Re: Fwd: NULL pointer dereference in smb2_queryfs with v4.19.2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

plaint txt for the list...

On Fri, Dec 14, 2018 at 8:24 AM Robin P. Blanchard
<robin.blanchard@xxxxxxxxx> wrote:
>
> My theory continues to hold true (whilst valid KRB5 avail, no Ooops). Again, this is a new behavior introduced in 4.19.x. The Oops should return 20181212 ~0345UTC.
>
> How/what can I do to help further troubleshoot?
>
> On Wed, Dec 12, 2018 at 3:31 PM Robin P. Blanchard <robin.blanchard@xxxxxxxxx> wrote:
>>
>> Prior to implementing the auto-krb renewal the Ooops were quite frequent (again lending credibility to my theory of krb interplay). This does not happen on 4.18.x
>>
>> Dec 12 03:50:01 redacted kernel: Oops: 0000 [#623] SMP PTI
>> Dec 12 04:00:01 redacted kernel: Oops: 0000 [#624] SMP PTI
>> Dec 12 04:10:01 redacted kernel: Oops: 0000 [#625] SMP PTI
>> Dec 12 04:20:02 redacted kernel: Oops: 0000 [#626] SMP PTI
>> Dec 12 04:30:01 redacted kernel: Oops: 0000 [#627] SMP PTI
>> Dec 12 04:40:01 redacted kernel: Oops: 0000 [#628] SMP PTI
>> Dec 12 04:50:02 redacted kernel: Oops: 0000 [#629] SMP PTI
>> Dec 12 05:00:01 redacted kernel: Oops: 0000 [#630] SMP PTI
>> Dec 12 05:10:01 redacted kernel: Oops: 0000 [#631] SMP PTI
>> Dec 12 05:20:02 redacted kernel: Oops: 0000 [#632] SMP PTI
>> Dec 12 05:30:01 redacted kernel: Oops: 0000 [#633] SMP PTI
>> Dec 12 05:40:01 redacted kernel: Oops: 0000 [#634] SMP PTI
>> Dec 12 05:50:01 redacted kernel: Oops: 0000 [#635] SMP PTI
>> Dec 12 06:00:01 redacted kernel: Oops: 0000 [#636] SMP PTI
>> Dec 12 06:10:01 redacted kernel: Oops: 0000 [#637] SMP PTI
>> Dec 12 06:20:01 redacted kernel: Oops: 0000 [#638] SMP PTI
>> Dec 12 06:30:01 redacted kernel: Oops: 0000 [#639] SMP PTI
>> Dec 12 06:40:02 redacted kernel: Oops: 0000 [#640] SMP PTI
>> Dec 12 06:50:01 redacted kernel: Oops: 0000 [#641] SMP PTI
>> Dec 12 07:00:01 redacted kernel: Oops: 0000 [#642] SMP PTI
>> Dec 12 07:10:01 redacted kernel: Oops: 0000 [#643] SMP PTI
>> Dec 12 07:20:01 redacted kernel: Oops: 0000 [#644] SMP PTI
>> Dec 12 07:30:01 redacted kernel: Oops: 0000 [#645] SMP PTI
>> Dec 12 07:40:01 redacted kernel: Oops: 0000 [#646] SMP PTI
>> Dec 12 07:50:02 redacted kernel: Oops: 0000 [#647] SMP PTI
>> Dec 12 08:00:01 redacted kernel: Oops: 0000 [#648] SMP PTI
>> Dec 12 08:10:01 redacted kernel: Oops: 0000 [#649] SMP PTI
>> Dec 12 08:20:01 redacted kernel: Oops: 0000 [#650] SMP PTI
>> Dec 12 08:30:01 redacted kernel: Oops: 0000 [#651] SMP PTI
>> Dec 12 08:40:01 redacted kernel: Oops: 0000 [#652] SMP PTI
>> Dec 12 08:50:02 redacted kernel: Oops: 0000 [#653] SMP PTI
>> Dec 12 09:00:01 redacted kernel: Oops: 0000 [#654] SMP PTI
>> Dec 12 09:10:01 redacted kernel: Oops: 0000 [#655] SMP PTI
>> Dec 12 09:20:01 redacted kernel: Oops: 0000 [#656] SMP PTI
>> Dec 12 09:30:01 redacted kernel: Oops: 0000 [#657] SMP PTI
>> Dec 12 09:40:01 redacted kernel: Oops: 0000 [#658] SMP PTI
>> Dec 12 09:50:01 redacted kernel: Oops: 0000 [#659] SMP PTI
