search

cifsd-team / ksmbd

ksmbd kernel server(SMB/CIFS server)
151 stars 23 forks source link

[SMB_DIRECT] Test ksmbd over rdma, fs/smb/client occors errors 'kernel NULL pointer dereference, address: 00000000000000a8 #605

Closed tojoyccnu closed 7 months ago

tojoyccnu commented 7 months ago

Setup linux version: ubuntu 22.04 kernel 6.6.1 ( self compile) Version of kmod: ksmd ksmbd version : git master from cifsd-team/ksmbd Version of tools: git master

Hardware: using MT27800 Family [ConnectX-5] Mellanox Technologies

Test tools: fio 3.16

client side: mount -o username=xxxx,password=xxxx,rdma //server_ip/MemShare /mnt/smb [success]

fio testcase of direct-io is fine but something wrong when buffered-io. set fio_rdma.conf direct=0

fio test parameters

[global]
ioengine=libaio
direct=0
thread=1
norandommap=1
randrepeat=0
runtime=3000
ramp_time=6
directory=/mnt/smb/fio

[rdma64k-seq2]
stonewall
group_reporting
bs=64Ki
rw=write
size=10Gi
numjobs=8
iodepth=50

[ 4039.397347] note: fio[11465] exited with irqs disabled
[ 4039.418024] BUG: kernel NULL pointer dereference, address: 00000000000000a8
[ 4039.420920] #PF: supervisor read access in kernel mode
[ 4039.421946] #PF: error_code(0x0000) - not-present page
[ 4039.422788] PGD 0 P4D 0 
[ 4039.423562] Oops: 0000 [#2] PREEMPT SMP NOPTI
[ 4039.424286] CPU: 23 PID: 11463 Comm: fio Tainted: G      D            6.6.1 #1
[ 4039.425000] Hardware name: GIGABYTE H261-Z61-00/MZ61-HD0-00, BIOS F18 03/02/2020
[ 4039.425710] RIP: 0010:iov_iter_npages+0x4/0x130
[ 4039.426411] Code: 00 0f 0b 41 b8 ff ff ff ff eb ee 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <48> 8b 4f 18 48 85 c9 74 2b 0f b6 17 80 fa 05 75 2a 48 8b 47 08 48
[ 4039.427817] RSP: 0018:ffffc900198fb8d0 EFLAGS: 00010246
[ 4039.428530] RAX: 0000000000000800 RBX: ffff8881298ef000 RCX: 0000000000000000
[ 4039.429239] RDX: 0000000000000001 RSI: 0000000000000801 RDI: 0000000000000090
[ 4039.429944] RBP: ffffc900198fb938 R08: ffff8888ab4608c0 R09: 0000000000000000
[ 4039.430660] R10: ffff8888ab4608c0 R11: 0000000000000000 R12: 0000000000000090
[ 4039.431381] R13: 0000000000000000 R14: ffff8881273c6000 R15: ffffc900198fb9c4
[ 4039.432042] FS:  00007fbaf937c700(0000) GS:ffff88900ebc0000(0000) knlGS:0000000000000000
[ 4039.432686] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4039.433326] CR2: 00000000000000a8 CR3: 00000008aec46000 CR4: 00000000003506e0
[ 4039.433974] Call Trace:
[ 4039.434586]  <TASK>
[ 4039.435195]  ? show_regs+0x6c/0x80
[ 4039.435814]  ? __die_body+0x24/0x70
[ 4039.436425]  ? __die+0x2f/0x40
[ 4039.437025]  ? page_fault_oops+0x160/0x470
[ 4039.437619]  ? do_user_addr_fault+0x472/0x800
[ 4039.438198]  ? __enqueue_entity+0x103/0x130
[ 4039.438767]  ? enqueue_entity+0xf4/0x4f0
[ 4039.439322]  ? exc_page_fault+0x7d/0x190
[ 4039.439856]  ? asm_exc_page_fault+0x2b/0x30
[ 4039.440381]  ? iov_iter_npages+0x4/0x130
[ 4039.440899]  ? smbd_register_mr+0x46/0x590 [cifs]
[ 4039.441491]  smb2_new_read_req.constprop.0+0x138/0x260 [cifs]
[ 4039.442082]  SMB2_read+0x90/0x4f0 [cifs]
[ 4039.442661]  ? __count_memcg_events+0x4f/0xa0
[ 4039.443167]  ? handle_mm_fault+0x1ea/0x320
[ 4039.443650]  ? do_user_addr_fault+0x3e6/0x800
[ 4039.444126]  smb2_sync_read+0x31/0x40 [cifs]
[ 4039.444663]  ? smb2_sync_read+0x31/0x40 [cifs]
[ 4039.445193]  cifs_readpage_worker+0x1e0/0x940 [cifs]
[ 4039.445723]  cifs_write_begin+0x259/0x400 [cifs]
[ 4039.446250]  generic_perform_write+0xce/0x200
