Another ksmbd crash on virtual address 0000000c access

[ptpt52]

crash log:

<6>[  441.487662] br-lan: port 2(wlan0) entered blocking state
<6>[  441.493112] br-lan: port 2(wlan0) entered forwarding state
<6>[  442.352289] br-lan: port 3(wlan1) entered blocking state
<6>[  442.357606] br-lan: port 3(wlan1) entered disabled state
<6>[  442.363800] device wlan1 entered promiscuous mode
<6>[  446.535362] ksmbd: kill command received
<6>[  453.815811] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
<6>[  453.824035] br-lan: port 3(wlan1) entered blocking state
<6>[  453.829387] br-lan: port 3(wlan1) entered forwarding state
<6>[ 1071.394695] ksmbd: kill command received
<3>[ 1073.141710] ksmbd: sock_read failed: -143
<3>[ 2373.653307] ksmbd: sock_read failed: -11
<6>[ 2943.675188] ksmbd: kill command received
<6>[ 3026.620624] ksmbd: kill command received
<1>[ 3153.343102] CPU 3 Unable to handle kernel paging request at virtual address 0000000c, epc == 8033e5dc, ra == 889082b8
<4>[ 3153.353763] Oops[#1]:
<4>[ 3153.356041] CPU: 3 PID: 23547 Comm: kworker/3:5 Not tainted 5.10.110 #0
<4>[ 3153.362730] Workqueue: ksmbd-io ksmbd_crypto_create [ksmbd]
<4>[ 3153.368286] $ 0   : 00000000 00000001 00000000 000000ff
<4>[ 3153.373511] $ 4   : 00000000 00000010 00000000 00000000
<4>[ 3153.378731] $ 8   : 00000001 85db0644 00000000 00000002
<4>[ 3153.383956] $12   : 00000402 85db05f0 85db0644 00000000
<4>[ 3153.389180] $16   : 851a9ad4 81745d00 88940000 81745d00
<4>[ 3153.394403] $20   : 88940000 00000000 88940000 88942d14
<4>[ 3153.399623] $24   : 85db05f0 00000004                  
<4>[ 3153.404845] $28   : 82af6000 82af7d90 807e0000 889082b8
<4>[ 3153.410065] Hi    : 008d5e29
<4>[ 3153.412932] Lo    : 00000031
<4>[ 3153.415823] epc   : 8033e5dc idr_remove+0x0/0x10
<4>[ 3153.420464] ra    : 889082b8 ksmbd_vfs_inherit_posix_acl+0x724/0x80c [ksmbd]
<4>[ 3153.427478] Status: 1100fc03  KERNEL EXL IE 
<4>[ 3153.431664] Cause : 40800008 (ExcCode 02)
<4>[ 3153.435652] BadVA : 0000000c
<4>[ 3153.438515] PrId  : 0001992f (MIPS 1004Kc)
<4>[ 3153.442589] Modules linked in: ksmbd qcserial pppoe ppp_async option cdc_mbim batman_adv wireguard usb_wwan sierra_net sierra rndis_host qmi_wwan pptp pppox ppp_mppe ppp_generic pl2303 nft_fib_inet nf_flow_table_ipv6 nf_flow_table_ipv4 nf_flow_table_inet mt76x2e mt76x2_common mt76x02_lib mt7603e mt76 mac80211 libchacha20poly1305 libblake2s ipt_REJECT huawei_cdc_ncm cfg80211 cdc_ncm cdc_ether xt_time xt_tcpudp xt_tcpmss xt_statistic xt_state xt_recent xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_helper xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_comment xt_TCPMSS xt_REDIRECT xt_MASQUERADE xt_LOG xt_HL xt_DSCP xt_CT xt_CLASSIFY usbserial usbnet usblp ts_fsm ts_bm tcp_scalable tcp_bbr slhc r8152 poly1305_mips nft_tproxy nft_socket nft_reject_ipv6 nft_reject_ipv4 nft_reject_inet nft_reject_bridge nft_reject nft_redir nft_quota nft_queue nft_objref nft_numgen nft_nat nft_meta_bridge nft_masq nft_log nft_limit nft_hash nft_fwd_netdev nft_flow_offload
