We installed the latest upstream kernel 5.1.0-050100rc7-generic (Ubuntu version from https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.1-rc7/) with still triggers a NULL pointer dereference from cifsoplockd.
I was hoping "CIFS: keep FileInfo handle live during oplock break"[1] might fix our issue, but it didn't. [1] https://git.samba.org/?p=sfrench/cifs-2.6.git;a=commit;h=b98749cac4a695f084a5ff076f4510b23e353ecd May 1 14:50:47 kernel: [ 4248.964694] BUG: unable to handle kernel NULL pointer dereference at 0000000000000038 May 1 14:50:47 kernel: [ 4248.964758] #PF error: [normal kernel read fault] May 1 14:50:47 kernel: [ 4248.964792] PGD 0 P4D 0 May 1 14:50:47 kernel: [ 4248.964815] Oops: 0000 [#1] SMP PTI May 1 14:50:47 kernel: [ 4248.964844] CPU: 29 PID: 3884 Comm: kworker/29:2 Not tainted 5.1.0-050100rc7-generic #201904282131 May 1 14:50:47 kernel: [ 4248.964902] Hardware name: Dell Inc. PowerEdge R740/08D89F, BIOS 1.3.7 02/08/2018 May 1 14:50:47 kernel: [ 4248.964999] Workqueue: cifsoplockd cifs_oplock_break [cifs] May 1 14:50:47 kernel: [ 4248.965081] RIP: 0010:smb2_push_mandatory_locks+0xd6/0x580 [cifs] May 1 14:50:47 kernel: [ 4248.965124] Code: 48 89 45 b0 4c 39 e0 0f 84 1f 03 00 00 c7 45 c8 00 00 00 00 4d 8b 6c 24 10 49 8b 5c 24 18 4d 8d 5c 24 18 49 8b 85 90 00 00 00 <48> 8b 40 38 48 89 45 d0 4c 39 db 0f 84 99 00 00 00 4c 89 65 c0 4c May 1 14:50:47 kernel: [ 4248.965242] RSP: 0018:ffffb2718e983de0 EFLAGS: 00010283 May 1 14:50:47 kernel: [ 4248.965279] RAX: 0000000000000000 RBX: ffff8b44edd83c58 RCX: 0000000000000000 May 1 14:50:47 kernel: [ 4248.965327] RDX: 0000000000001000 RSI: 0000000000000000 RDI: ffff8b5f00006b80 May 1 14:50:47 kernel: [ 4248.965374] RBP: ffffb2718e983e30 R08: ffff8b8eff5a81a0 R09: ffff8b5f00006b80 May 1 14:50:47 kernel: [ 4248.965421] R10: fffffb2efddf7680 R11: ffff8b44edd83c58 R12: ffff8b44edd83c40 May 1 14:50:47 kernel: [ 4248.965468] R13: ffff8b8b4a6d1000 R14: ffff8b4461428990 R15: ffff8b8eefbe0000 May 1 14:50:47 kernel: [ 4248.965517] FS: 0000000000000000(0000) GS:ffff8b8eff580000(0000) knlGS:0000000000000000 May 1 14:50:47 kernel: [ 4248.965570] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 May 1 14:50:47 kernel: [ 4248.965609] CR2: 0000000000000038 CR3: 000000581d80e006 CR4: 00000000007606e0 May 1 14:50:47 kernel: [ 4248.965657] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 May 1 14:50:47 kernel: [ 4248.965704] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 May 1 14:50:47 kernel: [ 4248.965751] PKRU: 55555554 May 1 14:50:47 kernel: [ 4248.965772] Call Trace: May 1 14:50:47 kernel: [ 4248.965843] cifs_oplock_break+0x131/0x430 [cifs] May 1 14:50:47 kernel: [ 4248.965883] process_one_work+0x20f/0x410 May 1 14:50:47 kernel: [ 4248.965915] worker_thread+0x34/0x400 May 1 14:50:47 kernel: [ 4248.965944] kthread+0x120/0x140 May 1 14:50:47 kernel: [ 4248.965970] ? process_one_work+0x410/0x410 May 1 14:50:47 kernel: [ 4248.966002] ? __kthread_parkme+0x70/0x70 May 1 14:50:47 kernel: [ 4248.966034] ret_from_fork+0x35/0x40 May 1 14:50:47 kernel: [ 4248.966063] Modules linked in: binfmt_misc mpt3sas raid_class scsi_transport_sas mptctl mptbase dell_rbu arc4 md4 cmac nls_utf8 cifs ccm fscache bonding nls_iso8859_1 intel_rapl skx_edac nfit x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm joydev input_leds dcdbas irqbypass intel_cstate ipmi_ssif intel_rapl_perf ipmi_si ipmi_devintf ipmi_msghandler acpi_power_meter mei_me mei lpc_ich mac_hid sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq raid1 raid0 multipath linear hid_generic usbhid hid uas usb_storage mgag200 crct10dif_pclmul i2c_algo_bit crc32_pclmul ttm ghash_clmulni_intel drm_kms_helper aesni_intel syscopyarea sysfillrect aes_x86_64 sysimgblt crypto_simd fb_sys_fops cryptd bnx2x glue_helper drm megaraid_sas mdio libcrc32c ahci libahci May 1 14:50:47 kernel: [ 4248.966627] CR2: 0000000000000038 May 1 14:50:47 kernel: [ 4248.966654] ---[ end trace 506baa76d6a566b1 ]--- May 1 14:50:47 kernel: [ 4248.989156] RIP: 0010:smb2_push_mandatory_locks+0xd6/0x580 [cifs] May 1 14:50:47 kernel: [ 4248.989203] Code: 48 89 45 b0 4c 39 e0 0f 84 1f 03 00 00 c7 45 c8 00 00 00 00 4d 8b 6c 24 10 49 8b 5c 24 18 4d 8d 5c 24 18 49 8b 85 90 00 00 00 <48> 8b 40 38 48 89 45 d0 4c 39 db 0f 84 99 00 00 00 4c 89 65 c0 4c May 1 14:50:47 kernel: [ 4248.989321] RSP: 0018:ffffb2718e983de0 EFLAGS: 00010283 May 1 14:50:47 kernel: [ 4248.989359] RAX: 0000000000000000 RBX: ffff8b44edd83c58 RCX: 0000000000000000 May 1 14:50:47 kernel: [ 4248.991159] RDX: 0000000000001000 RSI: 0000000000000000 RDI: ffff8b5f00006b80 May 1 14:50:47 kernel: [ 4248.992940] RBP: ffffb2718e983e30 R08: ffff8b8eff5a81a0 R09: ffff8b5f00006b80 May 1 14:50:47 kernel: [ 4248.994723] R10: fffffb2efddf7680 R11: ffff8b44edd83c58 R12: ffff8b44edd83c40 May 1 14:50:47 kernel: [ 4248.996488] R13: ffff8b8b4a6d1000 R14: ffff8b4461428990 R15: ffff8b8eefbe0000 May 1 14:50:47 kernel: [ 4248.998234] FS: 0000000000000000(0000) GS:ffff8b8eff580000(0000) knlGS:0000000000000000 May 1 14:50:47 kernel: [ 4249.000005] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 May 1 14:50:47 kernel: [ 4249.001786] CR2: 0000000000000038 CR3: 000000581d80e006 CR4: 00000000007606e0 May 1 14:50:47 kernel: [ 4249.003560] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 May 1 14:50:47 kernel: [ 4249.005308] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 May 1 14:50:47 kernel: [ 4249.007028] PKRU: 55555554 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1824981 Title: cifs set_oplock buffer overflow in strcat To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1824981/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
