On Mon, Dec 2, 2024 at 7:46 AM Shyam Prasad N <nspmangalore@xxxxxxxxx> wrote: > > Found this null-ptr dereference in netfs code with 6.13-rc1. > > Is it a known issue? > > [Mon Dec 2 01:57:27 2024] ------------[ cut here ]------------ > [Mon Dec 2 01:57:27 2024] WARNING: CPU: 1 PID: 152 at > fs/netfs/read_collect.c:110 netfs_consume_read_data.isra.0+0x715/0xbb0 > [netfs] > [Mon Dec 2 01:57:27 2024] Modules linked in: cmac nls_utf8 cifs > cifs_arc4 nls_ucs2_utils cifs_md4 netfs qrtr cfg80211 8021q garp mrp > stp llc xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 > xt_owner xt_tcpudp nft_compat nf_tables mlx5_ib ib_uverbs macsec > binfmt_misc ib_core intel_rapl_msr intel_rapl_common > intel_uncore_frequency_common isst_if_common nls_iso8859_1 mlx5_core > btrfs mlxfw blake2b_generic psample xor tls skx_edac_common > crct10dif_pclmul crc32_pclmul raid6_pq polyval_clmulni polyval_generic > libcrc32c joydev ghash_clmulni_intel mac_hid sha256_ssse3 sha1_ssse3 > serio_raw hid_generic aesni_intel crypto_simd cryptd hyperv_drm > hid_hyperv rapl hyperv_fb vmgenid hid hv_netvsc hyperv_keyboard > sch_fq_codel dm_multipath msr nvme_fabrics efi_pstore nfnetlink > ip_tables x_tables autofs4 > [Mon Dec 2 01:57:27 2024] CPU: 1 UID: 0 PID: 152 Comm: kworker/1:1 > Not tainted 6.13.0-rc1-mainline #9 > [Mon Dec 2 01:57:27 2024] Hardware name: Microsoft Corporation > Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 > 08/23/2024 > [Mon Dec 2 01:57:27 2024] Workqueue: cifsiod smb2_readv_worker [cifs] > [Mon Dec 2 01:57:27 2024] RIP: > 0010:netfs_consume_read_data.isra.0+0x715/0xbb0 [netfs] > [Mon Dec 2 01:57:27 2024] Code: 8b 78 08 ba 1e 00 00 00 4c 89 e6 e8 > 75 a8 ff ff e9 d7 fc ff ff 48 8b 45 90 4c 89 80 48 02 00 00 0f 1f 44 > 00 00 e9 c2 fb ff ff <0f> 0b 48 8b 43 70 48 8b 75 90 8b 7d 9c 0f b7 93 > 96 00 00 00 8b b6 > [Mon Dec 2 01:57:27 2024] RSP: 0018:ffffb2f6805dfda0 EFLAGS: 00010246 > [Mon Dec 2 01:57:27 2024] RAX: ffff969a23360c00 RBX: ffff969a18da72c0 > RCX: 0000000012800000 > [Mon Dec 2 01:57:27 2024] RDX: 0000000012a00000 RSI: ffff969a23360c00 > RDI: ffffffff9b609a30 > [Mon Dec 2 01:57:27 2024] RBP: ffffb2f6805dfe10 R08: 0000000000000020 > R09: 0000000000200000 > [Mon Dec 2 01:57:27 2024] R10: 0000000000000001 R11: 0000000000000005 > R12: 0000000000000000 > [Mon Dec 2 01:57:27 2024] R13: ffff969a232b97e8 R14: 0000000000200000 > R15: 0000000000000002 > [Mon Dec 2 01:57:27 2024] FS: 0000000000000000(0000) > GS:ffff96bc53480000(0000) knlGS:0000000000000000 > [Mon Dec 2 01:57:27 