6.12-stable patches

author Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Mon, 23 Jun 2025 08:35:33 +0000 (10:35 +0200)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Mon, 23 Jun 2025 08:35:33 +0000 (10:35 +0200)
author Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 23 Jun 2025 08:35:33 +0000 (10:35 +0200)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 23 Jun 2025 08:35:33 +0000 (10:35 +0200)
diff --git a/queue-6.12/series b/queue-6.12/series

index 706f2f3aece22b093fbf44fb172d7f056c07609c..d4b9d91542ffada3461913c6fd0f20ee85cf23d7 100644 (file)
--- a/queue-6.12/series
+++ b/queue-6.12/series
@@ -397,3 +397,5 @@ dt-bindings-i2c-nvidia-tegra20-i2c-specify-the-required-properties.patch
  smb-log-an-error-when-close_all_cached_dirs-fails.patch
  serial-sh-sci-clean-sci_ports-after-at-earlycon-exit.patch
  serial-sh-sci-increment-the-runtime-usage-counter-for-the-earlycon-device.patch
+smb-client-fix-first-command-failure-during-re-negotiation.patch
+smb-client-fix-max_sge-overflow-in-smb_extract_folioq_to_rdma.patch
diff --git a/queue-6.12/smb-client-fix-first-command-failure-during-re-negotiation.patch b/queue-6.12/smb-client-fix-first-command-failure-during-re-negotiation.patch

new file mode 100644 (file)

index 0000000..a9426d3
--- /dev/null
+++ b/queue-6.12/smb-client-fix-first-command-failure-during-re-negotiation.patch
@@ -0,0 +1,71 @@
+From 34331d7beed7576acfc98e991c39738b96162499 Mon Sep 17 00:00:00 2001
+From: zhangjian <zhangjian496@huawei.com>
+Date: Thu, 19 Jun 2025 09:18:29 +0800
+Subject: smb: client: fix first command failure during re-negotiation
+
+From: zhangjian <zhangjian496@huawei.com>
+
+commit 34331d7beed7576acfc98e991c39738b96162499 upstream.
+
+after fabc4ed200f9, server_unresponsive add a condition to check whether client
+need to reconnect depending on server->lstrp. When client failed to reconnect
+for some time and abort connection, server->lstrp is updated for the last time.
+In the following scene, server->lstrp is too old. This cause next command
+failure in re-negotiation rather than waiting for re-negotiation done.
+
+1. mount -t cifs -o username=Everyone,echo_internal=10 //$server_ip/export /mnt
+2. ssh $server_ip "echo b > /proc/sysrq-trigger &"
+3. ls /mnt
+4. sleep 21s
+5. ssh $server_ip "service firewalld stop"
+6. ls # return EHOSTDOWN
+
+If the interval between 5 and 6 is too small, 6 may trigger sending negotiation
+request. Before backgrounding cifsd thread try to receive negotiation response
+from server in cifs_readv_from_socket, server_unresponsive may trigger
+cifs_reconnect which cause 6 to be failed:
+
+ls thread
+----------------
+  smb2_negotiate
+    server->tcpStatus = CifsInNegotiate
+    compound_send_recv
+      wait_for_compound_request
+
+cifsd thread
+----------------
+  cifs_readv_from_socket
+    server_unresponsive
+      server->tcpStatus == CifsInNegotiate && jiffies > server->lstrp + 20s
+        cifs_reconnect
+          cifs_abort_connection: mid_state = MID_RETRY_NEEDED
+
+ls thread
+----------------
+      cifs_sync_mid_result return EAGAIN
+  smb2_negotiate return EHOSTDOWN
+
+Though server->lstrp means last server response time, it is updated in
+cifs_abort_connection and cifs_get_tcp_session. We can also update server->lstrp
+before switching into CifsInNegotiate state to avoid failure in 6.
+
+Fixes: 7ccc1465465d ("smb: client: fix hang in wait_for_response() for negproto")
+Acked-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
+Acked-by: Meetakshi Setiya <msetiya@microsoft.com>
+Signed-off-by: zhangjian <zhangjian496@huawei.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/client/connect.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/smb/client/connect.c
++++ b/fs/smb/client/connect.c
+@@ -3993,6 +3993,7 @@ retry:
+               return 0;
+       }
+ 
++      server->lstrp = jiffies;
+       server->tcpStatus = CifsInNegotiate;
+       spin_unlock(&server->srv_lock);
+ 
diff --git a/queue-6.12/smb-client-fix-max_sge-overflow-in-smb_extract_folioq_to_rdma.patch b/queue-6.12/smb-client-fix-max_sge-overflow-in-smb_extract_folioq_to_rdma.patch

new file mode 100644 (file)

index 0000000..d579f9b
--- /dev/null
+++ b/queue-6.12/smb-client-fix-max_sge-overflow-in-smb_extract_folioq_to_rdma.patch
@@ -0,0 +1,371 @@
+From a379a8a2a0032e12e7ef397197c9c2ad011588d6 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 18 Jun 2025 18:51:40 +0200
+Subject: smb: client: fix max_sge overflow in smb_extract_folioq_to_rdma()
+
+From: Stefan Metzmacher <metze@samba.org>
+
+commit a379a8a2a0032e12e7ef397197c9c2ad011588d6 upstream.
