Bug 219793
| Summary: | [CIFS] Kernel BUG when trying to access a file : BUG: kernel NULL pointer dereference, address: 0000000000000000 | ||
|---|---|---|---|
| Product: | File System | Reporter: | Jean-Christophe Guillain (jean-christophe) |
| Component: | CIFS | Assignee: | fs_cifs (fs_cifs) |
| Status: | RESOLVED CODE_FIX | ||
| Severity: | blocking | CC: | dhowells, jean-christophe, pali, smfrench |
| Priority: | P3 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Kernel Version: | 6.14.0-rc3 | Subsystem: | |
| Regression: | Yes | Bisected commit-id: | e2d46f2ec332533816417b60933954173f602121 |
| Attachments: |
Error message in system logs.
The kernel messages with 6.14.0-rc4 |
||
(The issue doesn't exist in 6.13.2) The bug si still present in 6.14.0-rc4. Created attachment 307706 [details]
The kernel messages with 6.14.0-rc4
Hello, I can reproduce this problem with qemu's smb server (uses samba): echo test > /tmp/file.txt qemu-system-x86_64 -net nic -net user,smb=/tmp/ ... Inside qemu with Linux kernel 6.14.0-rc just run: mkdir /cifs mount //10.0.2.4/qemu /cifs -t cifs -o vers=1.0 cat /cifs/file.txt Kernel inside qemu after calling "cat" crashes. I located commit which started causing this issue: https://git.kernel.org/torvalds/c/e2d46f2ec332533816417b60933954173f602121 netfs: Change the read result collector to only use one work item Author is David Howells, so hopefully he would be able to debug this problem. Commit before the mentioned one does not crash kernel. The mentioned commit changes more filesystems, so it is possible that this bug is not smb1 specific. But it looks like that smb2+ is not affected. Hello, I just finished bisecting the issue, and I also can confirm that this commit is the culprit : jc@toto:~/kernel/linux$ git bisect good e2d46f2ec332533816417b60933954173f602121 is the first bad commit commit e2d46f2ec332533816417b60933954173f602121 Author: David Howells <dhowells@redhat.com> Date: Mon Dec 16 20:41:17 2024 +0000 netfs: Change the read result collector to only use one work item Let me know if you need more information. I'll be happy to test any patch :-) Cheers, jC This is the fix: diff --git a/fs/smb/client/cifssmb.c b/fs/smb/client/cifssmb.c index 6a3e287eabfa..bf9acea53ccb 100644 --- a/fs/smb/client/cifssmb.c +++ b/fs/smb/client/cifssmb.c @@ -1338,7 +1338,8 @@ cifs_readv_callback(struct mid_q_entry *mid) rdata->credits.value = 0; rdata->subreq.error = rdata->result; rdata->subreq.transferred += rdata->got_bytes; - queue_work(cifsiod_wq, &rdata->subreq.work); + trace_netfs_sreq(&rdata->subreq, netfs_sreq_trace_io_progress); + netfs_read_subreq_terminated(&rdata->subreq); release_mid(mid); add_credits(server, &credits, 0); } I just applied your patch on Linus tree, and it actually fixed the issue for me. Thank you very much David ! Added patch to cifs-2.6.git for-next, and plan to send to Linus later this week unless additional issues are founnd |
Created attachment 307671 [details] Error message in system logs. Hello ! After booting on the last kernel RC and mounting a CIFS share, I can't open any file. Feb 17 15:19:14 youpi kernel: BUG: kernel NULL pointer dereference, address: 0000000000000000 Feb 17 15:19:14 youpi kernel: #PF: supervisor instruction fetch in kernel mode Feb 17 15:19:14 youpi kernel: #PF: error_code(0x0010) - not-present page Feb 17 15:19:14 youpi kernel: PGD 0 P4D 0 Feb 17 15:19:14 youpi kernel: Oops: Oops: 0010 [#1] PREEMPT SMP NOPTI -> full message attached. root@youpi:~# mount [...] //10.XX.XX.XX/doc on /home/jc/Desktop/doc type cifs (rw,nosuid,nodev,relatime,vers=1.0,cache=strict,upcall_target=app,username=toto,uid=1000,forceuid,gid=1000,forcegid,addr=10.XX.XX.XX,iocharset=utf8,soft,unix,posixpaths,serverino,acl,reparse=nfs,nativesocket,symlink=native,rsize=1048576,wsize=65536,bsize=1048576,retrans=1,echo_interval=60,actimeo=1,closetimeo=1,_netdev,user) Cheers, jC