** Summary changed: - Remote filesystems mounted as CIFS not working after update to Kernel "6.5.0-27-generic #28-Ubuntu" (amd64) or Kernel "6.5.0-1014-raspi #17-Ubuntu" (aarch64). + cifs: Copying file to same directory results in page fault
** Description changed: - Remote filesystems mounted as CIFS are not working after update to - Kernel "6.5.0-27-generic #28-Ubuntu" for x86_64 (and also after updating - to Kernel "6.5.0-1014-raspi #17-Ubuntu" in aarch64). + BugLink: https://bugs.launchpad.net/bugs/2060919 - The remote filesystem is correctly mounted and seems to work but trying - to write data to the filesystem ends in a kernel error exception. After - that error the CIFS filesystem just became unusable. + [Impact] - Previous Kernel version works correctly. + Copying or modifying a file to the same directory within a cifs mount + results in a page fault, and the process that initiated the copy being + killed. This could be cp, nautilus, etc. - ========================================================= - Example for Kernel "6.5.0-27-generic #28-Ubuntu" (x86_64) - ========================================================= - # lsb_release -rd - No LSB modules are available. - Description: Ubuntu 23.10 - Release: 23.10 + This results in the following oops: - # uname -a - Linux fpgmsi 6.5.0-27-generic #28-Ubuntu SMP PREEMPT_DYNAMIC Thu Mar 7 18:21:00 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux + BUG: unable to handle page fault for address: fffffffffffffffe + #PF: supervisor read access in kernel mode + #PF: error_code(0x0000) - not-present page + PGD f45a3f067 P4D f45a3f067 PUD f45a41067 PMD 0 + Oops: 0000 [#1] PREEMPT SMP NOPTI + CPU: 0 PID: 28103 Comm: Thread (pooled) Tainted: P OE 6.5.0-27-generic #28-Ubuntu + RIP: 0010:cifs_flush_folio+0x41/0xf0 [cifs] + Code: 49 89 cd 31 c9 41 54 49 89 f4 48 c1 ee 0c 53 48 83 ec 08 48 8b 7f 30 44 89 45 d4 e8 79 b3 23 f1 48 89 c3 31 c0 48 85 db 74 77 <48> 8b 13 b8 00 10 00 00 f7 c2 00 00 01 00 74 10 0f b6 4b 51 48 d3 + RSP: 0018:ffffaab6865ffbf8 EFLAGS: 00010282 + RAX: 0000000000000000 RBX: fffffffffffffffe RCX: 0000000000000000 + RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 + RBP: ffffaab6865ffc28 R08: 0000000000000001 R09: 0000000000000000 + R10: 0000000000023854 R11: 0000000000000000 R12: 0000000000000000 + R13: ffffaab6865ffc78 R14: ffff906675d8aed0 R15: ffffaab6865ffc70 + FS: 00007bd4d594b6c0(0000) GS:ffff90753f800000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: fffffffffffffffe CR3: 000000017022a000 CR4: 0000000000750ef0 + PKRU: 55555554 + Call Trace: + <TASK> + ? show_regs+0x6d/0x80 + ? __die+0x24/0x80 + ? page_fault_oops+0x99/0x1b0 + ? kernelmode_fixup_or_oops+0xb2/0x140 + ? __bad_area_nosemaphore+0x1a5/0x2c0 + ? bad_area_nosemaphore+0x16/0x30 + ? do_kern_addr_fault+0x7b/0xa0 + ? exc_page_fault+0x1a4/0x1b0 + ? asm_exc_page_fault+0x27/0x30 + ? cifs_flush_folio+0x41/0xf0 [cifs] + ? cifs_flush_folio+0x37/0xf0 [cifs] + cifs_remap_file_range+0x172/0x660 [cifs] + do_clone_file_range+0x101/0x2d0 + vfs_clone_file_range+0x3f/0x150 + ioctl_file_clone+0x52/0xc0 + do_vfs_ioctl+0x68f/0x910 + ? __fget_light+0xa5/0x120 + __x64_sys_ioctl+0x7d/0xf0 + do_syscall_64+0x59/0x90 + ? kmem_cache_free+0x22/0x3e0 + ? putname+0x5b/0x80 + ? exit_to_user_mode_prepare+0x30/0xb0 + ? syscall_exit_to_user_mode+0x37/0x60 + ? do_syscall_64+0x68/0x90 + ? do_syscall_64+0x68/0x90 + ? do_syscall_64+0x68/0x90 - # cat /proc/version_signature - Ubuntu 6.5.0-27.28-generic 6.5.13 + There is no known workaround. - ---------------------------- - How to reproduce the problem - ---------------------------- - For instance, I'm using KeePassXC (https://launchpad.net/ubuntu/+source/keepassxc) to update a database located at CIFS filesystem. Any change done to that database causes this Kernel error exception: + [Fix] - abr 11 09:34:59 fpgmsi kernel: BUG: unable to handle page fault for address: fffffffffffffffe - abr 11 09:34:59 fpgmsi kernel: #PF: supervisor read access in kernel mode - abr 11 09:34:59 fpgmsi kernel: #PF: error_code(0x0000) - not-present page - abr 11 09:34:59 fpgmsi kernel: PGD f45a3f067 P4D f45a3f067 PUD f45a41067 PMD 0 - abr 11 09:34:59 fpgmsi kernel: Oops: 0000 [#1] PREEMPT SMP NOPTI - abr 11 09:34:59 fpgmsi kernel: CPU: 0 PID: 28103 Comm: Thread (pooled) Tainted: P OE 6.5.0-27-generic #28-Ubuntu - abr 11 09:34:59 fpgmsi kernel: Hardware name: Micro-Star International Co., Ltd. MAG Z690 Codex X5 (MS-B930)/PRO Z690-A WIFI (MS-7D25), BIOS D.50 04/26/2022 - abr 11 09:34:59 fpgmsi kernel: RIP: 0010:cifs_flush_folio+0x41/0xf0 [cifs] - abr 11 09:34:59 fpgmsi kernel: Code: 49 89 cd 31 c9 41 54 49 89 f4 48 c1 ee 0c 53 48 83 ec 08 48 8b 7f 30 44 89 45 d4 e8 79 b3 23 f1 48 89 c3 31 c0 48 85 db 74 77 <48> 8b 13 b8 00 10 00 00 f7 c2 00 00 01 00 74 10 0f b6 4b 51 48 d3 - abr 11 09:34:59 fpgmsi kernel: RSP: 0018:ffffaab6865ffbf8 EFLAGS: 00010282 - abr 11 09:34:59 fpgmsi kernel: RAX: 0000000000000000 RBX: fffffffffffffffe RCX: 0000000000000000 - abr 11 09:34:59 fpgmsi kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 - abr 11 09:34:59 fpgmsi kernel: RBP: ffffaab6865ffc28 R08: 0000000000000001 R09: 0000000000000000 - abr 11 09:34:59 fpgmsi kernel: R10: 0000000000023854 R11: 0000000000000000 R12: 0000000000000000 - abr 11 09:34:59 fpgmsi kernel: R13: ffffaab6865ffc78 R14: ffff906675d8aed0 R15: ffffaab6865ffc70 - abr 11 09:34:59 fpgmsi kernel: FS: 00007bd4d594b6c0(0000) GS:ffff90753f800000(0000) knlGS:0000000000000000 - abr 11 09:34:59 fpgmsi kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 - abr 11 09:34:59 fpgmsi kernel: CR2: fffffffffffffffe CR3: 000000017022a000 CR4: 0000000000750ef0 - abr 11 09:34:59 fpgmsi kernel: PKRU: 55555554 - abr 11 09:34:59 fpgmsi kernel: Call Trace: - abr 11 09:34:59 fpgmsi kernel: <TASK> - abr 11 09:34:59 fpgmsi kernel: ? show_regs+0x6d/0x80 - abr 11 09:34:59 fpgmsi kernel: ? __die+0x24/0x80 - abr 11 09:34:59 fpgmsi kernel: ? page_fault_oops+0x99/0x1b0 - abr 11 09:34:59 fpgmsi kernel: ? kernelmode_fixup_or_oops+0xb2/0x140 - abr 11 09:34:59 fpgmsi kernel: ? __bad_area_nosemaphore+0x1a5/0x2c0 - abr 11 09:34:59 fpgmsi kernel: ? bad_area_nosemaphore+0x16/0x30 - abr 11 09:34:59 fpgmsi kernel: ? do_kern_addr_fault+0x7b/0xa0 - abr 11 09:34:59 fpgmsi kernel: ? exc_page_fault+0x1a4/0x1b0 - abr 11 09:34:59 fpgmsi kernel: ? asm_exc_page_fault+0x27/0x30 - abr 11 09:34:59 fpgmsi kernel: ? cifs_flush_folio+0x41/0xf0 [cifs] - abr 11 09:34:59 fpgmsi kernel: ? cifs_flush_folio+0x37/0xf0 [cifs] - abr 11 09:34:59 fpgmsi kernel: cifs_remap_file_range+0x172/0x660 [cifs] - abr 11 09:34:59 fpgmsi kernel: do_clone_file_range+0x101/0x2d0 - abr 11 09:34:59 fpgmsi kernel: vfs_clone_file_range+0x3f/0x150 - abr 11 09:34:59 fpgmsi kernel: ioctl_file_clone+0x52/0xc0 - abr 11 09:34:59 fpgmsi kernel: do_vfs_ioctl+0x68f/0x910 - abr 11 09:34:59 fpgmsi kernel: ? __fget_light+0xa5/0x120 - abr 11 09:34:59 fpgmsi kernel: __x64_sys_ioctl+0x7d/0xf0 - abr 11 09:34:59 fpgmsi kernel: do_syscall_64+0x59/0x90 - abr 11 09:34:59 fpgmsi kernel: ? kmem_cache_free+0x22/0x3e0 - abr 11 09:34:59 fpgmsi kernel: ? putname+0x5b/0x80 - abr 11 09:34:59 fpgmsi kernel: ? exit_to_user_mode_prepare+0x30/0xb0 - abr 11 09:34:59 fpgmsi kernel: ? syscall_exit_to_user_mode+0x37/0x60 - abr 11 09:34:59 fpgmsi kernel: ? do_syscall_64+0x68/0x90 - abr 11 09:34:59 fpgmsi kernel: ? do_syscall_64+0x68/0x90 - abr 11 09:34:59 fpgmsi kernel: ? do_syscall_64+0x68/0x90 - abr 11 09:34:59 fpgmsi kernel: entry_SYSCALL_64_after_hwframe+0x6e/0xd8 - abr 11 09:34:59 fpgmsi kernel: RIP: 0033:0x7bd4ff12396f - abr 11 09:34:59 fpgmsi kernel: Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00 - abr 11 09:34:59 fpgmsi kernel: RSP: 002b:00007bd4d59498a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 - abr 11 09:34:59 fpgmsi kernel: RAX: ffffffffffffffda RBX: 0000000000000023 RCX: 00007bd4ff12396f - abr 11 09:34:59 fpgmsi kernel: RDX: 0000000000000023 RSI: 0000000040049409 RDI: 000000000000002c - abr 11 09:34:59 fpgmsi kernel: RBP: 000000000000002c R08: 00007bd4c80008e0 R09: 0000000000000007 - abr 11 09:34:59 fpgmsi kernel: R10: 00007bd4c80026b0 R11: 0000000000000246 R12: 00007bd4c8001380 - abr 11 09:34:59 fpgmsi kernel: R13: 00007bd4d5949a10 R14: 00007bd4c8001e20 R15: 00007bd4d5949a00 - abr 11 09:34:59 fpgmsi kernel: </TASK> - abr 11 09:34:59 fpgmsi kernel: Modules linked in: rfcomm snd_seq_dummy snd_hrtimer vboxnetadp(OE) vboxnetflt(OE) vboxdrv(OE) nls_utf8 cifs cifs_arc4 cifs_md4 fscache netfs cmac algif_hash algif_skcipher af_alg nft_chain_nat nvidia_uvm(POE) nf_nat bnep zram xt_tcpudp sunrpc xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nft_compat nf_tables binfmt_misc nfnetlink nls_iso8859_1 intel_rapl_msr intel_rapl_common intel_uncore_frequency intel_uncore_frequency_common snd_sof_pci_intel_tgl nvidia_drm(POE) snd_sof_intel_hda_common nvidia_modeset(POE) soundwire_intel x86_pkg_temp_thermal intel_powerclamp snd_sof_intel_hda_mlink soundwire_cadence snd_sof_intel_hda snd_sof_pci snd_sof_xtensa_dsp snd_hda_codec_realtek snd_sof snd_hda_codec_generic ledtrig_audio snd_sof_utils snd_soc_hdac_hda snd_hda_ext_core snd_soc_acpi_intel_match snd_soc_acpi soundwire_generic_allocation snd_hda_codec_hdmi soundwire_bus snd_soc_core snd_compress ac97_bus snd_pcm_dmaengine snd_hda_intel snd_intel_dspc fg snd_intel_sdw_acpi snd_hda_codec snd_hda_core - abr 11 09:34:59 fpgmsi kernel: snd_hwdep coretemp iwlmvm snd_pcm btusb btrtl kvm_intel btbcm snd_seq_midi snd_seq_midi_event btintel cmdlinepart mac80211 btmtk snd_rawmidi spi_nor nvidia(POE) libarc4 kvm bluetooth snd_seq mtd iwlwifi pmt_telemetry snd_seq_device pmt_class snd_timer irqbypass rapl ecdh_generic joydev intel_cstate input_leds wmi_bmof mxm_wmi ecc cfg80211 snd mei_me i2c_i801 spi_intel_pci soundcore mei spi_intel i2c_smbus intel_vsec serial_multi_instantiate acpi_pad acpi_tad mac_hid tcp_bbr sch_fq vmwgfx drm_ttm_helper ttm drm_kms_helper parport_pc ppdev lp parport drm efi_pstore dmi_sysfs ip_tables x_tables autofs4 btrfs blake2b_generic raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear dm_mirror dm_region_hash dm_log msr lz4 lz4_compress hid_generic usbhid hid crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha256_ssse3 sha1_ssse3 aesni_intel nvme crypto_sim d cryptd nvme_core igc ahci xhci_pci libahci nvme_common - abr 