+
+This fixes the following problem:
+
+[  749.901015] [   T8673] run fstests cifs/001 at 2025-06-17 09:40:30
+[  750.346409] [   T9870] ==================================================================
+[  750.346814] [   T9870] BUG: KASAN: slab-out-of-bounds in smb_set_sge+0x2cc/0x3b0 [cifs]
+[  750.347330] [   T9870] Write of size 8 at addr ffff888011082890 by task xfs_io/9870
+[  750.347705] [   T9870]
+[  750.348077] [   T9870] CPU: 0 UID: 0 PID: 9870 Comm: xfs_io Kdump: loaded Not tainted 6.16.0-rc2-metze.02+ #1 PREEMPT(voluntary)
+[  750.348082] [   T9870] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
+[  750.348085] [   T9870] Call Trace:
+[  750.348086] [   T9870]  <TASK>
+[  750.348088] [   T9870]  dump_stack_lvl+0x76/0xa0
+[  750.348106] [   T9870]  print_report+0xd1/0x640
+[  750.348116] [   T9870]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
+[  750.348120] [   T9870]  ? kasan_complete_mode_report_info+0x26/0x210
+[  750.348124] [   T9870]  kasan_report+0xe7/0x130
+[  750.348128] [   T9870]  ? smb_set_sge+0x2cc/0x3b0 [cifs]
+[  750.348262] [   T9870]  ? smb_set_sge+0x2cc/0x3b0 [cifs]
+[  750.348377] [   T9870]  __asan_report_store8_noabort+0x17/0x30
+[  750.348381] [   T9870]  smb_set_sge+0x2cc/0x3b0 [cifs]
+[  750.348496] [   T9870]  smbd_post_send_iter+0x1990/0x3070 [cifs]
+[  750.348625] [   T9870]  ? __pfx_smbd_post_send_iter+0x10/0x10 [cifs]
+[  750.348741] [   T9870]  ? update_stack_state+0x2a0/0x670
+[  750.348749] [   T9870]  ? cifs_flush+0x153/0x320 [cifs]
+[  750.348870] [   T9870]  ? cifs_flush+0x153/0x320 [cifs]
+[  750.348990] [   T9870]  ? update_stack_state+0x2a0/0x670
+[  750.348995] [   T9870]  smbd_send+0x58c/0x9c0 [cifs]
+[  750.349117] [   T9870]  ? __pfx_smbd_send+0x10/0x10 [cifs]
+[  750.349231] [   T9870]  ? unwind_get_return_address+0x65/0xb0
+[  750.349235] [   T9870]  ? __pfx_stack_trace_consume_entry+0x10/0x10
+[  750.349242] [   T9870]  ? arch_stack_walk+0xa7/0x100
+[  750.349250] [   T9870]  ? stack_trace_save+0x92/0xd0
+[  750.349254] [   T9870]  __smb_send_rqst+0x931/0xec0 [cifs]
+[  750.349374] [   T9870]  ? kernel_text_address+0x173/0x190
+[  750.349379] [   T9870]  ? kasan_save_stack+0x39/0x70
+[  750.349382] [   T9870]  ? kasan_save_track+0x18/0x70
+[  750.349385] [   T9870]  ? __kasan_slab_alloc+0x9d/0xa0
+[  750.349389] [   T9870]  ? __pfx___smb_send_rqst+0x10/0x10 [cifs]
+[  750.349508] [   T9870]  ? smb2_mid_entry_alloc+0xb4/0x7e0 [cifs]
+[  750.349626] [   T9870]  ? cifs_call_async+0x277/0xb00 [cifs]
+[  750.349746] [   T9870]  ? cifs_issue_write+0x256/0x610 [cifs]
+[  750.349867] [   T9870]  ? netfs_do_issue_write+0xc2/0x340 [netfs]
+[  750.349900] [   T9870]  ? netfs_advance_write+0x45b/0x1270 [netfs]
+[  750.349929] [   T9870]  ? netfs_write_folio+0xd6c/0x1be0 [netfs]
+[  750.349958] [   T9870]  ? netfs_writepages+0x2e9/0xa80 [netfs]
+[  750.349987] [   T9870]  ? do_writepages+0x21f/0x590
+[  750.349993] [   T9870]  ? filemap_fdatawrite_wbc+0xe1/0x140
+[  750.349997] [   T9870]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
+[  750.350002] [   T9870]  smb_send_rqst+0x22e/0x2f0 [cifs]
+[  750.350131] [   T9870]  ? __pfx_smb_send_rqst+0x10/0x10 [cifs]
+[  750.350255] [   T9870]  ? local_clock_noinstr+0xe/0xd0
+[  750.350261] [   T9870]  ? kasan_save_alloc_info+0x37/0x60
+[  750.350268] [   T9870]  ? __kasan_check_write+0x14/0x30
+[  750.350271] [   T9870]  ? _raw_spin_lock+0x81/0xf0
