On Thu, Dec 5, 2024 at 4:19 PM Shyam Prasad N <nspmangalore@xxxxxxxxx> wrote:
>
> On Thu, Dec 5, 2024 at 10:17 AM Shyam Prasad N <nspmangalore@xxxxxxxxx> wrote:
> >
> > On Thu, Dec 5, 2024 at 2:20 AM ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
> > >
> > > If you run the kernel under gdb and set a breakpoint on panic you
> > > should be able to see the exact line where it failedand you will also
> > > be able to check the variables and what they are set to.
> > >
> > > On Thu, 5 Dec 2024 at 02:31, Shyam Prasad N <nspmangalore@xxxxxxxxx> wrote:
> > > >
> > > > On Wed, Dec 4, 2024 at 10:00 PM Shyam Prasad N <nspmangalore@xxxxxxxxx> wrote:
> > > > >
> > > > > On Tue, Dec 3, 2024 at 4:44 PM David Howells <dhowells@xxxxxxxxxx> wrote:
> > > > > >
> > > > > > Okay, I think I see the problem.
> > > > > >
> > > > > > Looking at the following extraction from the trace:
> > > > > >
> > > > > > > netfs_rreq_ref: R=0000290e NEW r=1
> > > > > > > netfs_read: R=0000290e READAHEAD c=00000000 ni=0 s=85e00000 l=800000 sz=280000000
> > > > > > > netfs_folio: i=f1c2900000000000 ix=85e00-85fff read
> > > > > > > netfs_folio: i=f1c2900000000000 ix=86000-861ff read
> > > > > > > netfs_folio: i=f1c2900000000000 ix=86200-863ff read
> > > > > > > netfs_folio: i=f1c2900000000000 ix=86400-865ff read
> > > > > >
> > > > > > We're requesting reads of four folios, each consisting of 512 pages for a
> > > > > > total of 8MiB.
> > > > > >
> > > > > > > netfs_sreq: R=0000290e[1] DOWN SUBMT f=02 s=85e00000 0/100000 e=0
> > > > > > > netfs_sreq: R=0000290e[2] DOWN SUBMT f=02 s=85f00000 0/100000 e=0
> > > > > > > netfs_sreq: R=0000290e[3] DOWN SUBMT f=02 s=86000000 0/100000 e=0
> > > > > > > netfs_sreq: R=0000290e[4] DOWN SUBMT f=02 s=86100000 0/100000 e=0
> > > > > > > netfs_sreq: R=0000290e[5] DOWN SUBMT f=02 s=86200000 0/100000 e=0
> > > > > > > netfs_sreq: R=0000290e[6] DOWN SUBMT f=02 s=86300000 0/100000 e=0
> > > > > > > netfs_sreq: R=0000290e[7] DOWN SUBMT f=02 s=86400000 0/100000 e=0
> > > > > > > netfs_sreq: R=0000290e[8] DOWN SUBMT f=02 s=86500000 0/100000 e=0
> > > > > >
> > > > > > That got broken down into 8 submissions, each for a 1MiB slice.
> > > > > >
> > > > > > > netfs_sreq: R=0000290e[1] DOWN IO f=02 s=85e00000 100000/100000 e=0
> > > > > > > netfs_progress: R=0000290e[01] s=85e00000 ct=0/100000 pa=100000/100000 sl=0
> > > > > > > netfs_donate: R=0000290e[01] -> [02] to-next am=100000
> > > > > >
> > > > > > Subrequest 1 completed, but wasn't large enough to cover a whole folio, so it
> > > > > > donated its coverage forwards to subreq 2.
> > > > > >
> > > > > > > netfs_sreq: R=0000290e[6] DOWN IO f=02 s=86300000 100000/100000 e=0
> > > > > > > netfs_progress: R=0000290e[06] s=86300000 ct=0/100000 pa=100000/100000 sl=2
> > > > > > > netfs_donate: R=0000290e[06] -> [05] tail-to-prev am=100000
> > > > > >
> > > > > > Subrequest 6 completed, but wasn't large enough to cover a whole folio, so it
> > > > > > donated its coverage backwards to subreq 5.
> > > > > >
> > > > > > > netfs_sreq: R=0000290e[2] DOWN IO f=02 s=85f00000 100000/100000 e=0
> > > > > > > netfs_progress: R=0000290e[02] s=85e00000 ct=0/200000 pa=200000/200000 sl=0
> > > > > > > netfs_folio: i=f1c2900000000000 ix=85e00-85fff read-done
> > > > > > > netfs_folio: i=f1c2900000000000 ix=85e00-85fff read-unlock
> > > > > >
> > > > > > Subreq 2 completed, and with the donation from subreq 1, had sufficient to
> > > > > > unlock the first folio.
> > > > > >
> > > > > > > netfs_sreq: R=0000290e[5] DOWN IO f=02 s=86200000 100000/100000 e=0
> > > > > > > netfs_progress: R=0000290e[05] s=86200000 ct=0/200000 pa=200000/200000 sl=2
> > > > > > > netfs_folio: i=f1c2900000000000 ix=86200-863ff read-done
> > > > > > > netfs_folio: i=f1c2900000000000 ix=86200-863ff read-unlock
> > > > > >
> > > > > > Subreq 5 completed, and with the donation from subreq 6, had sufficient to
> > > > > > unlock the third folio.
> > > > > >
> > > > > > > netfs_sreq: R=0000290e[3] DOWN IO f=02 s=86000000 100000/100000 e=0
> > > > > > > netfs_progress: R=0000290e[03] s=86000000 ct=0/100000 pa=100000/100000 sl=1
> > > > > > > netfs_donate: R=0000290e[03] -> [04] to-next am=100000
> > > > > >
> > > > > > Subrequest 3 completed, but wasn't large enough to cover a whole folio, so it
> > > > > > donated its coverage forwards to subreq 4. So far, so good.