>> Dec 12 10:00:01 redacted kernel: Oops: 0000 [#660] SMP PTI
>> Dec 12 10:10:01 redacted kernel: Oops: 0000 [#661] SMP PTI
>> Dec 12 10:20:01 redacted kernel: Oops: 0000 [#662] SMP PTI
>> Dec 12 10:30:01 redacted kernel: Oops: 0000 [#663] SMP PTI
>> Dec 12 10:40:01 redacted kernel: Oops: 0000 [#664] SMP PTI
>> Dec 12 10:50:01 redacted kernel: Oops: 0000 [#665] SMP PTI
>> Dec 12 11:00:01 redacted kernel: Oops: 0000 [#666] SMP PTI
>> Dec 12 11:10:02 redacted kernel: Oops: 0000 [#667] SMP PTI
>> Dec 12 11:11:33 redacted kernel: Oops: 0000 [#668] SMP PTI
>> Dec 12 11:20:01 redacted kernel: Oops: 0000 [#669] SMP PTI
>> Dec 12 11:30:01 redacted kernel: Oops: 0000 [#670] SMP PTI
>> Dec 12 11:40:02 redacted kernel: Oops: 0000 [#671] SMP PTI
>> Dec 12 11:50:01 redacted kernel: Oops: 0000 [#672] SMP PTI
>> Dec 12 12:00:01 redacted kernel: Oops: 0000 [#673] SMP PTI
>> Dec 12 12:10:01 redacted kernel: Oops: 0000 [#674] SMP PTI
>> Dec 12 12:20:01 redacted kernel: Oops: 0000 [#675] SMP PTI
>> Dec 12 12:30:01 redacted kernel: Oops: 0000 [#676] SMP PTI
>>
>>
>>
>>
>> Dec 12 12:30:01 redacted kernel: Oops: 0000 [#676] SMP PTI
>> Dec 12 12:30:01 redacted kernel: CPU: 0 PID: 6607 Comm: sadc Kdump: loaded Tainted: G      D           4.19.5-1.el7.elrepo.x86_64 #1
>> Dec 12 12:30:01 redacted kernel: Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 09/21/2015
>> Dec 12 12:30:01 redacted kernel: RIP: 0010:SMB2_query_info_free+0xc/0x20 [cifs]
>> Dec 12 12:30:01 redacted kernel: Code: c7 c7 b8 5d 55 a0 31 c0 e8 5f 98 bc e0 44 8b 54 24 30 eb d8 66 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 90 55 48 8b 07 48 89 e5 <48> 8b 38 e8 9c 15 fe ff 5d c3 66 2e 0f 1f 84 00 00 00 00 00 66 66
>> Dec 12 12:30:01 redacted kernel: RSP: 0018:ffffc90002123b80 EFLAGS: 00010246
>> Dec 12 12:30:01 redacted kernel: RAX: 0000000000000000 RBX: ffffc90002123d10 RCX: 0000000000000000
>> Dec 12 12:30:01 redacted kernel: RDX: 0000000000000201 RSI: ffff88813ba16948 RDI: ffffc90002123d38
>> Dec 12 12:30:01 redacted kernel: RBP: ffffc90002123b80 R08: 0000000000000000 R09: 00000000000b1424
>> Dec 12 12:30:01 redacted kernel: R10: 0000000000000001 R11: 0000000000aaaaaa R12: ffff88813363c000
>> Dec 12 12:30:01 redacted kernel: R13: ffffc90002123bf0 R14: ffff888132e96400 R15: 0000000000000000
>> Dec 12 12:30:01 redacted kernel: FS:  00007f923fe9c740(0000) GS:ffff88813ba00000(0000) knlGS:0000000000000000
>> Dec 12 12:30:01 redacted kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> Dec 12 12:30:01 redacted kernel: CR2: 0000000000000000 CR3: 0000000071f72004 CR4: 00000000000606f0
>> Dec 12 12:30:01 redacted kernel: Call Trace:
>> Dec 12 12:30:01 redacted kernel: smb2_queryfs+0x13a/0x310 [cifs]
>> Dec 12 12:30:01 redacted kernel: ? lookup_fast+0xcf/0x2e0
>> Dec 12 12:30:01 redacted kernel: ? terminate_walk+0x64/0xd0
>> Dec 12 12:30:01 redacted kernel: cifs_statfs+0xb2/0x2a0 [cifs]
>> Dec 12 12:30:01 redacted kernel: statfs_by_dentry+0xa1/0x120
>> Dec 12 12:30:01 redacted kernel: vfs_statfs+0x1b/0xc0
>> Dec 12 12:30:01 redacted kernel: user_statfs+0x58/0xa0
