field-spanning write warning

Steve French <smfrench@xxxxxxxxx> · Sat, 10 Aug 2024 11:43:44 -0500

Running xfstests against ksmbd on kernel 6.11-rc2, I noticed the
following errors logged in the server's dmesg log. It was likely
fairly early in the test run (before the client got to test
generic/100 e.g.) Any ideas on the bug?

[Sat Aug 10 15:15:24 2024] ------------[ cut here ]------------
[Sat Aug 10 15:15:24 2024] memcpy: detected field-spanning write (size
137) of single field "(char *)&rsp->hdr.ProtocolId + sz" at
fs/smb/server/smb2pdu.c:1373 (size 0)
[Sat Aug 10 15:15:24 2024] WARNING: CPU: 3 PID: 82 at
fs/smb/server/smb2pdu.c:1373 ntlm_negotiate+0x1bf/0x1e0 [ksmbd]
[Sat Aug 10 15:15:24 2024] Modules linked in: nls_utf8 ksmbd
crc32_generic rdma_cm iw_cm ib_cm cifs_arc4 nls_ucs2_utils cfg80211
binfmt_misc xfs nls_iso8859_1 intel_rapl_msr intel_rapl_common
intel_uncore_frequency_common isst_if_common xt_conntrack nf_conntrack
nf_defrag_ipv6 nf_defrag_ipv4 xt_owner xt_tcpudp nft_compat nf_tables
skx_edac_common nfit nfnetlink rapl i2c_piix4 i2c_smbus hv_balloon
vmgenid input_leds joydev mac_hid serio_raw dm_multipath msr
efi_pstore dmi_sysfs ip_tables x_tables autofs4 btrfs blake2b_generic
raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor
async_tx xor raid6_pq libcrc32c raid1 raid0 mlx5_ib ib_uverbs macsec
ib_core mlx5_core mlxfw psample tls pci_hyperv pci_hyperv_intf
hid_generic crct10dif_pclmul hv_storvsc hyperv_drm crc32_pclmul
hid_hyperv hv_netvsc hid scsi_transport_fc hv_utils hyperv_keyboard
polyval_clmulni polyval_generic hyperv_fb ghash_clmulni_intel
sha256_ssse3 sha1_ssse3 pata_acpi psmouse hv_vmbus floppy aesni_intel
crypto_simd cryptd
[Sat Aug 10 15:15:24 2024] CPU: 3 UID: 0 PID: 82 Comm: kworker/3:1 Not
tainted 6.11.0-061100rc2-generic #202408042216
[Sat Aug 10 15:15:24 2024] Hardware name: Microsoft Corporation
Virtual Machine/Virtual Machine, BIOS 090008  12/07/2018
[Sat Aug 10 15:15:24 2024] Workqueue: ksmbd-io handle_ksmbd_work [ksmbd]
[Sat Aug 10 15:15:24 2024] RIP: 0010:ntlm_negotiate+0x1bf/0x1e0 [ksmbd]
[Sat Aug 10 15:15:24 2024] Code: 00 3c 01 0f 87 9e 48 01 00 a8 01 75
b8 48 c7 c2 88 05 45 c1 4c 89 fe 48 c7 c7 d8 05 45 c1 c6 05 aa cd 01
00 01 e8 e1 d1 ee f8 <0f> 0b eb 97 41 bd f4 ff ff ff e9 df fe ff ff e8
7d 6c 08 fa 66 66
[Sat Aug 10 15:15:24 2024] RSP: 0018:ffff9b80802f7cf0 EFLAGS: 00010246
[Sat Aug 10 15:15:24 2024] RAX: 0000000000000000 RBX: ffff8ae7ce4a8004
RCX: 0000000000000000
[Sat Aug 10 15:15:24 2024] RDX: 0000000000000000 RSI: 0000000000000000
RDI: 0000000000000000
[Sat Aug 10 15:15:24 2024] RBP: ffff9b80802f7d40 R08: 0000000000000000
R09: 0000000000000000