> > > > > >
> > > > > > > netfs_sreq: R=0000290e[7] DOWN IO f=02 s=86400000 100000/100000 e=0
> > > > > > > netfs_progress: R=0000290e[07] s=86400000 ct=0/100000 pa=100000/100000 sl=3
> > > > > > > netfs_donate: R=0000290e[07] -> [04] to-prev am=0
> > > > > >
> > > > > > Subreq 7 completed, but wasn't large enough to cover a whole folio, so it
> > > > > > donated its coverage backwards to subreq 4. This is a bug as subreq 7 is not
> > > > > > contiguous with subreq 4. It should instead have donated forwards to subreq
> > > > > > 8.
> > > > > >
> > > > > > > netfs_sreq: R=0000290e[4] DOWN IO f=02 s=86100000 100000/100000 e=0
> > > > > > > netfs_sreq: R=0000290e[4] DOWN +DON f=02 s=86000000 300000/300000 e=0
> > > > > > > netfs_progress: R=0000290e[04] s=86000000 ct=0/300000 pa=200000/300000 sl=1
> > > > > > > netfs_folio: i=f1c2900000000000 ix=86000-861ff read-done
> > > > > > > netfs_folio: i=f1c2900000000000 ix=86000-861ff read-unlock
> > > > > >
> > > > > > Subreq 4 completed, and with the donation from subreq 2, had sufficient to
> > > > > > unlock the second folio. However, it also has some excess from subreq 7 that
> > > > > > it can't do anything with - and this gets lost.
> > > > > >
> > > > > > > netfs_sreq: R=0000290e[8] DOWN IO f=02 s=86500000 100000/100000 e=0
> > > > > > > netfs_progress: R=0000290e[08] s=86500000 ct=0/100000 pa=100000/100000 sl=3
> > > > > > > netfs_donate: R=0000290e[08] -> [04] tail-to-prev am=100000
> > > > > >
> > > > > > Here's a repeat of the bug: subreq 8 donates to subreq 4, but, again, is not
> > > > > > contiguous. As these are happening concurrently, the other thread hasn't
> > > > > > delisted subreq 4 yet.
> > > > > >
> > > > > > > netfs_sreq: R=0000290e[4] DOWN +DON f=02 s=86000000 400000/400000 e=0
> > > > > > > netfs_progress: R=0000290e[04] s=86200000 ct=200000/400000 pa=200000/200000 sl=2
> > > > > >
> > > > > > The request screwed at this point: subreq 4 shows the extra stuff it has been
> > > > > > donated, but it is unable to do anything with it. There is no folio to
> > > > > > wrangle as the third slot (sl=2) in the queue has already been cleared.
> > > > > >
> > > > > > (Note that this bug shouldn't happen with the patches currently on my
> > > > > > netfs-writeback branch as I got rid of the donation mechanism in preference
> > > > > > for something simpler with single-threaded collection.)
> > > > > >
> > > > > > David
> > > > > >
> > > > >
> > > > > Hi David,
> > > > >
> > > > > Tried your submitted patch "netfs: Fix non-contiguous donation between
> > > > > completed reads" with the same workload.
> > > > > It seems to be crashing elsewhere. I'm trying to get the OOPS message
> > > > > and ftrace, but it seems to be crashing the kernel.
> > > > >
> > > > > --
> > > > > Regards,
> > > > > Shyam
> > > >
> > > > Here's what I managed to get before the VM crashed:
> > > >
> > > > [Wed Dec 4 16:27:10 2024] BUG: kernel NULL pointer dereference,
> > > > address: 0000000000000068
> > > > [Wed Dec 4 16:27:10 2024] #PF: supervisor read access in kernel mode
> > > > [Wed Dec 4 16:27:10 2024] #PF: error_code(0x0000) - not-present page
> > > > [Wed Dec 4 16:27:10 2024] PGD 0 P4D 0
> > > > [Wed Dec 4 16:27:10 2024] Oops: Oops: 0000 [#1] SMP PTI
> > > > [Wed Dec 4 16:27:10 2024] CPU: 6 UID: 0 PID: 1263 Comm: kworker/6:3
> > > > Tainted: G OE 6.12.0-mainline #10
> > > > [Wed Dec 4 16:27:10 2024] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
> > > > [Wed Dec 4 16:27:10 2024] Hardware name: Microsoft Corporation
> > > > Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1
> > > > 08/23/2024
> > > > [Wed Dec 4 16:27:10 2024] Workqueue: cifsiod smb2_readv_worker [cifs]
> > > > [Wed Dec 4 16:27:10 2024] RIP:
> > > > 0010:netfs_consume_read_data.isra.0+0x2d6/0xbe0 [netfs]
> > > > [Wed Dec 4 16:27:10 2024] Code: 48 8b 43 78 4c 8b 7d c0 4c 8b 43 68
> > > > 48 85 c0 0f 85 76 05 00 00 48 8b 55 90 48 8b 73 30 48 83 c2 70 48 39
> > > > d6 74 16 48 8b 7d 88 <48> 8b 4f 68 48 03 4f 60 48 39 4b 60 0f 84 58 06
> > > > 00 00 49 29 c0 48
> > > > [Wed Dec 4 16:27:10 2024] RSP: 0018:ffffad4a4582bd98 EFLAGS: 00010283
> > > > [Wed Dec 4 16:27:10 2024] RAX: 0000000000000000 RBX: ffff9810d6ff6280
> > > > RCX: 0000000000100000
> > > > [Wed Dec 4 16:27:10 2024] RDX: ffff981154071eb0 RSI: ffff9810d6ff71a8
> > > > RDI: 0000000000000000
> > > > [Wed Dec 4 16:27:10 2024] workqueue: smb2_readv_worker [cifs] hogged
> > > > CPU for >10000us 4 times, consider switching to WQ_UNBOUND
> > > > [Wed Dec 4 16:27:10 2024] RBP: ffffad4a4582be10 R08: 0000000000100000
> > > > R09: 0000000000000000
> > > > [Wed Dec 4 16:27:10 2024] R10: 0000000000000008 R11: fefefefefefefeff
> > > > R12: 0000000000000000
> > > > [Wed Dec 4 16:27:10 2024] workqueue: smb2_readv_worker [cifs] hogged
> > > > CPU for >10000us 5 times, consider switching to WQ_UNBOUND
> > > > [Wed Dec 4 16:27:10 2024] workqueue: smb2_readv_worker [cifs] hogged
> > > > CPU for >10000us 7 times, consider switching to WQ_UNBOUND
> > > > [Wed Dec 4 16:27:10 2024] R13: ffff981154072028 R14: 0000000000200000
> > > > R15: ffff981154072028
> > > > [Wed Dec 4 16:27:10 2024] workqueue: smb2_readv_worker [cifs] hogged
> > > > CPU for >10000us 11 times, consider switching to WQ_UNBOUND
> > > >
> > > >
> > > > --
> > > > Regards,
> > > > Shyam
> > > >
> >
> > Ack. Will check further on this today.
