Bug 200907
| Summary: | CIFS: BUG: unable to handle kernel NULL pointer dereference | ||
|---|---|---|---|
| Product: | File System | Reporter: | Bernhard Übelacker (bernhardu) |
| Component: | CIFS | Assignee: | fs_cifs (fs_cifs) |
| Status: | RESOLVED UNREPRODUCIBLE | ||
| Severity: | low | CC: | lsahlber |
| Priority: | P1 | ||
| Hardware: | x86-64 | ||
| OS: | Linux | ||
| Kernel Version: | 4.17.0-1-amd64/Debian 4.17.8-1 | Subsystem: | |
| Regression: | No | Bisected commit-id: | |
| Attachments: | dmesg.201808231448 | ||
This might have been related to the commit mentioned here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919290#10 |
Created attachment 278045 [details] dmesg.201808231448 Hello, I encountered following crash: ... [ 2284.588895] No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount. [ 2295.043587] CIFS VFS: Autodisabling the use of server inode numbers on \\127.0.254.31\C. This server doesn't seem to support them properly. Hardlinks will not be recognized on this mount. Consider mounting with the "noserverino" option to silence this message. [ 2563.843761] CIFS VFS: Server 127.0.254.31 has not responded in 120 seconds. Reconnecting... [ 6377.519055] CIFS VFS: Server 127.0.254.31 has not responded in 120 seconds. Reconnecting... [ 6992.181414] CIFS VFS: Server 127.0.254.31 has not responded in 120 seconds. Reconnecting... [ 7067.488072] No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount. [ 7131.700381] CIFS VFS: cifs_mount failed w/return code = -512 [ 7156.277558] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 [ 7156.277567] PGD 0 P4D 0 [ 7156.277573] Oops: 0000 [#1] SMP NOPTI [ 7156.277576] Modules linked in: cmac arc4 ecb md4 nls_utf8 cifs ccm dns_resolver fscache sr_mod cdrom pci_stub vboxpci(O) vboxnetadp(O) vboxnetflt(O) vboxdrv(O) cpufreq_userspace cpufreq_conservative cpufreq_powersave binfmt_misc nls_ascii nls_cp437 vfat fat amdkfd snd_hda_codec_realtek snd_hda_codec_generic amdgpu edac_mce_amd snd_hda_codec_hdmi snd_hda_intel kvm_amd chash gpu_sched snd_hda_codec ttm kvm snd_hda_core snd_hwdep snd_pcm_oss eeepc_wmi irqbypass drm_kms_helper snd_mixer_oss asus_wmi joydev crct10dif_pclmul crc32_pclmul sparse_keymap snd_pcm drm rfkill efi_pstore video wmi_bmof snd_timer evdev ghash_clmulni_intel sg i2c_algo_bit snd ccp soundcore efivars pcspkr rng_core k10temp sp5100_tco shpchp wmi button acpi_cpufreq vhba(O) sunrpc lm78 hwmon_vid i2c_dev parport_pc ppdev lp parport [ 7156.277640] efivarfs ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 fscrypto btrfs xor zstd_decompress zstd_compress xxhash raid6_pq libcrc32c sd_mod hid_generic usbhid hid crc32c_intel ahci xhci_pci aesni_intel libahci aes_x86_64 crypto_simd xhci_hcd cryptd glue_helper libata i2c_piix4 r8169 mii usbcore scsi_mod usb_common gpio_amdpt gpio_generic [ 7156.277673] CPU: 0 PID: 11654 Comm: kworker/0:2 Kdump: loaded Tainted: G O 4.17.0-1-amd64 #1 Debian 4.17.8-1 [ 7156.277675] Hardware name: System manufacturer System Product Name/PRIME B350M-A, BIOS 4014 05/11/2018 [ 7156.277703] Workqueue: cifsiod smb2_reconnect_server [cifs] [ 7156.277711] RIP: 0010:__list_del_entry_valid+0x25/0x90 [ 7156.277714] RSP: 0018:ffffb2ce49807e18 EFLAGS: 00010207 [ 7156.277717] RAX: 0000000000000000 RBX: ffffb2ce49807e50 RCX: dead000000000200 [ 7156.277719] RDX: 0000000000000000 RSI: 0000000000000206 RDI: ffff9dba63026818 [ 7156.277721] RBP: ffffb2ce49807e38 R08: ffff9dbadec22420 R09: 0000000000000000 [ 7156.277724] R10: 0000000000000000 R11: 00000000003d0900 R12: ffff9dba63020818 [ 7156.277726] R13: 0000000000000001 R14: ffff9dba63026800 R15: ffff9dba63026818 [ 7156.277729] FS: 0000000000000000(0000) GS:ffff9dbadec00000(0000) knlGS:0000000000000000 [ 7156.277732] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 7156.277734] CR2: 0000000000000000 CR3: 00000003b835a000 CR4: 00000000003406f0 [ 7156.277736] Call Trace: [ 7156.277761] smb2_reconnect_server+0x178/0x340 [cifs] [ 7156.277769] process_one_work+0x17b/0x360 [ 7156.277773] worker_thread+0x1f8/0x390 [ 7156.277777] ? process_one_work+0x360/0x360 [ 7156.277782] kthread+0x113/0x130 [ 7156.277786] ? kthread_create_worker_on_cpu+0x70/0x70 [ 7156.277792] ret_from_fork+0x22/0x40 [ 7156.277795] Code: 00 00 00 00 66 90 48 8b 07 48 b9 00 01 00 00 00 00 ad de 48 8b 57 08 48 39 c8 74 26 48 b9 00 02 00 00 00 00 ad de 48 39 ca 74 2b <48> 8b 32 48 39 fe 75 34 48 8b 50 08 48 39 f2 75 3f b8 01 00 00 [ 7156.277840] RIP: __list_del_entry_valid+0x25/0x90 RSP: ffffb2ce49807e18 [ 7156.277842] CR2: 0000000000000000 Following steps led to this: - Let a QEMU VM run with a windows guest that has port 445 forwarded to the loopback device of the host. - Mounted a share from the guest to the host via: mount -t cifs -o user=Benutzer1,pass=test,port=4445,uid=1000,gid=1000 //$LOCALIP/C share - The guest crashed on a problem with a virtual wacom tablet driver and was not able to boot up the guest in the same QEMU process. - Stopped the QEMU process. - Tried "umount share" - not possible as it is still accessed by something. - Unmounted it by "umount share -l" - Restarted the QEMU VM from working snapshot. - Tried to mount again. - Now it took some seconds while sound was replaying the same ~3 seconds. - Then kdump kernel kicked in and saved crash dump and (attached) dmesg. When I tried a few times to reproduce either the umount was done without failing or no crash happened.