* [REGRESSION] CephFS kernel client crash (NULL deref in strcmp) since Linux 6.17.8
@ 2025-11-26 23:12 Уолтер О'Дим
2025-11-26 23:22 ` Viacheslav Dubeyko
0 siblings, 1 reply; 2+ messages in thread
From: Уолтер О'Дим @ 2025-11-26 23:12 UTC (permalink / raw)
To: ceph-devel; +Cc: linux-fsdevel
[-- Attachment #1.1: Type: text/plain, Size: 3155 bytes --]
Subject: [REGRESSION] CephFS kernel client crash (NULL deref in strcmp)
since Linux 6.17.8
To: ceph-devel@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org
Hi,
I would like to report a regression in the in-kernel CephFS client which
appeared between Linux 6.17.7 and 6.17.8. The issue is fully reproducible
on my hardware and completely prevents accessing CephFS.
The same CephFS cluster works fine from Ubuntu and Debian kernel clients,
so this appears to be a kernel-side regression in the CephFS client
codepath.
======================================================
Summary
======================================================
Starting with Linux 6.17.8, running "ls /mnt/cephfs" triggers an immediate
kernel crash (NULL pointer dereference in strcmp), inside:
ceph_mds_check_access()
ceph_open()
CephFS becomes unusable: any attempt to open files or directories on the
mount kills the calling process.
Rolling back to 6.17.7 fixes the issue.
======================================================
Environment
======================================================
Distro: Arch Linux (rolling)
Kernel (bad): 6.17.8.arch1-1
Kernel (good): 6.17.7.arch1-1
Architecture: x86_64
Hardware:
Dell Latitude 7490
BIOS 1.39.0 (2024-07-04)
Ceph modules:
ceph.ko srcversion 8A90DA7BD7115993B7D91C5
libceph.ko srcversion 451CE8A92FEA7625419462C
CephFS mount:
172.27.0.71:6789,172.27.1.51:6789,172.27.5.25:6789:/ /mnt/cephfs
-t ceph
-o name=cephfs,secret=...,noatime,_netdev,x-systemd.automount
======================================================
Regression window
======================================================
Last known good: 6.17.7
First bad: 6.17.8
Also bad: 6.17.9
Also affected: linux-lts 6.12.x (same crash on this machine)
======================================================
Reproducer
======================================================
1. Boot kernel 6.17.8 or newer.
2. Mount CephFS.
3. Run: ls /mnt/cephfs
4. Kernel immediately BUGs with a NULL dereference and kills the process.
This is 100% reproducible.
======================================================
Crash excerpt (full dmesg attached)
======================================================
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor read access in kernel mode
Oops: 0000 [#1] SMP PTI
CPU: 1 PID: 5365 Comm: ls
RIP: 0010:strcmp+0x2c/0x50
RAX: 0000000000000000
RSI: 0000000000000000
RDI: ffff8a16d6da87c8
Call Trace:
ceph_mds_check_access+0x103/0x840 [ceph]
__touch_cap+0x30/0x180 [ceph]
ceph_open+0x17a/0x620 [ceph]
do_dentry_open+0x23d/0x480
vfs_open
path_openat
do_filp_open
do_sys_openat2
__x64_sys_openat
do_syscall_64
entry_SYSCALL_64_after_hwframe
Second ls run produces an identical crash.
======================================================
Notes
======================================================
* The issue occurs before any user operations.
* The CephFS cluster is unchanged between tests.
* Other Linux clients (Ubuntu, Debian kernels) work fine.
* I can test patches or help bisect.
Full logs are attached.
Thanks,
Andrey
[-- Attachment #1.2: Type: text/html, Size: 3721 bytes --]
[-- Attachment #2: ceph_kernel_bug_arch872_20251127_014252.log --]
[-- Type: text/x-log, Size: 32531 bytes --]
========================================
CephFS kernel bug report data
Host: arch872
Date: 20251127_014252
========================================
---- uname -a ----
Linux arch872 6.17.8-arch1-1 #1 SMP PREEMPT_DYNAMIC Fri, 14 Nov 2025 06:54:20 +0000 x86_64 GNU/Linux
---- /etc/os-release ----
NAME="Arch Linux"
PRETTY_NAME="Arch Linux"
ID=arch
BUILD_ID=rolling
ANSI_COLOR="38;2;23;147;209"
HOME_URL="https://archlinux.org/"
DOCUMENTATION_URL="https://wiki.archlinux.org/"
SUPPORT_URL="https://bbs.archlinux.org/"
BUG_REPORT_URL="https://gitlab.archlinux.org/groups/archlinux/-/issues"
PRIVACY_POLICY_URL="https://terms.archlinux.org/docs/privacy-policy/"
LOGO=archlinux-logo
---- pacman -Qi linux ----
Название : linux
Версия : 6.17.8.arch1-1
Описание : The Linux kernel and modules
Архитектура : x86_64
URL : https://github.com/archlinux/linux
Лицензии : GPL-2.0-only
Группы : Нет
Предоставляет : KSMBD-MODULE NTSYNC-MODULE VIRTUALBOX-GUEST-MODULES WIREGUARD-MODULE
Зависит от : coreutils initramfs kmod
Доп. зависимости : linux-firmware: firmware images needed for some devices [установлено]
scx-scheds: to use sched-ext schedulers
wireless-regdb: to set the correct wireless channels of your country
Требуется : Нет
Опционально для : base
Конфликтует с : Нет
Заменяет : virtualbox-guest-modules-arch wireguard-arch
Установленный размер : 143,27 MiB
Сборщик : Jan Alexander Steffens (heftig) <heftig@archlinux.org>
Дата сборки : Пт 14 ноя 2025 09:54:20
