +set_failed:
>>> +       return filemap_write_and_wait(src_inode->i_mapping);
>>> +}
>>> +
>>> +/*
>>> + * Flush out either the folio that overlaps the beginning of a range
>>> in which
>>> + * pos resides or the folio that overlaps the end of a range unless
>>> that folio
>>> + * is entirely within the range we're going to invalidate.  We
>>> extend the flush
>>> + * bounds to encompass the folio.
>>> + */
>>> +static int cifs_flush_folio(struct inode *inode, loff_t pos, loff_t
>>> *_fstart, loff_t *_fend,
>>> +                           bool first)
>>> +{
>>> +       struct folio *folio;
>>> +       unsigned long long fpos, fend;
>>> +       pgoff_t index = pos / PAGE_SIZE;
>>> +       size_t size;
>>> +       int rc = 0;
>>> +
>>> +       folio = filemap_get_folio(inode->i_mapping, index);
>>> +       if (IS_ERR(folio))
>>> +               return 0;
>>> +
>>> +       size = folio_size(folio);
>>> +       fpos = folio_pos(folio);
>>> +       fend = fpos + size - 1;
>>> +       *_fstart = min_t(unsigned long long, *_fstart, fpos);
>>> +       *_fend   = max_t(unsigned long long, *_fend, fend);
>>> +       if ((first && pos == fpos) || (!first && pos == fend))
>>> +               goto out;
>>> +
>>> +       rc = filemap_write_and_wait_range(inode->i_mapping, fpos,
>>> fend);
>>> +out:
>>> +       folio_put(folio);
>>> +       return rc;
>>> +}
>>> +
>>>  static loff_t cifs_remap_file_range(struct file *src_file, loff_t
>>> off,
>>>                 struct file *dst_file, loff_t destoff, loff_t len,
>>>                 unsigned int remap_flags)
>>> @@ -1260,10 +1326,12 @@ ssize_t cifs_file_copychunk_range(unsign
>>>  {
>>>         struct inode *src_inode = file_inode(src_file);
>>>         struct inode *target_inode = file_inode(dst_file);
>>> +       struct cifsInodeInfo *src_cifsi = CIFS_I(src_inode);
>>>         struct cifsFileInfo *smb_file_src;
>>>         struct cifsFileInfo *smb_file_target;
>>>         struct cifs_tcon *src_tcon;
>>>         struct cifs_tcon *target_tcon;
>>> +       unsigned long long destend, fstart, fend;
>>>         ssize_t rc;
>>>  
>>>         cifs_dbg(FYI, "copychunk range\n");
>>> @@ -1303,13 +1371,41 @@ ssize_t cifs_file_copychunk_range(unsign
>>>         if (rc)
>>>                 goto unlock;
>>>  
>>> -       /* should we flush first and last page first */
>>> -       truncate_inode_pages(&target_inode->i_data, 0);
>>> +       /* The server-side copy will fail if the source crosses the
>>> EOF marker.
>>> +        * Advance the EOF marker after the flush above to the end of
>>> the range
>>> +        * if it's short of that.
>>> +        */
>>> +       if (src_cifsi->server_eof < off + len) {
>>> +               rc = cifs_precopy_set_eof(src_inode, src_cifsi,
>>> src_tcon, xid, off + len);
>>> +               if (rc < 0)
>>> +                       goto unlock;
>>> +       }
>>> +
>>> +       destend = destoff + len - 1;
>>> +
>>> +       /* Flush the folios at either end of the destination range to
>>> prevent
>>> +        * accidental loss of dirty data outside of the range.
>>> +        */
>>> +       fstart = destoff;
>>> +       fend = destend;
>>> +
>>> +       rc = cifs_flush_folio(target_inode, destoff, &fstart, &fend,
>>> true);
>>> +       if (rc)
>>> +               goto unlock;
>>> +       rc = cifs_flush_folio(target_inode, destend, &fstart, &fend,
>>> false);
>>> +       if (rc)
>>> +               goto unlock;
>>> +
>>> +       /* Discard all the folios that overlap the destination
>>> region. */
>>> +       truncate_inode_pages_range(&target_inode->i_data, fstart,
>>> fend);
>>>  
>>>         rc = file_modified(dst_file);
>>> -       if (!rc)
>>> +       if (!rc) {
>>>                 rc = target_tcon->ses->server->ops-
>>>> copychunk_range(xid,
>>>                         smb_file_src, smb_file_target, off, len,
>>> destoff);
>>> +               if (rc > 0 && destoff + rc >
>>> i_size_read(target_inode))
>>> +                       truncate_setsize(target_inode, destoff + rc);
>>> +       }
>>>  
>>>         file_accessed(src_file);
>>>  
>>>
>>>
>>> Patches currently in stable-queue which might be from
>>> dhowells@xxxxxxxxxx are
>>>
>>> queue-6.1/cifs-fix-flushing-invalidation-and-file-size-with-
>>> copy_file_range.patch
>>> queue-6.1/cifs-fix-flushing-invalidation-and-file-size-with-
>>> ficlone.patch
>>> queue-6.1/cifs-fix-non-availability-of-dedup-breaking-generic-
>>> 304.patch
>>>
>>
> 
> It looks we had as well some reports in Debian about this regression.
