Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#73408 - [linux] BUG: kernel NULL pointer dereference

Attached to Project: Arch Linux
Opened by Mal Haak (insanemal) - Tuesday, 18 January 2022, 14:18 GMT
Last edited by Sven-Hendrik Haase (Svenstaro) - Monday, 07 February 2022, 07:01 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To No-one
Architecture x86_64
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description: Using in-kernel cephfs module causes null pointer dereference when trying to write a file

[ 142.967898] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 142.967911] #PF: supervisor read access in kernel mode
[ 142.967917] #PF: error_code(0x0000) - not-present page
[ 142.967922] PGD 0 P4D 0
[ 142.967931] Oops: 0000 [#1] PREEMPT SMP NOPTI
[ 142.967939] CPU: 5 PID: 2471 Comm: cp Tainted: P U OE 5.16.1-arch1-1 #1 49bbb8d20d0329f70e47963ef5feb4a66c3cd442
[ 142.967949] Hardware name: Dell Inc. Precision 3551/07YHW8, BIOS 1.8.1 10/07/2021
[ 142.967953] RIP: 0010:strlen+0x0/0x20
[ 142.967966] Code: b6 07 38 d0 74 16 48 83 c7 01 84 c0 74 05 48 39 f7 75 ec 31 c0 31 d2 89 d6 89 d7 c3 48 89 f8 31 d2 89 d6 89 d7 c3 0f 1f 40 00 <80> 3f 00 74 12 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 31 ff
[ 142.967973] RSP: 0018:ffffaa9f81c2fb68 EFLAGS: 00010246
[ 142.967980] RAX: 0000000000000000 RBX: ffffaa9f81c2fc10 RCX: 0000000000000000
[ 142.967986] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 142.967990] RBP: ffff9a56f881b8a0 R08: 0000000000000000 R09: 0000000000000000
[ 142.967994] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 142.967998] R13: 0000000000000001 R14: ffffaa9f81c2fc10 R15: 0000000000000000
[ 142.968003] FS: 00007f2e67a84740(0000) GS:ffff9a5ddd540000(0000) knlGS:0000000000000000
[ 142.968010] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 142.968015] CR2: 0000000000000000 CR3: 000000010779c001 CR4: 00000000007706e0
[ 142.968021] PKRU: 55555554
[ 142.968024] Call Trace:
[ 142.968029] <TASK>
[ 142.968038] ceph_security_init_secctx+0x7b/0x240 [ceph a1d47d2a61d5cd1d6cd71d3e9f7169b589e54dba]
[ 142.968107] ceph_atomic_open+0x51e/0x8a0 [ceph a1d47d2a61d5cd1d6cd71d3e9f7169b589e54dba]
[ 142.968154] ? __ceph_caps_issued_mask_metric+0x3d/0x70 [ceph a1d47d2a61d5cd1d6cd71d3e9f7169b589e54dba]
[ 142.968205] path_openat+0x60a/0x1030
[ 142.968222] do_filp_open+0xa5/0x150
[ 142.968240] do_sys_openat2+0xc4/0x190
[ 142.968250] __x64_sys_openat+0x53/0xa0
[ 142.968259] do_syscall_64+0x59/0x90
[ 142.968268] ? do_syscall_64+0x69/0x90
[ 142.968274] ? exit_to_user_mode_prepare+0x8d/0x180
[ 142.968284] ? syscall_exit_to_user_mode+0x23/0x50
[ 142.968295] ? do_syscall_64+0x69/0x90
[ 142.968301] ? do_syscall_64+0x69/0x90
[ 142.968307] ? exc_page_fault+0x72/0x180
[ 142.968316] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 142.968328] RIP: 0033:0x7f2e67b765bb
[ 142.968335] Code: 25 00 00 41 00 3d 00 00 41 00 74 4b 64 8b 04 25 18 00 00 00 85 c0 75 67 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 91 00 00 00 48 8b 54 24 28 64 48 2b 14 25
[ 142.968341] RSP: 002b:00007ffcba97d770 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 142.968349] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f2e67b765bb
[ 142.968354] RDX: 00000000000000c1 RSI: 000055b504cf7ce0 RDI: 00000000ffffff9c
[ 142.968359] RBP: 000055b504cf7ce0 R08: 00007ffcba97ddd0 R09: 00007ffcba97ddd0
[ 142.968364] R10: 00000000000001ed R11: 0000000000000246 R12: 00000000000000c1
[ 142.968368] R13: 00007ffcba97ddd0 R14: 000055b504cf7ce0 R15: 0000000000000001
[ 142.968378] </TASK>
[ 142.968381] Modules linked in: cbc ceph libceph dns_resolver fscache netfs snd_seq_dummy snd_seq_midi snd_hrtimer snd_seq_midi_event snd_seq tun typec_displayport snd_hda_codec_hdmi snd_ctl_led snd_hda_codec_realtek snd_hda_codec_generic nvidia_drm(POE) nvidia_modeset(POE) nvidia(POE) snd_sof_pci_intel_cnl snd_sof_intel_hda_common soundwire_intel soundwire_generic_allocation soundwire_cadence snd_sof_intel_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof soundwire_bus btusb joydev btrtl mousedev snd_soc_skl btbcm snd_usb_audio btintel snd_soc_hdac_hda snd_hda_ext_core bluetooth snd_usbmidi_lib snd_soc_sst_ipc uvcvideo snd_rawmidi intel_tcc_cooling uas snd_soc_sst_dsp snd_seq_device ecdh_generic videobuf2_vmalloc x86_pkg_temp_thermal usbhid snd_soc_acpi_intel_match videobuf2_memops dell_rbtn usb_storage crc16 hid_multitouch intel_powerclamp r8153_ecm snd_soc_acpi videobuf2_v4l2 coretemp cdc_ether snd_soc_core mei_wdt mei_hdcp mei_pxp videobuf2_common dell_laptop usbnet snd_compress r8152
[ 142.968511] dell_wmi videodev ledtrig_audio kvm_intel mii ac97_bus iTCO_wdt mc iwlmvm intel_pmc_bxt snd_pcm_dmaengine dell_smbios ee1004 kvm iTCO_vendor_support mac80211 snd_hda_intel intel_rapl_msr snd_intel_dspcfg irqbypass dell_wmi_sysman crct10dif_pclmul crc32_pclmul snd_intel_sdw_acpi ghash_clmulni_intel firmware_attributes_class dcdbas dell_wmi_descriptor wmi_bmof intel_wmi_thunderbolt mxm_wmi snd_hda_codec dell_smm_hwmon libarc4 aesni_intel snd_hda_core crypto_simd cryptd snd_hwdep intel_spi_pci rapl iwlwifi snd_pcm intel_spi intel_cstate processor_thermal_device_pci_legacy processor_thermal_device spi_nor vfat snd_timer fat intel_uncore i915 psmouse pcspkr cfg80211 e1000e processor_thermal_rfim thunderbolt mtd intel_lpss_pci mei_me snd ucsi_acpi processor_thermal_mbox i2c_i801 intel_lpss typec_ucsi mei processor_thermal_rapl soundcore ttm idma64 i2c_smbus rfkill intel_pch_thermal typec intel_rapl_common tpm_crb i2c_hid_acpi intel_soc_dts_iosf intel_gtt roles mac_hid i2c_hid
[ 142.968656] int3403_thermal tpm_tis int340x_thermal_zone tpm_tis_core tpm intel_hid dell_smo8800 wmi int3400_thermal rng_core video acpi_thermal_rel sparse_keymap acpi_pad vboxnetflt(OE) vboxnetadp(OE) vboxdrv(OE) ipmi_devintf ipmi_msghandler crypto_user fuse bpf_preload ip_tables x_tables xfs libcrc32c crc32c_generic serio_raw rtsx_pci_sdmmc atkbd mmc_core libps2 i8042 xhci_pci crc32c_intel rtsx_pci xhci_pci_renesas serio
[ 142.968731] CR2: 0000000000000000
[ 142.968736] ---[ end trace 5e41e4e12ba03de5 ]---
[ 143.044451] RIP: 0010:strlen+0x0/0x20
[ 143.044460] Code: b6 07 38 d0 74 16 48 83 c7 01 84 c0 74 05 48 39 f7 75 ec 31 c0 31 d2 89 d6 89 d7 c3 48 89 f8 31 d2 89 d6 89 d7 c3 0f 1f 40 00 <80> 3f 00 74 12 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 31 ff
[ 143.044462] RSP: 0018:ffffaa9f81c2fb68 EFLAGS: 00010246
[ 143.044464] RAX: 0000000000000000 RBX: ffffaa9f81c2fc10 RCX: 0000000000000000
[ 143.044465] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 143.044466] RBP: ffff9a56f881b8a0 R08: 0000000000000000 R09: 0000000000000000
[ 143.044468] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 143.044469] R13: 0000000000000001 R14: ffffaa9f81c2fc10 R15: 0000000000000000
[ 143.044470] FS: 00007f2e67a84740(0000) GS:ffff9a5ddd540000(0000) knlGS:0000000000000000
[ 143.044472] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 143.044473] CR2: 0000000000000000 CR3: 000000010779c001 CR4: 00000000007706e0
[ 143.044475] PKRU: 55555554


