New variant of kernel bug appeard in both 4.18.0-17 (package manager) and in 4.15.0-48 (provided by @kaihengfeng). System didn't crash (compared to "buffer overflow in strcat" where cifs can't recover). Have seen this one twice, both within 3-7 hours after reboot.


Apr 22 17:28:23  Linux version 4.15.0-48-generic (root@bionic) (gcc version 7.3.0 (Ubuntu 7.3.0-27ubuntu1~18.04)) #51~lp1824981 SMP Thu Apr 18 17:30:16 UTC 20
19 (Ubuntu 4.15. .18)
[...]            
Apr 22 23:40:47  BUG: unable to handle kernel NULL pointer dereference at 0000000000000038
Apr 22 23:40:47  IP: smb2_push_mandatory_locks+0x104/0x3b0 [cifs]
Apr 22 23:40:47  PGD 0 P4D 0
Apr 22 23:40:47  Oops: 0000 [#1] SMP PTI
Apr 22 23:40:47  Modules linked in: [...]
Apr 22 23:40:47  CPU: 78 PID: 44260 Comm: kworker/78:1 Not tainted 4.15.0-48-generic #51~lp1824981
Apr 22 23:40:47  Hardware name: Dell Inc. PowerEdge R740/08D89F, BIOS 1.3.7 02/08/2018
Apr 22 23:40:47  Workqueue: cifsoplockd cifs_oplock_break [cifs]
Apr 22 23:40:47  RIP: 0010:smb2_push_mandatory_locks+0x104/0x3b0 [cifs]
Apr 22 23:40:47  RSP: 0018:ffffa779e81f7de0 EFLAGS: 00010246
Apr 22 23:40:47  RAX: 0000000000000000 RBX: ffff9bddf145ab18 RCX: ffffdc6c8d3d0c00
Apr 22 23:40:47  RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff9baa0f430000
Apr 22 23:40:47  RBP: ffffa779e81f7e30 R08: 0000000000027f20 R09: ffffdc6c8d3d0c00
Apr 22 23:40:47  R10: 0000000000000002 R11: ffff9baa0f420000 R12: 0000000000000aaa
Apr 22 23:40:47  R13: ffff9bddf145ab18 R14: ffff9bddf145ab00 R15: ffff9bb9870e1e00
Apr 22 23:40:47  FS:  0000000000000000(0000) GS:ffff9bb6411c0000(0000) knlGS:0000000000000000
Apr 22 23:40:47  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Apr 22 23:40:47  CR2: 0000000000000038 CR3: 0000004367a0a004 CR4: 00000000007606e0
Apr 22 23:40:47  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Apr 22 23:40:47  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Apr 22 23:40:47  PKRU: 55555554
Apr 22 23:40:47  Call Trace:
Apr 22 23:40:47   cifs_oplock_break+0x125/0x3f0 [cifs]
Apr 22 23:40:47   process_one_work+0x1de/0x410
Apr 22 23:40:47   worker_thread+0x32/0x410
Apr 22 23:40:47   kthread+0x121/0x140
Apr 22 23:40:47   ? process_one_work+0x410/0x410
Apr 22 23:40:47   ? kthread_create_worker_on_cpu+0x70/0x70
Apr 22 23:40:47   ret_from_fork+0x35/0x40
Apr 22 23:40:47  Code: [...]
Apr 22 23:40:47  RIP: smb2_push_mandatory_locks+0x104/0x3b0 [cifs] RSP: ffffa779e81f7de0
Apr 22 23:40:47  CR2: 0000000000000038
Apr 22 23:40:47  ---[ end trace f5366d81972abce8 ]---
[full details see kernel.log attached]


# cat /proc/fs/cifs/Stats                                                                                                                       
Resources in use
CIFS Session: 1
Share (unique mount targets): 2
SMB Request/Response Buffer: 1 Pool size: 5
SMB Small Req/Resp Buffer: 1 Pool size: 30
Operations (MIDs): 0

0 session 0 share reconnects
Total vfs operations: 13063177 maximum at one time: 38

1) \\server\share
SMBs: 25616550
Negotiates: 0 sent 0 failed
SessionSetups: 0 sent 0 failed
Logoffs: 0 sent 0 failed
TreeConnects: 9916 sent 0 failed
TreeDisconnects: 0 sent 0 failed
Creates: 0 sent 151514 failed
Closes: 0 sent 2 failed
Flushes: 0 sent 0 failed
Reads: 0 sent 0 failed
Writes: 0 sent 0 failed
Locks: 0 sent 0 failed
IOCTLs: 0 sent 0 failed
Cancels: 0 sent 0 failed
Echos: 0 sent 0 failed
QueryDirectories: 0 sent 1768 failed
ChangeNotifies: 0 sent 0 failed
QueryInfos: 0 sent 1 failed
SetInfos: 0 sent 0 failed
OplockBreaks: 0 sent 2324 failed