+[  750.350275] [   T9870]  ? __pfx__raw_spin_lock+0x10/0x10
+[  750.350278] [   T9870]  ? smb2_setup_async_request+0x293/0x580 [cifs]
+[  750.350398] [   T9870]  cifs_call_async+0x477/0xb00 [cifs]
+[  750.350518] [   T9870]  ? __pfx_smb2_writev_callback+0x10/0x10 [cifs]
+[  750.350636] [   T9870]  ? __pfx_cifs_call_async+0x10/0x10 [cifs]
+[  750.350756] [   T9870]  ? __pfx__raw_spin_lock+0x10/0x10
+[  750.350760] [   T9870]  ? __kasan_check_write+0x14/0x30
+[  750.350763] [   T9870]  ? __smb2_plain_req_init+0x933/0x1090 [cifs]
+[  750.350891] [   T9870]  smb2_async_writev+0x15ff/0x2460 [cifs]
+[  750.351008] [   T9870]  ? sched_clock_noinstr+0x9/0x10
+[  750.351012] [   T9870]  ? local_clock_noinstr+0xe/0xd0
+[  750.351018] [   T9870]  ? __pfx_smb2_async_writev+0x10/0x10 [cifs]
+[  750.351144] [   T9870]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
+[  750.351150] [   T9870]  ? _raw_spin_unlock+0xe/0x40
+[  750.351154] [   T9870]  ? cifs_pick_channel+0x242/0x370 [cifs]
+[  750.351275] [   T9870]  cifs_issue_write+0x256/0x610 [cifs]
+[  750.351554] [   T9870]  ? cifs_issue_write+0x256/0x610 [cifs]
+[  750.351677] [   T9870]  netfs_do_issue_write+0xc2/0x340 [netfs]
+[  750.351710] [   T9870]  netfs_advance_write+0x45b/0x1270 [netfs]
+[  750.351740] [   T9870]  ? rolling_buffer_append+0x12d/0x440 [netfs]
+[  750.351769] [   T9870]  netfs_write_folio+0xd6c/0x1be0 [netfs]
+[  750.351798] [   T9870]  ? __kasan_check_write+0x14/0x30
+[  750.351804] [   T9870]  netfs_writepages+0x2e9/0xa80 [netfs]
+[  750.351835] [   T9870]  ? __pfx_netfs_writepages+0x10/0x10 [netfs]
+[  750.351864] [   T9870]  ? exit_files+0xab/0xe0
+[  750.351867] [   T9870]  ? do_exit+0x148f/0x2980
+[  750.351871] [   T9870]  ? do_group_exit+0xb5/0x250
+[  750.351874] [   T9870]  ? arch_do_signal_or_restart+0x92/0x630
+[  750.351879] [   T9870]  ? exit_to_user_mode_loop+0x98/0x170
+[  750.351882] [   T9870]  ? do_syscall_64+0x2cf/0xd80
+[  750.351886] [   T9870]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
+[  750.351890] [   T9870]  do_writepages+0x21f/0x590
+[  750.351894] [   T9870]  ? __pfx_do_writepages+0x10/0x10
+[  750.351897] [   T9870]  filemap_fdatawrite_wbc+0xe1/0x140
+[  750.351901] [   T9870]  __filemap_fdatawrite_range+0xba/0x100
+[  750.351904] [   T9870]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
+[  750.351912] [   T9870]  ? __kasan_check_write+0x14/0x30
+[  750.351916] [   T9870]  filemap_write_and_wait_range+0x7d/0xf0
+[  750.351920] [   T9870]  cifs_flush+0x153/0x320 [cifs]
+[  750.352042] [   T9870]  filp_flush+0x107/0x1a0
+[  750.352046] [   T9870]  filp_close+0x14/0x30
+[  750.352049] [   T9870]  put_files_struct.part.0+0x126/0x2a0
+[  750.352053] [   T9870]  ? __pfx__raw_spin_lock+0x10/0x10
+[  750.352058] [   T9870]  exit_files+0xab/0xe0
+[  750.352061] [   T9870]  do_exit+0x148f/0x2980
+[  750.352065] [   T9870]  ? __pfx_do_exit+0x10/0x10
+[  750.352069] [   T9870]  ? __kasan_check_write+0x14/0x30
+[  750.352072] [   T9870]  ? _raw_spin_lock_irq+0x8a/0xf0
+[  750.352076] [   T9870]  do_group_exit+0xb5/0x250
+[  750.352080] [   T9870]  get_signal+0x22d3/0x22e0
+[  750.352086] [   T9870]  ? __pfx_get_signal+0x10/0x10
+[  750.352089] [   T9870]  ? fpregs_assert_state_consistent+0x68/0x100
+[  750.352101] [   T9870]  ? folio_add_lru+0xda/0x120
+[  750.352105] [   T9870]  arch_do_signal_or_restart+0x92/0x630
+[  750.352109] [   T9870]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
