Re: kernel panic caused by recent changes in fs/cifs

Regressions List Tracking
 help / color / mirror / Atom feed

From: Chenglong Tang <chenglongtang@google.com>
To: stable@vger.kernel.org
Cc: regressions@lists.linux.dev, pc@manguebit.com,
	linkinjeon@kernel.org,  dhowells@redhat.com,
	linux-cifs@vger.kernel.org,  samba-technical@lists.samba.org,
	Oleksandr Tymoshenko <ovt@google.com>,
	 Robert Kolchmeyer <rkolchmeyer@google.com>
Subject: Re: kernel panic caused by recent changes in fs/cifs
Date: Tue, 9 Apr 2024 23:38:57 -0700	[thread overview]
Message-ID: <CAOdxtTZhsy4=Eo+HV80ZJorasg31aWgMFSRjxjoA582HAMfnzQ@mail.gmail.com> (raw)
In-Reply-To: <CAOdxtTa0S125Lx=ipe7t_sfrBCiTqftb2=OHQcZsiXkVxvi9ZA@mail.gmail.com>


[-- Attachment #1.1: Type: text/plain, Size: 1204 bytes --]

Here is the backtrace.

On Tue, Apr 9, 2024 at 11:37 PM Chenglong Tang <chenglongtang@google.com>
wrote:

> Hi, developers,
>
> This is Chenglong Tang from the Google Container Optimized OS team. We
> recently received a kernel panic bug from the customers regarding cifs.
>
> This happened since the backport of following changes in cifs(in our
> kernel COS-5.10.208 and COS-5.15.146):
>
> cifs: Fix non-availability of dedup breaking generic/304:
> https://lore.kernel.org/r/3876191.1701555260@warthog.procyon.org.uk/
> smb: client: fix potential NULL deref in parse_dfs_referrals(): Upstream
> commit 92414333eb375ed64f4ae92d34d579e826936480
> ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE: Upstream
> commit  13736654481198e519059d4a2e2e3b20fa9fdb3e
> smb: client: fix NULL deref in asn1_ber_decoder(): Upstream commit
> 90d025c2e953c11974e76637977c473200593a46
> smb: a few more smb changes...
>
> The line that crashed is line 197 in fs/cifs/dfs_cache.c
> ```
> if (unlikely(strcmp(cp->charset, cache_cp->charset))) {
> ```
> I attached the dmesg and backtrace for debugging purposes. Let me know if
> you need more information.
>
> Best,
>
> Chenglong
>

[-- Attachment #1.2: Type: text/html, Size: 4774 bytes --]

[-- Attachment #2: backtrace.txt --]
[-- Type: text/plain, Size: 4141 bytes --]

PID: 52596    TASK: ffff992c92edc300  CPU: 9    COMMAND: "mount.cifs"
 #0 [ffffb3dbc34fb948] machine_kexec at ffffffff94075f75
    /build/lakitu/tmp/portage/sys-kernel/lakitu-kernel-5_15-5.15.146-r181/work/lakitu-kernel-5_15-5.15.146/arch/x86/kernel/machine_kexec_64
.c: 358
 #1 [ffffb3dbc34fb9c8] crash_kexec at ffffffff94164be3
    /build/lakitu/tmp/portage/sys-kernel/lakitu-kernel-5_15-5.15.146-r181/work/lakitu-kernel-5_15-5.15.146/include/linux/atomic/atomic-arch
-fallback.h: 173
 #2 [ffffb3dbc34fba98] oops_end at ffffffff94041b46
    /build/lakitu/tmp/portage/sys-kernel/lakitu-kernel-5_15-5.15.146-r181/work/lakitu-kernel-5_15-5.15.146/arch/x86/kernel/dumpstack.c: 364
 #3 [ffffb3dbc34fbac0] page_fault_oops at ffffffff94088ca7
    /build/lakitu/tmp/portage/sys-kernel/lakitu-kernel-5_15-5.15.146-r181/work/lakitu-kernel-5_15-5.15.146/arch/x86/mm/fault.c: 708
 #4 [ffffb3dbc34fbb50] exc_page_fault at ffffffff94b61e06
    /build/lakitu/tmp/portage/sys-kernel/lakitu-kernel-5_15-5.15.146-r181/work/lakitu-kernel-5_15-5.15.146/arch/x86/mm/fault.c: 1483
 #5 [ffffb3dbc34fbb80] asm_exc_page_fault at ffffffff94c00ba2
    /build/lakitu/tmp/portage/sys-kernel/lakitu-kernel-5_15-5.15.146-r181/work/lakitu-kernel-5_15-5.15.146/arch/x86/include/asm/idtentry.h:
 568
    [exception RIP: dfs_cache_canonical_path+98]
    RIP: ffffffffc069dde2  RSP: ffffb3dbc34fbc38  RFLAGS: 00010246
    RAX: ffffffff00000000  RBX: ffff992ddd978941  RCX: 0000000000000001
    RDX: 0000000000000001  RSI: ffffffffc0727100  RDI: ffffffffc0726000
    RBP: ffffb3dbc34fbc70   R8: ffff992ddd978941   R9: 0000000000000000
    R10: ffffb3dbc34fbce8  R11: ffffffffc0682cb0  R12: ffffffffc0727100
    R13: 0000000000000032  R14: ffffffffffffffea  R15: 0000000000000001
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
    /build/lakitu/tmp/portage/sys-kernel/lakitu-kernel-5_15-5.15.146-r181/work/lakitu-kernel-5_15-5.15.146/fs/cifs/dfs_cache.c: 197
 #6 [ffffb3dbc34fbc78] dfs_cache_find at ffffffffc069e32b [cifs]
    /build/lakitu/tmp/portage/sys-kernel/lakitu-kernel-5_15-5.15.146-r181/work/lakitu-kernel-5_15-5.15.146/fs/cifs/dfs_cache.c: 956
 #7 [ffffb3dbc34fbcb8] cifs_mount at ffffffffc0653afc [cifs]
    /build/lakitu/tmp/portage/sys-kernel/lakitu-kernel-5_15-5.15.146-r181/work/lakitu-kernel-5_15-5.15.146/fs/cifs/connect.c: 3344
 #8 [ffffb3dbc34fbda8] cifs_smb3_do_mount at ffffffffc06433ff [cifs]
    /build/lakitu/tmp/portage/sys-kernel/lakitu-kernel-5_15-5.15.146-r181/work/lakitu-kernel-5_15-5.15.146/fs/cifs/cifsfs.c: 894
 #9 [ffffb3dbc34fbe00] smb3_get_tree at ffffffffc069b809 [cifs]
    /build/lakitu/tmp/portage/sys-kernel/lakitu-kernel-5_15-5.15.146-r181/work/lakitu-kernel-5_15-5.15.146/include/linux/err.h: 36
#10 [ffffb3dbc34fbe28] vfs_get_tree at ffffffff94323beb
    /build/lakitu/tmp/portage/sys-kernel/lakitu-kernel-5_15-5.15.146-r181/work/lakitu-kernel-5_15-5.15.146/fs/super.c: 1518
#11 [ffffb3dbc34fbe58] do_new_mount at ffffffff9434de37
    /build/lakitu/tmp/portage/sys-kernel/lakitu-kernel-5_15-5.15.146-r181/work/lakitu-kernel-5_15-5.15.146/fs/namespace.c: 2994
#12 [ffffb3dbc34fbec0] __se_sys_mount at ffffffff9434e9a9
    /build/lakitu/tmp/portage/sys-kernel/lakitu-kernel-5_15-5.15.146-r181/work/lakitu-kernel-5_15-5.15.146/fs/namespace.c: 3337
#13 [ffffb3dbc34fbf18] do_syscall_64 at ffffffff94b5e6d1
    /build/lakitu/tmp/portage/sys-kernel/lakitu-kernel-5_15-5.15.146-r181/work/lakitu-kernel-5_15-5.15.146/arch/x86/entry/common.c: 50
#14 [ffffb3dbc34fbf50] entry_SYSCALL_64_after_hwframe at ffffffff94c000da
    /build/lakitu/tmp/portage/sys-kernel/lakitu-kernel-5_15-5.15.146-r181/work/lakitu-kernel-5_15-5.15.146/arch/x86/entry/entry_64.S: 118
    RIP: 00007f570da5db7a  RSP: 00007ffe92d16c58  RFLAGS: 00000202
    RAX: ffffffffffffffda  RBX: 00005574c76cceb0  RCX: 00007f570da5db7a
    RDX: 00005574c5ed345b  RSI: 00005574c5ed34fa  RDI: 00007ffe92d178a2
    RBP: 00005574c5ed3109   R8: 00005574c76cceb0   R9: 00007ffe92d15ff0
    R10: 0000000000000000  R11: 0000000000000202  R12: 00007ffe92d178a2
    R13: 00005574c76cdf40  R14: 000000000000000a  R15: 00007f570d94e000
    ORIG_RAX: 00000000000000a5  CS: 0033  SS: 002b

next prev parent reply	other threads:[~2024-04-10  6:39 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-04-10  6:37 kernel panic caused by recent changes in fs/cifs Chenglong Tang
2024-04-10  6:38 ` Chenglong Tang [this message]
  -- strict thread matches above, loose matches on Subject: below --
2024-04-10  6:41 Chenglong Tang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAOdxtTZhsy4=Eo+HV80ZJorasg31aWgMFSRjxjoA582HAMfnzQ@mail.gmail.com' \
    --to=chenglongtang@google.com \
    --cc=dhowells@redhat.com \
    --cc=linkinjeon@kernel.org \
    --cc=linux-cifs@vger.kernel.org \
    --cc=ovt@google.com \
    --cc=pc@manguebit.com \
    --cc=regressions@lists.linux.dev \
    --cc=rkolchmeyer@google.com \
    --cc=samba-technical@lists.samba.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).