Дата установки : Чт 27 ноя 2025 01:31:31
Причина установки : Явно установлен
Установочный скрипт : No
Проверен : Нет
---- pacman -Q linux linux-lts ----
linux 6.17.8.arch1-1
Не все пакеты linux/linux-lts установлены
---- lsmod | grep -i ceph ----
ceph 749568 1
libceph 618496 1 ceph
dns_resolver 16384 1 libceph
netfs 622592 1 ceph
---- modinfo ceph ----
filename: /lib/modules/6.17.8-arch1-1/kernel/fs/ceph/ceph.ko.zst
license: GPL
description: Ceph filesystem for Linux
author: Patience Warnick <patience@newdream.net>
author: Yehuda Sadeh <yehuda@hq.newdream.net>
author: Sage Weil <sage@newdream.net>
alias: fs-ceph
srcversion: 8A90DA7BD7115993B7D91C5
depends: libceph,netfs
intree: Y
name: ceph
retpoline: Y
vermagic: 6.17.8-arch1-1 SMP preempt mod_unload
sig_id: PKCS#7
signer: Build time autogenerated kernel key
sig_key: 62:71:9D:1A:80:81:07:4B:DA:3C:80:96:13:B8:D6:28:BC:A2:FE:B8
sig_hashalgo: sha512
signature: 30:65:02:31:00:AD:50:DF:5E:6D:33:6B:A6:B4:7A:C9:58:B8:F8:4F:
31:56:80:A8:4F:9E:C6:80:2A:DF:DA:24:04:27:38:62:6C:1D:18:20:
90:21:30:53:C4:A1:2B:BF:85:15:96:C6:92:02:30:2B:AA:42:E0:B9:
7F:BC:20:B4:EC:DE:48:4C:B0:4E:91:31:0F:F9:47:57:20:8C:99:F9:
67:4E:B5:AB:81:95:54:EC:C4:32:2F:68:D5:D2:B8:4B:B3:DC:E2:BA:
FF:64:95
parm: disable_send_metrics:Enable sending perf metrics to ceph cluster (default: on)
parm: enable_unsafe_idmap:Allow to use idmapped mounts with MDS without CEPHFS_FEATURE_HAS_OWNER_UIDGID (bool)
---- modinfo libceph ----
filename: /lib/modules/6.17.8-arch1-1/kernel/net/ceph/libceph.ko.zst
license: GPL
description: Ceph core library
author: Patience Warnick <patience@newdream.net>
author: Yehuda Sadeh <yehuda@hq.newdream.net>
author: Sage Weil <sage@newdream.net>
srcversion: 451CE8A92FEA7625419462C
depends: dns_resolver
intree: Y
name: libceph
retpoline: Y
vermagic: 6.17.8-arch1-1 SMP preempt mod_unload
sig_id: PKCS#7
signer: Build time autogenerated kernel key
sig_key: 62:71:9D:1A:80:81:07:4B:DA:3C:80:96:13:B8:D6:28:BC:A2:FE:B8
sig_hashalgo: sha512
signature: 30:64:02:30:4C:AA:5B:80:4E:F5:6E:EF:8F:78:C2:A1:DA:D5:98:11:
5C:69:8A:1F:7F:94:60:F2:44:CF:F0:7A:84:86:81:63:05:9E:93:AC:
63:DE:E7:B4:93:76:64:2C:E7:32:7D:E1:02:30:4D:F3:3E:E7:DD:FC:
A8:2F:FF:F1:02:A8:B5:1D:98:C8:2D:2F:37:CA:78:6A:89:E4:AB:E0:
DA:B3:26:F3:AE:2E:5D:CF:E1:53:74:A7:0C:3E:D3:9F:BF:77:05:E2:
FA:EB
---- mount | grep -i ceph ----
systemd-1 on /mnt/cephfs type autofs (rw,relatime,fd=69,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=6642)
172.27.0.71:6789,172.27.1.51:6789,172.27.5.25:6789:/ on /mnt/cephfs type ceph (rw,noatime,name=cephfs,secret=<hidden>,acl,_netdev,x-systemd.automount)
---- fstab (grep ceph) ----
172.27.0.71:6789,172.27.1.51:6789,172.27.5.25:6789:/ /mnt/cephfs ceph name=cephfs,secret=<hidden>==,noatime,_netdev,nofail,x-systemd.automount 0 0
---- Ceph cluster info (если доступен ceph CLI) ----
Команда 'ceph' не найдена, пропускаю ceph fs status / ceph versions
========================================
Попытка воспроизвести баг: ls /mnt/cephfs
========================================
./1.sh: строка 113: 5418 Убито ls "${CEPH_MOUNT}" > /dev/null 2>&1
ls /mnt/cephfs завершился с ошибкой (ожидаемо при баге)
---- dmesg (последние 300 строк) ----
[ 3.527740] systemd[1]: Starting Remount Root and Kernel File Systems...
[ 3.528332] systemd[1]: Early TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
[ 3.529646] systemd[1]: Starting Load udev Rules from Credentials...
[ 3.533770] systemd[1]: Starting Coldplug All udev Devices...
[ 3.534701] loop: module loaded
[ 3.535693] device-mapper: uevent: version 1.0.3
[ 3.535938] device-mapper: ioctl: 4.50.0-ioctl (2025-04-28) initialised: dm-devel@lists.linux.dev
[ 3.539057] systemd[1]: Mounted Huge Pages File System.
[ 3.539729] systemd[1]: Mounted POSIX Message Queue File System.
[ 3.541164] systemd[1]: Mounted Kernel Debug File System.
[ 3.542372] systemd[1]: Mounted Kernel Trace File System.
[ 3.543761] systemd[1]: Finished Create List of Static Device Nodes.
[ 3.544853] systemd[1]: Mounted Kernel Configuration File System.
[ 3.545544] systemd[1]: modprobe@dm_mod.service: Deactivated successfully.
[ 3.545817] systemd[1]: Finished Load Kernel Module dm_mod.
[ 3.547208] systemd[1]: Mounted FUSE Control File System.
[ 3.548137] systemd[1]: modprobe@loop.service: Deactivated successfully.
[ 3.548371] systemd[1]: Finished Load Kernel Module loop.
[ 3.549285] systemd[1]: Repartition Root Disk was skipped because no trigger condition checks were met.
[ 3.551954] systemd[1]: Starting Create Static Device Nodes in /dev gracefully...
[ 3.555258] Asymmetric key parser 'pkcs8' registered
[ 3.556070] systemd[1]: Finished Load Kernel Modules.
[ 3.590945] systemd[1]: Starting Apply Kernel Variables...
[ 3.592012] systemd-journald[240]: Collecting audit messages is disabled.
[ 3.597022] systemd[1]: Finished Load udev Rules from Credentials.
[ 3.604781] systemd[1]: Started Journal Service.
[ 3.681777] BTRFS info (device sda8 state M): use zstd compression, level 2
[ 3.701837] systemd-journald[240]: Received client request to flush runtime journal.
