Regression: NULL pointer dereference after NFS_V4_2_READ_PLUS (commit 7fd461c47)

From: Krzysztof Kozlowski
Date: Sat Jan 07 2023 - 10:45:38 EST


Hi,

Bisect identified commit 7fd461c47c6c ("NFSv4.2: Change the default
KConfig value for READ_PLUS") as one leading to NULL pointer exception
when mounting NFS root on NFSv4 client:

[   25.739003] systemd[1]: Set hostname to <odroidhc1>.
[   25.771714] systemd[1]: Failed to bump fs.file-max, ignoring: Invalid
argument
[   26.199478] 8<--- cut here ---
[   26.201366] Unable to handle kernel NULL pointer dereference at
virtual address 00000004
...
[   26.555522]  mmiocpy from xdr_inline_decode+0xec/0x16c
[   26.560628]  xdr_inline_decode from nfs4_xdr_dec_read_plus+0x178/0x358
[   26.567130]  nfs4_xdr_dec_read_plus from call_decode+0x204/0x304

Full OOPS attached. Full log available here:
https://krzk.eu/#/builders/21/builds/3901/steps/15/logs/serial0

Disabling NFS_V4_2_READ_PLUS fixes the issue, so obviously the commit is
not the cause, but rather making it default caused the regression.

I did not make the bisect yet which commit introduced it, if every
config includes NFS_V4_2_READ_PLUS.


Some details about platform:

1. Arch ARM Linux
2. exynos_defconfig
3. Odroid HC1 board with ARMv7, octa-core (Cortex-A7+A15), Exynos5422 SoC
4. systemd, boot up with static IP set in kernel command line
5. No swap
6. Kernel, DTB and initramfs are downloaded with TFTP
7. NFS root (NFS client) mounted from a NFSv4 server


Best regards,
Krzysztof25.628075] systemd[1]: systemd 242.29-1-arch running in system mode. (+PAM +AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid)
[   25.656202] systemd[1]: Detected architecture arm.
[   25.664007] random: crng init done

Welcome to Arch Linux ARM!

