NULL pointer dereference in smb2_queryfs with v4.19.2
From: Stijn Tintel
Date: Tue Nov 20 2018 - 10:34:56 EST
Hi,
My machine just rebooted after the connection to the Samba server
hosting a CIFS mount was lost. Kernel version 4.19.2. The oops was
recorded in pstore:
<3>[533816.847894] CIFS VFS: Server store has not responded in 120
seconds. Reconnecting...
<1>[533925.390079] BUG: unable to handle kernel NULL pointer dereference
at 0000000000000000
<6>[533925.390082] PGD 0 P4D 0
<4>[533925.390085] Oops: 0000 [#1] PREEMPT SMP PTI
<4>[533925.390087] CPU: 1 PID: 30794 Comm: sadc Tainted: PÂÂÂÂÂÂÂÂÂÂ
OÂÂÂÂÂ 4.19.2-gentoo #1
<4>[533925.390088] Hardware name: System manufacturer System Product
Name/P9X79 WS, BIOS 4802 06/02/2015
<4>[533925.390099] RIP: 0010:SMB2_close_free+0x8/0x10 [cifs]
<4>[533925.390100] Code: 65 48 33 1c 25 28 00 00 00 75 09 48 83 c4 18 5b
5d 41 5c c3 e8 89 ac 29 e0 66 0f 1f 84 00 00 00 00 00 66 66 66 66 90 48
8b 07 <48> 8b 38 e9 50 8d fe ff 66 66 66 66 90 4c 8d 54 24 08 48 83 e4 f0
<4>[533925.390101] RSP: 0018:ffffc9002c2dfbb8 EFLAGS: 00010246
<4>[533925.390102] RAX: 0000000000000000 RBX: ffff880fae7e5800 RCX:
0000000000000000
<4>[533925.390104] RDX: ffff880fdf521180 RSI: 0000000000000206 RDI:
ffffc9002c2dfd68
<4>[533925.390105] RBP: ffffc9002c2dfdf0 R08: 0000000000000000 R09:
00000000002503ee
<4>[533925.390106] R10: ffffc9002c2dfbc0 R11: 00000000000f4240 R12:
ffffc9002c2dfc50
<4>[533925.390107] R13: ffff880fad03a200 R14: ffff880fdf521000 R15:
0000000000000000
<4>[533925.390108] FS:Â 00007fb5cff85740(0000) GS:ffff88100f840000(0000)
knlGS:0000000000000000
<4>[533925.390109] CS:Â 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[533925.390110] CR2: 0000000000000000 CR3: 0000000118d32001 CR4:
00000000000626e0
<4>[533925.390111] Call Trace:
<4>[533925.390119]Â smb2_queryfs+0x162/0x360 [cifs]
<4>[533925.390124]Â ? lookup_fast+0xc8/0x2d0
<4>[533925.390126]Â ? legitimize_path.isra.8+0x28/0x50
<4>[533925.390127]Â ? __vfs_getxattr+0x2a/0x70
<4>[533925.390130]Â ? get_vfs_caps_from_disk+0x65/0x170
<4>[533925.390135]Â ? cifs_statfs+0x97/0x1f0 [cifs]
<4>[533925.390140]Â ? smb2_set_next_command+0x60/0x60 [cifs]
<4>[533925.390144]Â cifs_statfs+0x97/0x1f0 [cifs]
<4>[533925.390147]Â statfs_by_dentry+0x42/0x60
<4>[533925.390148]Â vfs_statfs+0x16/0xc0
<4>[533925.390150]Â user_statfs+0x54/0xa0
<4>[533925.390151]Â __se_sys_statfs+0x25/0x60
<4>[533925.390153]Â do_syscall_64+0x5c/0x160
<4>[533925.390156]Â entry_SYSCALL_64_after_hwframe+0x44/0xa9
<4>[533925.390158] RIP: 0033:0x7fb5cf8ca467
<4>[533925.390159] Code: 2c 00 64 c7 00 16 00 00 00 b8 ff ff ff ff eb b8
e8 6e 4f 02 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 b8 89 00 00 00
0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d f1 e9 2c 00 f7 d8 64 89 01 48
<4>[533925.390160] RSP: 002b:00007ffc47a0c7f8 EFLAGS: 00000246 ORIG_RAX:
0000000000000089
<4>[533925.390162] RAX: ffffffffffffffda RBX: 00007ffc47a0c9a0 RCX:
00007fb5cf8ca467
<4>[533925.390163] RDX: 00007ffc47a0c9a9 RSI: 00007ffc47a0c800 RDI:
00007ffc47a0c9a0
<4>[533925.390164] RBP: 00007ffc47a0c800 R08: 0000000000000000 R09:
000000000000000d