>> Dec 12 12:30:01 redacted kernel: __do_sys_statfs+0x27/0x60
>> Dec 12 12:30:01 redacted kernel: __x64_sys_statfs+0x16/0x20
>> Dec 12 12:30:01 redacted kernel: do_syscall_64+0x60/0x190
>> Dec 12 12:30:01 redacted kernel: entry_SYSCALL_64_after_hwframe+0x44/0xa9
>> Dec 12 12:30:01 redacted kernel: RIP: 0033:0x7f923f79fa87
>> Dec 12 12:30:01 redacted kernel: Code: 2d 00 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 48 8b 15 fd 73 2d 00 f7 d8 64 89 02 48 83 c8 ff c3 0f 1f 00 b8 89 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d d9 73 2d 00 f7 d8 64 89 01 48
>> Dec 12 12:30:01 redacted kernel: RSP: 002b:00007fff7d231798 EFLAGS: 00000206 ORIG_RAX: 0000000000000089
>> Dec 12 12:30:01 redacted kernel: RAX: ffffffffffffffda RBX: 00007fff7d2319d0 RCX: 00007f923f79fa87
>> Dec 12 12:30:01 redacted kernel: RDX: 000000000000001e RSI: 00007fff7d2317a0 RDI: 00007fff7d2319d0
>> Dec 12 12:30:01 redacted kernel: RBP: 0000000000000001 R08: 00007f923fa78060 R09: 00007f9238eab54c
>> Dec 12 12:30:01 redacted kernel: R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000fc6450
>> Dec 12 12:30:01 redacted kernel: R13: 00007fff7d2318e0 R14: 0000000000000001 R15: 00007fff7d231fb8
>>
>>
>> On Wed, Dec 12, 2018 at 3:23 PM Robin P. Blanchard <robin.blanchard@xxxxxxxxx> wrote:
>>>
>>> I created a crontab entry to auto-renew my krb tickets (kinit -R ) prior to expiration and the Ooops are no longer triggered.
>>>
>>> Given:
>>> renew until 12/18/2018 16:47:07
>>>
>>> presumably my crontab hack will no longer work and the Ooops should again be triggered.
>>>
>>> Anything you can suggest to help suss more useful debugging out of this scenario?
>>>
>>> Thanks,
>>> Robin
>>>
>>> On Tue, Dec 11, 2018 at 10:57 AM Steve French <smfrench@xxxxxxxxx> wrote:
>>>>
>>>> Any additional info on your experiments
>>>>
>>>> On Fri, Nov 30, 2018 at 7:29 AM Robin P. Blanchard
>>>> <robin.blanchard@xxxxxxxxx> wrote:
>>>> >
>>>> > I'm curious if this is perhaps some interplay between cifs and krb5.
>>>> > As mentioned yesterday, I can trigger an Ooops on demand BUT only once
>>>> > an existing (krb5i) mount has (presumably) an expired ticket. IE, once
>>>> > again renewed I _cannot_ trigger the condition on demand. However,
>>>> > left to run over night, I find:
>>>> >
>>>> > [ renewed ticket here ]
>>>> >
>>>> > (~: $) klist
>>>> > Ticket cache: KEYRING:persistent:1235001301:krb_ccache_FWY4gLb
>>>> > Default principal: user@KRB5.DOMAIN
>>>> >
>>>> > Valid starting       Expires              Service principal
>>>> > 11/29/2018 12:53:32  11/29/2018 22:53:32  cifs/server@KRB5.DOMAIN
>>>> >         renew until 12/06/2018 12:53:27
>>>> > 11/29/2018 12:53:32  11/29/2018 22:53:32  cifs/server@
>>>> >         renew until 12/06/2018 12:53:27
>>>> > 11/29/2018 12:53:32  11/29/2018 22:53:32  krbtgt/server@KRB5.DOMAIN
>>>> >         renew until 12/06/2018 12:53:27
>>>> >
>>>> > [ left at its own devices overnight ]
>>>> >
>>>> > (~: $)
>>>> > Message from syslogd@server at Nov 29 22:54:03 ...
