Kafs 6.16.0-rc3 BUG: kernel NULL pointer dereference
markus.suvanto at gmail.com
markus.suvanto at gmail.com
Sun Aug 3 01:36:24 PDT 2025
pe, 2025-07-18 kello 10:29 +0100, David Howells kirjoitti:
> markus.suvanto at gmail.com wrote:
>
> > FYI...
> > So far I can't reproduce oops anymore when using 6.16.0-rc[56].
>
> :-/
>
> It hasn't been fixed as far as I know.
>
> And the kernel you were using previously should have included:
>
> 4882ba78574e afs: Fix afs_server ref accounting
>
> so would seem unlikely to be that.
>
> David
New Ooops using 6.16.0 + your debug patch
[279783.246152] AFS: Cache volume key already in use (afs,station.com,20000019)
[279853.247563] AFS: Cache volume key already in use (afs,station.com,20000019)
[280083.272746] AFS: Cache volume key already in use (afs,station.com,20000019)
[280153.279858] AFS: Cache volume key already in use (afs,station.com,20000019)
[280367.808981] BUG: kernel NULL pointer dereference, address: 0000000000000010
[280367.809481] #PF: supervisor read access in kernel mode
[280367.809926] #PF: error_code(0x0000) - not-present page
[280367.810359] PGD 0 P4D 0
[280367.810777] Oops: Oops: 0000 [#1] SMP PTI
[280367.811204] CPU: 12 UID: 0 PID: 300390 Comm: kworker/u66:3 Tainted: G I 6.16.0-00001-g06057fe3ba40
#1 VOLUNTARY
[280367.811661] Tainted: [I]=FIRMWARE_WORKAROUND
[280367.812113] Hardware name: Hewlett-Packard HP Z600 Workstation/0AE8h, BIOS 786G4 v03.19 03/11/2011
[280367.812588] Workqueue: kafsd afs_process_async_call [kafs]
[280367.813112] RIP: 0010:afs_deliver_cb_init_call_back_state3+0x38/0x1d0 [kafs]
[280367.813629] Code: 56 3c 01 0f 84 b8 00 00 00 8b 83 48 01 00 00 83 f8 05 0f 85 5d 01 00 00 48 8b 83 a0 00 00 00 48 8b
93 b0 00 00 00 48 8d 48 10 <48> 8b 40 10 48 39 02 0f 84 2b 01 00 00 48 c7 c7 a8 15 5d c2 e8 7f
[280367.814167] RSP: 0018:ffffa7c7cc48be20 EFLAGS: 00010246
[280367.814694] RAX: 0000000000000000 RBX: ffff9f72b5af3800 RCX: 0000000000000010
[280367.815214] RDX: ffff9f71687de820 RSI: ffff9f73053e3640 RDI: ffff9f71687de820
[280367.815753] RBP: ffff9f72b5af3820 R08: 0000000000000010 R09: be17000085030000
[280367.816256] R10: ffffa7c7cc48be20 R11: 0000000000000001 R12: ffff9f72be011400
[280367.816761] R13: ffff9f72b008c400 R14: ffff9f72be011485 R15: ffff9f735ffd60c0
[280367.817275] FS: 0000000000000000(0000) GS:ffff9f74935d2000(0000) knlGS:0000000000000000
[280367.817802] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[280367.818333] CR2: 0000000000000010 CR3: 00000001a8018000 CR4: 00000000000026f0
[280367.818879] Call Trace:
[280367.819426] <TASK>
[280367.819976] afs_deliver_to_call+0x56/0x4b0 [kafs]
[280367.820558] afs_process_async_call+0x2f/0x40 [kafs]
[280367.821133] process_one_work+0x141/0x2a0
[280367.821681] worker_thread+0x2da/0x420
[280367.822215] ? __pfx_worker_thread+0x10/0x10
[280367.822751] kthread+0xdf/0x1c0
[280367.823290] ? __pfx_kthread+0x10/0x10
[280367.823824] ? __pfx_kthread+0x10/0x10
[280367.824338] ret_from_fork+0x71/0xd0
[280367.824841] ? __pfx_kthread+0x10/0x10
[280367.825328] ret_from_fork_asm+0x1a/0x30
[280367.825806] </TASK>
[280367.826276] Modules linked in: tcp_diag inet_diag uinput bluetooth ecdh_generic ecc libaes md5 algif_hash af_alg
ip6table_nat ip6table_filter iptable_nat xt_MASQUERADE nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_filter
af_packet veth rc_dib0700_rc5 bridge stp llc kafs fcrypt pcbc si2157 si2168 rxrpc krb5 dns_resolver netfs mt2060 cx23885
altera_ci tda18271 altera_stapl m88ds3103 dvb_usb_dib0700 cx2341x tveeprom joydev dib9000 videobuf2_dvb intel_powerclamp
mousedev snd_hda_codec_realtek snd_hda_codec_generic snd_usb_audio i2c_mux snd_hda_scodec_component dib7000m
snd_hda_codec_hdmi dib0090 kvm_intel videobuf2_dma_sg dib0070 snd_ump videobuf2_memops dib3000mc videobuf2_v4l2
snd_hda_intel snd_usbmidi_lib dibx000_common kvm snd_hwdep dvb_usb snd_intel_dspcfg videodev snd_hda_codec gpio_ich
dvb_core snd_rawmidi irqbypass videobuf2_common snd_hda_core intel_cstate evdev snd_seq_device rc_core cp210x wmi_bmof