[Sat Aug 10 15:15:24 2024] R10: 0000000000000000 R11: 0000000000000000
R12: ffff8ae7ce4a804c
[Sat Aug 10 15:15:24 2024] R13: 0000000000000000 R14: ffff8ae7cc2eb380
R15: 0000000000000089
[Sat Aug 10 15:15:24 2024] FS:  0000000000000000(0000)
GS:ffff8aee63b80000(0000) knlGS:0000000000000000
[Sat Aug 10 15:15:24 2024] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[Sat Aug 10 15:15:24 2024] CR2: 000070d3373f7a78 CR3: 00000001070cc004
CR4: 00000000003706f0
[Sat Aug 10 15:15:24 2024] DR0: 0000000000000000 DR1: 0000000000000000
DR2: 0000000000000000
[Sat Aug 10 15:15:24 2024] DR3: 0000000000000000 DR6: 00000000fffe0ff0
DR7: 0000000000000400
[Sat Aug 10 15:15:24 2024] Call Trace:
[Sat Aug 10 15:15:24 2024]  <TASK>
[Sat Aug 10 15:15:24 2024]  ? show_trace_log_lvl+0x1be/0x310
[Sat Aug 10 15:15:24 2024]  ? show_trace_log_lvl+0x1be/0x310
[Sat Aug 10 15:15:24 2024]  ? smb2_sess_setup+0x936/0xa00 [ksmbd]
[Sat Aug 10 15:15:24 2024]  ? show_regs.part.0+0x22/0x30
[Sat Aug 10 15:15:24 2024]  ? show_regs.cold+0x8/0x10
[Sat Aug 10 15:15:24 2024]  ? ntlm_negotiate+0x1bf/0x1e0 [ksmbd]
[Sat Aug 10 15:15:24 2024]  ? __warn.cold+0xa7/0x101
[Sat Aug 10 15:15:24 2024]  ? ntlm_negotiate+0x1bf/0x1e0 [ksmbd]
[Sat Aug 10 15:15:24 2024]  ? report_bug+0x114/0x160
[Sat Aug 10 15:15:24 2024]  ? handle_bug+0x51/0xa0
[Sat Aug 10 15:15:24 2024]  ? exc_invalid_op+0x18/0x80
[Sat Aug 10 15:15:24 2024]  ? asm_exc_invalid_op+0x1b/0x20
[Sat Aug 10 15:15:24 2024]  ? ntlm_negotiate+0x1bf/0x1e0 [ksmbd]
[Sat Aug 10 15:15:24 2024]  ? ksmbd_release_crypto_ctx+0xa4/0xd0 [ksmbd]
[Sat Aug 10 15:15:24 2024]  smb2_sess_setup+0x936/0xa00 [ksmbd]
[Sat Aug 10 15:15:24 2024]  __process_request+0xa8/0x1c0 [ksmbd]
[Sat Aug 10 15:15:24 2024]  __handle_ksmbd_work+0x1ce/0x2e0 [ksmbd]
[Sat Aug 10 15:15:24 2024]  handle_ksmbd_work+0x2d/0xa0 [ksmbd]
[Sat Aug 10 15:15:24 2024]  process_one_work+0x177/0x350
[Sat Aug 10 15:15:24 2024]  worker_thread+0x31a/0x450
[Sat Aug 10 15:15:24 2024]  ? _raw_spin_unlock_irqrestore+0x11/0x60
[Sat Aug 10 15:15:24 2024]  ? __pfx_worker_thread+0x10/0x10
[Sat Aug 10 15:15:24 2024]  kthread+0xe4/0x110
[Sat Aug 10 15:15:24 2024]  ? __pfx_kthread+0x10/0x10
[Sat Aug 10 15:15:24 2024]  ret_from_fork+0x47/0x70
[Sat Aug 10 15:15:24 2024]  ? __pfx_kthread+0x10/0x10
[Sat Aug 10 15:15:24 2024]  ret_from_fork_asm+0x1a/0x30
[Sat Aug 10 15:15:24 2024]  </TASK>
[Sat Aug 10 15:15:24 2024] ---[ end trace 0000000000000000 ]---
[Sat Aug 10 15:15:24 2024] ------------[ cut here ]------------
[Sat Aug 10 15:15:24 2024] memcpy: detected field-spanning write (size
9) of single field "(char *)&rsp->hdr.ProtocolId + sz" at
fs/smb/server/smb2pdu.c:1456 (size 0)