> Copying a file within the same cifs mount seems to trigger the NULL
> pointer dereference:
> 
> [ 1640.742300] BUG: kernel NULL pointer dereference, address: 0000000000000000
> [ 1640.742309] #PF: supervisor read access in kernel mode
> [ 1640.742313] #PF: error_code(0x0000) - not-present page
> [ 1640.742317] PGD 0 P4D 0
> [ 1640.742322] Oops: 0000 [#1] PREEMPT SMP NOPTI
> [ 1640.742327] CPU: 6 PID: 1972 Comm: cp Not tainted 6.1.0-17-amd64 #1  Debian 6.1.69-1
> [ 1640.742333] Hardware name: LENOVO 20XXS1FU00/20XXS1FU00, BIOS N32ET89W (1.65 ) 11/13/2023
> [ 1640.742336] RIP: 0010:cifs_flush_folio+0x3f/0x100 [cifs]
> [ 1640.742412] Code: d2 41 54 49 89 cc 31 c9 55 48 89 f5 48 c1 ee 0c 53 48 83 ec 08 48 8b 7f 30 e8 8d 9a 97 dd 48 3d 00 f0 ff ff 0f 87 a5 00 00 00 <48> 8b 10 48 89 c3 b8 00 10 00 00 f7 c2 00 00 01 00 74 07 0f b6 4b
> [ 1640.742417] RSP: 0018:ffff9eac8181fd18 EFLAGS: 00010207
> [ 1640.742422] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000000000
> [ 1640.742425] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8a0a758b0000
> [ 1640.742428] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
> [ 1640.742431] R10: 0000000000000003 R11: ffff8a09c596fa00 R12: ffff9eac8181fd88
> [ 1640.742433] R13: ffff9eac8181fd80 R14: ffff8a0a707bda48 R15: 0000000000000001
> [ 1640.742437] FS:  00007f7dc8764800(0000) GS:ffff8a10ff780000(0000) knlGS:0000000000000000
> [ 1640.742441] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 1640.742444] CR2: 0000000000000000 CR3: 000000015eff0003 CR4: 0000000000770ee0
> [ 1640.742448] PKRU: 55555554
> [ 1640.742450] Call Trace:
> [ 1640.742454]  <TASK>
> [ 1640.742459]  ? __die_body.cold+0x1a/0x1f
> [ 1640.742468]  ? page_fault_oops+0xd2/0x2b0
> [ 1640.742476]  ? exc_page_fault+0x70/0x170
> [ 1640.742482]  ? asm_exc_page_fault+0x22/0x30
> [ 1640.742492]  ? cifs_flush_folio+0x3f/0x100 [cifs]
> [ 1640.742558]  ? cifs_flush_folio+0x33/0x100 [cifs]
> [ 1640.742622]  ? cifs_precopy_set_eof+0x2b/0x150 [cifs]
> [ 1640.742688]  cifs_remap_file_range+0x16d/0x680 [cifs]
> [ 1640.742755]  do_clone_file_range+0xe6/0x230
> [ 1640.742762]  vfs_clone_file_range+0x37/0x140
> [ 1640.742767]  ioctl_file_clone+0x49/0xb0
> [ 1640.742774]  do_vfs_ioctl+0x77/0x910
> [ 1640.742780]  __x64_sys_ioctl+0x6e/0xd0
> [ 1640.742785]  do_syscall_64+0x58/0xc0
> [ 1640.742794]  entry_SYSCALL_64_after_hwframe+0x64/0xce
> [ 1640.742801] RIP: 0033:0x7f7dc8900b5b
> [ 1640.742806] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
> [ 1640.742810] RSP: 002b:00007ffe4b899000 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
> [ 1640.742815] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f7dc8900b5b
> [ 1640.742817] RDX: 0000000000000003 RSI: 0000000040049409 RDI: 0000000000000004
> [ 1640.742820] RBP: 00007ffe4b899440 R08: 00007ffe4b899600 R09: 0000000000000001
> [ 1640.742823] R10: 00007f7dc881a358 R11: 0000000000000246 R12: 0000000000000001
> [ 1640.742825] R13: 00007ffe4b899dc3 R14: 0000000000008000 R15: 0000000000000000
> [ 1640.742831]  </TASK>
> [ 1640.742832] Modules linked in: nls_utf8 cifs cifs_arc4 cifs_md4 dns_resolver fscache netfs ctr ccm rfcomm cmac algif_hash algif_skcipher af_alg snd_seq_dummy snd_hrtimer snd_seq snd_seq_device bnep btusb btrtl btbcm btintel btmtk bluetooth uvcvideo videobuf2_vmalloc videobuf2_memops jitterentropy_rng videobuf2_v4l2 videobuf2_common drbg videodev ansi_cprng mc ecdh_generic ecc qrtr ip6t_REJECT nf_reject_ipv6 xt_hl ip6_tables ip6t_rt snd_ctl_led snd_soc_skl_hda_dsp snd_soc_intel_hda_dsp_common binfmt_misc snd_soc_hdac_hdmi ipt_REJECT snd_sof_probes nf_reject_ipv4 xt_LOG nf_log_syslog xt_comment nft_limit xt_limit xt_addrtype snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic snd_soc_dmic snd_sof_pci_intel_tgl snd_sof_intel_hda_common soundwire_intel soundwire_generic_allocation joydev soundwire_cadence snd_sof_intel_hda x86_pkg_temp_thermal snd_sof_pci intel_powerclamp snd_sof_xtensa_dsp coretemp snd_sof snd_sof_utils snd_soc_hdac_hda kvm_intel snd_hda_ext_core