+[  750.352115] [   T9870]  exit_to_user_mode_loop+0x98/0x170
+[  750.352118] [   T9870]  do_syscall_64+0x2cf/0xd80
+[  750.352123] [   T9870]  ? __kasan_check_read+0x11/0x20
+[  750.352126] [   T9870]  ? count_memcg_events+0x1b4/0x420
+[  750.352132] [   T9870]  ? handle_mm_fault+0x148/0x690
+[  750.352136] [   T9870]  ? _raw_spin_lock_irq+0x8a/0xf0
+[  750.352140] [   T9870]  ? __kasan_check_read+0x11/0x20
+[  750.352143] [   T9870]  ? fpregs_assert_state_consistent+0x68/0x100
+[  750.352146] [   T9870]  ? irqentry_exit_to_user_mode+0x2e/0x250
+[  750.352151] [   T9870]  ? irqentry_exit+0x43/0x50
+[  750.352154] [   T9870]  ? exc_page_fault+0x75/0xe0
+[  750.352160] [   T9870]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
+[  750.352163] [   T9870] RIP: 0033:0x7858c94ab6e2
+[  750.352167] [   T9870] Code: Unable to access opcode bytes at 0x7858c94ab6b8.
+[  750.352175] [   T9870] RSP: 002b:00007858c9248ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000022
+[  750.352179] [   T9870] RAX: fffffffffffffdfe RBX: 00007858c92496c0 RCX: 00007858c94ab6e2
+[  750.352182] [   T9870] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
+[  750.352184] [   T9870] RBP: 00007858c9248d10 R08: 0000000000000000 R09: 0000000000000000
+[  750.352185] [   T9870] R10: 0000000000000000 R11: 0000000000000246 R12: fffffffffffffde0
+[  750.352187] [   T9870] R13: 0000000000000020 R14: 0000000000000002 R15: 00007ffc072d2230
+[  750.352191] [   T9870]  </TASK>
+[  750.352195] [   T9870]
+[  750.395206] [   T9870] Allocated by task 9870 on cpu 0 at 750.346406s:
+[  750.395523] [   T9870]  kasan_save_stack+0x39/0x70
+[  750.395532] [   T9870]  kasan_save_track+0x18/0x70
+[  750.395536] [   T9870]  kasan_save_alloc_info+0x37/0x60
+[  750.395539] [   T9870]  __kasan_slab_alloc+0x9d/0xa0
+[  750.395543] [   T9870]  kmem_cache_alloc_noprof+0x13c/0x3f0
+[  750.395548] [   T9870]  mempool_alloc_slab+0x15/0x20
+[  750.395553] [   T9870]  mempool_alloc_noprof+0x135/0x340
+[  750.395557] [   T9870]  smbd_post_send_iter+0x63e/0x3070 [cifs]
+[  750.395694] [   T9870]  smbd_send+0x58c/0x9c0 [cifs]
+[  750.395819] [   T9870]  __smb_send_rqst+0x931/0xec0 [cifs]
+[  750.395950] [   T9870]  smb_send_rqst+0x22e/0x2f0 [cifs]
+[  750.396081] [   T9870]  cifs_call_async+0x477/0xb00 [cifs]
+[  750.396232] [   T9870]  smb2_async_writev+0x15ff/0x2460 [cifs]
+[  750.396359] [   T9870]  cifs_issue_write+0x256/0x610 [cifs]
+[  750.396492] [   T9870]  netfs_do_issue_write+0xc2/0x340 [netfs]
+[  750.396544] [   T9870]  netfs_advance_write+0x45b/0x1270 [netfs]
+[  750.396576] [   T9870]  netfs_write_folio+0xd6c/0x1be0 [netfs]
+[  750.396608] [   T9870]  netfs_writepages+0x2e9/0xa80 [netfs]
+[  750.396639] [   T9870]  do_writepages+0x21f/0x590
+[  750.396643] [   T9870]  filemap_fdatawrite_wbc+0xe1/0x140
+[  750.396647] [   T9870]  __filemap_fdatawrite_range+0xba/0x100
+[  750.396651] [   T9870]  filemap_write_and_wait_range+0x7d/0xf0
+[  750.396656] [   T9870]  cifs_flush+0x153/0x320 [cifs]
+[  750.396787] [   T9870]  filp_flush+0x107/0x1a0
+[  750.396791] [   T9870]  filp_close+0x14/0x30
+[  750.396795] [   T9870]  put_files_struct.part.0+0x126/0x2a0
+[  750.396800] [   T9870]  exit_files+0xab/0xe0
+[  750.396803] [   T9870]  do_exit+0x148f/0x2980
+[  750.396808] [   T9870]  do_group_exit+0xb5/0x250
+[  750.396813] [   T9870]  get_signal+0x22d3/0x22e0
+[  750.396817] [   T9870]  arch_do_signal_or_restart+0x92/0x630