11 09:34:59 fpgmsi kernel: xhci_pci_renesas video wmi pinctrl_alderlake - abr 11 09:34:59 fpgmsi kernel: CR2: fffffffffffffffe - abr 11 09:34:59 fpgmsi kernel: ---[ end trace 0000000000000000 ]--- - abr 11 09:34:59 fpgmsi kernel: RIP: 0010:cifs_flush_folio+0x41/0xf0 [cifs] - abr 11 09:34:59 fpgmsi kernel: Code: 49 89 cd 31 c9 41 54 49 89 f4 48 c1 ee 0c 53 48 83 ec 08 48 8b 7f 30 44 89 45 d4 e8 79 b3 23 f1 48 89 c3 31 c0 48 85 db 74 77 <48> 8b 13 b8 00 10 00 00 f7 c2 00 00 01 00 74 10 0f b6 4b 51 48 d3 - abr 11 09:34:59 fpgmsi kernel: RSP: 0018:ffffaab6865ffbf8 EFLAGS: 00010282 - abr 11 09:34:59 fpgmsi kernel: RAX: 0000000000000000 RBX: fffffffffffffffe RCX: 0000000000000000 - abr 11 09:34:59 fpgmsi kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 - abr 11 09:34:59 fpgmsi kernel: RBP: ffffaab6865ffc28 R08: 0000000000000001 R09: 0000000000000000 - abr 11 09:34:59 fpgmsi kernel: R10: 0000000000023854 R11: 0000000000000000 R12: 0000000000000000 - abr 11 09:34:59 fpgmsi kernel: R13: ffffaab6865ffc78 R14: ffff906675d8aed0 R15: ffffaab6865ffc70 - abr 11 09:34:59 fpgmsi kernel: FS: 00007bd4d594b6c0(0000) GS:ffff90753f800000(0000) knlGS:0000000000000000 - abr 11 09:34:59 fpgmsi kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 - abr 11 09:34:59 fpgmsi kernel: CR2: fffffffffffffffe CR3: 000000017022a000 CR4: 0000000000750ef0 - abr 11 09:34:59 fpgmsi kernel: PKRU: 55555554 - abr 11 09:34:59 fpgmsi kernel: note: Thread (pooled)[28103] exited with irqs disabled + The stacktrace is very similar to a regression reported to upstream + 6.1.y: - After that error the CIFS filesystem just became unusable. + https://lore.kernel.org/linux- + mm/a76b370f93cb928c049b94e1fde0d2da506dfcb2.ca...@amazon.com/T/ - ProblemType: Bug - DistroRelease: Ubuntu 23.10 - Package: linux-image-6.5.0-27-generic 6.5.0-27.28 - ProcVersionSignature: Ubuntu 6.5.0-27.28-generic 6.5.13 - Uname: Linux 6.5.0-27-generic x86_64 - NonfreeKernelModules: nvidia_modeset nvidia - ApportVersion: 2.27.0-0ubuntu5 - Architecture: amd64 - AudioDevicesInUse: - USER PID ACCESS COMMAND - /dev/snd/controlC0: fprietog 11499 F.... wireplumber - /dev/snd/controlC1: fprietog 11499 F.... wireplumber - /dev/snd/seq: fprietog 11497 F.... pipewire - CRDA: N/A - CasperMD5CheckResult: unknown - CurrentDesktop: ubuntu:GNOME - Date: Thu Apr 11 09:35:10 2024 - InstallationDate: Installed on 2015-04-02 (3296 days ago) - InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Release amd64 (20141022.1) - MachineType: {report['dmi.sys.vendor']} {report['dmi.product.name']} - ProcFB: 0 EFI VGA - ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-6.5.0-27-generic root=UUID=07a25daf-33fb-475f-86e0-72ec5d0b3702 ro noplymouth nvidia-drm.modeset=1 - RelatedPackageVersions: - linux-restricted-modules-6.5.0-27-generic N/A - linux-backports-modules-6.5.0-27-generic N/A - linux-firmware 20230919.git3672ccab-0ubuntu2.9 - SourcePackage: linux - UpgradeStatus: Upgraded to mantic on 2023-10-25 (169 days ago) - dmi.bios.date: 04/26/2022 - dmi.bios.release: 5.24 - dmi.bios.vendor: American Megatrends International, LLC. - dmi.bios.version: D.50 - dmi.board.asset.tag: Default string - dmi.board.name: PRO Z690-A WIFI (MS-7D25) - dmi.board.vendor: Micro-Star International Co., Ltd. - dmi.board.version: 2.1 - dmi.chassis.asset.tag: Default string - dmi.chassis.type: 3 - dmi.chassis.vendor: Micro-Star International Co., Ltd. - dmi.chassis.version: 