[ 4039.446712]  __generic_file_write_iter+0xa8/0xc0
[ 4039.447163]  cifs_strict_writev+0x1de/0x2f0 [cifs]
[ 4039.447694]  aio_write+0x11f/0x250
[ 4039.448136]  ? get_vma_policy.part.0+0x28/0x30
[ 4039.448569]  ? __check_object_size+0x88/0x2d0
[ 4039.448999]  ? _copy_to_user+0x29/0x40
[ 4039.449435]  ? aio_read_events+0x1e2/0x300
[ 4039.449855]  io_submit_one+0x438/0xb90
[ 4039.450267]  ? io_submit_one+0x438/0xb90
[ 4039.450680]  __x64_sys_io_submit+0x8b/0x170
[ 4039.451092]  ? __x64_sys_io_submit+0x8b/0x170
[ 4039.451505]  do_syscall_64+0x3f/0x90
[ 4039.451908]  entry_SYSCALL_64_after_hwframe+0x6e/0xd8
[ 4039.452310] RIP: 0033:0x7fbb2534773d
[ 4039.452693] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 23 37 0d 00 f7 d8 64 89 01 48
[ 4039.453487] RSP: 002b:00007fbaf9377a08 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[ 4039.453897] RAX: ffffffffffffffda RBX: 00007fbaf937a708 RCX: 00007fbb2534773d
[ 4039.454296] RDX: 00007fbad4001288 RSI: 0000000000000001 RDI: 00007fbb1bac9000
[ 4039.454698] RBP: 00007fbb1bac9000 R08: 0000000000000000 R09: 0000000000000088
[ 4039.455098] R10: 00007fbad4005178 R11: 0000000000000246 R12: 0000000000000001
[ 4039.455492] R13: 0000000000000000 R14: 00007fbad4001288 R15: 00007fbad4000b60
[ 4039.455890]  </TASK>
[ 4039.456276] Modules linked in: cmac nls_utf8 cifs cifs_arc4 nls_ucs2_utils rdma_cm iw_cm ib_cm cifs_md4 fscache netfs nls_iso8859_1 dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd ipmi_ssif kvm_amd binfmt_misc joydev input_leds kvm rapl ccp k10temp acpi_ipmi ipmi_si ipmi_devintf ipmi_msghandler mac_hid sch_fq_codel msr ramoops reed_solomon efi_pstore ip_tables x_tables autofs4 btrfs blake2b_generic raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mlx5_ib ib_uverbs ib_core crct10dif_pclmul crc32_pclmul ghash_clmulni_intel mlx5_core sha512_ssse3 ast hid_generic aesni_intel pci_hyperv_intf crypto_simd drm_shmem_helper mlxfw drm_kms_helper ixgbe cryptd usbhid psample igb nvme ahci xfrm_algo mdio drm hid tls dca libahci i2c_piix4 nvme_core i2c_algo_bit
[ 4039.460075] CR2: 00000000000000a8
[ 4039.460577] ---[ end trace 0000000000000000 ]---
[ 4040.525260] RIP: 0010:iov_iter_npages+0x4/0x130
[ 4040.526211] Code: 00 0f 0b 41 b8 ff ff ff ff eb ee 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <48> 8b 4f 18 48 85 c9 74 2b 0f b6 17 80 fa 05 75 2a 48 8b 47 08 48
[ 4040.527587] RSP: 0018:ffffc90019c138d0 EFLAGS: 00010246
[ 4040.528471] RAX: 0000000000000800 RBX: ffff8881298ef000 RCX: 0000000000000000
[ 4040.529204] RDX: 0000000000000001 RSI: 0000000000000801 RDI: 0000000000000090
[ 4040.529954] RBP: ffffc90019c13938 R08: ffff88815e297800 R09: 0000000000000000
[ 4040.530685] R10: ffff88815e297800 R11: 0000000000000000 R12: 0000000000000090
[ 4040.531510] R13: 0000000000000000 R14: ffff8881273c6000 R15: ffffc90019c139c4
[ 4040.532464] FS:  00007fbaf937c700(0000) GS:ffff88900ebc0000(0000) knlGS:0000000000000000
[ 4040.533220] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4040.534042] CR2: 00000000000000a8 CR3: 00000008aec46000 CR4: 00000000003506e0
[ 4040.535238] note: fio[11463] exited with irqs disabled
namjaejeon commented 7 months ago

Hi, It is kernel oops from cifs.ko(smb client), not ksmbd. This is a place to report ksmbd issues.

namjaejeon commented 7 months ago

@tojoyccnu You can report it to linux-cifs@vger.kernel.org mailing list. cifs.ko developers or maintainer will check it.