[ 4.141126] zram0: detected capacity change from 0 to 16358400
[ 4.248827] Adding 8179196k swap on /dev/zram0. Priority:100 extents:1 across:8179196k SSDsc
[ 4.460486] mousedev: PS/2 mouse device common for all mice
[ 4.530059] input: Intel HID events as /devices/platform/INT33D5:00/input/input13
[ 4.530322] intel-hid INT33D5:00: platform supports 5 button array
[ 4.541018] input: Intel HID 5 button array as /devices/platform/INT33D5:00/input/input14
[ 4.554172] ACPI Warning: \_SB.IETM._TRT: Return Package has no elements (empty) (20250404/nsprepkg-94)
[ 4.566851] intel_pmc_core INT33A1:00: initialized
[ 4.762557] ACPI: bus type thunderbolt registered
[ 4.819976] mc: Linux media interface: v0.10
[ 4.871313] pps_core: LinuxPPS API ver. 1 registered
[ 4.871316] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>
[ 4.892026] input: DELL081C:00 044E:121F Mouse as /devices/pci0000:00/0000:00:15.1/i2c_designware.1/i2c-1/i2c-DELL081C:00/0018:044E:121F.0005/input/input15
[ 4.892142] input: DELL081C:00 044E:121F Touchpad as /devices/pci0000:00/0000:00:15.1/i2c_designware.1/i2c-1/i2c-DELL081C:00/0018:044E:121F.0005/input/input16
[ 4.894750] input: DELL081C:00 044E:121F as /devices/pci0000:00/0000:00:15.1/i2c_designware.1/i2c-1/i2c-DELL081C:00/0018:044E:121F.0005/input/input17
[ 4.895766] hid-generic 0018:044E:121F.0005: input,hidraw4: I2C HID v1.00 Mouse [DELL081C:00 044E:121F] on i2c-DELL081C:00
[ 4.984837] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 4.989193] mei_me 0000:00:16.0: enabling device (0004 -> 0006)
[ 4.990009] PTP clock support registered
[ 4.992395] input: PC Speaker as /devices/platform/pcspkr/input/input18
[ 4.992468] videodev: Linux video capture interface: v2.00
[ 4.994886] Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 4.995105] Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600'
[ 4.996032] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[ 4.996037] cfg80211: failed to load regulatory.db
[ 4.998535] i801_smbus 0000:00:1f.4: SPD Write Disable is set
[ 4.998551] i801_smbus 0000:00:1f.4: SMBus using PCI interrupt
[ 5.006006] i2c i2c-9: Successfully instantiated SPD at 0x50
[ 5.090709] Bluetooth: Core ver 2.22
[ 5.090731] NET: Registered PF_BLUETOOTH protocol family
[ 5.090733] Bluetooth: HCI device and connection manager initialized
[ 5.090737] Bluetooth: HCI socket layer initialized
[ 5.090741] Bluetooth: L2CAP socket layer initialized
[ 5.090747] Bluetooth: SCO socket layer initialized
[ 5.096468] RAPL PMU: API unit is 2^-32 Joules, 5 fixed counters, 655360 ms ovfl timer
[ 5.096473] RAPL PMU: hw unit of domain pp0-core 2^-14 Joules
[ 5.096475] RAPL PMU: hw unit of domain package 2^-14 Joules
[ 5.096476] RAPL PMU: hw unit of domain dram 2^-14 Joules
[ 5.096477] RAPL PMU: hw unit of domain pp1-gpu 2^-14 Joules
[ 5.096479] RAPL PMU: hw unit of domain psys 2^-14 Joules
[ 5.097248] iwlwifi 0000:02:00.0: enabling device (0000 -> 0002)
[ 5.111374] dcdbas dcdbas: Dell Systems Management Base Driver (version 5.6.0-3.4)
[ 5.138062] iwlwifi 0000:02:00.0: Detected crf-id 0xbadcafe, cnv-id 0x10 wfpm id 0x80000000
[ 5.138238] iwlwifi 0000:02:00.0: PCI dev 24fd/0050, rev=0x230, rfid=0xd55555d5
[ 5.138242] iwlwifi 0000:02:00.0: Detected Intel(R) Dual Band Wireless-AC 8265
[ 5.162229] iwlwifi 0000:02:00.0: loaded firmware version 36.c8e8e144.0 8265-36.ucode op_mode iwlmvm
[ 5.186579] e1000e: Intel(R) PRO/1000 Network Driver
[ 5.186583] e1000e: Copyright(c) 1999 - 2015 Intel Corporation.
[ 5.186880] e1000e 0000:00:1f.6: Interrupt Throttling Rate (ints/sec) set to dynamic conservative mode
[ 5.201505] input: Dell WMI hotkeys as /devices/platform/PNP0C14:01/wmi_bus/wmi_bus-PNP0C14:01/9DBB5994-A997-11DA-B012-B622A1EF5492-3/input/input19
[ 5.393779] usb 1-5: Found UVC 1.00 device Integrated_Webcam_HD (1bcf:2b96)
[ 5.393923] usbcore: registered new interface driver btusb
[ 5.395942] Bluetooth: hci0: Firmware revision 0.1 build 19 week 44 2021
[ 5.410747] Bluetooth: hci0: Reading supported features failed (-16)
[ 5.410752] Bluetooth: hci0: Error reading debug features
[ 5.410755] Bluetooth: hci0: HCI LE Coded PHY feature bit is set, but its usage is not supported.