>>>> >  kernel:Dumping ftrace buffer:
>>>> >
>>>> > Message from syslogd@server at Nov 29 22:54:03 ...
>>>> >  kernel:   (ftrace buffer empty)
>>>> >
>>>> > (~: $) klist
>>>> > klist: Credentials cache keyring
>>>> > 'persistent:1235001301:krb_ccache_FWY4gLb' not found
>>>> >
>>>> >
>>>> > Just a theory/hunch....
>>>> > On Thu, Nov 29, 2018 at 10:49 AM Robin P. Blanchard
>>>> > <robin.blanchard@xxxxxxxxx> wrote:
>>>> > >
>>>> > > Curiously, when this Oops occurs, snmpd dies. Restarting snmpd enables
>>>> > > me then to trigger the Ooops on demand.
>>>> > > On Thu, Nov 29, 2018 at 10:01 AM Robin P. Blanchard
>>>> > > <robin.blanchard@xxxxxxxxx> wrote:
>>>> > > >
>>>> > > > Still present in 4.19.5
>>>> > > >
>>>> > > > Oops: 0000 [#1] SMP PTI
>>>> > > > CPU: 6 PID: 1523 Comm: snmpd Kdump: loaded Not tainted
>>>> > > > 4.19.5-1.el7.elrepo.x86_64 #1
>>>> > > > Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop
>>>> > > > Reference Platform, BIOS 6.00 09/21/2015
>>>> > > > RIP: 0010:SMB2_query_info_free+0xc/0x20 [cifs]
>>>> > > > Code: c7 c7 b8 bd 63 a0 31 c0 e8 5f 38 ae e0 44 8b 54 24 30 eb d8 66
>>>> > > > 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 8b 07 48 89 e5 <48> 8b
>>>> > > > 38 e8 9c 15 fe ff 5d c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f
>>>> > > > RSP: 0018:ffffc90002aafb80 EFLAGS: 00010246
>>>> > > > RAX: 0000000000000000 RBX: ffffc90002aafd10 RCX: 0000000000000006
>>>> > > > RDX: 0000000000000000 RSI: 0000000000000086 RDI: ffffc90002aafd38
>>>> > > > RBP: ffffc90002aafb80 R08: 0000000000000000 R09: 0000000000005bf1
>>>> > > > R10: 0000000000000007 R11: 0000000000005bf0 R12: ffff888412f2f800
>>>> > > > R13: ffffc90002aafbf0 R14: ffff888428d6b800 R15: 0000000000000000
>>>> > > > FS: 00007f6166975840(0000) GS:ffff88842fb80000(0000) knlGS:0000000000000000
>>>> > > > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>>>> > > > CR2: 0000000000000000 CR3: 0000000412952006 CR4: 00000000001606e0
>>>> > > > Call Trace:
>>>> > > > smb2_queryfs+0x13a/0x310 [cifs]
>>>> > > > ? up+0x32/0x4c
>>>> > > > ? vprintk_emit+0xc3/0x260
>>>> > > > ? vprintk_default+0x29/0x50
>>>> > > > ? vprintk_func+0x44/0xe0
>>>> > > > cifs_statfs+0xb2/0x2a0 [cifs]
>>>> > > > statfs_by_dentry+0xa1/0x120
>>>> > > > vfs_statfs+0x1b/0xc0
>>>> > > > user_statfs+0x58/0xa0
>>>> > > > __do_sys_statfs+0x27/0x60
>>>> > > > __x64_sys_statfs+0x16/0x20
>>>> > > > do_syscall_64+0x60/0x190
>>>> > > > entry_SYSCALL_64_after_hwframe+0x44/0xa9
>>>> > > > RIP: 0033:0x7f61641a6787
>>>> > > > Code: 2d 00 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 48 8b 15 fd 66 2d
>>>> > > > 00 f7 d8 64 89 02 48 83 c8 ff c3 0f 1f 00 b8 89 00 00 00 0f 05 <48> 3d
>>>> > > > 01 f0 ff ff 73 01 c3 48 8b 0d d9 66 2d 00 f7 d8 64 89 01 48
>>>> > > > RSP: 002b:00007ffd380bc6f8 EFLAGS: 00000283 ORIG_RAX: 0000000000000089
>>>> > > > RAX: ffffffffffffffda RBX: 000055ef7125bb80 RCX: 00007f61641a6787
>>>> > > > RDX: 00007f6165e12720 RSI: 00007ffd380bc710 RDI: 000055ef7125bb90