> >
> > --
> > Regards,
> > Shyam
>
> Hi David,
>
> Here's the output that I get with your patch. This null-ptr deref
> crashes the kernel. Even with KASAN enabled, I do not see anything
> significantly different:
> [Thu Dec 5 09:55:18 2024] Oops: general protection fault, probably
> for non-canonical address 0xdffffc000000000c: 0000 [#1] SMP KASAN PTI
> [Thu Dec 5 09:55:18 2024] KASAN: null-ptr-deref in range
> [0x0000000000000060-0x0000000000000067]
> [Thu Dec 5 09:55:18 2024] CPU: 12 UID: 0 PID: 175 Comm: kworker/12:1
> Not tainted 6.13.0-rc1-wkasan #12
> [Thu Dec 5 09:55:18 2024] Hardware name: Microsoft Corporation
> Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1
> 08/23/2024
> [Thu Dec 5 09:55:18 2024] Workqueue: cifsiod smb2_readv_worker [cifs]
> [Thu Dec 5 09:55:18 2024] RIP:
> 0010:netfs_consume_read_data.isra.0+0x74e/0x2a80 [netfs]
> [Thu Dec 5 09:55:18 2024] Code: 80 3c 02 00 0f 85 aa 20 00 00 48 8b
> 85 38 ff ff ff 49 8b 4d 60 48 8d 78 60 48 b8 00 00 00 00 00 fc ff df
> 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 0f 21 00 00 48 8b 85 38 ff ff
> ff 48 8d 78 68 4c
> [Thu Dec 5 09:55:18 2024] RSP: 0018:ffff8881039cfc10 EFLAGS: 00010206
> [Thu Dec 5 09:55:18 2024] RAX: dffffc0000000000 RBX: 0000000000100000
> RCX: 0000000002400000
> [Thu Dec 5 09:55:18 2024] RDX: 000000000000000c RSI: 0000000000000000
> RDI: 0000000000000060
> [Thu Dec 5 09:55:18 2024] RBP: ffff8881039cfcf0 R08: 0000000000000001
> R09: ffffed1020739f76
> [Thu Dec 5 09:55:18 2024] R10: 0000000000000003 R11: fefefefefefefeff
> R12: ffff88815fcb8c28
> [Thu Dec 5 09:55:18 2024] R13: ffff88815fcb8d80 R14: ffff88813ce6fbf0
> R15: ffff88813ce6fd68
> [Thu Dec 5 09:55:18 2024] FS: 0000000000000000(0000)
> GS:ffff889fb2e00000(0000) knlGS:0000000000000000
> [Thu Dec 5 09:55:18 2024] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [Thu Dec 5 09:55:18 2024] CR2: 0000791b35f99018 CR3: 0000000189996002
> CR4: 00000000003706f0
> [Thu Dec 5 09:55:18 2024] DR0: 0000000000000000 DR1: 0000000000000000
> DR2: 0000000000000000
> [Thu Dec 5 09:55:18 2024] DR3: 0000000000000000 DR6: 00000000fffe0ff0
> DR7: 0000000000000400
> [Thu Dec 5 09:55:18 2024] Call Trace:
> [Thu Dec 5 09:55:18 2024] <TASK>
> [Thu Dec 5 09:55:18 2024] ? show_regs+0x64/0x70
> [Thu Dec 5 09:55:18 2024] ? die_addr+0x41/0xb0
> [Thu Dec 5 09:55:18 2024] ? exc_general_protection+0x163/0x250
> [Thu Dec 5 09:55:18 2024] ? asm_exc_general_protection+0x27/0x30
> [Thu Dec 5 09:55:18 2024] ?