[ 5.439500] usbcore: registered new interface driver uvcvideo
[ 5.471083] proc_thermal 0000:00:04.0: enabling device (0000 -> 0002)
[ 5.511686] intel_rapl_common: Found RAPL domain package
[ 5.511690] intel_rapl_common: Found RAPL domain dram
[ 5.524566] iwlwifi 0000:02:00.0: base HW address: dc:8b:28:2e:59:e6, OTP minor version: 0x4
[ 5.618590] ieee80211 phy0: Selected rate control algorithm 'iwl-mvm-rs'
[ 5.667753] e1000e 0000:00:1f.6 0000:00:1f.6 (uninitialized): registered PHC clock
[ 5.679788] intel_rapl_common: Found RAPL domain package
[ 5.679793] intel_rapl_common: Found RAPL domain core
[ 5.679794] intel_rapl_common: Found RAPL domain uncore
[ 5.679795] intel_rapl_common: Found RAPL domain dram
[ 5.679797] intel_rapl_common: Found RAPL domain psys
[ 5.681002] mei_hdcp 0000:00:16.0-b638ab7e-94e2-4ea2-a552-d1c54b627f04: bound 0000:00:02.0 (ops i915_hdcp_ops [i915])
[ 5.683584] iTCO_vendor_support: vendor-support=0
[ 5.684520] ee1004 9-0050: 512 byte EE1004-compliant SPD EEPROM, read-only
[ 5.722771] iTCO_wdt iTCO_wdt: Found a Intel PCH TCO device (Version=4, TCOBASE=0x0400)
[ 5.722867] iTCO_wdt iTCO_wdt: initialized. heartbeat=30 sec (nowayout=0)
[ 5.743913] e1000e 0000:00:1f.6 eth0: (PCI Express:2.5GT/s:Width x1) e4:b9:7a:38:a4:d8
[ 5.743927] e1000e 0000:00:1f.6 eth0: Intel(R) PRO/1000 Network Connection
[ 5.744003] e1000e 0000:00:1f.6 eth0: MAC: 12, PHY: 12, PBA No: FFFFFF-0FF
[ 5.753582] input: DELL081C:00 044E:121F Mouse as /devices/pci0000:00/0000:00:15.1/i2c_designware.1/i2c-1/i2c-DELL081C:00/0018:044E:121F.0005/input/input20
[ 5.754100] input: DELL081C:00 044E:121F Touchpad as /devices/pci0000:00/0000:00:15.1/i2c_designware.1/i2c-1/i2c-DELL081C:00/0018:044E:121F.0005/input/input21
[ 5.754280] input: DELL081C:00 044E:121F UNKNOWN as /devices/pci0000:00/0000:00:15.1/i2c_designware.1/i2c-1/i2c-DELL081C:00/0018:044E:121F.0005/input/input22
[ 5.755773] hid-multitouch 0018:044E:121F.0005: input,hidraw4: I2C HID v1.00 Mouse [DELL081C:00 044E:121F] on i2c-DELL081C:00
[ 5.758160] e1000e 0000:00:1f.6 enp0s31f6: renamed from eth0
[ 5.789433] snd_hda_intel 0000:00:1f.3: enabling device (0000 -> 0002)
[ 5.790045] snd_hda_intel 0000:00:1f.3: bound 0000:00:02.0 (ops intel_audio_component_bind_ops [i915])
[ 5.856426] snd_hda_codec_alc269 hdaudioC0D0: ALC3246: picked fixup (pin match)
[ 5.888214] snd_hda_codec_alc269 hdaudioC0D0: autoconfig for ALC3246: line_outs=1 (0x14/0x0/0x0/0x0/0x0) type:speaker
[ 5.888219] snd_hda_codec_alc269 hdaudioC0D0: speaker_outs=0 (0x0/0x0/0x0/0x0/0x0)
[ 5.888225] snd_hda_codec_alc269 hdaudioC0D0: hp_outs=1 (0x21/0x0/0x0/0x0/0x0)
[ 5.888227] snd_hda_codec_alc269 hdaudioC0D0: mono: mono_out=0x0
[ 5.888228] snd_hda_codec_alc269 hdaudioC0D0: inputs:
[ 5.888230] snd_hda_codec_alc269 hdaudioC0D0: Internal Mic=0x12
[ 5.888232] snd_hda_codec_alc269 hdaudioC0D0: Headset Mic=0x19
[ 5.888233] snd_hda_codec_alc269 hdaudioC0D0: Headphone Mic=0x1a
[ 5.951055] dell_laptop: Using i8042 filter function for receiving events
[ 6.121887] input: HDA Intel PCH Headphone Mic as /devices/pci0000:00/0000:00:1f.3/sound/card0/input23
[ 6.121950] input: HDA Intel PCH HDMI/DP,pcm=3 as /devices/pci0000:00/0000:00:1f.3/sound/card0/input24
[ 6.122009] input: HDA Intel PCH HDMI/DP,pcm=7 as /devices/pci0000:00/0000:00:1f.3/sound/card0/input25
[ 6.122069] input: HDA Intel PCH HDMI/DP,pcm=8 as /devices/pci0000:00/0000:00:1f.3/sound/card0/input26
[ 6.331766] intel_tcc_cooling: Programmable TCC Offset detected
[ 6.378011] ACPI: battery: new hook: Dell Primary Battery Extension
[ 6.499647] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[ 6.499652] Bluetooth: BNEP filters: protocol multicast
[ 6.499656] Bluetooth: BNEP socket layer initialized
[ 6.595646] NET: Registered PF_QIPCRTR protocol family
[ 7.345674] Bluetooth: MGMT ver 1.23
[ 7.355528] NET: Registered PF_ALG protocol family
[ 11.524944] rfkill: input handler disabled
[ 11.568606] wlan0: authenticate with 50:ff:20:7f:05:17 (local address=dc:8b:28:2e:59:e6)
[ 11.569953] wlan0: send auth to 50:ff:20:7f:05:17 (try 1/3)
[ 11.578857] wlan0: authenticated
[ 11.579649] wlan0: associate with 50:ff:20:7f:05:17 (try 1/3)
[ 11.581485] wlan0: RX AssocResp from 50:ff:20:7f:05:17 (capab=0x1811 status=0 aid=3)
[ 11.583161] wlan0: associated
[ 11.614679] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 50:ff:20:7f:05:17
[ 12.066747] Bluetooth: RFCOMM TTY layer initialized
[ 12.066757] Bluetooth: RFCOMM socket layer initialized
[ 12.066761] Bluetooth: RFCOMM ver 1.11
[ 13.100293] traps: gnome-control-c[1279] trap int3 ip:7fbcc17cbbcc sp:7ffdf626ad90 error:0 in libglib-2.0.so.0.8600.2[64bcc,7fbcc1785000+a7000]
[ 13.704706] wireguard: WireGuard 1.0.0 loaded. See www.wireguard.com for information.
