[Pkg-samba-maint] Bug#973613: cifs-utils: CIFS kernel module crash

Koutheir Attouchi koutheir at gmail.com
Mon Nov 2 14:30:56 GMT 2020 

Package: cifs-utils
Version: 2:6.9-1
Severity: critical
Justification: breaks unrelated software
X-Debbugs-Cc: koutheir at gmail.com

Dear Maintainer,

Attempting to mount a CIFS share crashes the CIFS module, and makes the system
unstable.

Here is the mounting command:
$ sudo mount -v -t cifs -o
nodfs,_netdev,sec=ntlmssp,user,rw,nounix,iocharset=utf8,file_mode=0777,dir_mode=0777,credentials=<somewhere>/credentials.conf
//10.10.1.22/shares <mount-point-path>

$ sudo dmesg
...
[  211.588679] CIFS: Attempting to mount //10.10.1.22/shares
[  211.588710] CIFS: No dialect specified on mount. Default has changed to a
more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use
the less secure SMB1 dialect to access old servers which do not support
SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  213.409379] CIFS: VFS: \\10.10.1.22\IPC$ DFS capability contradicts DFS flag
[  213.614168] CIFS: VFS: \\10.10.1.22\IPC$ validate protocol negotiate failed:
-9
[  213.614177] CIFS: VFS: \\10.10.1.22 failed to connect to IPC (rc=-5)
[  213.818979] CIFS: VFS: \\10.10.1.22\shares DFS capability contradicts DFS
flag
[  214.024488] CIFS: VFS: \\10.10.1.22\shares Server does not support validate
negotiate
[  216.072372] BUG: kernel NULL pointer dereference, address: 00000000000007a0
[  216.072380] #PF: supervisor read access in kernel mode
[  216.072383] #PF: error_code(0x0000) - not-present page
[  216.072386] PGD 0 P4D 0
[  216.072392] Oops: 0000 [#1] SMP PTI
[  216.072399] CPU: 0 PID: 3551 Comm: mount.cifs Tainted: G           OE
5.9.0-1-amd64 #1 Debian 5.9.1-1
[  216.072402] Hardware name: LENOVO 20BE00CQGE/20BE00CQGE, BIOS GMET90WW (2.38
) 04/13/2020
[  216.072460] RIP: 0010:cifs_mount+0x23b/0xcf0 [cifs]
[  216.072466] Code: 85 ff 74 42 48 c7 c7 e8 10 9a c1 e8 ef 14 b8 ea 41 83 47
50 01 48 89 ef e8 f2 0a 02 00 49 8b 4f 20 48 c7 c7 e8 10 9a c1 89 c2 <0f> b6 81
a0 07 00 00 83 e2 03 83 e0 fc 09 d0 88 81 a0 07 00 00 c6
[  216.072470] RSP: 0018:ffffb4148295fd50 EFLAGS: 00010206
[  216.072474] RAX: 0000000000000001 RBX: ffff9ff677a31400 RCX:
0000000000000000
[  216.072477] RDX: 0000000000000001 RSI: 000000000000002f RDI:
ffffffffc19a10e8
[  216.072480] RBP: ffff9ff67777a900 R08: ffffb4148295fcd0 R09:
ffff9ff70bb71b00
[  216.072483] R10: ffffb4148295fd08 R11: 0000000000000000 R12:
ffff9ff6777f7f00
[  216.072486] R13: ffff9ff677a31400 R14: 0000000000000000 R15:
ffff9ff79c8ed800
[  216.072490] FS:  00007f5fddec1740(0000) GS:ffff9ff82e600000(0000)
knlGS:0000000000000000
[  216.072493] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  216.072496] CR2: 00000000000007a0 CR3: 000000023fedc004 CR4:
00000000001706f0
[  216.072499] Call Trace:
[  216.072516]  ? slab_pre_alloc_hook.constprop.0+0xd0/0x110
[  216.072556]  cifs_smb3_do_mount+0xc5/0x6a0 [cifs]
[  216.072566]  legacy_get_tree+0x27/0x40
[  216.072574]  vfs_get_tree+0x25/0xb0
[  216.072581]  path_mount+0x43d/0xa60
[  216.072589]  __x64_sys_mount+0x103/0x140
[  216.072596]  do_syscall_64+0x33/0x80
[  216.072604]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  216.072609] RIP: 0033:0x7f5fddfc294a
[  216.072615] Code: 48 8b 0d 49 f5 0b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e
0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01
f0 ff ff 73 01 c3 48 8b 0d 16 f5 0b 00 f7 d8 64 89 01 48
[  216.072618] RSP: 002b:00007ffd8ce9ecd8 EFLAGS: 00000206 ORIG_RAX:
00000000000000a5
[  216.072622] RAX: ffffffffffffffda RBX: 00007ffd8ce9f790 RCX:
00007f5fddfc294a
[  216.072625] RDX: 000055826fdf73fa RSI: 000055826fdf7441 RDI:
00007ffd8ce9f790
[  216.072628] RBP: 00005582712878d0 R08: 0000558271288990 R09:
0000000000000000
[  216.072631] R10: 000000000000000e R11: 0000000000000206 R12:
0000558271288990
[  216.072633] R13: 0000000000000000 R14: 00007f5fde0c070e R15:
00007f5fde0be000
[  216.072638] Modules linked in: md4 sha512_ssse3 sha512_generic cmac nls_utf8
cifs dns_resolver fscache libdes tun veth xt_conntrack nf_conntrack_netlink
xfrm_user xfrm_algo xt_addrtype br_netfilter overlay xt_CHECKSUM nft_chain_nat
xt_MASQUERADE nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nft_counter
vboxnetadp(OE) vboxnetflt(OE) xt_tcpudp nft_compat bridge stp llc vboxdrv(OE)
nf_tables nfnetlink ctr ccm bnep snd_seq_dummy snd_hrtimer snd_seq
snd_seq_device bbswitch(OE) binfmt_misc intel_rapl_msr intel_rapl_common btusb
btrtl btbcm btintel x86_pkg_temp_thermal bluetooth intel_powerclamp kvm_intel
jitterentropy_rng drbg kvm irqbypass iwlmvm ghash_clmulni_intel
snd_hda_codec_hdmi mac80211 rapl uvcvideo snd_hda_codec_realtek aes_generic
intel_cstate videobuf2_vmalloc libarc4 snd_hda_codec_generic videobuf2_memops
videobuf2_v4l2 aesni_intel mei_wdt cdc_mbim videobuf2_common fuse snd_hda_intel
cdc_wdm crypto_simd i915 iwlwifi intel_uncore videodev snd_intel_dspcfg cryptd
snd_hda_codec
[  216.072704]  glue_helper pcspkr serio_raw wmi_bmof snd_hda_core ansi_cprng
cdc_ncm snd_hwdep iTCO_wdt snd_pcm intel_pmc_bxt iTCO_vendor_support
ecdh_generic cdc_ether mc joydev evdev rmi_smbus usbnet ecc rmi_core mii at24
libaes thinkpad_acpi sg cfg80211 drm_kms_helper watchdog cdc_acm snd_timer
tpm_tis nvram mei_me ledtrig_audio cec snd tpm_tis_core mei soundcore
i2c_algo_bit rfkill ac tpm rng_core button coretemp parport_pc ppdev drm lp
sunrpc parport ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2
crc32c_generic btrfs zstd_compress raid10 raid456 async_raid6_recov
async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0
multipath linear md_mod hid_generic usbhid hid sd_mod sr_mod cdrom t10_pi
crc_t10dif crct10dif_generic ahci rtsx_pci_sdmmc libahci mmc_core libata
xhci_pci xhci_hcd ehci_pci crct10dif_pclmul ehci_hcd crct10dif_common psmouse
e1000e crc32_pclmul scsi_mod usbcore crc32c_intel i2c_i801 lpc_ich i2c_smbus
ptp rtsx_pci pps_core usb_common wmi video
[  216.072821]  battery
[  216.072832] CR2: 00000000000007a0
[  216.072855] ---[ end trace 9abcbe4330f8212e ]---
[  216.072895] RIP: 0010:cifs_mount+0x23b/0xcf0 [cifs]
[  216.072900] Code: 85 ff 74 42 48 c7 c7 e8 10 9a c1 e8 ef 14 b8 ea 41 83 47
50 01 48 89 ef e8 f2 0a 02 00 49 8b 4f 20 48 c7 c7 e8 10 9a c1 89 c2 <0f> b6 81
a0 07 00 00 83 e2 03 83 e0 fc 09 d0 88 81 a0 07 00 00 c6
[  216.072903] RSP: 0018:ffffb4148295fd50 EFLAGS: 00010206
[  216.072907] RAX: 0000000000000001 RBX: ffff9ff677a31400 RCX:
0000000000000000
[  216.072909] RDX: 0000000000000001 RSI: 000000000000002f RDI:
ffffffffc19a10e8
[  216.072912] RBP: ffff9ff67777a900 R08: ffffb4148295fcd0 R09:
ffff9ff70bb71b00
[  216.072915] R10: ffffb4148295fd08 R11: 0000000000000000 R12:
ffff9ff6777f7f00
[  216.072917] R13: ffff9ff677a31400 R14: 0000000000000000 R15:
ffff9ff79c8ed800
[  216.072921] FS:  00007f5fddec1740(0000) GS:ffff9ff82e600000(0000)
knlGS:0000000000000000
[  216.072924] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  216.072927] CR2: 00000000000007a0 CR3: 000000023fedc004 CR4:
00000000001706f0



-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.9.0-1-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_DIE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cifs-utils depends on:
ii  libc6         2.31-4
ii  libcap-ng0    0.7.9-2.2
ii  libkeyutils1  1.6.1-2
ii  libkrb5-3     1.17-10
ii  libpam0g      1.3.1-5
ii  libtalloc2    2.3.1-1
ii  libwbclient0  2:4.12.5+dfsg-3

cifs-utils recommends no packages.

Versions of packages cifs-utils suggests:
ii  keyutils   1.6.1-2
ii  smbclient  2:4.12.5+dfsg-3
pn  winbind    <none>

-- no debconf information

More information about the Pkg-samba-maint mailing list