<4>[533925.390165] R10: 00007fb5cfb9a560 R11: 0000000000000246 R12:
00007ffc47a0c8b0
<4>[533925.390166] R13: 000000000000000b R14: 0000561829c584d4 R15:
00007ffc47a0c920
<4>[533925.390167] Modules linked in: xt_nat hfsplus hfs msdos
nfnetlink_queue nfnetlink_log cp210x usbserial squashfs cfg80211 drbg
seqiv xfrm6_mode_tunnel xfrm4_mode_tunnel nvidia_uvm(PO) rfcomm
xt_CHECKSUM iptable_mangle ipt_REJECT nf_reject_ipv4 xt_tcpudp devlink
ebtable_filter ebtables ip6table_filter ip6_tables ipt_MASQUERADE
nf_conntrack_netlink nfnetlink iptable_nat xt_addrtype iptable_filter
ip_tables bpfilter xt_conntrack x_tables br_netfilter bridge stp llc
arc4 md4 md5 xfrm_user xfrm4_tunnel tunnel4 ipcomp xfrm_ipcomp esp4 ah4
af_key cmac xfrm_algo nls_utf8 cifs ccm sctp bnep nvidia_drm(PO)
algif_skcipher nvidia_modeset(PO) nls_iso8859_1 nls_cp437 vfat fat
joydev amdkfd iTCO_wdt nvidia(PO) evdev iTCO_vendor_support uinput
intel_rapl amdgpu snd_hda_codec_realtek x86_pkg_temp_thermal
intel_powerclamp
<4>[533925.390197]Â snd_hda_codec_hdmi snd_hda_codec_generic
crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel
snd_usb_audio pcbc snd_hda_intel chash snd_usbmidi_lib aesni_intel
snd_hda_codec snd_rawmidi gpu_sched snd_seq_device crypto_simd ttm
snd_hda_core bcache btusb snd_hwdep drm_kms_helper btrtl cryptd snd_pcm
btbcm uas glue_helper btintel crc64 drm snd_timer intel_cstate bluetooth
drm_panel_orientation_quirks snd intel_uncore syscopyarea soundcore
i2c_i801 efi_pstore wmi_bmof intel_rapl_perf efivars sysfillrect e1000e
ecdh_generic sysimgblt lpc_ich mei_me fb_sys_fops button firewire_ohci
sch_fq_codel nct6775 hwmon_vid coretemp openvswitch nsh nf_nat_ipv6
nf_nat_ipv4 nf_conncount nf_nat nf_conntrack nf_defrag_ipv6
nf_defrag_ipv4 vhost_net tun vhost tap kvm_intel kvm irqbypass msr cpuid
<4>[533925.390226]Â efivarfs virtio_ring virtio xts aes_x86_64 ecb cbc
sha1_generic iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi
bonding vxlan ip6_udp_tunnel udp_tunnel macvlan igb i2c_algo_bit dca
e1000 fuse overlay nfs lockd grace sunrpc ext4 mbcache jbd2 fscrypto
multipath linear raid10 raid1 raid0 dm_raid raid456 async_raid6_recov
async_memcpy async_pq async_xor async_tx md_mod dm_snapshot dm_bufio
dm_crypt dm_mirror dm_region_hash dm_log dm_mod hid_sony hid_samsung
hid_petalynx hid_monterey hid_microsoft hid_logitech ff_memless
hid_gyration hid_ezkey hid_cypress hid_chicony hid_cherry hid_belkin
hid_apple hid_a4tech hid_generic usbhid ohci_pci ohci_hcd uhci_hcd hid
arcmsr sr_mod cdrom sg usb_storage xhci_pci ehci_pci xhci_hcd ehci_hcd
ptp usbcore firewire_core pps_core crc_itu_t usb_common
<4>[533925.390259] CR2: 0000000000000000
<4>[533925.390260] ---[ end trace 66b5055ad278750a ]---
CIFS kernel options:
CONFIG_CIFS=m
# CONFIG_CIFS_STATS2 is not set
# CONFIG_CIFS_ALLOW_INSECURE_LEGACY is not set
# CONFIG_CIFS_UPCALL is not set
CONFIG_CIFS_XATTR=y
CONFIG_CIFS_POSIX=y
CONFIG_CIFS_ACL=y
CONFIG_CIFS_DEBUG=y
# CONFIG_CIFS_DEBUG2 is not set
# CONFIG_CIFS_DEBUG_DUMP_KEYS is not set
CONFIG_CIFS_DFS_UPCALL=y
# CONFIG_CIFS_FSCACHE is not set
Please include me when replying.
Thanks,
Stijn