RHEL8, cifs: panic on smb2_readv_callback due to freed cifs_readdata structure

Solution In Progress - Updated -

Issue

  • RHEL8 panics with this stack :
PID: 3984     TASK: ffff9975e2880000  CPU: 6    COMMAND: "cifsd"
 #0 [ffffaab1c8017940] machine_kexec at ffffffff97e6564e
 #1 [ffffaab1c8017998] __crash_kexec at ffffffff97fa576d
 #2 [ffffaab1c8017a60] panic at ffffffff97eed98b
 #3 [ffffaab1c8017b00] no_context at ffffffff97e763bf
 #4 [ffffaab1c8017b58] __bad_area_nosemaphore at ffffffff97e7671c
 #5 [ffffaab1c8017ba0] do_page_fault at ffffffff97e76fb7
 #6 [ffffaab1c8017bd0] page_fault at ffffffff9880111e
    [exception RIP: smb2_readv_callback+81]
    RIP: ffffffffc103d311  RSP: ffffaab1c8017c88  RFLAGS: 00010246
    RAX: 0000000000000000  RBX: ffff9976a6edb300  RCX: dead000000000200
    RDX: ffff99751859f000  RSI: ffff9976a6edb300  RDI: ffff9976a6edb300
    RBP: ffff9979831228c8   R8: ffff9974221e8000   R9: 0000000000000000
    R10: 0000000001539094  R11: 0000000000000001  R12: 0000000000000000
    R13: ffff99751859f1c0  R14: 0000000000000000  R15: ffff9978a7a2b400
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 #7 [ffffaab1c8017d10] cifs_reconnect at ffffffffc0fff27b [cifs]
 #8 [ffffaab1c8017d90] cifs_readv_from_socket at ffffffffc0fffd5d [cifs]
 #9 [ffffaab1c8017dc8] cifs_read_from_socket at ffffffffc0fffe5a [cifs]
#10 [ffffaab1c8017e48] cifs_demultiplex_thread at ffffffffc10001f6 [cifs]
#11 [ffffaab1c8017f10] kthread at ffffffff97f12b3a
#12 [ffffaab1c8017f50] ret_from_fork at ffffffff98800255

Environment

  • RHEL8
  • Seen mainly on Azure VMs

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content