RHEL9: kernel panic at memcpy_orig+0x8c calling in smb2_calc_signature

Issue

• Kernel panic with logs:

[323940.075645] CIFS: Attempting to mount //a/b$/c/d/e
[323955.462253] CIFS: Attempting to mount //a/DFSRoot/Groups/b/c/d/e
[323956.516772] CIFS: VFS: Autodisabling the use of server inode numbers on new server
[323956.516776] CIFS: VFS: The server doesn't seem to support them properly or the files might be on different servers (DFS)
[323956.516776] CIFS: VFS: Hardlinks will not be recognized on this mount. Consider mounting with the "noserverino" option to silence this message.
[323988.189766] CIFS: Attempting to mount //a/DFSRoot/Groups/b/c/d/e/f/g/2025
[323988.219148] CIFS: VFS: Autodisabling the use of server inode numbers on new server
[323988.219151] CIFS: VFS: The server doesn't seem to support them properly or the files might be on different servers (DFS)
[323988.219151] CIFS: VFS: Hardlinks will not be recognized on this mount. Consider mounting with the "noserverino" option to silence this message.
[329839.886868] CIFS: VFS: reconnect tcon failed rc = -11
[329839.895326] CIFS: VFS: \\a\IPC$ smb2_get_dfs_refer: ioctl error: rc=-78
[331805.918902] CIFS: VFS: \\b Send error in SessSetup = -11
[331805.922793] BUG: kernel NULL pointer dereference, address: 0000000000000000
[331805.923057] #PF: supervisor read access in kernel mode
[331805.923224] #PF: error_code(0x0000) - not-present page
[331805.923391] PGD 8000000150421067 P4D 8000000150421067 PUD 0 
[331805.923577] Oops: 0000 [#1] PREEMPT SMP PTI
[331805.923715] CPU: 2 PID: 3149790 Comm: kworker/u256:1 Kdump: loaded Not tainted 5.14.0-427.35.1.el9_4.x86_64 #1
[331805.924034] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
[331805.924376] Workqueue: cifs-dfscache dfs_cache_refresh [cifs]
[331805.924673] RIP: 0010:memcpy_orig+0x8c/0x130
[331805.924816] Code: 5e e0 48 8d 76 e0 4c 89 47 f8 4c 89 4f f0 4c 89 57 e8 4c 89 5f e0 48 8d 7f e0 73 d2 83 c2 20 48 29 d6 48 29 d7 83 fa 10 72 34 <4c> 8b 06 4c 8b 4e 08 4c 8b 54 16 f0 4c 8b 5c 16 f8 4c 89 07 4c 89
[331805.925407] RSP: 0018:ffffb9b78048f7d8 EFLAGS: 00010246
[331805.925577] RAX: ffff8ee0b9f93720 RBX: 0000000000000020 RCX: 0000000000000000
[331805.925806] RDX: 0000000000000010 RSI: 0000000000000000 RDI: ffff8ee0b9f93720
[331805.926035] RBP: ffff8ee0b9f93720 R08: ffff8eddf17439b0 R09: ffff8eddf17439b0
[331805.926263] R10: 00012dc873ee4d45 R11: 00000000000901e8 R12: 0000000000000040
[331805.926492] R13: ffff8ee0b9f93788 R14: 0000000000000010 R15: 0000000000000010
[331805.926721] FS:  0000000000000000(0000) GS:ffff8ee4dde80000(0000) knlGS:0000000000000000
[331805.926993] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[331805.927179] CR2: 0000000000000000 CR3: 000000012f264005 CR4: 00000000007706e0
[331805.927418] PKRU: 55555554
[331805.927509] Call Trace:
[331805.927593]  <TASK>