[Sat Aug 10 15:15:24 2024] WARNING: CPU: 3 PID: 82 at
fs/smb/server/smb2pdu.c:1456 ntlm_authenticate.isra.0+0x4cd/0x540
[ksmbd]
[Sat Aug 10 15:15:24 2024] Modules linked in: nls_utf8 ksmbd
crc32_generic rdma_cm iw_cm ib_cm cifs_arc4 nls_ucs2_utils cfg80211
binfmt_misc xfs nls_iso8859_1 intel_rapl_msr intel_rapl_common
intel_uncore_frequency_common isst_if_common xt_conntrack nf_conntrack
nf_defrag_ipv6 nf_defrag_ipv4 xt_owner xt_tcpudp nft_compat nf_tables
skx_edac_common nfit nfnetlink rapl i2c_piix4 i2c_smbus hv_balloon
vmgenid input_leds joydev mac_hid serio_raw dm_multipath msr
efi_pstore dmi_sysfs ip_tables x_tables autofs4 btrfs blake2b_generic
raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor
async_tx xor raid6_pq libcrc32c raid1 raid0 mlx5_ib ib_uverbs macsec
ib_core mlx5_core mlxfw psample tls pci_hyperv pci_hyperv_intf
hid_generic crct10dif_pclmul hv_storvsc hyperv_drm crc32_pclmul
hid_hyperv hv_netvsc hid scsi_transport_fc hv_utils hyperv_keyboard
polyval_clmulni polyval_generic hyperv_fb ghash_clmulni_intel
sha256_ssse3 sha1_ssse3 pata_acpi psmouse hv_vmbus floppy aesni_intel
crypto_simd cryptd
[Sat Aug 10 15:15:24 2024] CPU: 3 UID: 0 PID: 82 Comm: kworker/3:1
Tainted: G        W          6.11.0-061100rc2-generic #202408042216
[Sat Aug 10 15:15:24 2024] Tainted: [W]=WARN
[Sat Aug 10 15:15:24 2024] Hardware name: Microsoft Corporation
Virtual Machine/Virtual Machine, BIOS 090008  12/07/2018
[Sat Aug 10 15:15:24 2024] Workqueue: ksmbd-io handle_ksmbd_work [ksmbd]
[Sat Aug 10 15:15:24 2024] RIP:
0010:ntlm_authenticate.isra.0+0x4cd/0x540 [ksmbd]
[Sat Aug 10 15:15:24 2024] Code: e9 44 fc ff ff 48 c7 c2 c8 09 45 c1
4c 89 c6 48 c7 c7 d8 05 45 c1 48 89 45 b0 4c 89 45 b8 c6 05 4b a8 01
00 01 e8 83 ac ee f8 <0f> 0b 44 0f b7 7d c6 48 8b 45 b0 4c 8b 45 b8 e9
b5 fb ff ff 49 8b
[Sat Aug 10 15:15:24 2024] RSP: 0018:ffff9b80802f7ce8 EFLAGS: 00010246
[Sat Aug 10 15:15:24 2024] RAX: 0000000000000000 RBX: ffff8ae7cc4bbc00
RCX: 0000000000000000
[Sat Aug 10 15:15:24 2024] RDX: 0000000000000000 RSI: 0000000000000000
RDI: 0000000000000000
[Sat Aug 10 15:15:24 2024] RBP: ffff9b80802f7d40 R08: 0000000000000000
R09: 0000000000000000
[Sat Aug 10 15:15:24 2024] R10: 0000000000000000 R11: 0000000000000000
R12: ffff8ae7ce49b800
[Sat Aug 10 15:15:24 2024] R13: ffff8ae7ce4a8004 R14: ffff8ae7ce4abc04
R15: 0000000000000000
[Sat Aug 10 15:15:24 2024] FS:  0000000000000000(0000)
GS:ffff8aee63b80000(0000) knlGS:0000000000000000
[Sat Aug 10 15:15:24 2024] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[Sat Aug 10 15:15:24 2024] CR2: 000070d3373f7a78 CR3: 00000001070cc004
CR4: 00000000003706f0