2.1 - dmi.modalias: dmi:bvnAmericanMegatrendsInternational,LLC.:bvrD.50:bd04/26/2022:br5.24:svnMicro-StarInternationalCo.,Ltd.:pnMAGZ690CodexX5(MS-B930):pvr2.1:rvnMicro-StarInternationalCo.,Ltd.:rnPROZ690-AWIFI(MS-7D25):rvr2.1:cvnMicro-StarInternationalCo.,Ltd.:ct3:cvr2.1:skuB930.D: - dmi.product.family: Desktop - dmi.product.name: MAG Z690 Codex X5 (MS-B930) - dmi.product.sku: B930.D - dmi.product.version: 2.1 - dmi.sys.vendor: Micro-Star International Co., Ltd. + The thread mentions that: + + commit 7b2404a886f8b91250c31855d287e632123e1746 + Author: David Howells <dhowe...@redhat.com> + Date: Fri Dec 1 00:22:00 2023 +0000 + Subject: cifs: Fix flushing, invalidation and file size with copy_file_range() + Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7b2404a886f8b91250c31855d287e632123e1746 + + introduced the issue to Debian's 6.1 kernel. + + This got backported to Ubuntu in: + + commit 3adbe2ccd8b9b8fde93e03958d6176945794d288 + Author: David Howells <dhowe...@redhat.com> + Date: Fri Dec 1 00:22:00 2023 +0000 + Subject: cifs: Fix flushing, invalidation and file size with copy_file_range() + + $ git describe --contains 3adbe2ccd8b9b8fde93e03958d6176945794d288 + Ubuntu-6.5.0-20.20~107 + + Which we have been using for some time now, and is not the culprit. + + Reading the regression mailing list thread, they mention that things + work differently in 6.1: + + > Yeah. __filemap_get_folio() works differently in v6.1.y. There it returns a + > folio or NULL. In 6.7 it returns a folio or a negative error code. The error + > check in cifs_flush_folio() needs to change to something like: + > + > folio = filemap_get_folio(inode->i_mapping, index); + > if (!folio) + > return -ENOMEM; + > + > David + + 6.1.y then got a specific patch to fix the issue in 6.1, which is: + + commit 21bb2ba4f1ac1e3a57594be62dd74e7b1401b2b1 + Author: Steve French <stfre...@microsoft.com> + Date: Fri Jan 12 23:08:51 2024 -0600 + Subject: cifs: fix flushing folio regression for 6.1 backport + Link: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/mantic/commit/?id=21bb2ba4f1ac1e3a57594be62dd74e7b1401b2b1 + + $ git describe --contains 21bb2ba4f1ac1e3a57594be62dd74e7b1401b2b1 + Ubuntu-6.5.0-27.28~162 + + Since the Ubuntu mantic kernel consumes both 6.1.y and 6.7.y / 6.8.y + stable patches, this patch was applied to mantic's 6.5 kernel by + mistake, and contains the wrong logic for how __filemap_get_folio() + works in 6.5. + + The fix is to revert "cifs: fix flushing folio regression for 6.1 + backport" as a SAUCE patch. + + [Testcase] + + Start two VMs. One is recommended to be Debian 12, which is what some + users have had luck with in the past, as the server, and the client can + be mantic. + + Server + ------ + + $ sudo apt update + $ sudo apt upgrade + $ sudo apt install samba + $ sudo vim /etc/samba/smb.conf + server min protocol = NT1 + [sambashare] + comment = Samba on Ubuntu + path = /home/ubuntu/sambashare + read only = no + browsable = yes + $ mkdir ~/sambashare + $ sudo smbpasswd -a ubuntu + + Client + ------ + + $ sudo apt update + $ sudo apt install cifs-utils + $ mkdir ~/share + $ sudo mount -t cifs -o username=ubuntu //192.168.122.185/sambashare ~/share + Password for ubuntu@//192.168.122.185/sambashare: + $ mount -l + ... + //192.168.122.185/sambashare on /home/ubuntu/share type cifs (rw,relatime,vers=3.1.1,cache=strict,username=ubuntu,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.122.185,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=60,actimeo=1,closetimeo=1) + + $ ls + hallo.txt hello.txt sample.txt sample2.txt + $ sudo cp hello.txt hello.txt.1 + Killed + + If you install the test kernel available from the following ppa: + + https://launchpad.net/~mruffell/+archive/ubuntu/lp2060919-test + + The copy will work as expected. + + [Where problems could occur] + + Reverting the patch restores logic back to how it was between + 6.5.0-20-generic through to 6.5.0-26-generic, which functions, and is + well tested by the community. + + If a regression were to occur, it would impact all writes to cifs + mounts, particularly to the same destination directory as the origin + file. There is no known workarounds. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2060919 Title: cifs: Copying file to same directory results in page fault Status in linux package in Ubuntu: Invalid Status in linux source package in Mantic: In Progress Bug description: BugLink: https://bugs.launchpad.net/bugs/2060919 [Impact] Copying or modifying a file to the same directory within a cifs mount results in a page fault, and the process that initiated the copy being killed. This could be cp, nautilus, etc. This results in the following oops: BUG: unable to handle page fault for address: fffffffffffffffe #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD f45a3f067 P4D f45a3f067 PUD f45a41067 PMD 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 28103 Comm: Thread (pooled) Tainted: P OE 6.5.0-27-generic #28-Ubuntu RIP: 0010:cifs_flush_folio+0x41/0xf0 [cifs] Code: 49 89 cd 31 c9 41 54 49 89 f4 48 c1 ee 0c 53 48 83 ec 08 48 8b 7f 30 44 89 45 d4 e8 79 b3 23 f1 48 89 c3 31 c0 48 85 db 74 77 <48> 8b 13 b8 00 10 00 00 f7 c2 00 00 01 00 74 10 0f b6 4b 51 48 d3 RSP: 0018:ffffaab6865ffbf8 EFLAGS: 00010282 RAX: 0000000000000000 RBX: fffffffffffffffe RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffaab6865ffc28 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000023854 R11: 0000000000000000 R12: 0000000000000000 R13: ffffaab6865ffc78 R14: ffff906675d8aed0 R15: ffffaab6865ffc70 FS: 00007bd4d594b6c0(0000) GS:ffff90753f800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffffffffffffffe CR3: 000000017022a000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? kernelmode_fixup_or_oops+0xb2/0x140 ? __bad_area_nosemaphore+0x1a5/0x2c0 ? bad_area_nosemaphore+0x16/0x30 ? do_kern_addr_fault+0x7b/0xa0 ? exc_page_fault+0x1a4/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? cifs_flush_folio+0x41/0xf0 [cifs] ? cifs_flush_folio+0x37/0xf0 [cifs] cifs_remap_file_range+0x172/0x660 [cifs] do_clone_file_range+0x101/0x2d0 vfs_clone_file_range+0x3f/0x150 ioctl_file_clone+0x52/0xc0 do_vfs_ioctl+0x68f/0x910 ? __fget_light+0xa5/0x120 __x64_sys_ioctl+0x7d/0xf0 do_syscall_64+0x59/0x90 ? kmem_cache_free+0x22/0x3e0 ? putname+0x5b/0x80 ? exit_to_user_mode_prepare+0x30/0xb0 ? syscall_exit_to_user_mode+0x37/0x60 ? do_syscall_64+0x68/0x90 ? do_syscall_64+0x68/0x90 ? do_syscall_64+0x68/0x90 There is no known workaround. [Fix] The stacktrace is very similar to a regression reported to upstream 6.1.y: https://lore.kernel.org/linux- mm/a76b370f93cb928c049b94e1fde0d2da506dfcb2.ca...@amazon.com/T/ The thread mentions that: commit 7b2404a886f8b91250c31855d287e632123e1746 Author: David Howells <dhowe...