[331805.927680]  ? show_trace_log_lvl+0x1c4/0x2df
[331805.927826]  ? show_trace_log_lvl+0x1c4/0x2df
[331805.927970]  ? hmac_setkey+0x8a/0x1e0
[331805.928095]  ? __die_body.cold+0x8/0xd
[331805.928219]  ? page_fault_oops+0x134/0x170
[331805.928355]  ? copy_from_kernel_nofault+0x1d/0xf0
[331805.928511]  ? exc_page_fault+0x62/0x150
[331805.928641]  ? asm_exc_page_fault+0x22/0x30
[331805.928785]  ? memcpy_orig+0x8c/0x130
[331805.928907]  hmac_setkey+0x8a/0x1e0
[331805.929025]  ? newidle_balance+0x2e5/0x400
[331805.929161]  ? update_load_avg+0x7e/0x740
[331805.929296]  ? pick_next_task_fair+0x41/0x500
[331805.929439]  ? put_prev_task_fair+0x1e/0x40
[331805.929577]  ? pick_next_task+0x861/0x950
[331805.929711]  ? __switch_to_asm+0x3a/0x80
[331805.929842]  ? finish_task_switch.isra.0+0x8c/0x2a0
[331805.930006]  ? kmem_cache_alloc+0x17d/0x340
[331805.930146]  crypto_shash_setkey+0x19/0x50
[331805.930283]  smb2_calc_signature+0xd8/0x360 [cifs]
[331805.930507]  ? smb2_mid_entry_alloc+0x30/0x1b0 [cifs]
[331805.930734]  smb2_setup_request+0x90/0x130 [cifs]
[331805.930950]  compound_send_recv+0x27b/0xa80 [cifs]
[331805.931173]  ? kmemdup+0x33/0x50
[331805.931284]  cifs_send_recv+0x1f/0x30 [cifs]
[331805.931483]  SMB2_ioctl+0x262/0x480 [cifs]
[331805.931684]  ? smb2_get_dfs_refer+0x11b/0x390 [cifs]
[331805.931909]  smb2_get_dfs_refer+0x11b/0x390 [cifs]
[331805.932128]  cache_refresh_path+0xf4/0x480 [cifs]
[331805.932348]  ? kstrdup+0x49/0x60
[331805.932456]  ? get_targets+0xe8/0x1c0 [cifs]
[331805.932659]  __refresh_ses_referral+0x5ea/0x700 [cifs]
[331805.932894]  dfs_cache_refresh+0x21/0x60 [cifs]
[331805.933105]  process_one_work+0x1e2/0x3b0
[331805.933239]  ? __pfx_worker_thread+0x10/0x10
[331805.933380]  worker_thread+0x50/0x3a0
[331805.933503]  ? __pfx_worker_thread+0x10/0x10
[331805.933643]  kthread+0xdd/0x100
[331805.933750]  ? __pfx_kthread+0x10/0x10
[331805.933876]  ret_from_fork+0x29/0x50
[331805.934000]  </TASK>
[331805.934075] Modules linked in: nls_utf8 cifs cifs_arc4 cifs_md4 dns_resolver snd_seq_dummy snd_hrtimer snd_seq snd_timer snd_seq_device snd soundcore tls rpcrdma rdma_cm iw_cm ib_cm ib_core nf_log_syslog nft_log nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill ip_set nf_tables nfnetlink qrtr vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vsock binfmt_misc intel_rapl_msr intel_rapl_common intel_uncore_frequency_common isst_if_mbox_msr isst_if_common nfit libnvdimm vmw_balloon rapl pcspkr vmw_vmci i2c_piix4 joydev nfsd auth_rpcgss nfs_acl lockd grace sunrpc xfs libcrc32c ata_generic vmwgfx drm_ttm_helper ttm drm_kms_helper sd_mod syscopyarea sysfillrect t10_pi crct10dif_pclmul crc32_pclmul sysimgblt fb_sys_fops crc32c_intel sg ata_piix drm ghash_clmulni_intel libata vmxnet3 vmw_pvscsi serio_raw dm_mirror dm_region_hash dm_log
[331805.934126]  dm_mod fuse
[331805.936926] CR2: 0000000000000000