> netfs_consume_read_data.isra.0+0x74e/0x2a80 [netfs]
> [Thu Dec 5 09:55:18 2024] netfs_read_subreq_terminated+0x928/0xec0 [netfs]
> [Thu Dec 5 09:55:18 2024] ? __pfx___schedule+0x10/0x10
> [Thu Dec 5 09:55:18 2024] ? __pfx__raw_spin_lock_irq+0x10/0x10
> [Thu Dec 5 09:55:18 2024] smb2_readv_worker+0x4b/0x60 [cifs]
> [Thu Dec 5 09:55:18 2024] process_one_work+0x5f3/0xe00
> [Thu Dec 5 09:55:18 2024] ? __kasan_check_write+0x14/0x20
> [Thu Dec 5 09:55:18 2024] worker_thread+0x87c/0x1540
> [Thu Dec 5 09:55:18 2024] ? _raw_spin_lock_irqsave+0x81/0xe0
> [Thu Dec 5 09:55:18 2024] ? __pfx__raw_spin_lock_irqsave+0x10/0x10
> [Thu Dec 5 09:55:18 2024] ? __pfx_worker_thread+0x10/0x10
> [Thu Dec 5 09:55:18 2024] kthread+0x2a2/0x370
> [Thu Dec 5 09:55:18 2024] ? __pfx_kthread+0x10/0x10
> [Thu Dec 5 09:55:18 2024] ret_from_fork+0x3d/0x80
> [Thu Dec 5 09:55:18 2024] ? __pfx_kthread+0x10/0x10
> [Thu Dec 5 09:55:18 2024] ret_from_fork_asm+0x1a/0x30
> [Thu Dec 5 09:55:18 2024] </TASK>
> [Thu Dec 5 09:55:18 2024] Modules linked in: cmac nls_utf8 cifs
> cifs_arc4 nls_ucs2_utils cifs_md4 netfs mptcp_diag xsk_diag raw_diag
> unix_diag af_packet_diag netlink_diag udp_diag tcp_diag inet_diag qrtr
> cfg80211 8021q garp mrp stp llc xt_conntrack nf_conntrack
> nf_defrag_ipv6 nf_defrag_ipv4 xt_owner xt_tcpudp nft_compat nf_tables
> binfmt_misc mlx5_ib ib_uverbs macsec ib_core nls_iso8859_1
> intel_rapl_msr intel_rapl_common intel_uncore_frequency_common btrfs
> isst_if_common blake2b_generic xor mlx5_core mlxfw psample tls joydev
> mac_hid serio_raw raid6_pq hid_generic skx_edac_common libcrc32c
> crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic
> ghash_clmulni_intel sha256_ssse3 sha1_ssse3 aesni_intel crypto_simd
> cryptd rapl hid_hyperv hyperv_drm vmgenid hyperv_keyboard hid
> hv_netvsc hyperv_fb sch_fq_codel dm_multipath msr nvme_fabrics
> efi_pstore nfnetlink ip_tables x_tables autofs4
> [Thu Dec 5 09:55:18 2024] ---[ end trace 0000000000000000 ]---
>
> RIP shows as the changed line with the patch:
> (gdb) l *(netfs_consume_read_data+0x74e)
> 0x228be is in netfs_consume_read_data (fs/netfs/read_collect.c:260).
> 255 * donation and should be able to unlock folios and/or
> donate nextwards.
> 256 */
> 257 if (!subreq->consumed &&
> 258 !prev_donated &&
> 259 !list_is_first(&subreq->rreq_link, &rreq->subrequests) &&
> 260 subreq->start == prev->start + prev->len) {
> <<<<<<<<<<<<<<<<<<<
> 261 prev = list_prev_entry(subreq, rreq_link);
> 262 WRITE_ONCE(prev->next_donated,
> prev->next_donated + subreq->len);
> 263 subreq->start += subreq->len;
> 264 subreq->len = 0;
>
>
> --
> Regards,
> Shyam
Hi David,
I tried this again with 6.13-rc1 and the null-ptr deref seems to be
slightly different (same function).
It is taking me some time due to unfamiliarity of the code. Maybe
you'll get it sooner.
We're trying to see if we can hook gdb when this happens. More details
on that tomorrow.
--
Regards,
Shyam
[Wed Jan 22 10:39:39 2025] ------------[ cut here ]------------
[Wed Jan 22 10:39:39 2025] WARNING: CPU: 4 PID: 571 at fs/netfs/read_collect.c:110 netfs_consume_read_data.isra.0+0x596/0x900 [netfs]
[Wed Jan 22 10:39:39 2025] Modules linked in: cmac nls_utf8 cifs cifs_arc4 nls_ucs2_utils cifs_md4 netfs qrtr cfg80211 8021q garp mrp stp llc xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_owner xt_tcpudp nft_compat nf_tables binfmt_misc nls_iso8859_1 intel_rapl_msr intel_rapl_common intel_uncore_frequency_common isst_if_common skx_edac_common nfit rapl vmgenid hyperv_drm hv_balloon joydev serio_raw mac_hid sch_fq_codel dm_multipath nvme_fabrics nvme_keyring msr nvme_core nvme_auth efi_pstore nfnetlink dmi_sysfs ip_tables x_tables autofs4 btrfs blake2b_generic raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 mlx5_ib ib_uverbs macsec ib_core mlx5_core mlxfw psample tls pci_hyperv pci_hyperv_intf hid_generic hv_storvsc hid_hyperv hid hv_netvsc scsi_transport_fc hyperv_fb hv_utils hyperv_keyboard crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha256_ssse3 sha1_ssse3 hv_vmbus aesni_intel crypto_simd cryptd