Additional info:
linux 5.16.1.arch1-1

Steps to reproduce:
Mount cephfs
copy file to cephfs

This task depends upon

Closed by  Sven-Hendrik Haase (Svenstaro)
Monday, 07 February 2022, 07:01 GMT
Reason for closing:  Fixed
Additional comments about closing:  Problem has been fixed and was an upstream bug
Comment by Mal Haak (insanemal) - Tuesday, 18 January 2022, 14:25 GMT
I have multiple machines.

CephFS seems to work fine on linux 5.15.5 and linux 5.15.7


So it seems to be a 5.16 regression

Comment by loqs (loqs) - Tuesday, 18 January 2022, 21:51 GMT
Can you still reproduced the issue with 15bf32398ad488c0df1cbaf16431422c87e4feea reverted?
Comment by Stephen Muth (smuth4) - Monday, 24 January 2022, 19:31 GMT
On 5.16.2-arch1-1, I was able to make the issue go away by reverting 15bf323.
Comment by loqs (loqs) - Monday, 24 January 2022, 20:22 GMT
See [1] for general advice on reporting kernel bugs. Not sure which list is most appropriate ceph or selinux. In either case I would suggest CCing Vivek Goyal <vgoyal@redhat.com> Jeff Layton <jlayton@kernel.org> Christian Brauner <christian.brauner@ubuntu.com> Paul Moore <paul@paul-moore.com>

perl scripts/get_maintainer.pl fs/ceph/xattr.c
Jeff Layton <jlayton@kernel.org> (supporter:CEPH DISTRIBUTED FILE SYSTEM CLIENT (CEPH))
Ilya Dryomov <idryomov@gmail.com> (supporter:CEPH DISTRIBUTED FILE SYSTEM CLIENT (CEPH))
ceph-devel@vger.kernel.org (open list:CEPH DISTRIBUTED FILE SYSTEM CLIENT (CEPH))
linux-kernel@vger.kernel.org (open list)

[1] https://www.kernel.org/doc/html/latest/admin-guide/reporting-issues.html

Loading...