[ 13.704711] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
[ 14.447481] Initializing XFRM netlink socket
[ 14.486376] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
[ 18.057992] rfkill: input handler enabled
[ 20.280174] rfkill: input handler disabled
[ 23.513465] traps: gnome-control-c[3100] trap int3 ip:7fe855931bcc sp:7ffd34b5fbe0 error:0 in libglib-2.0.so.0.8600.2[64bcc,7fe8558eb000+a7000]
[ 23.595121] warning: `ThreadPoolForeg' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[ 466.850548] netfs: FS-Cache loaded
[ 466.854172] Key type dns_resolver registered
[ 466.873251] Key type ceph registered
[ 466.873382] libceph: loaded (mon/osd proto 15/24)
[ 466.893617] ceph: loaded (mds proto 32)
[ 466.964543] libceph: mon2 (1)172.27.5.25:6789 session established
[ 466.980590] libceph: client1898630 fsid e147ede6-ca9c-11ee-a3f5-1fc2434b3a24
[ 467.070409] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 467.070430] #PF: supervisor read access in kernel mode
[ 467.070441] #PF: error_code(0x0000) - not-present page
[ 467.070449] PGD 0 P4D 0
[ 467.070465] Oops: Oops: 0000 [#1] SMP PTI
[ 467.070482] CPU: 1 UID: 0 PID: 5365 Comm: ls Tainted: G U 6.17.8-arch1-1 #1 PREEMPT(full) b229cb54977b6624cce826e2cbd0d8e703fe3921
[ 467.070506] Tainted: [U]=USER
[ 467.070513] Hardware name: Dell Inc. Latitude 7490/0KP0FT, BIOS 1.39.0 07/04/2024
[ 467.070522] RIP: 0010:strcmp+0x2c/0x50
[ 467.070541] Code: 1e fa 31 c0 eb 20 66 90 66 66 2e 0f 1f 84 00 00 00 00 00 66 66 2e 0f 1f 84 00 00 00 00 00 48 83 c0 01 84 d2 74 13 0f b6 14 07 <3a> 14 06 74 ef 19 c0 83 c8 01 c3 cc cc cc cc 31 c0 c3 cc cc cc cc
[ 467.070554] RSP: 0000:ffffd1bb13bf7a98 EFLAGS: 00010246
[ 467.070569] RAX: 0000000000000000 RBX: ffff8a16573f3740 RCX: ffffffffb6e4dba4
[ 467.070583] RDX: 0000000000000063 RSI: 0000000000000000 RDI: ffff8a16d6da87c8
[ 467.070593] RBP: ffff8a176f5c6000 R08: 0000000000000000 R09: 0000000000000000
[ 467.070601] R10: 0000000000000000 R11: ffffffffc1b887cf R12: 0000000000000000
[ 467.070609] R13: ffff8a16efa2b6c0 R14: ffff8a168119b800 R15: 0000000000000000
[ 467.070619] FS: 00007f90c70fc740(0000) GS:ffff8a1d96989000(0000) knlGS:0000000000000000
[ 467.070632] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 467.070643] CR2: 0000000000000000 CR3: 000000024225c003 CR4: 00000000003726f0
[ 467.070654] Call Trace:
[ 467.070663] <TASK>
[ 467.070678] ceph_mds_check_access+0x103/0x840 [ceph 55c04a72285190e415d71722bb4b8a464ab66164]
[ 467.070846] ? __touch_cap+0x30/0x180 [ceph 55c04a72285190e415d71722bb4b8a464ab66164]
[ 467.070996] ceph_open+0x17a/0x620 [ceph 55c04a72285190e415d71722bb4b8a464ab66164]
[ 467.071145] ? __pfx_ceph_open+0x10/0x10 [ceph 55c04a72285190e415d71722bb4b8a464ab66164]
[ 467.071271] do_dentry_open+0x23d/0x480
[ 467.071289] vfs_open+0x30/0x100
[ 467.071303] path_openat+0x7ea/0x12e0
[ 467.071324] ? set_pte_range+0xf2/0x270
[ 467.071338] ? next_uptodate_folio+0x89/0x2a0
[ 467.071359] do_filp_open+0xd8/0x180
[ 467.071391] ? alloc_fd+0x12e/0x190
[ 467.071410] do_sys_openat2+0x88/0xe0
[ 467.071429] __x64_sys_openat+0x61/0xa0
[ 467.071445] do_syscall_64+0x81/0x970
[ 467.071462] ? count_memcg_events+0xc2/0x190
[ 467.071476] ? handle_mm_fault+0x1d7/0x2d0
[ 467.071493] ? do_user_addr_fault+0x21a/0x690
[ 467.071515] ? exc_page_fault+0x7e/0x1a0
[ 467.071532] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 467.071548] RIP: 0033:0x7f90c6f0e776
[ 467.071623] Code: 4c 89 55 c8 41 89 f2 41 83 e2 40 75 37 89 f2 f7 d2 81 e2 00 00 41 00 74 2b 89 f2 bf 9c ff ff ff 48 89 c6 b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 32 48 8b 55 c8 64 48 2b 14 25 28 00 00 00 75
[ 467.071637] RSP: 002b:00007ffe77c04f10 EFLAGS: 00000206 ORIG_RAX: 0000000000000101
[ 467.071653] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f90c6f0e776
[ 467.071663] RDX: 0000000000090800 RSI: 0000561db44bf750 RDI: 00000000ffffff9c
[ 467.071674] RBP: 00007ffe77c04f60 R08: b5b9f896be95ddc0 R09: 0000000000000020
[ 467.071683] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 467.071692] R13: 00007f90c70fc6e0 R14: 0000561db44bf750 R15: 00007ffe77c05360
[ 467.071713] </TASK>
[ 467.071720] Modules linked in: ceph libceph dns_resolver netfs xt_conntrack xt_MASQUERADE bridge stp llc xfrm_user xfrm_algo xt_set ip_set nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_addrtype nft_compat nf_tables wireguard curve25519_x86_64 libcurve25519_generic ip6_udp_tunnel udp_tunnel rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device ccm overlay cmac algif_hash algif_skcipher af_alg qrtr bnep dell_pc platform_profile intel_uncore_frequency intel_uncore_frequency_common intel_tcc_cooling x86_pkg_temp_thermal intel_powerclamp coretemp snd_hda_codec_intelhdmi snd_hda_codec_hdmi dell_rbtn snd_ctl_led snd_hda_codec_alc269 snd_hda_scodec_component snd_hda_codec_realtek_lib snd_hda_codec_generic snd_hda_intel snd_soc_avs snd_soc_hda_codec snd_hda_ext_core snd_hda_codec iTCO_wdt kvm_intel snd_hda_core intel_pmc_bxt snd_intel_dspcfg mei_pxp mei_hdcp intel_rapl_msr mei_wdt iTCO_vendor_support ee1004 hid_multitouch snd_intel_sdw_acpi snd_hwdep processor_thermal_device_pci_legacy kvm dell_laptop