+[  750.396822] [   T9870]  exit_to_user_mode_loop+0x98/0x170
+[  750.396827] [   T9870]  do_syscall_64+0x2cf/0xd80
+[  750.396832] [   T9870]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
+[  750.396836] [   T9870]
+[  750.397150] [   T9870] The buggy address belongs to the object at ffff888011082800
+                           which belongs to the cache smbd_request_0000000008f3bd7b of size 144
+[  750.397798] [   T9870] The buggy address is located 0 bytes to the right of
+                           allocated 144-byte region [ffff888011082800, ffff888011082890)
+[  750.398469] [   T9870]
+[  750.398800] [   T9870] The buggy address belongs to the physical page:
+[  750.399141] [   T9870] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11082
+[  750.399148] [   T9870] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff)
+[  750.399155] [   T9870] page_type: f5(slab)
+[  750.399161] [   T9870] raw: 000fffffc0000000 ffff888022d65640 dead000000000122 0000000000000000
+[  750.399165] [   T9870] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
+[  750.399169] [   T9870] page dumped because: kasan: bad access detected
+[  750.399172] [   T9870]
+[  750.399505] [   T9870] Memory state around the buggy address:
+[  750.399863] [   T9870]  ffff888011082780: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
+[  750.400247] [   T9870]  ffff888011082800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+[  750.400618] [   T9870] >ffff888011082880: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
+[  750.400982] [   T9870]                          ^
+[  750.401370] [   T9870]  ffff888011082900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
+[  750.401774] [   T9870]  ffff888011082980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
+[  750.402171] [   T9870] ==================================================================
+[  750.402696] [   T9870] Disabling lock debugging due to kernel taint
+[  750.403202] [   T9870] BUG: unable to handle page fault for address: ffff8880110a2000
+[  750.403797] [   T9870] #PF: supervisor write access in kernel mode
+[  750.404204] [   T9870] #PF: error_code(0x0003) - permissions violation
+[  750.404581] [   T9870] PGD 5ce01067 P4D 5ce01067 PUD 5ce02067 PMD 78aa063 PTE 80000000110a2021
+[  750.404969] [   T9870] Oops: Oops: 0003 [#1] SMP KASAN PTI
+[  750.405394] [   T9870] CPU: 0 UID: 0 PID: 9870 Comm: xfs_io Kdump: loaded Tainted: G    B               6.16.0-rc2-metze.02+ #1 PREEMPT(voluntary)
+[  750.406510] [   T9870] Tainted: [B]=BAD_PAGE
+[  750.406967] [   T9870] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
+[  750.407440] [   T9870] RIP: 0010:smb_set_sge+0x15c/0x3b0 [cifs]
+[  750.408065] [   T9870] Code: 48 83 f8 ff 0f 84 b0 00 00 00 48 ba 00 00 00 00 00 fc ff df 4c 89 e1 48 c1 e9 03 80 3c 11 00 0f 85 69 01 00 00 49 8d 7c 24 08 <49> 89 04 24 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f
+[  750.409283] [   T9870] RSP: 0018:ffffc90005e2e758 EFLAGS: 00010246
+[  750.409803] [   T9870] RAX: ffff888036c53400 RBX: ffffc90005e2e878 RCX: 1ffff11002214400
+[  750.410323] [   T9870] RDX: dffffc0000000000 RSI: dffffc0000000000 RDI: ffff8880110a2008
+[  750.411217] [   T9870] RBP: ffffc90005e2e798 R08: 0000000000000001 R09: 0000000000000400
+[  750.411770] [   T9870] R10: ffff888011082800 R11: 0000000000000000 R12: ffff8880110a2000
+[  750.412325] [   T9870] R13: 0000000000000000 R14: ffffc90005e2e888 R15: ffff88801a4b6000