> [ 1640.742921]  snd_soc_acpi_intel_match xt_tcpudp snd_soc_acpi kvm snd_soc_core xt_conntrack irqbypass nf_conntrack crc32_pclmul snd_compress nf_defrag_ipv6 soundwire_bus nf_defrag_ipv4 ghash_clmulni_intel iwlmvm nft_compat snd_hda_intel sha512_ssse3 snd_intel_dspcfg nf_tables snd_intel_sdw_acpi sha512_generic mac80211 libcrc32c snd_hda_codec hid_multitouch nfnetlink processor_thermal_device_pci_legacy hid_generic sha256_ssse3 iTCO_wdt snd_hda_core processor_thermal_device sha1_ssse3 intel_pmc_bxt iTCO_vendor_support processor_thermal_rfim libarc4 pmt_telemetry rapl thinkpad_acpi snd_hwdep xhci_pci processor_thermal_mbox mei_hdcp watchdog intel_rapl_msr snd_pcm pmt_class nls_ascii nvram intel_cstate processor_thermal_rapl xhci_hcd ucsi_acpi iwlwifi platform_profile snd_timer nls_cp437 intel_uncore i2c_hid_acpi intel_lpss_pci usbcore typec_ucsi ledtrig_audio think_lmi mei_me i2c_i801 intel_rapl_common snd pcspkr vfat i2c_hid intel_lpss roles cfg80211 firmware_attributes_class mei
> [ 1640.743007]  thunderbolt usb_common soundcore wmi_bmof fat int3403_thermal idma64 i2c_smbus intel_vsec typec intel_soc_dts_iosf hid igen6_edac button battery ac rfkill soc_button_array int340x_thermal_zone int3400_thermal intel_hid intel_pmc_core acpi_thermal_rel acpi_tad acpi_pad sparse_keymap msr parport_pc ppdev lp parport loop fuse efi_pstore configfs efivarfs ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic dm_crypt dm_mod i915 i2c_algo_bit drm_buddy nvme drm_display_helper nvme_core crc32c_intel t10_pi drm_kms_helper crc64_rocksoft cec crc64 rc_core crc_t10dif ttm crct10dif_generic aesni_intel crct10dif_pclmul psmouse drm evdev crypto_simd cryptd crct10dif_common serio_raw video wmi
> [ 1640.743095] CR2: 0000000000000000
> [ 1640.743098] ---[ end trace 0000000000000000 ]---
> [ 1640.957607] RIP: 0010:cifs_flush_folio+0x3f/0x100 [cifs]
> [ 1640.957681] Code: d2 41 54 49 89 cc 31 c9 55 48 89 f5 48 c1 ee 0c 53 48 83 ec 08 48 8b 7f 30 e8 8d 9a 97 dd 48 3d 00 f0 ff ff 0f 87 a5 00 00 00 <48> 8b 10 48 89 c3 b8 00 10 00 00 f7 c2 00 00 01 00 74 07 0f b6 4b
> [ 1640.957683] RSP: 0018:ffff9eac8181fd18 EFLAGS: 00010207
> [ 1640.957685] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000000000
> [ 1640.957686] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8a0a758b0000
> [ 1640.957687] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
> [ 1640.957688] R10: 0000000000000003 R11: ffff8a09c596fa00 R12: ffff9eac8181fd88
> [ 1640.957689] R13: ffff9eac8181fd80 R14: ffff8a0a707bda48 R15: 0000000000000001
> [ 1640.957691] FS:  00007f7dc8764800(0000) GS:ffff8a10ff780000(0000) knlGS:0000000000000000
> [ 1640.957692] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 1640.957693] CR2: 0000000000000000 CR3: 000000015eff0003 CR4: 0000000000770ee0
> [ 1640.957695] PKRU: 55555554
> [ 1640.957696] note: cp[1972] exited with irqs disabled
> 
> #regzbot ^introduced 18b02e4343e8f5be6a2f44c7ad9899b385a92730
> #regzbot link: https://bugs.debian.org/1060005
> #regzbot link: https://bugs.debian.org/1060052
> 
> Regards,
> Salvatore
> 
> 





[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux