Re: 3.7.1-rc1: cifs client panic

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: CAI Qian <caiqian-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: stable-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
	"linux-cifs "
	<linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: 3.7.1-rc1: cifs client panic
Date: Tue, 25 Dec 2012 20:40:12 -0500	[thread overview]
Message-ID: <20121225204012.41a46686@corrin.poochiereds.net> (raw)
In-Reply-To: <644615486.5925461.1356428800313.JavaMail.root-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>

On Tue, 25 Dec 2012 04:46:40 -0500 (EST)
CAI Qian <caiqian-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote:

> Just a head-up, I just hit this while doing some cifs client-side
> testing using 3.7.1-rc1 kernel (no specific cifs patches on the
> top of the 3.7.1 release). Still trying to reproduce...
> 
> [90701.616664] BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
> [90701.625438] IP: [<ffffffff814a343e>] kernel_setsockopt+0x2e/0x60
> [90701.632167] PGD fea319067 PUD 103fda4067 PMD 0
> [90701.637255] Oops: 0000 [#1] SMP
> [90701.640878] Modules linked in: des_generic md4 nls_utf8 cifs dns_resolver binfmt_misc tun sg igb iTCO_wdt iTCO_vendor_support lpc_ich pcspkr i2c_i801 i2c_core i7core_edac edac_core ioatdma dca mfd_core coretemp kvm_intel kvm crc32c_intel microcode sr_mod cdrom ata_generic sd_mod pata_acpi crc_t10dif ata_piix libata megaraid_sas dm_mirror dm_region_hash dm_log dm_mod
> [90701.677655] CPU 10
> [90701.679808] Pid: 9627, comm: ls Tainted: G        W    3.7.1+ #10 QCI QSSC-S4R/QSSC-S4R
> [90701.688950] RIP: 0010:[<ffffffff814a343e>]  [<ffffffff814a343e>] kernel_setsockopt+0x2e/0x60
> [90701.698383] RSP: 0018:ffff88177b431bb8  EFLAGS: 00010206
> [90701.704309] RAX: ffff88177b431fd8 RBX: 00007ffffffff000 RCX: ffff88177b431bec
> [90701.712271] RDX: 0000000000000003 RSI: 0000000000000006 RDI: 0000000000000000
> [90701.720223] RBP: ffff88177b431bc8 R08: 0000000000000004 R09: 0000000000000000
> [90701.728185] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001
> [90701.736147] R13: ffff88184ef92000 R14: 0000000000000023 R15: ffff88177b431c88
> [90701.744109] FS:  00007fd56a1a47c0(0000) GS:ffff88105fc40000(0000) knlGS:0000000000000000
> [90701.753137] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> [90701.759550] CR2: 0000000000000028 CR3: 000000104f15f000 CR4: 00000000000007e0
> [90701.767512] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [90701.775465] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> [90701.783428] Process ls (pid: 9627, threadinfo ffff88177b430000, task ffff88185ca4cb60)
> [90701.792261] Stack:
> [90701.794505]  0000000000000023 ffff88177b431c50 ffff88177b431c38 ffffffffa014fcb1
> [90701.802809]  ffff88184ef921bc 0000000000000000 00000001ffffffff ffff88184ef921c0
> [90701.811123]  ffff88177b431c08 ffffffff815ca3d9 ffff88177b431c18 ffff880857758000
> [90701.819433] Call Trace:
> [90701.822183]  [<ffffffffa014fcb1>] smb_send_rqst+0x71/0x1f0 [cifs]
> [90701.828991]  [<ffffffff815ca3d9>] ? schedule+0x29/0x70
> [90701.834736]  [<ffffffffa014fe6d>] smb_sendv+0x3d/0x40 [cifs]
> [90701.841062]  [<ffffffffa014fe96>] smb_send+0x26/0x30 [cifs]
> [90701.847291]  [<ffffffffa015801f>] send_nt_cancel+0x6f/0xd0 [cifs]
> [90701.854102]  [<ffffffffa015075e>] SendReceive+0x18e/0x360 [cifs]
> [90701.860814]  [<ffffffffa0134a78>] CIFSFindFirst+0x1a8/0x3f0 [cifs]
> [90701.867724]  [<ffffffffa013f731>] ? build_path_from_dentry+0xf1/0x260 [cifs]
> [90701.875601]  [<ffffffffa013f731>] ? build_path_from_dentry+0xf1/0x260 [cifs]
> [90701.883477]  [<ffffffffa01578e6>] cifs_query_dir_first+0x26/0x30 [cifs]
> [90701.890869]  [<ffffffffa015480d>] initiate_cifs_search+0xed/0x250 [cifs]
> [90701.898354]  [<ffffffff81195970>] ? fillonedir+0x100/0x100
> [90701.904486]  [<ffffffffa01554cb>] cifs_readdir+0x45b/0x8f0 [cifs]
> [90701.911288]  [<ffffffff81195970>] ? fillonedir+0x100/0x100
> [90701.917410]  [<ffffffff81195970>] ? fillonedir+0x100/0x100
> [90701.923533]  [<ffffffff81195970>] ? fillonedir+0x100/0x100
> [90701.929657]  [<ffffffff81195848>] vfs_readdir+0xb8/0xe0
> [90701.935490]  [<ffffffff81195b9f>] sys_getdents+0x8f/0x110
> [90701.941521]  [<ffffffff815d3b99>] system_call_fastpath+0x16/0x1b
> [90701.948222] Code: 66 90 55 65 48 8b 04 25 f0 c6 00 00 48 89 e5 53 48 83 ec 08 83 fe 01 48 8b 98 48 e0 ff ff 48 c7 80 48 e0 ff ff ff ff ff ff 74 22 <48> 8b 47 28 ff 50 68 65 48 8b 14 25 f0 c6 00 00 48 89 9a 48 e0
> [90701.970313] RIP  [<ffffffff814a343e>] kernel_setsockopt+0x2e/0x60
> [90701.977125]  RSP <ffff88177b431bb8>
> [90701.981018] CR2: 0000000000000028
> [90701.984809] ---[ end trace 24bd602971110a43 ]---
> 
> CAI Qian
> --
> To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Looks like a NULL socket pointer got passed into kernel_setsockopt.
Most likely this is a race between a send and a reconnection event. The
locking rules around the socket and its state handling have always been
bit muddled so that's probably where the bug is. If you find a way to
reliably reproduce let us know, but I expect it'll be difficult.

-- 
Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>

     prev parent reply	other threads:[~2012-12-26  1:40 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-12-25  9:46 3.7.1-rc1: cifs client panic CAI Qian
     [not found] ` <644615486.5925461.1356428800313.JavaMail.root-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-12-26  1:40   ` Jeff Layton [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20121225204012.41a46686@corrin.poochiereds.net \
    --to=jlayton-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
    --cc=caiqian-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
    --cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=stable-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.