+[  750.412901] [   T9870] FS:  0000000000000000(0000) GS:ffff88812bc68000(0000) knlGS:0000000000000000
+[  750.413477] [   T9870] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[  750.414077] [   T9870] CR2: ffff8880110a2000 CR3: 000000005b0a6005 CR4: 00000000000726f0
+[  750.414654] [   T9870] Call Trace:
+[  750.415211] [   T9870]  <TASK>
+[  750.415748] [   T9870]  smbd_post_send_iter+0x1990/0x3070 [cifs]
+[  750.416449] [   T9870]  ? __pfx_smbd_post_send_iter+0x10/0x10 [cifs]
+[  750.417128] [   T9870]  ? update_stack_state+0x2a0/0x670
+[  750.417685] [   T9870]  ? cifs_flush+0x153/0x320 [cifs]
+[  750.418380] [   T9870]  ? cifs_flush+0x153/0x320 [cifs]
+[  750.419055] [   T9870]  ? update_stack_state+0x2a0/0x670
+[  750.419624] [   T9870]  smbd_send+0x58c/0x9c0 [cifs]
+[  750.420297] [   T9870]  ? __pfx_smbd_send+0x10/0x10 [cifs]
+[  750.420936] [   T9870]  ? unwind_get_return_address+0x65/0xb0
+[  750.421456] [   T9870]  ? __pfx_stack_trace_consume_entry+0x10/0x10
+[  750.421954] [   T9870]  ? arch_stack_walk+0xa7/0x100
+[  750.422460] [   T9870]  ? stack_trace_save+0x92/0xd0
+[  750.422948] [   T9870]  __smb_send_rqst+0x931/0xec0 [cifs]
+[  750.423579] [   T9870]  ? kernel_text_address+0x173/0x190
+[  750.424056] [   T9870]  ? kasan_save_stack+0x39/0x70
+[  750.424813] [   T9870]  ? kasan_save_track+0x18/0x70
+[  750.425323] [   T9870]  ? __kasan_slab_alloc+0x9d/0xa0
+[  750.425831] [   T9870]  ? __pfx___smb_send_rqst+0x10/0x10 [cifs]
+[  750.426548] [   T9870]  ? smb2_mid_entry_alloc+0xb4/0x7e0 [cifs]
+[  750.427231] [   T9870]  ? cifs_call_async+0x277/0xb00 [cifs]
+[  750.427882] [   T9870]  ? cifs_issue_write+0x256/0x610 [cifs]
+[  750.428909] [   T9870]  ? netfs_do_issue_write+0xc2/0x340 [netfs]
+[  750.429425] [   T9870]  ? netfs_advance_write+0x45b/0x1270 [netfs]
+[  750.429882] [   T9870]  ? netfs_write_folio+0xd6c/0x1be0 [netfs]
+[  750.430345] [   T9870]  ? netfs_writepages+0x2e9/0xa80 [netfs]
+[  750.430809] [   T9870]  ? do_writepages+0x21f/0x590
+[  750.431239] [   T9870]  ? filemap_fdatawrite_wbc+0xe1/0x140
+[  750.431652] [   T9870]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
+[  750.432041] [   T9870]  smb_send_rqst+0x22e/0x2f0 [cifs]
+[  750.432586] [   T9870]  ? __pfx_smb_send_rqst+0x10/0x10 [cifs]
+[  750.433108] [   T9870]  ? local_clock_noinstr+0xe/0xd0
+[  750.433482] [   T9870]  ? kasan_save_alloc_info+0x37/0x60
+[  750.433855] [   T9870]  ? __kasan_check_write+0x14/0x30
+[  750.434214] [   T9870]  ? _raw_spin_lock+0x81/0xf0
+[  750.434561] [   T9870]  ? __pfx__raw_spin_lock+0x10/0x10
+[  750.434903] [   T9870]  ? smb2_setup_async_request+0x293/0x580 [cifs]
+[  750.435394] [   T9870]  cifs_call_async+0x477/0xb00 [cifs]
+[  750.435892] [   T9870]  ? __pfx_smb2_writev_callback+0x10/0x10 [cifs]
+[  750.436388] [   T9870]  ? __pfx_cifs_call_async+0x10/0x10 [cifs]
+[  750.436881] [   T9870]  ? __pfx__raw_spin_lock+0x10/0x10
+[  750.437237] [   T9870]  ? __kasan_check_write+0x14/0x30
+[  750.437579] [   T9870]  ? __smb2_plain_req_init+0x933/0x1090 [cifs]
+[  750.438062] [   T9870]  smb2_async_writev+0x15ff/0x2460 [cifs]
+[  750.438557] [   T9870]  ? sched_clock_noinstr+0x9/0x10
+[  750.438906] [   T9870]  ? local_clock_noinstr+0xe/0xd0
+[  750.439293] [   T9870]  ? __pfx_smb2_async_writev+0x10/0x10 [cifs]
+[  750.439786] [   T9870]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