2024] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [Mon Dec 2 01:57:27 2024] CR2: 000079a46e3fe000 CR3: 000000012cfda002 > CR4: 00000000003706f0 > [Mon Dec 2 01:57:27 2024] DR0: 0000000000000000 DR1: 0000000000000000 > DR2: 0000000000000000 > [Mon Dec 2 01:57:27 2024] DR3: 0000000000000000 DR6: 00000000fffe0ff0 > DR7: 0000000000000400 > [Mon Dec 2 01:57:27 2024] Call Trace: > [Mon Dec 2 01:57:27 2024] <TASK> > [Mon Dec 2 01:57:27 2024] ? show_regs+0x64/0x70 > [Mon Dec 2 01:57:27 2024] ? __warn+0x89/0x120 > [Mon Dec 2 01:57:27 2024] ? netfs_consume_read_data.isra.0+0x715/0xbb0 [netfs] > [Mon Dec 2 01:57:27 2024] ? report_bug+0x15d/0x180 > [Mon Dec 2 01:57:27 2024] ? handle_bug+0x5b/0x90 > [Mon Dec 2 01:57:27 2024] ? exc_invalid_op+0x18/0x70 > [Mon Dec 2 01:57:27 2024] ? asm_exc_invalid_op+0x1b/0x20 > [Mon Dec 2 01:57:27 2024] ? netfs_consume_read_data.isra.0+0x715/0xbb0 [netfs] > [Mon Dec 2 01:57:27 2024] ? __schedule+0x401/0x16e0 > [Mon Dec 2 01:57:27 2024] netfs_read_subreq_terminated+0x2b2/0x390 [netfs] > [Mon Dec 2 01:57:27 2024] smb2_readv_worker+0x1a/0x20 [cifs] > [Mon Dec 2 01:57:27 2024] process_one_work+0x170/0x330 > [Mon Dec 2 01:57:27 2024] worker_thread+0x2ce/0x400 > [Mon Dec 2 01:57:27 2024] ? _raw_spin_unlock_irqrestore+0xe/0x20 > [Mon Dec 2 01:57:27 2024] ? __pfx_worker_thread+0x10/0x10 > [Mon Dec 2 01:57:27 2024] kthread+0xd4/0x100 > [Mon Dec 2 01:57:27 2024] ? __pfx_kthread+0x10/0x10 > [Mon Dec 2 01:57:27 2024] ret_from_fork+0x3d/0x60 > [Mon Dec 2 01:57:27 2024] ? __pfx_kthread+0x10/0x10 > [Mon Dec 2 01:57:27 2024] ret_from_fork_asm+0x1a/0x30 > [Mon Dec 2 01:57:27 2024] </TASK> > [Mon Dec 2 01:57:27 2024] ---[ end trace 0000000000000000 ]--- > [Mon Dec 2 01:57:27 2024] netfs: R=00002827[3] s=12800000-12bfffff > ctl=200000/400000/400000 sl=2 > [Mon Dec 2 01:57:27 2024] netfs: folioq: orders=09090909 > [Mon Dec 2 01:57:27 2024] BUG: kernel NULL pointer dereference, > address: 0000000000000000 > [Mon Dec 2 01:57:27 2024] #PF: supervisor write access in kernel mode > [Mon Dec 2 01:57:27 2024] #PF: error_code(0x0002) - not-present page > [Mon Dec 2 01:57:27 2024] PGD 0 P4D 0 > [Mon Dec 2 01:57:27 2024] Oops: Oops: 0002 [#1] SMP PTI > [Mon Dec 2 01:57:27 2024] CPU: 1 UID: 0 PID: 152 Comm: kworker/1:1 > Tainted: G W 6.13.0-rc1-mainline #9 > [Mon Dec 2 01:57:27 2024] Tainted: [W]=WARN > [Mon Dec 2 01:57:27 2024] Hardware name: Microsoft Corporation > Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 > 08/23/2024 > [Mon Dec 2 01:57:27 2024] Workqueue: cifsiod smb2_readv_worker [cifs] > [Mon Dec 2 01:57:27 2024] RIP: > 0010:netfs_consume_read_data.isra.0+0x35d/0xbb0 [netfs] > [Mon Dec 2 01:57:27 2024] Code: 41 5f 5d c3 cc cc cc cc 44 8b 7d 9c > 48 89 f0 48 2b 43 60 48 89 43 78 41 83 ff 1e 0f 87 16 08 00 00 48 8b > 45 a0 4e 8b 64 f8 08 <f0> 41 80 0c 24 08 48 8b 45 90 48 8b 80 58 02 00 > 00 a9 00 00 00 80 > [Mon Dec 2 01:57:27 2024] RSP: 0018:ffffb2f6805dfda0 EFLAGS: 00010297 > [Mon Dec 2 01:57:27 2024] RAX: ffff969a23360c00 RBX: ffff969a18da72c0 > RCX: 0000000000200000 > [Mon Dec 2 01:57:27 2024] RDX: 0000000000000000 RSI: 0000000012c00000 > RDI: ffff96bc534a0a40 > [Mon Dec 2 01:57:27 2024] RBP: ffffb2f6805dfe10 R08: 0000000000000000 > R09: 0000000000000001 > [Mon Dec 2 01:57:27 2024] R10: ffffb2f681b42000 R11: 0000000012a00000 > R12: 0000000000000000 > [Mon Dec 2 01:57:27 2024] R13: ffff969a232b97e8 R14: 0000000000200000 > R15: 0000000000000002 > [Mon Dec 2 01:57:27 2024] FS: 0000000000000000(0000) > GS:ffff96bc53480000(0000) knlGS:0000000000000000 > [Mon Dec 2 01:57:27 2024] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [Mon Dec 2 01:57:27 2024] CR2: 0000000000000000 CR3: 000000012cfda002 > CR4: 00000000003706f0 > [Mon Dec 2 01:57:27 2024] DR0: 0000000000000000 DR1: 0000000000000000 > DR2: 0000000000000000 > [Mon Dec 2 01:57:27 2024] DR3: 0000000000000000 DR6: 00000000fffe0ff0 > DR7: 0000000000000400 > [Mon Dec 2 01:57:27 2024] Call Trace: > [Mon Dec 2 01:57:27 2024] <TASK> > [Mon Dec 2 01:57:27 2024] ? show_regs+0x64/0x70 > [Mon Dec 2 01:57:27 2024] ? __die+0x24/0x70 > [Mon Dec 2 01:57:27 2024] ? page_fault_oops+0x290/0x5b0 > [Mon Dec 2 01:57:27 2024] ? do_user_addr_fault+0x448/0x800 > [Mon Dec 2 01:57:27 2024] ? irq_work_queue+0x28/0x50 > [Mon Dec 2 01:57:27 2024] ? exc_page_fault+0x7a/0x160 > [Mon Dec 2 01:57:27 2024] ? asm_exc_page_fault+0x27/0x30 > [Mon Dec 2 01:57:27 2024] ? netfs_consume_read_data.isra.0+0x35d/0xbb0 [netfs] > [Mon Dec 2 01:57:27 2024] ? __schedule+0x401/0x16e0 > [Mon Dec 2 01:57:27 2024] netfs_read_subreq_terminated+0x2b2/0x390 [netfs] > [Mon Dec 2 01:57:27 2024] smb2_readv_worker+0x1a/0x20 [cifs] > [Mon Dec 2 01:57:27 2024] process_one_work+0x170/0x330 > [Mon Dec 2 01:57:27 2024] worker_thread+0x2ce/0x400 > [Mon Dec 2 01:57:27 2024] ? _raw_spin_unlock_irqrestore+0xe/0x20 > [Mon Dec 2 01:57:27 2024] ? __pfx_worker_thread+0x10/0x10 > [Mon Dec 2 01:57:27 2024] kthread+0xd4/0x100 > [Mon Dec 2 01:57:27 2024] ? __pfx_kthread+0x10/0x10 > [Mon Dec 2 01:57:27 2024] ret_from_fork+0x3d/0x60 > [Mon Dec 2 01:57:27 2024] ? __pfx_kthread+0x10/0x10 > [Mon Dec 2 01:57:27 