[   25.739003] systemd[1]: Set hostname to <odroidhc1>.
[   25.771714] systemd[1]: Failed to bump fs.file-max, ignoring: Invalid argument
[   26.199478] 8<--- cut here ---
[   26.201366] Unable to handle kernel NULL pointer dereference at virtual address 00000004
[   26.209389] [00000004] *pgd=00000000
[   26.212962] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[   26.218091] Modules linked in:
[   26.221120] CPU: 4 PID: 62 Comm: kworker/u16:1 Not tainted 6.1.0-03250-ga044dab5e6e5 #92
[   26.229175] Hardware name: Samsung Exynos (Flattened Device Tree)
[   26.235241] Workqueue: rpciod rpc_async_schedule
[   26.239828] PC is at mmiocpy+0x4c/0x334
[   26.243639] LR is at xdr_inline_decode+0xec/0x16c
[   26.248320] pc : [<c0b938ec>]    lr : [<c0b5f740>]    psr: 200a0113
[   26.254561] sp : f0a71d98  ip : 00000000  fp : f0a71da8
[   26.259759] r10: 00003000  r9 : 00000009  r8 : c1d1dc18
[   26.264956] r7 : 00000ffc  r6 : f0a71e24  r5 : 00000004  r4 : f0a71e60
[   26.271457] r3 : 00000000  r2 : 00000f7c  r1 : 00000004  r0 : f0a71e24
[   26.277956] Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[   26.285064] Control: 10c5387d  Table: 4407006a  DAC: 00000051
[   26.290787] Register r0 information: 2-page vmalloc region starting at 0xf0a70000 allocated at kernel_clone+0x58/0x3fc
[   26.301446] Register r1 information: non-paged memory
[   26.306464] Register r2 information: non-paged memory
[   26.311490] Register r3 information: NULL pointer
[   26.316169] Register r4 information: 2-page vmalloc region starting at 0xf0a70000 allocated at kernel_clone+0x58/0x3fc
[   26.326838] Register r5 information: non-paged memory
[   26.331856] Register r6 information: 2-page vmalloc region starting at 0xf0a70000 allocated at kernel_clone+0x58/0x3fc
[   26.342522] Register r7 information: non-paged memory
[   26.347541] Register r8 information: slab kmalloc-256 start c1d1dc00 pointer offset 24 size 256
[   26.356211] Register r9 information: non-paged memory
[   26.361232] Register r10 information: non-paged memory
[   26.366345] Register r11 information: 2-page vmalloc region starting at 0xf0a70000 allocated at kernel_clone+0x58/0x3fc
[   26.377098] Register r12 information: NULL pointer
[   26.381856] Process kworker/u16:1 (pid: 62, stack limit = 0x89ca8077)
[   26.388271] Stack: (0xf0a71d98 to 0xf0a72000)
[   26.392600] 1d80:                                                       00000004 f0a71e24
[   26.400766] 1da0: c1d1dc18 00000009 f0a71e24 f0a71e60 c1d1dc00 c0b5f740 00000001 f0a71e60
[   26.408898] 1dc0: c1d91100 00000009 c1d1dc18 c04870f8 c1e527d8 c1171584 00000000 00000000
[   26.417043] 1de0: 00000003 00000000 00000000 00000000 0000001a 00000004 c26faa1c 00000000
[   26.425189] 1e00: c26faa94 00000000 c17f1498 c3321600 00000000 00003000 00000000 00003000
[   26.433335] 1e20: 00003000 c25da000 c1d90f58 00000000 f0a71e60 2b750d84 00000000 c1d90f58
[   26.441479] 1e40: c40a4000 c1360180 c1208f10 c40a4030 c1e52000 c0b340b0 c1d90f74 c0b342b4
[   26.449626] 1e60: 00001000 c40a4030 00001000 00000000 f0a71e24 00000010 c332160c 00002c24
[   26.457771] 1e80: c40a4000 2b750d84 c1208f10 c1d90f58 c1e52000 c1208f10 c0b340b0 c1360160
[   26.465916] 1ea0: c0b4e8f4 c0b4f060 00000000 00000001 04248160 c1357d57 c1171584 00000000
[   26.474062] 1ec0: 00000001 2b750d84 00000002 c1e52000 04208160 c1c08e00 c2752900 c1e52000
[   26.482208] 1ee0: c1358980 c1208f10 c2752905 c0b4f828 c1d90f7c c1cffd00 c1c08e00 c0148140
[   26.490353] 1f00: 00000001 00000000 c014809c c1e52000 00002dfd 00000000 c1e52000 c1c08e00
[   26.498498] 1f20: c19dbb60 c17f1498 00000000 c0f5ffec 00000000 2b750d84 c1c08e00 c1cffd00
[   26.506644] 1f40: c1c08e00 c1cffd18 c1c08e3c c1205d40 00000088 c1e52000 c1c08e00 c0148a60
[   26.514789] 1f60: c1e52000 c1357e40 c1e70f80 c1f2b0c0 c1e52000 c0148a0c c1cffd00 c1e70f80
[   26.522935] 1f80: f088dea4 00000000 00000000 c0151108 c1f2b0c0 c0151018 00000000 00000000
[   26.531081] 1fa0: 00000000 00000000 00000000 c0100108 00000000 00000000 00000000 00000000
[   26.539226] 1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[   26.547371] 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[   26.555522]  mmiocpy from xdr_inline_decode+0xec/0x16c
[   26.560628]  xdr_inline_decode from nfs4_xdr_dec_read_plus+0x178/0x358
[   26.567130]  nfs4_xdr_dec_read_plus from call_decode+0x204/0x304
[   26.573107]  call_decode from __rpc_execute+0xf8/0x8a4
[   26.578218]  __rpc_execute from rpc_async_schedule+0x1c/0x34
[   26.583848]  rpc_async_schedule from process_one_work+0x294/0x78c
[   26.589916]  process_one_work from worker_thread+0x54/0x518
[   26.595459]  worker_thread from kthread+0xf0/0x124
[   26.600226]  kthread from ret_from_fork+0x14/0x2c
[   26.604903] Exception stack(0xf0a71fb0 to 0xf0a71ff8)
[   26.609931] 1fa0:                                     00000000 00000000 00000000 00000000
[   26.618082] 1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[   26.626226] 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[   26.632814] Code: ba000002 f5d1f03c f5d1f05c f5d1f07c (e8b15378)
[   26.638976] ---[ end trace 0000000000000000 ]---
[   39.512299] vdd_ldo12: disabling
[   39.516426] vdd_ldo16: disabling
[   39.522488] vdd_ldo24: disabling
[   39.526582] vdd_ldo26: disabling
[   39.544786] vdd_vmem: disabling