input_leds mc intel_uncore usbserial acpi_cpufreq bfq snd_pcm pcspkr regmap_i2c snd_timer cfg80211 snd
[280367.826376] i7core_edac lpc_ich tiny_power_button soundcore edac_core rfkill rtc_cmos button sch_fq_codel
ip6_tables ip_tables x_tables wireguard curve25519_x86_64 libchacha20poly1305 libcurve25519_generic chacha_x86_64
libchacha libpoly1305 poly1305_x86_64 ip6_udp_tunnel udp_tunnel smsc47b397 coretemp fuse tun configfs loop
crc32c_cryptoapi hid_logitech_hidpp amdgpu hid_logitech_dj drm_suballoc_helper amdxcp i2c_algo_bit drm_client_lib
mfd_core drm_ttm_helper syscopyarea ttm agpgart sysfillrect sysimgblt fb_sys_fops drm_exec gpu_sched video
drm_panel_backlight_quirks cec drm_buddy drm_display_helper sr_mod sd_mod hid_generic cdrom drm_kms_helper usbkbd
usbmouse usbhid drm psmouse serio_raw ahci nvme_tcp atkbd libahci nvme_fabrics drm_panel_orientation_quirks libps2
uhci_hcd nvme_core tg3 vivaldi_fmap libata fb ehci_pci ptp ehci_hcd backlight sha512_ssse3 font pps_core lcd scsi_mod
usbcore hwmon ledtrig_backlight i2c_core scsi_common usb_common crc16 wmi i8042 floppy serio btrfs blake2b_generic xor
zstd_compress
[280367.829359] raid6_pq nfnetlink dmi_sysfs sha1_generic sha1_ssse3 ipv6 autofs4
[280367.833876] CR2: 0000000000000010
[280367.834675] ---[ end trace 0000000000000000 ]---
[280367.835510] RIP: 0010:afs_deliver_cb_init_call_back_state3+0x38/0x1d0 [kafs]
[280367.836375] Code: 56 3c 01 0f 84 b8 00 00 00 8b 83 48 01 00 00 83 f8 05 0f 85 5d 01 00 00 48 8b 83 a0 00 00 00 48 8b
93 b0 00 00 00 48 8d 48 10 <48> 8b 40 10 48 39 02 0f 84 2b 01 00 00 48 c7 c7 a8 15 5d c2 e8 7f
[280367.837267] RSP: 0018:ffffa7c7cc48be20 EFLAGS: 00010246
[280367.838166] RAX: 0000000000000000 RBX: ffff9f72b5af3800 RCX: 0000000000000010
[280367.839107] RDX: ffff9f71687de820 RSI: ffff9f73053e3640 RDI: ffff9f71687de820
[280367.840027] RBP: ffff9f72b5af3820 R08: 0000000000000010 R09: be17000085030000
[280367.840955] R10: ffffa7c7cc48be20 R11: 0000000000000001 R12: ffff9f72be011400
[280367.841887] R13: ffff9f72b008c400 R14: ffff9f72be011485 R15: ffff9f735ffd60c0
[280367.842828] FS: 0000000000000000(0000) GS:ffff9f74935d2000(0000) knlGS:0000000000000000
[280367.843783] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[280367.844777] CR2: 0000000000000010 CR3: 00000001a8018000 CR4: 00000000000026f0
[280367.845754] note: kworker/u66:3[300390] exited with irqs disabled
[280383.319814] AFS: Cache volume key already in use (afs,station.com,20000019)
[280453.323584] AFS: Cache volume key already in use (afs,station.com,20000019)
[280683.356477] AFS: Cache volume key already in use (afs,station.com,20000019)
[280753.376252] AFS: Cache volume key already in use (afs,station.com,20000019)
Unfortunately some how I have not enable all traces
cat /sys/kernel/tracing/events/afs/afs_new_server/enable
cat /sys/kernel/tracing/events/afs/afs_del_server/enable
cat /sys/kernel/tracing/events/afs/afs_cm_no_server/enable
cat /sys/kernel/tracing/events/afs/afs_cm_no_server_u/enable
cat /sys/kernel/tracing/events/error_report/enable
cat /sys/kernel/tracing/events/afs/afs_server/enable
0
0
1
1
1
0
z600 ~ # cat /sys/kernel/tracing/trace
# tracer: nop
#
# entries-in-buffer/entries-written: 4/4 #P:16
#
# _-----=> irqs-off/BH-disabled
# / _----=> need-resched
# | / _---=> hardirq/softirq
# || / _--=> preempt-depth
# ||| / _-=> migrate-disable
# |||| / delay
# TASK-PID CPU# ||||| TIMESTAMP FUNCTION
# | | | ||||| | |
kworker/u66:0-112 [014] ..... 208.018695: afs_cm_no_server_u: c=00000108 op=213 S=00000001 008b99f8-0385-17be-
87a7-d2b8fea9aa77 0061c5ec-1b44-17a1-9303-110ba8c0aa77
kworker/u66:9-1298 [014] ..... 214.656174: afs_cm_no_server_u: c=00000008 op=213 S=00000002 008b99f8-0385-17be-
87a7-d2b8fea9aa77 0061c5ec-1b44-17a1-9303-110ba8c0aa77
krxrpcio/7001-1376 [005] d.... 162164.691240: afs_cm_no_server: c=000000a2 op=0 192.168.11.17:7000
krxrpcio/7001-1376 [005] d.... 280367.843997: afs_cm_no_server: c=000000a5 op=0 192.168.11.17:7000
-Markus
More information about the linux-afs
mailing list