<4>[ 3153.443011]  nft_fib_ipv6 nft_fib_ipv4 nft_fib nft_dup_netdev nft_ct nft_counter nft_compat nft_chain_nat nfnetlink_queue nf_tproxy_ipv6 nf_tproxy_ipv4 nf_tables nf_socket_ipv6 nf_socket_ipv4 nf_reject_ipv4 nf_nat_tftp nf_nat_snmp_basic nf_nat_sip nf_nat_pptp nf_nat_irc nf_nat_h323 nf_nat_ftp nf_nat_amanda nf_log_ipv6 nf_log_ipv4 nf_log_common nf_flow_table nf_dup_netdev nf_conntrack_tftp nf_conntrack_snmp nf_conntrack_sip nf_conntrack_pptp nf_conntrack_irc nf_conntrack_h323 nf_conntrack_ftp nf_conntrack_broadcast nf_conntrack_bridge ts_kmp nf_conntrack_amanda nf_conncount macvlan libcurve25519_generic libcrc32c libblake2s_generic ipvlan iptable_raw iptable_nat iptable_mangle iptable_filter ipt_ECN ipheth ip_tables crc_ccitt compat chacha_mips cdc_wdm br_netfilter asn1_decoder natflow natcap nf_nat nf_conntrack fuse ledtrig_usbport xt_set ip_set_list_set ip_set_hash_netportnet ip_set_hash_netport ip_set_hash_netnet ip_set_hash_netiface ip_set_hash_net ip_set_hash_mac ip_set_hash_ipportnet
<4>[ 3153.530325]  ip_set_hash_ipportip ip_set_hash_ipport ip_set_hash_ipmark ip_set_hash_ip ip_set_bitmap_port ip_set_bitmap_ipmac ip_set_bitmap_ip ip_set nfnetlink jool_siit jool nf_defrag_ipv6 nf_defrag_ipv4 jool_common ip6table_mangle ip6table_filter ip6_tables ip6t_REJECT x_tables nf_reject_ipv6 nfsv4 nfs nfs_ssc msdos bonding ip6_gre ip_gre gre ifb nat46 ip6_udp_tunnel udp_tunnel sit ip6_tunnel tunnel6 tunnel4 ip_tunnel rpcsec_gss_krb5 auth_rpcgss oid_registry tun vfat fat lockd sunrpc grace autofs4 dns_resolver nls_utf8 nls_cp437 sha512_generic sha256_generic libsha256 sha1_generic seqiv jitterentropy_rng drbg md5 md4 hmac ecb des_generic libdes cts cmac cbc nls_iso8859_1 ntfs3 uas usb_storage leds_gpio xhci_plat_hcd xhci_pci xhci_mtk xhci_hcd ohci_platform ohci_hcd softdog fsl_mph_dr_of ehci_platform ehci_fsl sd_mod scsi_mod ehci_hcd gpio_button_hotplug ext4 mbcache jbd2 exfat usbcore nls_base usb_common mii crc32c_generic [last unloaded: ksmbd]
<4>[ 3153.701482] Process kworker/3:5 (pid: 23547, threadinfo=c2e9e423, task=8bf0a93d, tls=00000000)
<4>[ 3153.710067] Stack : 83993280 83a34600 d43cadbf 88904f78 82af7da0 83993280 83993280 83a38004
<4>[ 3153.718434]         81745d00 88940000 00000000 88908628 00000000 83993280 83a38004 81745d00
<4>[ 3153.726795]         00000000 889229dc 000001c0 839932e4 000001c0 803540b4 00000010 00000000
<4>[ 3153.735146]         000002c6 00000000 851a9a5c 00000001 00010000 86b3e850 00000000 00000000
<4>[ 3153.743496]         83997c00 83993280 839932e4 00000011 
<4>[ 3153.751847]         ...
<4>[ 3153.754291] Call Trace:
<4>[ 3153.756750] [<8033e5dc>] idr_remove+0x0/0x10
<4>[ 3153.761117] [<889082b8>] ksmbd_vfs_inherit_posix_acl+0x724/0x80c [ksmbd]
<4>[ 3153.767961] 
<4>[ 3153.769447] Code: afb1001c  1000ffda  00000000 <8c82000c> 00003025  080d119c  00a22823  8c82000c  080d1199 
<4>[ 3153.779192] 
<4>[ 3153.781336] ---[ end trace d4bacc7adc2bb061 ]---

[ptpt52]

ksmbd version is base here: 3bedd0eee4059d34de081eeb1d38722f78d20bfd

[hclee]

Can you reproduce this issue? it seems It happened right after restarting ksmbd, so It looks similar to #557.

[namjaejeon]

I have fixed this issue. Please use the latest ksmbd. (patch is https://github.com/cifsd-team/ksmbd/commit/f4218ef4641001c7fb33cc4271bdc9591f5ed4a5)

[ptpt52]

@namjaejeon great! I would try that.