We installed the latest upstream kernel 5.1.0-050100rc7-generic (Ubuntu version from https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.1-rc7/) with still triggers a NULL pointer dereference from cifsoplockd.
I was hoping "CIFS: keep FileInfo handle live during oplock break"[1] might fix our issue, but it didn't. [1] https://git.samba.org/?p=sfrench/cifs-2.6.git;a=commit;h=b98749cac4a695f084a5ff076f4510b23e353ecd May 1 14:50:47 kernel: [ 4248.964694] BUG: unable to handle kernel NULL pointer dereference at 0000000000000038 May 1 14:50:47 kernel: [ 4248.964758] #PF error: [normal kernel read fault] May 1 14:50:47 kernel: [ 4248.964792] PGD 0 P4D 0 May 1 14:50:47 kernel: [ 4248.964815] Oops: 0000 [#1] SMP PTI May 1 14:50:47 kernel: [ 4248.964844] CPU: 29 PID: 3884 Comm: kworker/29:2 Not tainted 5.1.0-050100rc7-generic #201904282131 May 1 14:50:47 kernel: [ 4248.964902] Hardware name: Dell Inc. PowerEdge R740/08D89F, BIOS 1.3.7 02/08/2018 May 1 14:50:47 kernel: [ 4248.964999] Workqueue: cifsoplockd cifs_oplock_break [cifs] May 1 14:50:47 kernel: [ 4248.965081] RIP: 0010:smb2_push_mandatory_locks+0xd6/0x580 [cifs] May 1 14:50:47 kernel: [ 4248.965124] Code: 48 89 45 b0 4c 39 e0 0f 84 1f 03 00 00 c7 45 c8 00 00 00 00 4d 8b 6c 24 10 49 8b 5c 24 18 4d 8d 5c 24 18 49 8b 85 90 00 00 00 <48> 8b 40 38 48 89 45 d0 4c 39 db 0f 84 99 00 00 00 4c 89 65 c0 4c May 1 14:50:47 kernel: [ 4248.965242] RSP: 0018:ffffb2718e983de0 EFLAGS: 00010283 May 1 14:50:47 kernel: [ 4248.965279] RAX: 0000000000000000 RBX: ffff8b44edd83c58 RCX: 0000000000000000 May 1 14:50:47 kernel: [ 4248.965327] RDX: 0000000000001000 RSI: 0000000000000000 RDI: ffff8b5f00006b80 May 1 14:50:47 kernel: [ 4248.965374] RBP: ffffb2718e983e30 R08: ffff8b8eff5a81a0 R09: ffff8b5f00006b80 May 1 14:50:47 kernel: [ 4248.965421] R10: fffffb2efddf7680 R11: ffff8b44edd83c58 R12: ffff8b44edd83c40 May 1 14:50:47 kernel: [ 4248.965468] R13: ffff8b8b4a6d1000 R14: ffff8b4461428990 R15: ffff8b8eefbe0000 May 1 14:50:47 kernel: [ 4248.965517] FS: 0000000000000000(0000) GS:ffff8b8eff580000(0000) knlGS:0000000000000000 May 1 14:50:47 kernel: [ 4248.965570] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 May 1 14:50:47 kernel: [ 4248.965609] CR2: 0000000000000038 CR3: 000000581d80e006 CR4: 00000000007606e0 May 1 14:50:47 kernel: [ 4248.965657] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 May 1 14:50:47 kernel: [ 4248.965704] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 May 1 14:50:47 kernel: [ 4248.965751] PKRU: 55555554 May 1 14:50:47 kernel: [ 4248.965772] Call Trace: May 1 14:50:47 kernel: [ 4248.965843] cifs_oplock_break+0x131/0x430 [cifs] May 1 14:50:47 kernel: [ 4248.965883] process_one_work+0x20f/0x410 May 1 14:50:47 kernel: [ 4248.965915] worker_thread+0x34/0x400 May 1 14:50:47 kernel: [ 4248.965944] kthread+0x120/0x140 May 1 14:50:47 kernel: [ 4248.965970] ? process_one_work+0x410/0x410 May 1 14:50:47 kernel: [ 4248.966002] ? __kthread_parkme+0x70/0x70 May 1 14:50:47 kernel: [ 4248.966034] ret_from_fork+0x35/0x40 May 1 14:50:47 kernel: [ 4248.966063] Modules linked in: binfmt_misc mpt3sas raid_class scsi_transport_sas mptctl mptbase dell_rbu arc4 md4 cmac nls_utf8 cifs ccm fscache bonding nls_iso8859_1 intel_rapl skx_edac nfit x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm joydev input_leds dcdbas irqbypass intel_cstate ipmi_ssif intel_rapl_perf ipmi_si ipmi_devintf ipmi_msghandler acpi_power_meter mei_me mei lpc_ich mac_hid sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq raid1 raid0 multipath linear hid_generic usbhid hid uas usb_storage mgag200 crct10dif_pclmul i2c_algo_bit crc32_pclmul ttm ghash_clmulni_intel drm_kms_helper aesni_intel syscopyarea sysfillrect aes_x86_64 sysimgblt crypto_simd fb_sys_fops cryptd bnx2x glue_helper