New variant of kernel bug appeard in both 4.18.0-17 (package manager)
and in 4.15.0-48 (provided by @kaihengfeng). System didn't crash
(compared to "buffer overflow in strcat" where cifs can't recover). Have
seen this one twice, both within 3-7 hours after reboot.
Apr 22 17:28:23 Linux version 4.15.0-48-generic (root@bionic) (gcc version
7.3.0 (Ubuntu 7.3.0-27ubuntu1~18.04)) #51~lp1824981 SMP Thu Apr 18 17:30:16 UTC
20
19 (Ubuntu 4.15. .18)
[...]
Apr 22 23:40:47 BUG: unable to handle kernel NULL pointer dereference at
0000000000000038
Apr 22 23:40:47 IP: smb2_push_mandatory_locks+0x104/0x3b0 [cifs]
Apr 22 23:40:47 PGD 0 P4D 0
Apr 22 23:40:47 Oops: 0000 [#1] SMP PTI
Apr 22 23:40:47 Modules linked in: [...]
Apr 22 23:40:47 CPU: 78 PID: 44260 Comm: kworker/78:1 Not tainted
4.15.0-48-generic #51~lp1824981
Apr 22 23:40:47 Hardware name: Dell Inc. PowerEdge R740/08D89F, BIOS 1.3.7
02/08/2018
Apr 22 23:40:47 Workqueue: cifsoplockd cifs_oplock_break [cifs]
Apr 22 23:40:47 RIP: 0010:smb2_push_mandatory_locks+0x104/0x3b0 [cifs]
Apr 22 23:40:47 RSP: 0018:ffffa779e81f7de0 EFLAGS: 00010246
Apr 22 23:40:47 RAX: 0000000000000000 RBX: ffff9bddf145ab18 RCX:
ffffdc6c8d3d0c00
Apr 22 23:40:47 RDX: 0000000000000000 RSI: 0000000000000000 RDI:
ffff9baa0f430000
Apr 22 23:40:47 RBP: ffffa779e81f7e30 R08: 0000000000027f20 R09:
ffffdc6c8d3d0c00
Apr 22 23:40:47 R10: 0000000000000002 R11: ffff9baa0f420000 R12:
0000000000000aaa
Apr 22 23:40:47 R13: ffff9bddf145ab18 R14: ffff9bddf145ab00 R15:
ffff9bb9870e1e00
Apr 22 23:40:47 FS: 0000000000000000(0000) GS:ffff9bb6411c0000(0000)
knlGS:0000000000000000
Apr 22 23:40:47 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Apr 22 23:40:47 CR2: 0000000000000038 CR3: 0000004367a0a004 CR4:
00000000007606e0
Apr 22 23:40:47 DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
Apr 22 23:40:47 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
Apr 22 23:40:47 PKRU: 55555554
Apr 22 23:40:47 Call Trace:
Apr 22 23:40:47 cifs_oplock_break+0x125/0x3f0 [cifs]
Apr 22 23:40:47 process_one_work+0x1de/0x410
Apr 22 23:40:47 worker_thread+0x32/0x410
Apr 22 23:40:47 kthread+0x121/0x140
Apr 22 23:40:47 ? process_one_work+0x410/0x410
Apr 22 23:40:47 ? kthread_create_worker_on_cpu+0x70/0x70
Apr 22 23:40:47 ret_from_fork+0x35/0x40
Apr 22 23:40:47 Code: [...]
Apr 22 23:40:47 RIP: smb2_push_mandatory_locks+0x104/0x3b0 [cifs] RSP:
ffffa779e81f7de0
Apr 22 23:40:47 CR2: 0000000000000038
Apr 22 23:40:47 ---[ end trace f5366d81972abce8 ]---
[full details see kernel.log attached]
# cat /proc/fs/cifs/Stats
Resources in use
CIFS Session: 1
Share (unique mount targets): 2
SMB Request/Response Buffer: 1 Pool size: 5
SMB Small Req/Resp Buffer: 1 Pool size: 30
Operations (MIDs): 0
0 session 0 share reconnects
Total vfs operations: 13063177 maximum at one time: 38
1) \\server\share
SMBs: 25616550
Negotiates: 0 sent 0 failed
SessionSetups: 0 sent 0 failed
Logoffs: 0 sent 0 failed
TreeConnects: 9916 sent 0 failed
TreeDisconnects: 0 sent 0 failed
Creates: 0 sent 151514 failed
Closes: 0 sent 2 failed
Flushes: 0 sent 0 failed
Reads: 0 sent 0 failed
Writes: 0 sent 0 failed
Locks: 0 sent 0 failed
IOCTLs: 0 sent 0 failed
Cancels: 0 sent 0 failed
Echos: 0 sent 0 failed
QueryDirectories: 0 sent 1768 failed
ChangeNotifies: 0 sent 0 failed
QueryInfos: 0 sent 1 failed
SetInfos: 0 sent 0 failed
OplockBreaks: 0 sent 2324 failed
** Attachment added: "4.15.0-48.51~lp1824981-generic_kernel.log"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1824981/+attachment/5258116/+files/4.15.0-48.51~lp1824981-generic_kernel.log
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1824981
Title:
cifs set_oplock buffer overflow in strcat
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1824981/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