2024] ret_from_fork_asm+0x1a/0x30 > [Mon Dec 2 01:57:27 2024] </TASK> > [Mon Dec 2 01:57:27 2024] Modules linked in: cmac nls_utf8 cifs > cifs_arc4 nls_ucs2_utils cifs_md4 netfs qrtr cfg80211 8021q garp mrp > stp llc xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 > xt_owner xt_tcpudp nft_compat nf_tables mlx5_ib ib_uverbs macsec > binfmt_misc ib_core intel_rapl_msr intel_rapl_common > intel_uncore_frequency_common isst_if_common nls_iso8859_1 mlx5_core > btrfs mlxfw blake2b_generic psample xor tls skx_edac_common > crct10dif_pclmul crc32_pclmul raid6_pq polyval_clmulni polyval_generic > libcrc32c joydev ghash_clmulni_intel mac_hid sha256_ssse3 sha1_ssse3 > serio_raw hid_generic aesni_intel crypto_simd cryptd hyperv_drm > hid_hyperv rapl hyperv_fb vmgenid hid hv_netvsc hyperv_keyboard > sch_fq_codel dm_multipath msr nvme_fabrics efi_pstore nfnetlink > ip_tables x_tables autofs4 > [Mon Dec 2 01:57:27 2024] CR2: 0000000000000000 > [Mon Dec 2 01:57:27 2024] ---[ end trace 0000000000000000 ]--- > [Mon Dec 2 01:57:27 2024] RIP: > 0010:netfs_consume_read_data.isra.0+0x35d/0xbb0 [netfs] > [Mon Dec 2 01:57:27 2024] Code: 41 5f 5d c3 cc cc cc cc 44 8b 7d 9c > 48 89 f0 48 2b 43 60 48 89 43 78 41 83 ff 1e 0f 87 16 08 00 00 48 8b > 45 a0 4e 8b 64 f8 08 <f0> 41 80 0c 24 08 48 8b 45 90 48 8b 80 58 02 00 > 00 a9 00 00 00 80 > [Mon Dec 2 01:57:27 2024] RSP: 0018:ffffb2f6805dfda0 EFLAGS: 00010297 > [Mon Dec 2 01:57:27 2024] RAX: ffff969a23360c00 RBX: ffff969a18da72c0 > RCX: 0000000000200000 > [Mon Dec 2 01:57:27 2024] RDX: 0000000000000000 RSI: 0000000012c00000 > RDI: ffff96bc534a0a40 > [Mon Dec 2 01:57:27 2024] RBP: ffffb2f6805dfe10 R08: 0000000000000000 > R09: 0000000000000001 > [Mon Dec 2 01:57:27 2024] R10: ffffb2f681b42000 R11: 0000000012a00000 > R12: 0000000000000000 > [Mon Dec 2 01:57:27 2024] R13: ffff969a232b97e8 R14: 0000000000200000 > R15: 0000000000000002 > [Mon Dec 2 01:57:27 2024] FS: 0000000000000000(0000) > GS:ffff96bc53480000(0000) knlGS:0000000000000000 > [Mon Dec 2 01:57:27 2024] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [Mon Dec 2 01:57:27 2024] CR2: 0000000000000000 CR3: 000000012cfda002 > CR4: 00000000003706f0 > [Mon Dec 2 01:57:27 2024] DR0: 0000000000000000 DR1: 0000000000000000 > DR2: 0000000000000000 > [Mon Dec 2 01:57:27 2024] DR3: 0000000000000000 DR6: 00000000fffe0ff0 > DR7: 0000000000000400 > > > -- > Regards, > Shyam This issue is consistently reproducible for me from at least 6.12. It shows up when several reads are in flight in parallel. -- Regards, Shyam
