Kafs 6.16.0-rc3 BUG: kernel NULL pointer dereference
David Howells
dhowells at redhat.com
Tue Jul 1 06:12:23 PDT 2025
markus.suvanto at gmail.com wrote:
> > Also, would you be able to build a debugging patch into your kernel?
> >
>
> Yes I can.
Actually, that may not be necessary. I think the problem is here, in this
function:
static void afs_rx_new_call(struct sock *sk, struct rxrpc_call *rxcall,
unsigned long user_call_ID)
{
struct afs_call *call = (struct afs_call *)user_call_ID;
struct afs_net *net = afs_sock2net(sk);
call->peer = rxrpc_kernel_get_call_peer(sk->sk_socket, call->rxcall);
call->server = afs_find_server(call->peer);
if (!call->server)
trace_afs_cm_no_server(call, rxrpc_kernel_remote_srx(call->peer));
queue_work(afs_wq, &net->charge_preallocation_work);
}
call->server can end up being NULL if we don't recognise the source server.
The service functions, however, assume that call->server will be set.
We can try to test this using existing tracepoints. Can you turn on:
echo 1 > /sys/kernel/debug/tracing/events/afs/afs_cm_no_server/enable
echo 1 > /sys/kernel/debug/tracing/events/afs/afs_cm_no_server_u/enable
echo 1 > /sys/kernel/debug/tracing/events/error_report/enable
and see if any of these turn up in the trace log?
In particular if an afs_cm_no_server trace is followed immediately after by
an error_report trace in the same process.
Thanks,
David
More information about the linux-afs
mailing list