[Wed Jan 22 10:39:39 2025] CPU: 4 UID: 0 PID: 571 Comm: kworker/4:2 Not tainted 6.13.0-061300rc1-generic #202412012327
[Wed Jan 22 10:39:39 2025] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 08/23/2024
[Wed Jan 22 10:39:39 2025] Workqueue: cifsiod smb2_readv_worker [cifs]
[Wed Jan 22 10:39:39 2025] RIP: 0010:netfs_consume_read_data.isra.0+0x596/0x900 [netfs]
[Wed Jan 22 10:39:39 2025] Code: 48 8b 75 90 48 8d 4a d8 45 31 c9 48 89 da e8 a1 a3 ff ff 65 ff 0d b2 f9 0c 3f 0f 85 03 ff ff ff 0f 1f 44 00 00 e9 f9 fe ff ff <0f> 0b 48 8b 43 70 48 8b 75 90 4c 89 55 d0 4c 89 f9 8b 7d 9c 0f b7
[Wed Jan 22 10:39:39 2025] RSP: 0018:ffffc17000d9bd90 EFLAGS: 00010246
[Wed Jan 22 10:39:39 2025] RAX: ffff9d030a8dec00 RBX: ffff9d03e60f9a40 RCX: 0000000000000009
[Wed Jan 22 10:39:39 2025] RDX: 0000000002800000 RSI: 0000000000000000 RDI: 0000000000000000
[Wed Jan 22 10:39:39 2025] RBP: ffffc17000d9be00 R08: 0000000000000000 R09: 0000000000200000
[Wed Jan 22 10:39:39 2025] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000
[Wed Jan 22 10:39:39 2025] R13: ffff9d0364c87568 R14: 0000000000200000 R15: 0000000002600000
[Wed Jan 22 10:39:39 2025] FS: 0000000000000000(0000) GS:ffff9d2553600000(0000) knlGS:0000000000000000
[Wed Jan 22 10:39:39 2025] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[Wed Jan 22 10:39:39 2025] CR2: 000077cf1deee200 CR3: 00000001062c8005 CR4: 00000000003706f0
[Wed Jan 22 10:39:39 2025] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[Wed Jan 22 10:39:39 2025] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[Wed Jan 22 10:39:39 2025] Call Trace:
[Wed Jan 22 10:39:39 2025] <TASK>
[Wed Jan 22 10:39:39 2025] ? show_trace_log_lvl+0x1be/0x310
[Wed Jan 22 10:39:39 2025] ? show_trace_log_lvl+0x1be/0x310
[Wed Jan 22 10:39:39 2025] ? netfs_read_subreq_terminated+0x2ce/0x420 [netfs]
[Wed Jan 22 10:39:39 2025] ? show_regs.part.0+0x22/0x30
[Wed Jan 22 10:39:39 2025] ? show_regs.cold+0x8/0x10
[Wed Jan 22 10:39:39 2025] ? netfs_consume_read_data.isra.0+0x596/0x900 [netfs]
[Wed Jan 22 10:39:39 2025] ? __warn.cold+0xac/0x10c
[Wed Jan 22 10:39:39 2025] ? netfs_consume_read_data.isra.0+0x596/0x900 [netfs]
[Wed Jan 22 10:39:39 2025] ? report_bug+0x114/0x160
[Wed Jan 22 10:39:39 2025] ? handle_bug+0x6e/0xb0
[Wed Jan 22 10:39:39 2025] ? exc_invalid_op+0x18/0x80
[Wed Jan 22 10:39:39 2025] ? asm_exc_invalid_op+0x1b/0x20
[Wed Jan 22 10:39:39 2025] ? netfs_consume_read_data.isra.0+0x596/0x900 [netfs]
[Wed Jan 22 10:39:39 2025] netfs_read_subreq_terminated+0x2ce/0x420 [netfs]
[Wed Jan 22 10:39:39 2025] smb2_readv_worker+0x1a/0x30 [cifs]
[Wed Jan 22 10:39:39 2025] process_one_work+0x177/0x350
[Wed Jan 22 10:39:39 2025] worker_thread+0x33a/0x470
[Wed Jan 22 10:39:39 2025] ? _raw_spin_unlock_irqrestore+0x11/0x60
[Wed Jan 22 10:39:39 2025] ? __pfx_worker_thread+0x10/0x10
[Wed Jan 22 10:39:39 2025] kthread+0xe4/0x110
[Wed Jan 22 10:39:39 2025] ? __pfx_kthread+0x10/0x10
[Wed Jan 22 10:39:39 2025] ret_from_fork+0x47/0x70
[Wed Jan 22 10:39:39 2025] ? __pfx_kthread+0x10/0x10
[Wed Jan 22 10:39:39 2025] ret_from_fork_asm+0x1a/0x30
[Wed Jan 22 10:39:39 2025] </TASK>
[Wed Jan 22 10:39:39 2025] ---[ end trace 0000000000000000 ]---
[Wed Jan 22 10:39:39 2025] netfs: R=00005a08[a] s=2600000-29fffff ctl=200000/400000/400000 sl=5
[Wed Jan 22 10:39:39 2025] netfs: folioq: orders=09090909
[Wed Jan 22 10:39:39 2025] BUG: kernel NULL pointer dereference, address: 0000000000000000
[Wed Jan 22 10:39:39 2025] #PF: supervisor write access in kernel mode
[Wed Jan 22 10:39:39 2025] #PF: error_code(0x0002) - not-present page
[Wed Jan 22 10:39:39 2025] PGD 800000010df9b067 P4D 800000010df9b067 PUD 1029f2067 PMD 0