[ 467.072020] snd_soc_core processor_thermal_device btusb snd_compress iwlmvm dell_smm_hwmon uvcvideo irqbypass btrtl ac97_bus processor_thermal_wt_hint videobuf2_vmalloc mac80211 btintel uvc dell_wmi platform_temperature_control polyval_clmulni btbcm ghash_clmulni_intel processor_thermal_rfim snd_pcm_dmaengine videobuf2_memops libarc4 e1000e dell_smbios btmtk aesni_intel processor_thermal_rapl snd_pcm dcdbas videobuf2_v4l2 ucsi_acpi rapl intel_rapl_common typec_ucsi videobuf2_common iwlwifi intel_cstate snd_timer processor_thermal_wt_req dell_wmi_sysman processor_thermal_power_floor bluetooth intel_uncore pcspkr i2c_i801 snd mei_me dell_wmi_descriptor ptp videodev processor_thermal_mbox firmware_attributes_class intel_xhci_usb_role_switch typec wmi_bmof i2c_smbus intel_wmi_thunderbolt cfg80211 pps_core soundcore i2c_mux intel_pch_thermal rfkill mei mc intel_soc_dts_iosf thunderbolt roles i2c_hid_acpi i2c_hid vfat intel_pmc_core pmt_telemetry int3403_thermal intel_oc_wdt int3400_thermal pmt_discovery fat pmt_class
[ 467.072326] intel_hid int340x_thermal_zone acpi_thermal_rel intel_pmc_ssram_telemetry sparse_keymap acpi_pad intel_vsec mousedev joydev mac_hid pkcs8_key_parser crypto_user loop dm_mod nfnetlink zram 842_decompress 842_compress lz4hc_compress lz4_compress ip_tables x_tables i915 rtsx_pci_sdmmc mmc_core i2c_algo_bit drm_buddy ttm intel_gtt drm_display_helper rtsx_pci intel_lpss_pci video cec intel_lpss_acpi intel_lpss idma64 wmi serio_raw
[ 467.072485] CR2: 0000000000000000
[ 467.072496] ---[ end trace 0000000000000000 ]---
[ 467.072507] RIP: 0010:strcmp+0x2c/0x50
[ 467.072524] Code: 1e fa 31 c0 eb 20 66 90 66 66 2e 0f 1f 84 00 00 00 00 00 66 66 2e 0f 1f 84 00 00 00 00 00 48 83 c0 01 84 d2 74 13 0f b6 14 07 <3a> 14 06 74 ef 19 c0 83 c8 01 c3 cc cc cc cc 31 c0 c3 cc cc cc cc
[ 467.072537] RSP: 0000:ffffd1bb13bf7a98 EFLAGS: 00010246
[ 467.072550] RAX: 0000000000000000 RBX: ffff8a16573f3740 RCX: ffffffffb6e4dba4
[ 467.072560] RDX: 0000000000000063 RSI: 0000000000000000 RDI: ffff8a16d6da87c8
[ 467.072569] RBP: ffff8a176f5c6000 R08: 0000000000000000 R09: 0000000000000000
[ 467.072578] R10: 0000000000000000 R11: ffffffffc1b887cf R12: 0000000000000000
[ 467.072586] R13: ffff8a16efa2b6c0 R14: ffff8a168119b800 R15: 0000000000000000
[ 467.072595] FS: 00007f90c70fc740(0000) GS:ffff8a1d96989000(0000) knlGS:0000000000000000
[ 467.072607] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 467.072617] CR2: 0000000000000000 CR3: 000000024225c003 CR4: 00000000003726f0
[ 467.072626] note: ls[5365] exited with irqs disabled
[ 562.579516] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 562.579522] #PF: supervisor read access in kernel mode
[ 562.579524] #PF: error_code(0x0000) - not-present page
[ 562.579525] PGD 0 P4D 0
[ 562.579528] Oops: Oops: 0000 [#2] SMP PTI
[ 562.579532] CPU: 3 UID: 0 PID: 5418 Comm: ls Tainted: G UD 6.17.8-arch1-1 #1 PREEMPT(full) b229cb54977b6624cce826e2cbd0d8e703fe3921
[ 562.579537] Tainted: [U]=USER, [D]=DIE
[ 562.579539] Hardware name: Dell Inc. Latitude 7490/0KP0FT, BIOS 1.39.0 07/04/2024
[ 562.579544] RIP: 0010:strcmp+0x2c/0x50
[ 562.579550] Code: 1e fa 31 c0 eb 20 66 90 66 66 2e 0f 1f 84 00 00 00 00 00 66 66 2e 0f 1f 84 00 00 00 00 00 48 83 c0 01 84 d2 74 13 0f b6 14 07 <3a> 14 06 74 ef 19 c0 83 c8 01 c3 cc cc cc cc 31 c0 c3 cc cc cc cc
[ 562.579552] RSP: 0018:ffffd1bb00a038b8 EFLAGS: 00010246
[ 562.579555] RAX: 0000000000000000 RBX: ffff8a16573f3740 RCX: ffffffffb6e4dba4
[ 562.579556] RDX: 0000000000000063 RSI: 0000000000000000 RDI: ffff8a16d6da87c8
[ 562.579558] RBP: ffff8a176f5c6000 R08: 0000000000000000 R09: 0000000000000000
[ 562.579559] R10: 0000000000000000 R11: ffffffffc1b887cf R12: 0000000000000000
[ 562.579561] R13: ffff8a1664bc1cc0 R14: ffff8a168119b800 R15: 0000000000000000
[ 562.579562] FS: 00007fa2d1246740(0000) GS:ffff8a1d96a89000(0000) knlGS:0000000000000000
[ 562.579564] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 562.579566] CR2: 0000000000000000 CR3: 00000001b875a005 CR4: 00000000003726f0
[ 562.579568] Call Trace:
[ 562.579570] <TASK>
[ 562.579573] ceph_mds_check_access+0x103/0x840 [ceph 55c04a72285190e415d71722bb4b8a464ab66164]
[ 562.579601] ? __touch_cap+0x30/0x180 [ceph 55c04a72285190e415d71722bb4b8a464ab66164]
[ 562.579621] ceph_open+0x17a/0x620 [ceph 55c04a72285190e415d71722bb4b8a464ab66164]
[ 562.579641] ? __pfx_ceph_open+0x10/0x10 [ceph 55c04a72285190e415d71722bb4b8a464ab66164]
[ 562.579659] do_dentry_open+0x23d/0x480
[ 562.579662] vfs_open+0x30/0x100
[ 562.579666] path_openat+0x7ea/0x12e0
[ 562.579670] ? do_statx+0x72/0xa0