@redhat.com> Date: Fri Dec 1 00:22:00 2023 +0000 Subject: cifs: Fix flushing, invalidation and file size with copy_file_range() Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7b2404a886f8b91250c31855d287e632123e1746 introduced the issue to Debian's 6.1 kernel. This got backported to Ubuntu in: commit 3adbe2ccd8b9b8fde93e03958d6176945794d288 Author: David Howells <dhowe...@redhat.com> Date: Fri Dec 1 00:22:00 2023 +0000 Subject: cifs: Fix flushing, invalidation and file size with copy_file_range() $ git describe --contains 3adbe2ccd8b9b8fde93e03958d6176945794d288 Ubuntu-6.5.0-20.20~107 Which we have been using for some time now, and is not the culprit. Reading the regression mailing list thread, they mention that things work differently in 6.1: > Yeah. __filemap_get_folio() works differently in v6.1.y. There it returns a > folio or NULL. In 6.7 it returns a folio or a negative error code. The error > check in cifs_flush_folio() needs to change to something like: > > folio = filemap_get_folio(inode->i_mapping, index); > if (!folio) > return -ENOMEM; > > David 6.1.y then got a specific patch to fix the issue in 6.1, which is: commit 21bb2ba4f1ac1e3a57594be62dd74e7b1401b2b1 Author: Steve French <stfre...@microsoft.com> Date: Fri Jan 12 23:08:51 2024 -0600 Subject: cifs: fix flushing folio regression for 6.1 backport Link: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/mantic/commit/?id=21bb2ba4f1ac1e3a57594be62dd74e7b1401b2b1 $ git describe --contains 21bb2ba4f1ac1e3a57594be62dd74e7b1401b2b1 Ubuntu-6.5.0-27.28~162 Since the Ubuntu mantic kernel consumes both 6.1.y and 6.7.y / 6.8.y stable patches, this patch was applied to mantic's 6.5 kernel by mistake, and contains the wrong logic for how __filemap_get_folio() works in 6.5. The fix is to revert "cifs: fix flushing folio regression for 6.1 backport" as a SAUCE patch. [Testcase] Start two VMs. One is recommended to be Debian 12, which is what some users have had luck with in the past, as the server, and the client can be mantic. Server ------ $ sudo apt update $ sudo apt upgrade $ sudo apt install samba $ sudo vim /etc/samba/smb.conf server min protocol = NT1 [sambashare] comment = Samba on Ubuntu path = /home/ubuntu/sambashare read only = no browsable = yes $ mkdir ~/sambashare $ sudo smbpasswd -a ubuntu Client ------ $ sudo apt update $ sudo apt install cifs-utils $ mkdir ~/share $ sudo mount -t cifs -o username=ubuntu //192.168.122.185/sambashare ~/share Password for ubuntu@//192.168.122.185/sambashare: $ mount -l ... //192.168.122.185/sambashare on /home/ubuntu/share type cifs (rw,relatime,vers=3.1.1,cache=strict,username=ubuntu,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.122.185,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=60,actimeo=1,closetimeo=1) $ ls hallo.txt hello.txt sample.txt sample2.txt $ sudo cp hello.txt hello.txt.1 Killed If you install the test kernel available from the following ppa: https://launchpad.net/~mruffell/+archive/ubuntu/lp2060919-test The copy will work as expected. [Where problems could occur] Reverting the patch restores logic back to how it was between 6.5.0-20-generic through to 6.5.0-26-generic, which functions, and is well tested by the community. If a regression were to occur, it would impact all writes to cifs mounts, particularly to the same destination directory as the origin file. There is no known workarounds. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2060919/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