[Sat Aug 10 15:15:24 2024] DR0: 0000000000000000 DR1: 0000000000000000
DR2: 0000000000000000
[Sat Aug 10 15:15:24 2024] DR3: 0000000000000000 DR6: 00000000fffe0ff0
DR7: 0000000000000400
[Sat Aug 10 15:15:24 2024] Call Trace:
[Sat Aug 10 15:15:24 2024]  <TASK>
[Sat Aug 10 15:15:24 2024]  ? show_trace_log_lvl+0x1be/0x310
[Sat Aug 10 15:15:24 2024]  ? show_trace_log_lvl+0x1be/0x310
[Sat Aug 10 15:15:24 2024]  ? smb2_sess_setup+0x88c/0xa00 [ksmbd]
[Sat Aug 10 15:15:24 2024]  ? show_regs.part.0+0x22/0x30
[Sat Aug 10 15:15:24 2024]  ? show_regs.cold+0x8/0x10
[Sat Aug 10 15:15:24 2024]  ? ntlm_authenticate.isra.0+0x4cd/0x540 [ksmbd]
[Sat Aug 10 15:15:24 2024]  ? __warn.cold+0xa7/0x101
[Sat Aug 10 15:15:24 2024]  ? ntlm_authenticate.isra.0+0x4cd/0x540 [ksmbd]
[Sat Aug 10 15:15:24 2024]  ? report_bug+0x114/0x160
[Sat Aug 10 15:15:24 2024]  ? handle_bug+0x51/0xa0
[Sat Aug 10 15:15:24 2024]  ? exc_invalid_op+0x18/0x80
[Sat Aug 10 15:15:24 2024]  ? asm_exc_invalid_op+0x1b/0x20
[Sat Aug 10 15:15:24 2024]  ? ntlm_authenticate.isra.0+0x4cd/0x540 [ksmbd]
[Sat Aug 10 15:15:24 2024]  ? ntlm_authenticate.isra.0+0x4cd/0x540 [ksmbd]
[Sat Aug 10 15:15:24 2024]  smb2_sess_setup+0x88c/0xa00 [ksmbd]
[Sat Aug 10 15:15:24 2024]  __process_request+0xa8/0x1c0 [ksmbd]
[Sat Aug 10 15:15:24 2024]  __handle_ksmbd_work+0x1ce/0x2e0 [ksmbd]
[Sat Aug 10 15:15:24 2024]  handle_ksmbd_work+0x2d/0xa0 [ksmbd]
[Sat Aug 10 15:15:24 2024]  process_one_work+0x177/0x350
[Sat Aug 10 15:15:24 2024]  worker_thread+0x31a/0x450
[Sat Aug 10 15:15:24 2024]  ? _raw_spin_unlock_irqrestore+0x11/0x60
[Sat Aug 10 15:15:24 2024]  ? __pfx_worker_thread+0x10/0x10
[Sat Aug 10 15:15:24 2024]  kthread+0xe4/0x110
[Sat Aug 10 15:15:24 2024]  ? __pfx_kthread+0x10/0x10
[Sat Aug 10 15:15:24 2024]  ret_from_fork+0x47/0x70
[Sat Aug 10 15:15:24 2024]  ? __pfx_kthread+0x10/0x10
[Sat Aug 10 15:15:24 2024]  ret_from_fork_asm+0x1a/0x30
[Sat Aug 10 15:15:24 2024]  </TASK>
[Sat Aug 10 15:15:24 2024] ---[ end trace 0000000000000000 ]---
[Sat Aug 10 16:39:21 2024] workqueue: handle_ksmbd_work [ksmbd] hogged
CPU for >10000us 4 times, consider switching to WQ_UNBOUND
[Sat Aug 10 16:39:21 2024] workqueue: handle_ksmbd_work [ksmbd] hogged
CPU for >10000us 5 times, consider switching to WQ_UNBOUND
[Sat Aug 10 16:39:22 2024] workqueue: handle_ksmbd_work [ksmbd] hogged
CPU for >10000us 7 times, consider switching to WQ_UNBOUND
[Sat Aug 10 16:39:41 2024] workqueue: xfs_inodegc_worker [xfs] hogged
CPU for >10000us 4 times, consider switching to WQ_UNBOUND
[Sat Aug 10 16:39:47 2024] workqueue: xfs_inodegc_worker [xfs] hogged
CPU for >10000us 5 times, consider switching to WQ_UNBOUN

-- 
Thanks,

Steve