Hi Greg, hi Stefano, seems adding "cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting" (commit 748144f) [1] created a regression within linux v4.14 kernel series. Writing to a mounted cifs either freezes on writing or crashes the PC. A more detailed explanation you may find in our forums [2]. Reverting the patch, seems to "fix" it. Thoughts? Best, Philip ---------------------- Manjaro Project Lead --- [1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/fs/cifs?h=linux-4.14.y&id=748144f35514aef14c4fdef5bcaa0db99cb9367a [2] https://forum.manjaro.org/t/53250 --- FSTAB entries: //192.168.0.100/TRANSFER /mnt/TRANSFER cifs noperm,x-systemd.automount,iocharset=utf8,file_mode=0775,dir_mode=0775,user=xxx,pass=yyy,_netdev,noacl 0 0 //192.168.0.100/MEDIA /mnt/MEDIA cifs noperm,x-systemd.automount,iocharset=utf8,file_mode=0775,dir_mode=0775,user=xxx,pass=yyy,_netdev,noacl 0 0 Message log: [ 19.785788] No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount. [ 20.652361] CIFS VFS: ioctl error in smb2_get_dfs_refer rc=-2 [ 20.814693] No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount. [ 20.992157] CIFS VFS: ioctl error in smb2_get_dfs_refer rc=-2 [ 212.648892] cache_from_obj: Wrong slab cache. cifs_request but object is from xfrm_dst_cache [ 212.648951] ------------[ cut here ]------------ [ 212.648978] WARNING: CPU: 1 PID: 1379 at mm/slab.h:377 kmem_cache_free+0x14d/0x200 [ 212.648985] Modules linked in: md4 nls_utf8 cifs ccm dns_resolver fscache cmac rfcomm fuse snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic snd_soc_skl snd_soc_skl_ipc snd_soc_sst_ipc snd_soc_sst_dsp snd_hda_ext_core snd_soc_sst_match snd_soc_core bnep snd_compress snd_pcm_dmaengine ac97_bus vmnet(O) intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp arc4 kvm_intel i915 iTCO_wdt iTCO_vendor_support kvm iwlmvm ext4 mac80211 crc32c_generic mbcache jbd2 fscrypto irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc wmi_bmof i2c_algo_bit snd_hda_intel drm_kms_helper iwlwifi uvcvideo snd_hda_codec aesni_intel snd_hda_core videobuf2_vmalloc aes_x86_64 videobuf2_memops crypto_simd glue_helper btusb cryptd btrtl videobuf2_v4l2 btbcm intel_cstate videobuf2_core snd_hwdep intel_rapl_perf [ 212.649203] btintel drm e1000e cfg80211 bluetooth snd_pcm videodev psmouse media snd_timer pcspkr ptp pps_core thinkpad_acpi i2c_i801 evdev joydev mousedev input_leds mac_hid rtsx_pci_ms ecdh_generic crc16 memstick intel_gtt nvram agpgart snd shpchp soundcore mei_me syscopyarea rfkill sysfillrect sysimgblt mei fb_sys_fops intel_pch_thermal thermal led_class wmi battery ac video acpi_pad button sch_fq_codel vmmon(O) vmw_vmci uinput crypto_user ip_tables x_tables btrfs xor zstd_decompress zstd_compress xxhash hid_logitech_hidpp raid6_pq hid_logitech_dj usbhid hid sd_mod rtsx_pci_sdmmc mmc_core serio_raw atkbd libps2 ahci libahci xhci_pci libata xhci_hcd rtsx_pci usbcore scsi_mod usb_common i8042 serio crc32c_intel [ 212.649453] CPU: 1 PID: 1379 Comm: pool Tainted: G O 4.14.57-1-MANJARO #1 [ 212.649457] Hardware name: LENOVO 20J4000LGE/20J4000LGE, BIOS R0GET60W (1.60 ) 12/15/2017 [ 212.649465] task: ffff88a7197f8f00 task.stack: ffffb1dac2184000 [ 212.649481] RIP: 0010:kmem_cache_free+0x14d/0x200 [ 212.649488] RSP: 0018:ffffb1dac2187c90 EFLAGS: 00010246 [ 212.649497] RAX: 0000000000000050 RBX: ffff88a75ba90000 RCX: 0000000000000000 [ 212.649503] RDX: 0000000000000000 RSI: ffff88a77f4965d8 RDI: ffff88a77f4965d8 [ 212.649509] RBP: ffff88a73962f380 R08: ffffffff8d474920 R09: 000000000000035c [ 212.649515] R10: 0000000000000004 R11: ffffffff8e56a36d R12: ffff88a75812c000 [ 212.649521] R13: ffff88a77489b600 R14: ffffb1dac2187d78 R15: 0000000000000000 [ 212.649531] FS: 00007f253ccc3700(0000) GS:ffff88a77f480000(0000) knlGS:0000000000000000 [ 212.649538] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 212.649545] CR2: 00007f386b887810 CR3: 0000000211452003 CR4: 00000000003606e0 [ 212.649549] Call Trace: [ 212.649657] cifs_buf_release.part.6+0x11/0x20 [cifs] [ 212.649763] send_set_info+0x1ac/0x210 [cifs] [ 212.649878] SMB2_rmdir+0x5d/0x80 [cifs] [ 212.649977] smb2_open_op_close+0x1bd/0x220 [cifs] [ 212.649992] ? __kmalloc+0x19e/0x220 [ 212.650080] ? build_path_from_dentry_optional_prefix+0x1c1/0x400 [cifs] [ 212.650176] smb2_rmdir+0x25/0x30 [cifs] [ 212.650271] cifs_rmdir+0xb8/0x290 [cifs] [ 212.650287] vfs_rmdir+0xd1/0x140 [ 212.650300] do_rmdir+0x17d/0x1e0 [ 212.650318] do_syscall_64+0x67/0x100 [ 212.650332] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 212.650342] RIP: 0033:0x7f2558e5f647 [ 212.650348] RSP: 002b:00007f253ccc2b38 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 212.650359] RAX: ffffffffffffffda RBX: 00007f253801f500 RCX: 00007f2558e5f647 [ 212.650364] RDX: 00007f253ccc2b90 RSI: 0000563e90e93d40 RDI: 00007f253801f500 [ 212.650369] RBP: 0000563e90ab08c0 R08: 0000563e908c3468 R09: 0000563e908c3470 [ 212.650375] R10: 0000563e908df8c8 R11: 0000000000000246 R12: 00007f253ccc2b90 [ 212.650380] R13: 00007f253ccc2c20 R14: 00007f253ccc2b90 R15: 0000563e8ead215b [ 212.650389] Code: fe ff ff 48 3b a8 d8 00 00 00 0f 84 83 00 00 00 48 8b 48 60 48 8b 55 60 48 c7 c6 20 44 c3 8d 48 c7 c7 00 48 e1 8d e8 8e 44 ed ff <0f> 0b e9 ca fe ff ff 65 8b 05 6d 51 e0 72 89 c0 48 0f a3 05 8b [ 212.650572] —[ end trace 05a8377b2d80ea1c ]— [ 212.680246] cache_from_obj: Wrong slab cache. cifs_request but object is from xfrm_dst_cache [ 212.725303] cache_from_obj: Wrong slab cache. cifs_request but object is from xfrm_dst_cache [ 212.740595] general protection fault: 0000 [#1] PREEMPT SMP PTI [ 212.740602] Modules linked in: md4 nls_utf8 cifs ccm dns_resolver fscache cmac rfcomm fuse snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic snd_soc_skl snd_soc_skl_ipc snd_soc_sst_ipc snd_soc_sst_dsp snd_hda_ext_core snd_soc_sst_match snd_soc_core bnep snd_compress snd_pcm_dmaengine ac97_bus vmnet(O) intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp arc4 kvm_intel i915 iTCO_wdt iTCO_vendor_support kvm iwlmvm ext4 mac80211 crc32c_generic mbcache jbd2 fscrypto irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc wmi_bmof i2c_algo_bit snd_hda_intel drm_kms_helper iwlwifi uvcvideo snd_hda_codec aesni_intel snd_hda_core videobuf2_vmalloc aes_x86_64 videobuf2_memops crypto_simd glue_helper btusb cryptd btrtl videobuf2_v4l2 btbcm intel_cstate videobuf2_core snd_hwdep intel_rapl_perf [ 212.740687] btintel drm e1000e cfg80211 bluetooth snd_pcm videodev psmouse media snd_timer pcspkr ptp pps_core thinkpad_acpi i2c_i801 evdev joydev mousedev input_leds mac_hid rtsx_pci_ms ecdh_generic crc16 memstick intel_gtt nvram agpgart snd shpchp soundcore mei_me syscopyarea rfkill sysfillrect sysimgblt mei fb_sys_fops intel_pch_thermal thermal led_class wmi battery ac video acpi_pad button sch_fq_codel vmmon(O) vmw_vmci uinput crypto_user ip_tables x_tables btrfs xor zstd_decompress zstd_compress xxhash hid_logitech_hidpp raid6_pq hid_logitech_dj usbhid hid sd_mod rtsx_pci_sdmmc mmc_core serio_raw atkbd libps2 ahci libahci xhci_pci libata xhci_hcd rtsx_pci usbcore scsi_mod usb_common i8042 serio crc32c_intel [ 212.740793] CPU: 1 PID: 1162 Comm: cifsd Tainted: G W O 4.14.57-1-MANJARO #1 [ 212.740797] Hardware name: LENOVO 20J4000LGE/20J4000LGE, BIOS R0GET60W (1.60 ) 12/15/2017 [ 212.740802] task: ffff88a772a99e00 task.stack: ffffb1dac1ec8000 [ 212.740810] RIP: 0010:prefetch_freepointer+0x11/0x20 [ 212.740815] RSP: 0018:ffffb1dac1ecbde0 EFLAGS: 00010202 [ 212.740820] RAX: 0000000000000000 RBX: 0c24ecb2149c4fdf RCX: 0000000000012681 [ 212.740824] RDX: 0000000000012601 RSI: 0c24ecb2149c4fdf RDI: ffff88a775401c80 [ 212.740828] RBP: 0000000001011200 R08: ffff88a775e78f00 R09: 0000000000000000 [ 212.740832] R10: 0000000000000000 R11: 000000002f32988b R12: ffff88a75ba90000 [ 212.740836] R13: ffff88a775401c80 R14: ffff88a775401c80 R15: ffffffff8d19a8b5 [ 212.740841] FS: 0000000000000000(0000) GS:ffff88a77f480000(0000) knlGS:0000000000000000 [ 212.740845] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 212.740849] CR2: 00007f386b887810 CR3: 000000013200a006 CR4: 00000000003606e0 [ 212.740852] Call Trace: [ 212.740861] kmem_cache_alloc+0x94/0x1a0 [ 212.740870] ? wait_woken+0x80/0x80 [ 212.740878] mempool_alloc+0x65/0x190 [ 212.740886] ? try_to_wake_up+0x54/0x4b0 [ 212.740925] cifs_small_buf_get+0x16/0x20 [cifs] [ 212.740957] cifs_demultiplex_thread+0x619/0xb10 [cifs] [ 212.740989] ? cifs_handle_standard+0x190/0x190 [cifs] [ 212.740996] kthread+0x119/0x130 [ 212.741003] ? kthread_create_on_node+0x60/0x60 [ 212.741011] ret_from_fork+0x35/0x40 [ 212.741016] Code: 89 d3 e8 63 f9 47 00 85 c0 0f 85 b1 70 00 00 48 83 c4 08 5b 5d 41 5c 41 5d c3 0f 1f 44 00 00 48 85 f6 74 14 48 63 47 20 48 01 c6 <48> 33 36 48 33 b7 40 01 00 00 0f 18 0e c3 90 0f 1f 44 00 00 55 [ 212.741096] RIP: prefetch_freepointer+0x11/0x20 RSP: ffffb1dac1ecbde0 [ 212.741101] —[ end trace 05a8377b2d80ea1d ]—