[Wed Jan 22 10:39:39 2025] Oops: Oops: 0002 [#1] PREEMPT SMP PTI
[Wed Jan 22 10:39:39 2025] CPU: 4 UID: 0 PID: 571 Comm: kworker/4:2 Tainted: G W 6.13.0-061300rc1-generic #202412012327
[Wed Jan 22 10:39:39 2025] Tainted: [W]=WARN
[Wed Jan 22 10:39:39 2025] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 08/23/2024
[Wed Jan 22 10:39:39 2025] Workqueue: cifsiod smb2_readv_worker [cifs]
[Wed Jan 22 10:39:39 2025] RIP: 0010:netfs_unlock_read_folio+0x34/0x380 [netfs]
[Wed Jan 22 10:39:39 2025] Code: 89 e5 41 57 49 89 ff 41 56 49 89 f6 41 55 41 54 4d 89 c4 53 48 89 d3 48 83 ec 10 41 83 f8 1e 0f 87 17 03 00 00 4e 8b 6c c3 08 <f0> 41 80 4d 00 08 49 8b 86 58 02 00 00 a9 00 00 00 80 0f 85 d8 00
[Wed Jan 22 10:39:39 2025] RSP: 0018:ffffc17000d9bd48 EFLAGS: 00010297
[Wed Jan 22 10:39:39 2025] netfs: R=00005a09[a] s=3600000-38fffff ctl=200000/300000/300000 sl=5
[Wed Jan 22 10:39:39 2025] RAX: 0000000000400000 RBX: ffff9d030a8dec00 RCX: 0000000000000005
[Wed Jan 22 10:39:39 2025] RDX: ffff9d030a8dec00 RSI: ffff9d0364c87380 RDI: ffff9d03e60f9a40
[Wed Jan 22 10:39:39 2025] RBP: ffffc17000d9bd80 R08: 0000000000000005 R09: 0000000000000000
[Wed Jan 22 10:39:39 2025] R10: 0000000000000005 R11: 0000000002800000 R12: 0000000000000005
[Wed Jan 22 10:39:39 2025] R13: 0000000000000000 R14: ffff9d0364c87380 R15: ffff9d03e60f9a40
[Wed Jan 22 10:39:39 2025] FS: 0000000000000000(0000) GS:ffff9d2553600000(0000) knlGS:0000000000000000
[Wed Jan 22 10:39:39 2025] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[Wed Jan 22 10:39:39 2025] netfs: folioq: orders=09090909
[Wed Jan 22 10:39:39 2025] CR2: 0000000000000000 CR3: 00000001062c8005 CR4: 00000000003706f0
[Wed Jan 22 10:39:39 2025] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[Wed Jan 22 10:39:39 2025] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[Wed Jan 22 10:39:39 2025] Call Trace:
[Wed Jan 22 10:39:39 2025] <TASK>
[Wed Jan 22 10:39:39 2025] ? show_trace_log_lvl+0x1be/0x310
[Wed Jan 22 10:39:39 2025] ? show_trace_log_lvl+0x1be/0x310
[Wed Jan 22 10:39:39 2025] ? netfs_consume_read_data.isra.0+0x3ac/0x900 [netfs]
[Wed Jan 22 10:39:39 2025] ? show_regs.part.0+0x22/0x30
[Wed Jan 22 10:39:39 2025] ? __die_body.cold+0x8/0x10
[Wed Jan 22 10:39:39 2025] ? __die+0x2a/0x40
[Wed Jan 22 10:39:39 2025] ? page_fault_oops+0x16c/0x180
[Wed Jan 22 10:39:39 2025] ? do_user_addr_fault+0x4c9/0x7e0
[Wed Jan 22 10:39:39 2025] ? prb_read_valid+0x1c/0x30
[Wed Jan 22 10:39:39 2025] ? exc_page_fault+0x85/0x1c0
[Wed Jan 22 10:39:39 2025] ? asm_exc_page_fault+0x27/0x30
[Wed Jan 22 10:39:39 2025] ? netfs_unlock_read_folio+0x34/0x380 [netfs]
[Wed Jan 22 10:39:39 2025] netfs_consume_read_data.isra.0+0x3ac/0x900 [netfs]
[Wed Jan 22 10:39:39 2025] netfs_read_subreq_terminated+0x2ce/0x420 [netfs]
[Wed Jan 22 10:39:39 2025] smb2_readv_worker+0x1a/0x30 [cifs]
[Wed Jan 22 10:39:39 2025] process_one_work+0x177/0x350
[Wed Jan 22 10:39:39 2025] worker_thread+0x33a/0x470
[Wed Jan 22 10:39:39 2025] ? _raw_spin_unlock_irqrestore+0x11/0x60
[Wed Jan 22 10:39:39 2025] ? __pfx_worker_thread+0x10/0x10
[Wed Jan 22 10:39:39 2025] kthread+0xe4/0x110
[Wed Jan 22 10:39:39 2025] ? __pfx_kthread+0x10/0x10
[Wed Jan 22 10:39:39 2025] ret_from_fork+0x47/0x70
[Wed Jan 22 10:39:39 2025] ? __pfx_kthread+0x10/0x10
[Wed Jan 22 10:39:39 2025] ret_from_fork_asm+0x1a/0x30
[Wed Jan 22 10:39:39 2025] </TASK>
[Wed Jan 22 10:39:39 2025] Modules linked in: cmac nls_utf8 cifs cifs_arc4 nls_ucs2_utils cifs_md4 netfs qrtr cfg80211 8021q garp mrp stp llc xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_owner xt_tcpudp nft_compat nf_tables binfmt_misc nls_iso8859_1 intel_rapl_msr intel_rapl_common intel_uncore_frequency_common isst_if_common skx_edac_common nfit rapl vmgenid hyperv_drm hv_balloon joydev serio_raw mac_hid sch_fq_codel dm_multipath nvme_fabrics nvme_keyring msr nvme_core nvme_auth efi_pstore nfnetlink dmi_sysfs ip_tables x_tables autofs4 btrfs blake2b_generic raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 mlx5_ib ib_uverbs macsec ib_core mlx5_core mlxfw psample tls pci_hyperv pci_hyperv_intf hid_generic hv_storvsc hid_hyperv hid hv_netvsc scsi_transport_fc hyperv_fb hv_utils hyperv_keyboard crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha256_ssse3 sha1_ssse3 hv_vmbus aesni_intel crypto_simd cryptd