>>>> > > > RBP: 000055ef7125bb90 R08: 000000000000006f R09: 0000000000000072
>>>> > > > R10: 000000000000010c R11: 0000000000000283 R12: 000055ef71259980
>>>> > > > R13: 0000000000000005 R14: 000055ef7125bf91 R15: 00007f6164480580
>>>> > > > Modules linked in: sha512_ssse3 sha512_generic cmac nls_utf8 cifs ccm
>>>> > > > dns_resolver nfsv3 nfs_acl nfs lockd grace fscache binfmt_misc
>>>> > > > ip6t_rpfilter ipt_REJECT nf_reject_ipv4 ip6t_REJECT nf_reject_ipv6
>>>> > > > xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute ip6table_nat
>>>> > > > nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw iptable_nat
>>>> > > > nf_nat_ipv4 nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4
>>>> > > > libcrc32c iptable_mangle iptable_security iptable_raw ebtable_filter
>>>> > > > ebtables ip6table_filter ip6_tables iptable_filter
>>>> > > > vmw_vsock_vmci_transport vsock sb_edac crct10dif_pclmul crc32_pclmul
>>>> > > > ghash_clmulni_intel pcbc aesni_intel crypto_simd cryptd glue_helper
>>>> > > > intel_rapl_perf vmw_balloon pcspkr joydev input_leds sg vmw_vmci
>>>> > > > i2c_piix4 tcp_bbr sch_fq auth_rpcgss sunrpc ip_tables ext4 mbcache
>>>> > > > jbd2
>>>> > > > On Wed, Nov 28, 2018 at 4:15 PM Steve French <smfrench@xxxxxxxxx> wrote:
>>>> > > > >
>>>> > > > > So this does not occur in 4.18 and 4.20 but does in 4.19 - I thought
>>>> > > > > Ronnie had identified it
>>>> > > > > On Wed, Nov 28, 2018 at 7:59 AM Robin P. Blanchard
>>>> > > > > <robin.blanchard@xxxxxxxxx> wrote:
>>>> > > > > >
>>>> > > > > > I receive a similar OOPS on 4.19.2 (have updated to 4.19.5 and will
>>>> > > > > > continue to monitor):
>>>> > > > > >
>>>> > > > > > Oops: 0000 [#2] SMP PTI
>>>> > > > > > CPU: 3 PID: 15929 Comm: python Kdump: loaded Tainted: G D
>>>> > > > > > 4.19.2-1.el7.elrepo.x86_64 #1
>>>> > > > > > Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop
>>>> > > > > > Reference Platform, BIOS 6.00 09/21/2015
>>>> > > > > > RIP: 0010:SMB2_query_info_free+0xc/0x20 [cifs]
>>>> > > > > > Code: c7 c7 b8 6d 63 a0 31 c0 e8 5f 88 ae e0 44 8b 54 24 30 eb d8 66
>>>> > > > > > 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 8b 07 48 89 e5 <48> 8b
>>>> > > > > > 38 e8 ac 15 fe ff 5d c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f
>>>> > > > > > RSP: 0018:ffffc90001f43b80 EFLAGS: 00010246
>>>> > > > > > RAX: 0000000000000000 RBX: ffffc90001f43d10 RCX: 0000000000000006
>>>> > > > > > RDX: 0000000000000000 RSI: 0000000000000086 RDI: ffffc90001f43d38
>>>> > > > > > RBP: ffffc90001f43b80 R08: 0000000000000000 R09: 00000000003b5f65
>>>> > > > > > R10: 0000000000000001 R11: 0000000000aaaaaa R12: ffff880424dd5800
>>>> > > > > > R13: ffffc90001f43bf0 R14: ffff880169abdc00 R15: 0000000000000000
>>>> > > > > > FS: 00007f56e1f36740(0000) GS:ffff88042fac0000(0000) knlGS:0000000000000000
>>>> > > > > > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>>>> > > > > > CR2: 0000000000000000 CR3: 0000000036402006 CR4: 00000000001606e0
>>>> > > > > > Call Trace:
>>>> > > > > > smb2_queryfs+0x13a/0x310 [cifs]
>>>> > > > > > ? up+0x32/0x4c
>>>> > > > > > ? vprintk_emit+0xc3/0x260
>>>> > > > > > ? vprintk_default+0x29/0x50
>>>> > > > > > ? vprintk_func+0x44/0xe0
>>>> > > > > > cifs_statfs+0xb2/0x2a0 [cifs]
>>>> > > > > > statfs_by_dentry+0xa1/0x120
>>>> > > > > > vfs_statfs+0x1b/0xc0
>>>> > > > > > user_statfs+0x58/0xa0
>>>> > > > > > __do_sys_statfs+0x27/0x60
>>>> > > > > > __x64_sys_statfs+0x16/0x20
>>>> > > > > > do_syscall_64+0x60/0x190
>>>> > > > > > entry_SYSCALL_64_after_hwframe+0x44/0xa9
>>>> > > > > > RIP: 0033:0x7f56e0d59787
>>>> > > > > > Code: 2d 00 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 48 8b 15 fd 66 2d
>>>> > > > > > 00 f7 d8 64 89 02 48 83 c8 ff c3 0f 1f 00 b8 89 00 00 00 0f 05 <48> 3d
>>>> > > > > > 01 f0 ff ff 73 01 c3 48 8b 0d d9 66 2d 00 f7 d8 64 89 01 48
>>>> > > > > > RSP: 002b:00007ffc18f00108 EFLAGS: 00000202 ORIG_RAX: 0000000000000089
>>>> > > > > > RAX: ffffffffffffffda RBX: 00007f56da1423b4 RCX: 00007f56e0d59787
>>>> > > > > > RDX: 00007f56e1d22068 RSI: 00007ffc18f00110 RDI: 00007f56da1423b4
>>>> > > > > > RBP: 00007f56e1e000d0 R08: 00007f56da1423b4 R09: 00007ffc18f00020
>>>> > > > > > R10: 0000000000000000 R11: 0000000000000202 R12: 00007f56e1ef4240
>>>> > > > > > R13: 00007ffc18f00280 R14: 00007f56da13d410 R15: 00007f56e1ef55f0
>>>> > > > > > Modules linked in: sha512_ssse3 sha512_generic cmac nls_utf8 cifs ccm
>>>> > > > > > dns_resolver nfsv3 nfs_acl nfs lockd grace fscache binfmt_misc
>>>> > > > > > ip6t_rpfilter ipt_REJECT nf_reject_ipv4 ip6t_REJECT nf_reject_ipv6
>>>> > > > > > xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute ip6table_nat
>>>> > > > > > nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw iptable_nat
>>>> > > > > > nf_nat_ipv4 nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4
>>>> > > > > > libcrc32c iptable_mangle iptable_security iptable_raw ebtable_filter
>>>> > > > > > ebtables  ip6table_filter ip6_tables iptable_filter
>>>> > > > > > vmw_vsock_vmci_transport vsock sb_edac crct10dif_pclmul crc32_pclmul
>>>> > > > > > ghash_clmulni_intel pcbc aesni_intel crypto_simd cryptd glue_helper
>>>> > > > > > intel_rapl_perf vmw_balloon joydev input_leds pcspkr vmw_vmci sg
>>>> > > > > > i2c_piix4 auth_rpcgss sunrpc tcp_bbr sch_fq ip_tables ext4 mbcache
>>>> > > > > > jbd2
>>>> > > > > > sr_mod cdrom ata_generic pata_acpi sd_mod crc32c_intel vmwgfx
>>>> > > > > > serio_raw drm_kms_helper syscopyarea sysfillrect vmxnet3 sysimgblt
>>>> > > > > > fb_sys_fops ttm ata_piix drm vmw_pvscsi libata dm_mirror
>>>> > > > > > dm_region_hash dm_log dm_mod
>>>> > > > > > Dumping ftrace buffer:
>>>> > > > > > (ftrace buffer empty)
>>>> > > > > > CR2: 0000000000000000
>>>> > > > > > ---[ end trace 796e5580f5f00736 ]---
>>>> > > > > > RIP: 0010:SMB2_query_info_free+0xc/0x20 [cifs]
>>>> > > > > > Code: c7 c7 b8 6d 63 a0 31 c0 e8 5f 88 ae e0 44 8b 54 24 30 eb d8 66
>>>> > > > > > 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 8b 07 48 89 e5 <48> 8b