[ 562.579674] do_filp_open+0xd8/0x180
[ 562.579679] ? alloc_fd+0x12e/0x190
[ 562.579684] do_sys_openat2+0x88/0xe0
[ 562.579687] __x64_sys_openat+0x61/0xa0
[ 562.579690] do_syscall_64+0x81/0x970
[ 562.579692] ? __alloc_frozen_pages_noprof+0x18b/0x350
[ 562.579696] ? mod_memcg_lruvec_state+0xc5/0x1f0
[ 562.579699] ? __lruvec_stat_mod_folio+0x85/0xd0
[ 562.579701] ? __folio_mod_stat+0x2d/0x90
[ 562.579703] ? set_ptes.isra.0+0x36/0x80
[ 562.579707] ? do_anonymous_page+0xf7/0x8a0
[ 562.579709] ? ___pte_offset_map+0x1b/0x160
[ 562.579713] ? __handle_mm_fault+0xa61/0xf10
[ 562.579715] ? do_syscall_64+0x81/0x970
[ 562.579719] ? count_memcg_events+0xc2/0x190
[ 562.579721] ? handle_mm_fault+0x1d7/0x2d0
[ 562.579724] ? do_user_addr_fault+0x21a/0x690
[ 562.579729] ? exc_page_fault+0x7e/0x1a0
[ 562.579731] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 562.579734] RIP: 0033:0x7fa2d110e776
[ 562.579757] Code: 4c 89 55 c8 41 89 f2 41 83 e2 40 75 37 89 f2 f7 d2 81 e2 00 00 41 00 74 2b 89 f2 bf 9c ff ff ff 48 89 c6 b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 32 48 8b 55 c8 64 48 2b 14 25 28 00 00 00 75
[ 562.579759] RSP: 002b:00007fff7b7b74b0 EFLAGS: 00000206 ORIG_RAX: 0000000000000101
[ 562.579762] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa2d110e776
[ 562.579763] RDX: 0000000000090800 RSI: 0000560e84261750 RDI: 00000000ffffff9c
[ 562.579765] RBP: 00007fff7b7b7500 R08: dccd5719fba1dd2e R09: 0000000000000020
[ 562.579766] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[ 562.579768] R13: 00007fa2d12466e0 R14: 0000560e84261750 R15: 00007fff7b7b7900
[ 562.579771] </TASK>
[ 562.579772] Modules linked in: ceph libceph dns_resolver netfs xt_conntrack xt_MASQUERADE bridge stp llc xfrm_user xfrm_algo xt_set ip_set nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_addrtype nft_compat nf_tables wireguard curve25519_x86_64 libcurve25519_generic ip6_udp_tunnel udp_tunnel rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device ccm overlay cmac algif_hash algif_skcipher af_alg qrtr bnep dell_pc platform_profile intel_uncore_frequency intel_uncore_frequency_common intel_tcc_cooling x86_pkg_temp_thermal intel_powerclamp coretemp snd_hda_codec_intelhdmi snd_hda_codec_hdmi dell_rbtn snd_ctl_led snd_hda_codec_alc269 snd_hda_scodec_component snd_hda_codec_realtek_lib snd_hda_codec_generic snd_hda_intel snd_soc_avs snd_soc_hda_codec snd_hda_ext_core snd_hda_codec iTCO_wdt kvm_intel snd_hda_core intel_pmc_bxt snd_intel_dspcfg mei_pxp mei_hdcp intel_rapl_msr mei_wdt iTCO_vendor_support ee1004 hid_multitouch snd_intel_sdw_acpi snd_hwdep processor_thermal_device_pci_legacy kvm dell_laptop
[ 562.579824] snd_soc_core processor_thermal_device btusb snd_compress iwlmvm dell_smm_hwmon uvcvideo irqbypass btrtl ac97_bus processor_thermal_wt_hint videobuf2_vmalloc mac80211 btintel uvc dell_wmi platform_temperature_control polyval_clmulni btbcm ghash_clmulni_intel processor_thermal_rfim snd_pcm_dmaengine videobuf2_memops libarc4 e1000e dell_smbios btmtk aesni_intel processor_thermal_rapl snd_pcm dcdbas videobuf2_v4l2 ucsi_acpi rapl intel_rapl_common typec_ucsi videobuf2_common iwlwifi intel_cstate snd_timer processor_thermal_wt_req dell_wmi_sysman processor_thermal_power_floor bluetooth intel_uncore pcspkr i2c_i801 snd mei_me dell_wmi_descriptor ptp videodev processor_thermal_mbox firmware_attributes_class intel_xhci_usb_role_switch typec wmi_bmof i2c_smbus intel_wmi_thunderbolt cfg80211 pps_core soundcore i2c_mux intel_pch_thermal rfkill mei mc intel_soc_dts_iosf thunderbolt roles i2c_hid_acpi i2c_hid vfat intel_pmc_core pmt_telemetry int3403_thermal intel_oc_wdt int3400_thermal pmt_discovery fat pmt_class
[ 562.579878] intel_hid int340x_thermal_zone acpi_thermal_rel intel_pmc_ssram_telemetry sparse_keymap acpi_pad intel_vsec mousedev joydev mac_hid pkcs8_key_parser crypto_user loop dm_mod nfnetlink zram 842_decompress 842_compress lz4hc_compress lz4_compress ip_tables x_tables i915 rtsx_pci_sdmmc mmc_core i2c_algo_bit drm_buddy ttm intel_gtt drm_display_helper rtsx_pci intel_lpss_pci video cec intel_lpss_acpi intel_lpss idma64 wmi serio_raw
[ 562.579905] CR2: 0000000000000000
[ 562.579907] ---[ end trace 0000000000000000 ]---
[ 562.579909] RIP: 0010:strcmp+0x2c/0x50
[ 562.579911] Code: 1e fa 31 c0 eb 20 66 90 66 66 2e 0f 1f 84 00 00 00 00 00 66 66 2e 0f 1f 84 00 00 00 00 00 48 83 c0 01 84 d2 74 13 0f b6 14 07 <3a> 14 06 74 ef 19 c0 83 c8 01 c3 cc cc cc cc 31 c0 c3 cc cc cc cc
[ 562.579913] RSP: 0000:ffffd1bb13bf7a98 EFLAGS: 00010246
[ 562.579915] RAX: 0000000000000000 RBX: ffff8a16573f3740 RCX: ffffffffb6e4dba4
[ 562.579917] RDX: 0000000000000063 RSI: 0000000000000000 RDI: ffff8a16d6da87c8
[ 562.579918] RBP: ffff8a176f5c6000 R08: 0000000000000000 R09: 0000000000000000
[ 562.579919] R10: 0000000000000000 R11: ffffffffc1b887cf R12: 0000000000000000
