On Thu, 2025-02-20 at 09:27 -0500, Stephen Smalley wrote: > This was on selinux/dev so I will retry with nfsd-next too but I don't > believe we have any nfs-related changes in the selinux tree. Config > attached. > > Reproducer: > (enable SELinux) > git clone https://github.com/selinuxproject/selinux-testsuite > install dependencies as per README.md > sudo ./tools/nfs.sh > > [ 55.726787] NFSD: all clients done reclaiming, ending NFSv4 grace > period (net f0000 > 000) > [ 55.754588] BUG: kernel NULL pointer dereference, address: 0000000000000028 > [ 55.754608] #PF: supervisor read access in kernel mode > [ 55.754617] #PF: error_code(0x0000) - not-present page > [ 55.754625] PGD 0 P4D 0 > [ 55.754633] Oops: Oops: 0000 [#1] PREEMPT SMP PTI > [ 55.754642] CPU: 4 UID: 0 PID: 2720 Comm: make Not tainted 6.14.0-rc1+ #254 Thanks for the bug report. I think this should now be fixed with d9d6b74e4be98 that went into -rc3: [1]: https://lore.kernel.org/linux-nfs/20250128165806.15153-1-okorniev@xxxxxxxxxx/ See > [ 55.754669] RIP: 0010:__fh_verify+0x473/0x7b0 [nfsd] > [ 55.754755] Code: 01 f6 44 24 71 01 74 09 4d 39 75 48 0f 94 c0 09 > c2 0f b6 d2 48 89 ee 4c 89 ef e8 b8 80 00 00 41 89 c4 85 c0 0f 85 48 > fc ff ff <48> 8b 45 28 48 8b 50 30 83 e2 10 74 2c f0 48 0f ba 68 30 11 > 72 23 > [ 55.754781] RSP: 0018:ffffa12a410eb358 EFLAGS: 00010246 > [ 55.754791] RAX: 0000000000000000 RBX: ffffa12a410eb508 RCX: 0000000000000000 > [ 55.754802] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff90590e38e400 > [ 55.754812] RBP: 0000000000000000 R08: ffffa12a410eb200 R09: 0000000000000000 > [ 55.754823] R10: ffffa12a410eb260 R11: 00000000ffffffff R12: 0000000000000000 > [ 55.754833] R13: ffff90590e38e400 R14: ffff90592be77080 R15: 0000000000008000 > [ 55.754844] FS: 00007f2eb9c1b740(0000) GS:ffff9067ff800000(0000) > knlGS:0000000000000000 > [ 55.754856] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 55.754865] CR2: 0000000000000028 CR3: 000000010c262006 CR4: 00000000007706f0 > [ 55.754897] PKRU: 55555554 > [ 55.754904] Call Trace: > [ 55.754913] <TASK> > [ 55.754920] ? __die_body.cold+0x19/0x27 > [ 55.754933] ? page_fault_oops+0x15c/0x2f0 > [ 55.754944] ? exc_page_fault+0x7e/0x1a0 > [ 55.754955] ? asm_exc_page_fault+0x26/0x30 > [ 55.754966] ? __fh_verify+0x473/0x7b0 [nfsd] > [ 55.755023] ? __fh_verify+0x468/0x7b0 [nfsd] > [ 55.755069] fh_verify_local+0x27/0x30 [nfsd] > [ 55.755116] nfsd_file_do_acquire+0x59b/0xc50 [nfsd] > [ 55.755167] ? get_page_from_freelist+0x17d7/0x1bd0 > [ 55.755180] nfsd_file_acquire_local+0x4e/0x90 [nfsd] > [ 55.755229] nfsd_open_local_fh+0x121/0x190 [nfsd] > [ 55.755285] nfs_open_local_fh+0x96/0x120 [nfs_localio] > [ 55.755590] nfs_local_open_fh+0xb1/0x200 [nfs] > [ 55.755908] nfs_generic_pg_pgios+0x96/0x110 [nfs] > [ 55.756190] nfs_pageio_doio+0x3b/0x80 [nfs] > [ 55.756450] nfs_pageio_complete+0x7d/0x130 [nfs] > [ 55.756727] nfs_pageio_complete_read+0x12/0x60 [nfs] > [ 55.757000] nfs_readahead+0x244/0x2a0 [nfs] > [ 55.757255] read_pages+0x71/0x1f0 > [ 55.757488] ? __folio_batch_add_and_move+0xbe/0x100 > [ 55.757712] page_cache_ra_order+0x272/0x390 > [ 55.757934] filemap_get_pages+0x140/0x730 > [ 55.758176] filemap_read+0x106/0x460 > [ 55.758397] nfs_file_read+0x93/0xc0 [nfs] > [ 55.758638] vfs_read+0x29f/0x370 > [ 55.758855] ksys_read+0x6c/0xe0 > [ 55.759083] do_syscall_64+0x82/0x160 > [ 55.759334] ? set_ptes.isra.0+0x41/0x90 > [ 55.759567] ? do_anonymous_page+0xfc/0x940 > [ 55.759799] ? ___pte_offset_map+0x1b/0x180 > [ 55.760028] ? __handle_mm_fault+0xb6c/0xfc0 > [ 