The "NULL pointer dereference" bug create state D pocesses waiting in call_rwsem_down_write_failed.
[ +0.000341] genesplicer D 0 53349 52579 0x80000000 [ +0.000362] Call Trace: [ +0.000346] __schedule+0x291/0x8a0 [ +0.000348] ? mempool_free+0x2f/0x90 [ +0.000347] schedule+0x2c/0x80 [ +0.000356] rwsem_down_write_failed+0x169/0x360 [ +0.000344] ? is_size_safe_to_change+0x3c/0xd0 [cifs] [ +0.000339] call_rwsem_down_write_failed+0x17/0x30 [ +0.000336] ? call_rwsem_down_write_failed+0x17/0x30 [ +0.000332] down_write+0x2d/0x40 [ +0.000331] cifs_new_fileinfo+0xc3/0x3a0 [cifs] [ +0.000332] cifs_open+0x3db/0x8d0 [cifs] [ +0.000329] do_dentry_open+0x1c2/0x310 [ +0.000360] ? cifs_uncached_writev_complete+0x3f0/0x3f0 [cifs] [ +0.000340] ? do_dentry_open+0x1c2/0x310 [ +0.000337] ? __inode_permission+0x5b/0x160 [ +0.000342] ? cifs_uncached_writev_complete+0x3f0/0x3f0 [cifs] [ +0.000353] vfs_open+0x4f/0x80 [ +0.000334] path_openat+0x66e/0x1770 [ +0.000335] do_filp_open+0x9b/0x110 [ +0.000331] ? __check_object_size+0xaf/0x1b0 [ +0.000332] do_sys_open+0x1bb/0x2c0 [ +0.000329] ? do_sys_open+0x1bb/0x2c0 [ +0.000327] SyS_openat+0x14/0x20 [ +0.000325] do_syscall_64+0x73/0x130 [ +0.000352] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ +0.000338] RIP: 0033:0x14620e613c8e [ +0.000333] RSP: 002b:00007ffcc83c3d30 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ +0.000344] RAX: ffffffffffffffda RBX: 000055e697d33260 RCX: 000014620e613c8e [ +0.000356] RDX: 0000000000000000 RSI: 00007ffcc83c41c0 RDI: 00000000ffffff9c [ +0.000338] RBP: 000055e6965d798b R08: 0000000000000000 R09: 0000000000000000 [ +0.000338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ +0.000337] R13: 000055e6965d798b R14: 0000000000000000 R15: 0000000000000000 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1824981 Title: cifs set_oplock buffer overflow in strcat Status in linux package in Ubuntu: Confirmed Bug description: Ubuntu 18.04.2 LTS Linux SRV013 4.15.0-47-generic #50-Ubuntu SMP Wed Mar 13 10:44:52 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux DELL R740, 2 CPU (40 Cores, 80 Threads), 384 GiB RAM top - 12:39:53 up 3:41, 4 users, load average: 66.19, 64.06, 76.90 Tasks: 1076 total, 1 running, 675 sleeping, 12 stopped, 1 zombie %Cpu(s): 28.2 us, 0.3 sy, 0.0 ni, 71.5 id, 0.0 wa, 0.0 hi, 0.1 si, 0.0 st KiB Mem : 39483801+total, 24077185+free, 57428284 used, 96637872 buff/cache KiB Swap: 999420 total, 999420 free, 0 used. 33477683+avail Mem We've seen the following bug many times since we introduced new machines running Ubuntu 18. Wasn't an issue older machines running Ubuntu 16. Three different machines are affected, so it's rather not a hardware issue. | detected buffer overflow in strcat | ------------[ cut here ]------------ | kernel BUG at /build/linux-6ZmFRN/linux-4.15.0/lib/string.c:1052! | invalid opcode: 0000 [#1] SMP PTI | Modules linked in: [...] | Hardware name: Dell Inc. PowerEdge R740/0923K0, BIOS 1.6.11 11/20/2018 | RIP: 0010:fortify_panic+0x13/0x22 | [...] | Call Trace: | smb21_set_oplock_level+0x147/0x1a0 [cifs] | smb3_set_oplock_level+0x22/0x90 [cifs] | smb2_set_fid+0x76/0xb0 [cifs] | cifs_new_fileinfo+0x259/0x390 [cifs] | ? smb2_get_lease_key+0x40/0x40 [cifs] | ? cifs_new_fileinfo+0x259/0x390 [cifs] | cifs_open+0x3db/0x8d0 [cifs] | [...] (Full dmesg output attached) After hitting this bug there are many cifs related dmesg entries, processes lock up and eventually the systems freezes. The share is mounted using: //server/share /mnt/server/ cifs defaults,auto,iocharset=utf8,noperm,file_mode=0777,dir_mode=0777,credentials=/root/passwords/share,domain=myDomain,uid=myUser,gid=10513,mfsymlinks Currently we're testing the cifs mount options "cache=none" as the bug seems to be oplock related. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1824981/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