>>>> > > > > > 38 e8 ac 15 fe ff 5d c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f
>>>> > > > > > RSP: 0018:ffffc90002b13b80 EFLAGS: 00010246
>>>> > > > > > RAX: 0000000000000000 RBX: ffffc90002b13d10 RCX: 0000000000000006
>>>> > > > > > RDX: 0000000000000000 RSI: 0000000000000086 RDI: ffffc90002b13d38
>>>> > > > > > RBP: ffffc90002b13b80 R08: 0000000000000000 R09: 00000000000056a6
>>>> > > > > > R10: 0000000000000007 R11: 00000000000056a5 R12: ffff880424dd5800
>>>> > > > > > R13: ffffc90002b13bf0 R14: ffff880169abdc00 R15: 0000000000000000
>>>> > > > > > FS: 00007f56e1f36740(0000) GS:ffff88042fac0000(0000) knlGS:0000000000000000
>>>> > > > > > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>>>> > > > > > CR2: 0000000000000000 CR3: 0000000036402006 CR4: 00000000001606e0
>>>> > > > > > On Sat, Nov 24, 2018 at 3:02 AM Sasha Levin <sashal@xxxxxxxxxx> wrote:
>>>> > > > > > >
>>>> > > > > > > On Fri, Nov 23, 2018 at 05:21:09PM -0600, Steve French wrote:
>>>> > > > > > > >---------- Forwarded message ---------
>>>> > > > > > > >From: Sasha Levin <sashal@xxxxxxxxxx>
>>>> > > > > > > >Date: Fri, Nov 23, 2018 at 1:43 PM
>>>> > > > > > > >Subject: Re: NULL pointer dereference in smb2_queryfs with v4.19.2
>>>> > > > > > > >To: Steve French <smfrench@xxxxxxxxx>
>>>> > > > > > > >Cc: <stijn@xxxxxxxxxxxxx>, Stable <stable@xxxxxxxxxxxxxxx>, CIFS
>>>> > > > > > > ><linux-cifs@xxxxxxxxxxxxxxx>, samba-technical
>>>> > > > > > > ><samba-technical@xxxxxxxxxxxxxxx>
>>>> > > > > > > >
>>>> > > > > > > >
>>>> > > > > > > >On Tue, Nov 20, 2018 at 02:16:15PM -0600, Steve French wrote:
>>>> > > > > > > >>At first glance it looks like it is missing from the 4.19 stable tree
>>>> > > > > > > >>On Tue, Nov 20, 2018 at 2:14 PM Steve French <smfrench@xxxxxxxxx> wrote:
>>>> > > > > > > >>>
>>>> > > > > > > >>> Do you know if you are running with this patch (which was marked for stable)
>>>> > > > > > > >
>>>> > > > > > > >
>>>> > > > > > > >> This commit depends on ba8ca116854 ("cifs: create helpers for
>>>> > > > > > > >>SMB2_set_info_init/free()") which is not marked for stable and is not
>>>> > > > > > > >>trivial.
>>>> > > > > > > >>
>>>> > > > > > > >> If anyone wants to send a backport I'd be happy to queue this patch up.
>>>> > > > > > > >
>>>> > > > > > > >That should not be needed.
>>>> > > > > > > >The dependency you mention - "create helpers for
>>>> > > > > > > >SMB2_set_info_init/free..." is already in 4.19 and is the patch which
>>>> > > > > > > >the stable patch requested ("allow calling SMB2_xxx_free...") fixes.
>>>> > > > > > >
>>>> > > > > > > Hm, it's not in 4.19 - it was merged during the 4.20 merge window.
>>>> > > > > > >
>>>> > > > > > > --
>>>> > > > > > > Thanks,
>>>> > > > > > > Sasha
>>>> > > > >
>>>> > > > >
>>>> > > > >
>>>> > > > > --
>>>> > > > > Thanks,
>>>> > > > >
>>>> > > > > Steve
>>>>
>>>>
>>>>
>>>> --
>>>> Thanks,
>>>>
>>>> Steve
[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux