Comment 8 for bug 1824981

New variant of kernel bug appeard in both 4.18.0-17 (package manager) and in 4.15.0-48 (provided by @kaihengfeng). System didn't crash (compared to "buffer overflow in strcat" where cifs can't recover). Have seen this one twice, both within 3-7 hours after reboot.

Apr 22 17:28:23 Linux version 4.15.0-48-generic (root@bionic) (gcc version 7.3.0 (Ubuntu 7.3.0-27ubuntu1~18.04)) #51~lp1824981 SMP Thu Apr 18 17:30:16 UTC 20
19 (Ubuntu 4.15. .18)
[...]
Apr 22 23:40:47 BUG: unable to handle kernel NULL pointer dereference at 0000000000000038
Apr 22 23:40:47 IP: smb2_push_mandatory_locks+0x104/0x3b0 [cifs]
Apr 22 23:40:47 PGD 0 P4D 0
Apr 22 23:40:47 Oops: 0000 [#1] SMP PTI
Apr 22 23:40:47 Modules linked in: [...]
Apr 22 23:40:47 CPU: 78 PID: 44260 Comm: kworker/78:1 Not tainted 4.15.0-48-generic #51~lp1824981
Apr 22 23:40:47 Hardware name: Dell Inc. PowerEdge R740/08D89F, BIOS 1.3.7 02/08/2018
Apr 22 23:40:47 Workqueue: cifsoplockd cifs_oplock_break [cifs]
Apr 22 23:40:47 RIP: 0010:smb2_push_mandatory_locks+0x104/0x3b0 [cifs]
Apr 22 23:40:47 RSP: 0018:ffffa779e81f7de0 EFLAGS: 00010246
Apr 22 23:40:47 RAX: 0000000000000000 RBX: ffff9bddf145ab18 RCX: ffffdc6c8d3d0c00
Apr 22 23:40:47 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff9baa0f430000
Apr 22 23:40:47 RBP: ffffa779e81f7e30 R08: 0000000000027f20 R09: ffffdc6c8d3d0c00
Apr 22 23:40:47 R10: 0000000000000002 R11: ffff9baa0f420000 R12: 0000000000000aaa
Apr 22 23:40:47 R13: ffff9bddf145ab18 R14: ffff9bddf145ab00 R15: ffff9bb9870e1e00
Apr 22 23:40:47 FS: 0000000000000000(0000) GS:ffff9bb6411c0000(0000) knlGS:0000000000000000
Apr 22 23:40:47 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Apr 22 23:40:47 CR2: 0000000000000038 CR3: 0000004367a0a004 CR4: 00000000007606e0
Apr 22 23:40:47 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Apr 22 23:40:47 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Apr 22 23:40:47 PKRU: 55555554
Apr 22 23:40:47 Call Trace:
Apr 22 23:40:47 cifs_oplock_break+0x125/0x3f0 [cifs]
Apr 22 23:40:47 process_one_work+0x1de/0x410
Apr 22 23:40:47 worker_thread+0x32/0x410
Apr 22 23:40:47 kthread+0x121/0x140
Apr 22 23:40:47 ? process_one_work+0x410/0x410
Apr 22 23:40:47 ? kthread_create_worker_on_cpu+0x70/0x70
Apr 22 23:40:47 ret_from_fork+0x35/0x40
Apr 22 23:40:47 Code: [...]
Apr 22 23:40:47 RIP: smb2_push_mandatory_locks+0x104/0x3b0 [cifs] RSP: ffffa779e81f7de0
Apr 22 23:40:47 CR2: 0000000000000038
Apr 22 23:40:47 ---[ end trace f5366d81972abce8 ]---
[full details see kernel.log attached]

# cat /proc/fs/cifs/Stats
Resources in use
CIFS Session: 1
Share (unique mount targets): 2
SMB Request/Response Buffer: 1 Pool size: 5
SMB Small Req/Resp Buffer: 1 Pool size: 30
Operations (MIDs): 0

0 session 0 share reconnects
Total vfs operations: 13063177 maximum at one time: 38

1) \\server\share
SMBs: 25616550
Negotiates: 0 sent 0 failed
SessionSetups: 0 sent 0 failed
Logoffs: 0 sent 0 failed
TreeConnects: 9916 sent 0 failed
TreeDisconnects: 0 sent 0 failed
Creates: 0 sent 151514 failed
Closes: 0 sent 2 failed
Flushes: 0 sent 0 failed
Reads: 0 sent 0 failed
Writes: 0 sent 0 failed
Locks: 0 sent 0 failed
IOCTLs: 0 sent 0 failed
Cancels: 0 sent 0 failed
Echos: 0 sent 0 failed
QueryDirectories: 0 sent 1768 failed
ChangeNotifies: 0 sent 0 failed
QueryInfos: 0 sent 1 failed
SetInfos: 0 sent 0 failed
OplockBreaks: 0 sent 2324 failed