[ 562.579921] R13: ffff8a16efa2b6c0 R14: ffff8a168119b800 R15: 0000000000000000
[ 562.579922] FS: 00007fa2d1246740(0000) GS:ffff8a1d96a89000(0000) knlGS:0000000000000000
[ 562.579924] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 562.579925] CR2: 0000000000000000 CR3: 00000001b875a005 CR4: 00000000003726f0
[ 562.579927] note: ls[5418] exited with irqs disabled
========================================
Сбор данных завершён
Файл: /root/ceph_kernel_bug_arch872_20251127_014252.log
========================================
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [REGRESSION] CephFS kernel client crash (NULL deref in strcmp) since Linux 6.17.8
2025-11-26 23:12 [REGRESSION] CephFS kernel client crash (NULL deref in strcmp) since Linux 6.17.8 Уолтер О'Дим
@ 2025-11-26 23:22 ` Viacheslav Dubeyko
0 siblings, 0 replies; 2+ messages in thread
From: Viacheslav Dubeyko @ 2025-11-26 23:22 UTC (permalink / raw)
To: ceph-devel@vger.kernel.org, nix155nix@gmail.com
Cc: linux-fsdevel@vger.kernel.org
On Thu, 2025-11-27 at 02:12 +0300, Уолтер О'Дим wrote:
>
> Subject: [REGRESSION] CephFS kernel client crash (NULL deref in strcmp) since Linux 6.17.8
> To: ceph-devel@vger.kernel.org
> Cc: linux-fsdevel@vger.kernel.org
>
> Hi,
>
> I would like to report a regression in the in-kernel CephFS client which appeared between Linux 6.17.7 and 6.17.8. The issue is fully reproducible on my hardware and completely prevents accessing CephFS.
>
> The same CephFS cluster works fine from Ubuntu and Debian kernel clients, so this appears to be a kernel-side regression in the CephFS client codepath.
>
> ======================================================
> Summary
> ======================================================
>
> Starting with Linux 6.17.8, running "ls /mnt/cephfs" triggers an immediate kernel crash (NULL pointer dereference in strcmp), inside:
>
> ceph_mds_check_access()
> ceph_open()
>
> CephFS becomes unusable: any attempt to open files or directories on the mount kills the calling process.
>
> Rolling back to 6.17.7 fixes the issue.
>
> ======================================================
> Environment
> ======================================================
>
> Distro: Arch Linux (rolling)
> Kernel (bad): 6.17.8.arch1-1
> Kernel (good): 6.17.7.arch1-1
> Architecture: x86_64
>
> Hardware:
> Dell Latitude 7490
> BIOS 1.39.0 (2024-07-04)
>
> Ceph modules:
> ceph.ko srcversion 8A90DA7BD7115993B7D91C5
> libceph.ko srcversion 451CE8A92FEA7625419462C
>
> CephFS mount:
> 172.27.0.71:6789,172.27.1.51:6789,172.27.5.25:6789:/ /mnt/cephfs
> -t ceph
> -o name=cephfs,secret=...,noatime,_netdev,x-systemd.automount
>
> ======================================================
> Regression window
> ======================================================
>
> Last known good: 6.17.7
> First bad: 6.17.8
> Also bad: 6.17.9
> Also affected: linux-lts 6.12.x (same crash on this machine)
>
> ======================================================
> Reproducer
> ======================================================
>
> 1. Boot kernel 6.17.8 or newer.
> 2. Mount CephFS.
> 3. Run: ls /mnt/cephfs
> 4. Kernel immediately BUGs with a NULL dereference and kills the process.
>
> This is 100% reproducible.
>
> ======================================================
> Crash excerpt (full dmesg attached)
> ======================================================
>
> BUG: kernel NULL pointer dereference, address: 0000000000000000
> #PF: supervisor read access in kernel mode
> Oops: 0000 [#1] SMP PTI
> CPU: 1 PID: 5365 Comm: ls
>
> RIP: 0010:strcmp+0x2c/0x50
> RAX: 0000000000000000
> RSI: 0000000000000000
> RDI: ffff8a16d6da87c8
>
> Call Trace:
> ceph_mds_check_access+0x103/0x840 [ceph]
> __touch_cap+0x30/0x180 [ceph]
> ceph_open+0x17a/0x620 [ceph]
> do_dentry_open+0x23d/0x480
> vfs_open
> path_openat
> do_filp_open
> do_sys_openat2
> __x64_sys_openat
> do_syscall_64
> entry_SYSCALL_64_after_hwframe
>
> Second ls run produces an identical crash.
>
> ======================================================
> Notes
> ======================================================
>
> * The issue occurs before any user operations.
> * The CephFS cluster is unchanged between tests.
> * Other Linux clients (Ubuntu, Debian kernels) work fine.
> * I can test patches or help bisect.
>
> Full logs are attached.
>
>
Thanks for the report. I believe we are talking about the same issue. Please,
check this patch [1] as current workaround.
Thanks,
Slava.
[1]
https://lore.kernel.org/ceph-devel/9534e58061c7832826bbd3500b9da9479e8a8244.camel@ibm.com/T/#t
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-11-26 23:22 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-11-26 23:12 [REGRESSION] CephFS kernel client crash (NULL deref in strcmp) since Linux 6.17.8 Уолтер О'Дим
2025-11-26 23:22 ` Viacheslav Dubeyko
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).