[Wed Jan 22 10:39:39 2025] CR2: 0000000000000000
[Wed Jan 22 10:39:39 2025] BUG: kernel NULL pointer dereference, address: 0000000000000000
[Wed Jan 22 10:39:39 2025] ---[ end trace 0000000000000000 ]---
[Wed Jan 22 10:39:39 2025] #PF: supervisor write access in kernel mode
[Wed Jan 22 10:39:39 2025] #PF: error_code(0x0002) - not-present page
[Wed Jan 22 10:39:39 2025] PGD 800000010df9b067 P4D 800000010df9b067 PUD 1029f2067 PMD 0
[Wed Jan 22 10:39:39 2025] Oops: Oops: 0002 [#2] PREEMPT SMP PTI
[Wed Jan 22 10:39:39 2025] CPU: 18 UID: 0 PID: 489 Comm: kworker/18:2 Tainted: G D W 6.13.0-061300rc1-generic #202412012327
[Wed Jan 22 10:39:39 2025] Tainted: [D]=DIE, [W]=WARN
[Wed Jan 22 10:39:40 2025] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 08/23/2024
[Wed Jan 22 10:39:40 2025] Workqueue: cifsiod smb2_readv_worker [cifs]
[Wed Jan 22 10:39:40 2025] RIP: 0010:netfs_unlock_read_folio+0x34/0x380 [netfs]
[Wed Jan 22 10:39:40 2025] RIP: 0010:netfs_unlock_read_folio+0x34/0x380 [netfs]
[Wed Jan 22 10:39:40 2025] Code: 89 e5 41 57 49 89 ff 41 56 49 89 f6 41 55 41 54 4d 89 c4 53 48 89 d3 48 83 ec 10 41 83 f8 1e 0f 87 17 03 00 00 4e 8b 6c c3 08 <f0> 41 80 4d 00 08 49 8b 86 58 02 00 00 a9 00 00 00 80 0f 85 d8 00
[Wed Jan 22 10:39:40 2025] Code: 89 e5 41 57 49 89 ff 41 56 49 89 f6 41 55 41 54 4d 89 c4 53 48 89 d3 48 83 ec 10 41 83 f8 1e 0f 87 17 03 00 00 4e 8b 6c c3 08 <f0> 41 80 4d 00 08 49 8b 86 58 02 00 00 a9 00 00 00 80 0f 85 d8 00
[Wed Jan 22 10:39:40 2025] RSP: 0018:ffffc17000d9bd48 EFLAGS: 00010297
[Wed Jan 22 10:39:40 2025] RSP: 0018:ffffc170010f7d48 EFLAGS: 00010297
[Wed Jan 22 10:39:40 2025] RAX: 0000000000400000 RBX: ffff9d030a8dec00 RCX: 0000000000000005
[Wed Jan 22 10:39:40 2025] RAX: 0000000000400000 RBX: ffff9d030a8dd400 RCX: 0000000000000005
[Wed Jan 22 10:39:40 2025] RDX: ffff9d030a8dec00 RSI: ffff9d0364c87380 RDI: ffff9d03e60f9a40
[Wed Jan 22 10:39:40 2025] RDX: ffff9d030a8dd400 RSI: ffff9d0364c85280 RDI: ffff9d03e60f9040
[Wed Jan 22 10:39:40 2025] RBP: ffffc17000d9bd80 R08: 0000000000000005 R09: 0000000000000000
[Wed Jan 22 10:39:40 2025] RBP: ffffc170010f7d80 R08: 0000000000000005 R09: 0000000000000000
[Wed Jan 22 10:39:40 2025] R10: 0000000000000005 R11: 0000000002800000 R12: 0000000000000005
[Wed Jan 22 10:39:40 2025] R10: 0000000000000000 R11: 0000000003800000 R12: 0000000000000005
[Wed Jan 22 10:39:40 2025] R13: 0000000000000000 R14: ffff9d0364c87380 R15: ffff9d03e60f9a40
[Wed Jan 22 10:39:40 2025] R13: 0000000000000000 R14: ffff9d0364c85280 R15: ffff9d03e60f9040
[Wed Jan 22 10:39:40 2025] FS: 0000000000000000(0000) GS:ffff9d2553600000(0000) knlGS:0000000000000000
[Wed Jan 22 10:39:40 2025] FS: 0000000000000000(0000) GS:ffff9d2553d00000(0000) knlGS:0000000000000000
[Wed Jan 22 10:39:40 2025] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[Wed Jan 22 10:39:40 2025] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[Wed Jan 22 10:39:40 2025] CR2: 0000000000000000 CR3: 00000001062c8005 CR4: 00000000003706f0
[Wed Jan 22 10:39:40 2025] CR2: 0000000000000000 CR3: 00000001062c8003 CR4: 00000000003706f0
[Wed Jan 22 10:39:40 2025] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[Wed Jan 22 10:39:40 2025] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[Wed Jan 22 10:39:40 2025] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[Wed Jan 22 10:39:40 2025] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[Wed Jan 22 10:39:40 2025] note: kworker/4:2[571] exited with irqs disabled