+[  750.440143] [   T9870]  ? _raw_spin_unlock+0xe/0x40
+[  750.440495] [   T9870]  ? cifs_pick_channel+0x242/0x370 [cifs]
+[  750.440989] [   T9870]  cifs_issue_write+0x256/0x610 [cifs]
+[  750.441492] [   T9870]  ? cifs_issue_write+0x256/0x610 [cifs]
+[  750.441987] [   T9870]  netfs_do_issue_write+0xc2/0x340 [netfs]
+[  750.442387] [   T9870]  netfs_advance_write+0x45b/0x1270 [netfs]
+[  750.442969] [   T9870]  ? rolling_buffer_append+0x12d/0x440 [netfs]
+[  750.443376] [   T9870]  netfs_write_folio+0xd6c/0x1be0 [netfs]
+[  750.443768] [   T9870]  ? __kasan_check_write+0x14/0x30
+[  750.444145] [   T9870]  netfs_writepages+0x2e9/0xa80 [netfs]
+[  750.444541] [   T9870]  ? __pfx_netfs_writepages+0x10/0x10 [netfs]
+[  750.444936] [   T9870]  ? exit_files+0xab/0xe0
+[  750.445312] [   T9870]  ? do_exit+0x148f/0x2980
+[  750.445672] [   T9870]  ? do_group_exit+0xb5/0x250
+[  750.446028] [   T9870]  ? arch_do_signal_or_restart+0x92/0x630
+[  750.446402] [   T9870]  ? exit_to_user_mode_loop+0x98/0x170
+[  750.446762] [   T9870]  ? do_syscall_64+0x2cf/0xd80
+[  750.447132] [   T9870]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
+[  750.447499] [   T9870]  do_writepages+0x21f/0x590
+[  750.447859] [   T9870]  ? __pfx_do_writepages+0x10/0x10
+[  750.448236] [   T9870]  filemap_fdatawrite_wbc+0xe1/0x140
+[  750.448595] [   T9870]  __filemap_fdatawrite_range+0xba/0x100
+[  750.448953] [   T9870]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
+[  750.449336] [   T9870]  ? __kasan_check_write+0x14/0x30
+[  750.449697] [   T9870]  filemap_write_and_wait_range+0x7d/0xf0
+[  750.450062] [   T9870]  cifs_flush+0x153/0x320 [cifs]
+[  750.450592] [   T9870]  filp_flush+0x107/0x1a0
+[  750.450952] [   T9870]  filp_close+0x14/0x30
+[  750.451322] [   T9870]  put_files_struct.part.0+0x126/0x2a0
+[  750.451678] [   T9870]  ? __pfx__raw_spin_lock+0x10/0x10
+[  750.452033] [   T9870]  exit_files+0xab/0xe0
+[  750.452401] [   T9870]  do_exit+0x148f/0x2980
+[  750.452751] [   T9870]  ? __pfx_do_exit+0x10/0x10
+[  750.453109] [   T9870]  ? __kasan_check_write+0x14/0x30
+[  750.453459] [   T9870]  ? _raw_spin_lock_irq+0x8a/0xf0
+[  750.453787] [   T9870]  do_group_exit+0xb5/0x250
+[  750.454082] [   T9870]  get_signal+0x22d3/0x22e0
+[  750.454406] [   T9870]  ? __pfx_get_signal+0x10/0x10
+[  750.454709] [   T9870]  ? fpregs_assert_state_consistent+0x68/0x100
+[  750.455031] [   T9870]  ? folio_add_lru+0xda/0x120
+[  750.455347] [   T9870]  arch_do_signal_or_restart+0x92/0x630
+[  750.455656] [   T9870]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
+[  750.455967] [   T9870]  exit_to_user_mode_loop+0x98/0x170
+[  750.456282] [   T9870]  do_syscall_64+0x2cf/0xd80
+[  750.456591] [   T9870]  ? __kasan_check_read+0x11/0x20
+[  750.456897] [   T9870]  ? count_memcg_events+0x1b4/0x420
+[  750.457280] [   T9870]  ? handle_mm_fault+0x148/0x690
+[  750.457616] [   T9870]  ? _raw_spin_lock_irq+0x8a/0xf0
+[  750.457925] [   T9870]  ? __kasan_check_read+0x11/0x20
+[  750.458297] [   T9870]  ? fpregs_assert_state_consistent+0x68/0x100
+[  750.458672] [   T9870]  ? irqentry_exit_to_user_mode+0x2e/0x250
+[  750.459191] [   T9870]  ? irqentry_exit+0x43/0x50
+[  750.459600] [   T9870]  ? exc_page_fault+0x75/0xe0
+[  750.460130] [   T9870]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
+[  750.460570] [   T9870] RIP: 0033:0x7858c94ab6e2
+[  750.461206] [   T9870] Code: Unable to access opcode bytes at 0x7858c94ab6b8.