drm megaraid_sas mdio libcrc32c ahci libahci May 1 14:50:47 kernel: [ 4248.966627] CR2: 0000000000000038 May 1 14:50:47 kernel: [ 4248.966654] ---[ end trace 506baa76d6a566b1 ]--- May 1 14:50:47 kernel: [ 4248.989156] RIP: 0010:smb2_push_mandatory_locks+0xd6/0x580 [cifs] May 1 14:50:47 kernel: [ 4248.989203] Code: 48 89 45 b0 4c 39 e0 0f 84 1f 03 00 00 c7 45 c8 00 00 00 00 4d 8b 6c 24 10 49 8b 5c 24 18 4d 8d 5c 24 18 49 8b 85 90 00 00 00 <48> 8b 40 38 48 89 45 d0 4c 39 db 0f 84 99 00 00 00 4c 89 65 c0 4c May 1 14:50:47 kernel: [ 4248.989321] RSP: 0018:ffffb2718e983de0 EFLAGS: 00010283 May 1 14:50:47 kernel: [ 4248.989359] RAX: 0000000000000000 RBX: ffff8b44edd83c58 RCX: 0000000000000000 May 1 14:50:47 kernel: [ 4248.991159] RDX: 0000000000001000 RSI: 0000000000000000 RDI: ffff8b5f00006b80 May 1 14:50:47 kernel: [ 4248.992940] RBP: ffffb2718e983e30 R08: ffff8b8eff5a81a0 R09: ffff8b5f00006b80 May 1 14:50:47 kernel: [ 4248.994723] R10: fffffb2efddf7680 R11: ffff8b44edd83c58 R12: ffff8b44edd83c40 May 1 14:50:47 kernel: [ 4248.996488] R13: ffff8b8b4a6d1000 R14: ffff8b4461428990 R15: ffff8b8eefbe0000 May 1 14:50:47 kernel: [ 4248.998234] FS: 0000000000000000(0000) GS:ffff8b8eff580000(0000) knlGS:0000000000000000 May 1 14:50:47 kernel: [ 4249.000005] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 May 1 14:50:47 kernel: [ 4249.001786] CR2: 0000000000000038 CR3: 000000581d80e006 CR4: 00000000007606e0 May 1 14:50:47 kernel: [ 4249.003560] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 May 1 14:50:47 kernel: [ 4249.005308] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 May 1 14:50:47 kernel: [ 4249.007028] PKRU: 55555554 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1824981 Title: cifs set_oplock buffer overflow in strcat Status in linux package in Ubuntu: Confirmed Bug description: Ubuntu 18.04.2 LTS Linux SRV013 4.15.0-47-generic #50-Ubuntu SMP Wed Mar 13 10:44:52 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux DELL R740, 2 CPU (40 Cores, 80 Threads), 384 GiB RAM top - 12:39:53 up 3:41, 4 users, load average: 66.19, 64.06, 76.90 Tasks: 1076 total, 1 running, 675 sleeping, 12 stopped, 1 zombie %Cpu(s): 28.2 us, 0.3 sy, 0.0 ni, 71.5 id, 0.0 wa, 0.0 hi, 0.1 si, 0.0 st KiB Mem : 39483801+total, 24077185+free, 57428284 used, 96637872 buff/cache KiB Swap: 999420 total, 999420 free, 0 used. 33477683+avail Mem We've seen the following bug many times since we introduced new machines running Ubuntu 18. Wasn't an issue older machines running Ubuntu 16. Three different machines are affected, so it's rather not a hardware issue. | detected buffer overflow in strcat | ------------[ cut here ]------------ | kernel BUG at /build/linux-6ZmFRN/linux-4.15.0/lib/string.c:1052! | invalid opcode: 0000 [#1] SMP PTI | Modules linked in: [...] | Hardware name: Dell Inc. PowerEdge R740/0923K0, BIOS 1.6.11 11/20/2018 | RIP: 0010:fortify_panic+0x13/0x22 | [...] | Call Trace: | smb21_set_oplock_level+0x147/0x1a0 [cifs] | smb3_set_oplock_level+0x22/0x90 [cifs] | smb2_set_fid+0x76/0xb0 [cifs] | cifs_new_fileinfo+0x259/0x390 [cifs] | ? smb2_get_lease_key+0x40/0x40 [cifs] | ? cifs_new_fileinfo+0x259/0x390 [cifs] | cifs_open+0x3db/0x8d0 [cifs] | [...] (Full dmesg output attached) After hitting this bug there are many cifs related dmesg entries, processes lock up and eventually the systems freezes. The share is mounted using: //server/share /mnt/server/ cifs defaults,auto,iocharset=utf8,noperm,file_mode=0777,dir_mode=0777,credentials=/root/passwords/share,domain=myDomain,uid=myUser,gid=10513,mfsymlinks Currently we're testing the cifs mount options "cache=none" as the bug seems to be oplock related. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1824981/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