[Wed Jan 22 10:39:40 2025] Call Trace:
[Wed Jan 22 10:39:40 2025] <TASK>
[Wed Jan 22 10:39:40 2025] ? show_trace_log_lvl+0x1be/0x310
[Wed Jan 22 10:39:40 2025] ? show_trace_log_lvl+0x1be/0x310
[Wed Jan 22 10:39:40 2025] ? netfs_consume_read_data.isra.0+0x3ac/0x900 [netfs]
[Wed Jan 22 10:39:40 2025] ? show_regs.part.0+0x22/0x30
[Wed Jan 22 10:39:40 2025] ? __die_body.cold+0x8/0x10
[Wed Jan 22 10:39:40 2025] ? __die+0x2a/0x40
[Wed Jan 22 10:39:40 2025] ? page_fault_oops+0x16c/0x180
[Wed Jan 22 10:39:40 2025] ? do_user_addr_fault+0x4c9/0x7e0
[Wed Jan 22 10:39:40 2025] ? exc_page_fault+0x85/0x1c0
[Wed Jan 22 10:39:40 2025] ? asm_exc_page_fault+0x27/0x30
[Wed Jan 22 10:39:40 2025] ? netfs_unlock_read_folio+0x34/0x380 [netfs]
[Wed Jan 22 10:39:40 2025] netfs_consume_read_data.isra.0+0x3ac/0x900 [netfs]
[Wed Jan 22 10:39:40 2025] netfs_read_subreq_terminated+0x2ce/0x420 [netfs]
[Wed Jan 22 10:39:40 2025] smb2_readv_worker+0x1a/0x30 [cifs]
[Wed Jan 22 10:39:40 2025] process_one_work+0x177/0x350
[Wed Jan 22 10:39:40 2025] worker_thread+0x33a/0x470
[Wed Jan 22 10:39:40 2025] ? _raw_spin_unlock_irqrestore+0x11/0x60
[Wed Jan 22 10:39:40 2025] ? __pfx_worker_thread+0x10/0x10
[Wed Jan 22 10:39:40 2025] kthread+0xe4/0x110
[Wed Jan 22 10:39:40 2025] ? __pfx_kthread+0x10/0x10
[Wed Jan 22 10:39:40 2025] ret_from_fork+0x47/0x70
[Wed Jan 22 10:39:40 2025] ? __pfx_kthread+0x10/0x10
[Wed Jan 22 10:39:40 2025] ret_from_fork_asm+0x1a/0x30
[Wed Jan 22 10:39:40 2025] </TASK>
[Wed Jan 22 10:39:40 2025] Modules linked in: cmac nls_utf8 cifs cifs_arc4 nls_ucs2_utils cifs_md4 netfs qrtr cfg80211 8021q garp mrp stp llc xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_owner xt_tcpudp nft_compat nf_tables binfmt_misc nls_iso8859_1 intel_rapl_msr intel_rapl_common intel_uncore_frequency_common isst_if_common skx_edac_common nfit rapl vmgenid hyperv_drm hv_balloon joydev serio_raw mac_hid sch_fq_codel dm_multipath nvme_fabrics nvme_keyring msr nvme_core nvme_auth efi_pstore nfnetlink dmi_sysfs ip_tables x_tables autofs4 btrfs blake2b_generic raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 mlx5_ib ib_uverbs macsec ib_core mlx5_core mlxfw psample tls pci_hyperv pci_hyperv_intf hid_generic hv_storvsc hid_hyperv hid hv_netvsc scsi_transport_fc hyperv_fb hv_utils hyperv_keyboard crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha256_ssse3 sha1_ssse3 hv_vmbus aesni_intel crypto_simd cryptd
[Wed Jan 22 10:39:40 2025] CR2: 0000000000000000
[Wed Jan 22 10:39:40 2025] ---[ end trace 0000000000000000 ]---
[Wed Jan 22 10:39:40 2025] RIP: 0010:netfs_unlock_read_folio+0x34/0x380 [netfs]
[Wed Jan 22 10:39:40 2025] Code: 89 e5 41 57 49 89 ff 41 56 49 89 f6 41 55 41 54 4d 89 c4 53 48 89 d3 48 83 ec 10 41 83 f8 1e 0f 87 17 03 00 00 4e 8b 6c c3 08 <f0> 41 80 4d 00 08 49 8b 86 58 02 00 00 a9 00 00 00 80 0f 85 d8 00
[Wed Jan 22 10:39:40 2025] RSP: 0018:ffffc17000d9bd48 EFLAGS: 00010297
[Wed Jan 22 10:39:40 2025] RAX: 0000000000400000 RBX: ffff9d030a8dec00 RCX: 0000000000000005
[Wed Jan 22 10:39:40 2025] RDX: ffff9d030a8dec00 RSI: ffff9d0364c87380 RDI: ffff9d03e60f9a40
[Wed Jan 22 10:39:40 2025] RBP: ffffc17000d9bd80 R08: 0000000000000005 R09: 0000000000000000
[Wed Jan 22 10:39:40 2025] R10: 0000000000000005 R11: 0000000002800000 R12: 0000000000000005
[Wed Jan 22 10:39:40 2025] R13: 0000000000000000 R14: ffff9d0364c87380 R15: ffff9d03e60f9a40
[Wed Jan 22 10:39:40 2025] FS: 0000000000000000(0000) GS:ffff9d2553d00000(0000) knlGS:0000000000000000
[Wed Jan 22 10:39:40 2025] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[Wed Jan 22 10:39:40 2025] CR2: 0000000000000000 CR3: 00000001062c8003 CR4: 00000000003706f0
[Wed Jan 22 10:39:40 2025] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[Wed Jan 22 10:39:40 2025] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[Wed Jan 22 10:39:40 2025] note: kworker/18:2[489] exited with irqs disabled