+[  750.461780] [   T9870] RSP: 002b:00007858c9248ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000022
+[  750.462327] [   T9870] RAX: fffffffffffffdfe RBX: 00007858c92496c0 RCX: 00007858c94ab6e2
+[  750.462653] [   T9870] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
+[  750.462969] [   T9870] RBP: 00007858c9248d10 R08: 0000000000000000 R09: 0000000000000000
+[  750.463290] [   T9870] R10: 0000000000000000 R11: 0000000000000246 R12: fffffffffffffde0
+[  750.463640] [   T9870] R13: 0000000000000020 R14: 0000000000000002 R15: 00007ffc072d2230
+[  750.463965] [   T9870]  </TASK>
+[  750.464285] [   T9870] Modules linked in: siw ib_uverbs ccm cmac nls_utf8 cifs cifs_arc4 nls_ucs2_utils rdma_cm iw_cm ib_cm ib_core cifs_md4 netfs softdog vboxsf vboxguest cpuid intel_rapl_msr intel_rapl_common intel_uncore_frequency_common intel_pmc_core pmt_telemetry pmt_class intel_pmc_ssram_telemetry intel_vsec polyval_clmulni ghash_clmulni_intel sha1_ssse3 aesni_intel rapl i2c_piix4 i2c_smbus joydev input_leds mac_hid sunrpc binfmt_misc kvm_intel kvm irqbypass sch_fq_codel efi_pstore nfnetlink vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vsock vmw_vmci dmi_sysfs ip_tables x_tables autofs4 hid_generic vboxvideo usbhid drm_vram_helper psmouse vga16fb vgastate drm_ttm_helper serio_raw hid ahci libahci ttm pata_acpi video wmi [last unloaded: vboxguest]
+[  750.467127] [   T9870] CR2: ffff8880110a2000
+
+cc: Tom Talpey <tom@talpey.com>
+cc: linux-cifs@vger.kernel.org
+Reviewed-by: David Howells <dhowells@redhat.com>
+Reviewed-by: Tom Talpey <tom@talpey.com>
+Fixes: c45ebd636c32 ("cifs: Provide the capability to extract from ITER_FOLIOQ to RDMA SGEs")
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/client/smbdirect.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/fs/smb/client/smbdirect.c
++++ b/fs/smb/client/smbdirect.c
+@@ -2552,13 +2552,14 @@ static ssize_t smb_extract_folioq_to_rdm
+               size_t fsize = folioq_folio_size(folioq, slot);
+ 
+               if (offset < fsize) {
+-                      size_t part = umin(maxsize - ret, fsize - offset);
++                      size_t part = umin(maxsize, fsize - offset);
+ 
+                       if (!smb_set_sge(rdma, folio_page(folio, 0), offset, part))
+                               return -EIO;
+ 
+                       offset += part;
+                       ret += part;
++                      maxsize -= part;
+               }
+ 
+               if (offset >= fsize) {
+@@ -2573,7 +2574,7 @@ static ssize_t smb_extract_folioq_to_rdm
+                               slot = 0;
+                       }
+               }
+-      } while (rdma->nr_sge < rdma->max_sge || maxsize > 0);
++      } while (rdma->nr_sge < rdma->max_sge && maxsize > 0);
+ 
+       iter->folioq = folioq;
+       iter->folioq_slot = slot;
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 23 Jun 2025 08:35:33 +0000 (10:35 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 23 Jun 2025 08:35:33 +0000 (10:35 +0200)
queue-6.12/series		patch \| blob \| blame \| history
queue-6.12/smb-client-fix-first-command-failure-during-re-negotiation.patch	[new file with mode: 0644]	patch \| blob
queue-6.12/smb-client-fix-max_sge-overflow-in-smb_extract_folioq_to_rdma.patch	[new file with mode: 0644]	patch \| blob