55.760287] ? __count_memcg_events+0xc0/0x180 > [ 55.760526] ? count_memcg_events.constprop.0+0x1a/0x30 > [ 55.760751] ? handle_mm_fault+0x21b/0x330 > [ 55.760972] ? do_user_addr_fault+0x55a/0x7b0 > [ 55.761188] ? clear_bhb_loop+0x25/0x80 > [ 55.761426] ? clear_bhb_loop+0x25/0x80 > [ 55.761619] ? clear_bhb_loop+0x25/0x80 > [ 55.761806] entry_SYSCALL_64_after_hwframe+0x76/0x7e > [ 55.761993] RIP: 0033:0x7f2eb9d05991 > [ 55.762188] Code: 00 48 8b 15 81 14 10 00 f7 d8 64 89 02 b8 ff ff > ff ff eb bd e8 20 ad 01 00 f3 0f 1e fa 80 3d 35 97 10 00 00 74 13 31 > c0 0f 05 <48> 3d 00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 > 83 ec > [ 55.762615] RSP: 002b:00007ffd23dd62b8 EFLAGS: 00000246 ORIG_RAX: > 0000000000000000 > [ 55.762826] RAX: ffffffffffffffda RBX: 000055939883d6d0 RCX: 00007f2eb9d05991 > [ 55.763034] RDX: 0000000000002000 RSI: 000055939883da40 RDI: 0000000000000003 > [ 55.763241] RBP: 00007ffd23dd62f0 R08: 0000000000000000 R09: 0000000000000001 > [ 55.763452] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f2eb9e05fd0 > [ 55.763671] R13: 00007f2eb9e05e80 R14: 0000000000000000 R15: 000055939883d6d0 > [ 55.763880] </TASK> > [ 55.764085] Modules linked in: rpcsec_gss_krb5 nfsv4 dns_resolver > nfs netfs rpcrdma rdma_cm iw_cm ib_cm ib_core nfsd nfs_acl lockd grace > nfs_localio vfat fat jfs nls_ucs2_utils nft_fib_inet nft_fib_ipv4 > nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 > nft_reject nft_ct nft_chain_nat ip6table_nat ip6table_mangle > ip6table_raw ip6table_security iptable_nat nf_nat nf_conntrack > nf_defrag_ipv6 nf_defrag_ipv4 iptable_mangle iptable_raw > iptable_security ip_set rfkill nf_tables ip6table_filter ip6_tables > iptable_filter ip_tables qrtr binfmt_misc intel_rapl_msr > intel_rapl_common intel_uncore_frequency_common isst_if_mbox_msr > isst_if_common skx_edac_common nfit libnvdimm rapl vmw_balloon pktcdvd > pcspkr vmxnet3 i2c_piix4 i2c_smbus joydev auth_rpcgss sunrpc loop > dm_multipath nfnetlink vsock_loopback > vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vsock zram > vmw_vmci lz4hc_compress lz4_compress xfs vmwgfx polyval_clmulni > polyval_generic ghash_clmulni_intel sha512_ssse3 sha256_ssse3 > sha1_ssse3 vmw_pvscsi > [ 55.764153] ata_generic drm_ttm_helper pata_acpi ttm serio_raw > scsi_dh_rdac scsi_dh_emc scsi_dh_alua pkcs8_key_parser fuse > [ 55.766222] CR2: 0000000000000028 > [ 55.766500] ---[ end trace 0000000000000000 ]--- > [ 55.766813] RIP: 0010:__fh_verify+0x473/0x7b0 [nfsd] > [ 55.767165] Code: 01 f6 44 24 71 01 74 09 4d 39 75 48 0f 94 c0 09 > c2 0f b6 d2 48 89 > ee 4c 89 ef e8 b8 80 00 00 41 89 c4 85 c0 0f 85 48 fc ff ff <48> 8b > 45 28 48 8b 50 30 > 83 e2 10 74 2c f0 48 0f ba 68 30 11 72 23 > [ 55.767785] RSP: 0018:ffffa12a410eb358 EFLAGS: 00010246 > [ 55.768119] RAX: 0000000000000000 RBX: ffffa12a410eb508 RCX: 0000000000000000 > [ 55.768434] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff90590e38e400 > [ 55.768751] RBP: 0000000000000000 R08: ffffa12a410eb200 R09: 0000000000000000 > [ 55.769089] R10: ffffa12a410eb260 R11: 00000000ffffffff R12: 0000000000000000 > [ 55.769408] R13: ffff90590e38e400 R14: ffff90592be77080 R15: 0000000000008000 > [ 55.769726] FS: 00007f2eb9c1b740(0000) GS:ffff9067ff800000(0000) > knlGS:00000000000 > 00000 > [ 55.770069] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 55.770393] CR2: 0000000000000028 CR3: 000000010c262006 CR4: 00000000007706f0 > [ 55.770756] PKRU: 55555554 > [ 55.771111] note: make[2720] exited with irqs disabled > [ 55.771477] ------------[ cut here ]------------ -- Jeff Layton <jlayton@xxxxxxxxxx>
