Re: regression in CIFS(?) between 4.17.14 and 4.18.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Still present in 4.18.5-1.el7.elrepo.x86_64


4.18.5-1.el7.elrepo.x86_64
Code: b1 00 01 00 00 49 8b bf 80 02 00 00 ba 10 00 00 00 e8 44 50 e4
e0 85 c0 0f 85 8c 00 00 00 48 8b 85 78 ff ff ff ba 82 ff ff ff <48> 8b
00 f6 40 08 01 0f 84 b1 00 00 00 48 c7 c6 30 49 56 a0 48 c7
All code
========
   0:   b1 00                   mov    $0x0,%cl
   2:   01 00                   add    %eax,(%rax)
   4:   00 49 8b                add    %cl,-0x75(%rcx)
   7:   bf 80 02 00 00          mov    $0x280,%edi
   c:   ba 10 00 00 00          mov    $0x10,%edx
  11:   e8 44 50 e4 e0          callq  0xffffffffe0e4505a
  16:   85 c0                   test   %eax,%eax
  18:   0f 85 8c 00 00 00       jne    0xaa
  1e:   48 8b 85 78 ff ff ff    mov    -0x88(%rbp),%rax
  25:   ba 82 ff ff ff          mov    $0xffffff82,%edx
  2a:*  48 8b 00                mov    (%rax),%rax              <--
trapping instruction
  2d:   f6 40 08 01             testb  $0x1,0x8(%rax)
  31:   0f 84 b1 00 00 00       je     0xe8
  37:   48 c7 c6 30 49 56 a0    mov    $0xffffffffa0564930,%rsi
  3e:   48                      rex.W
  3f:   c7                      .byte 0xc7

Code starting with the faulting instruction
===========================================
   0:   48 8b 00                mov    (%rax),%rax
   3:   f6 40 08 01             testb  $0x1,0x8(%rax)
   7:   0f 84 b1 00 00 00       je     0xbe
   d:   48 c7 c6 30 49 56 a0    mov    $0xffffffffa0564930,%rsi
  14:   48                      rex.W
  15:   c7                      .byte 0xc7

Code: 48 8b 0d 89 6b 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d
01 f0 ff ff 73 01 c3 48 8b 0d 56 6b 2c 00 f7 d8 64 89 01 48
All code
========
   0:   48 8b 0d 89 6b 2c 00    mov    0x2c6b89(%rip),%rcx        # 0x2c6b90
   7:   f7 d8                   neg    %eax
   9:   64 89 01                mov    %eax,%fs:(%rcx)
   c:   48 83 c8 ff             or     $0xffffffffffffffff,%rax
  10:   c3                      retq
  11:   66 2e 0f 1f 84 00 00    nopw   %cs:0x0(%rax,%rax,1)
  18:   00 00 00
  1b:   0f 1f 44 00 00          nopl   0x0(%rax,%rax,1)
  20:   49 89 ca                mov    %rcx,%r10
  23:   b8 a5 00 00 00          mov    $0xa5,%eax
  28:   0f 05                   syscall
  2a:*  48 3d 01 f0 ff ff       cmp    $0xfffffffffffff001,%rax
 <-- trapping instruction
  30:   73 01                   jae    0x33
  32:   c3                      retq
  33:   48 8b 0d 56 6b 2c 00    mov    0x2c6b56(%rip),%rcx        # 0x2c6b90
  3a:   f7 d8                   neg    %eax
  3c:   64 89 01                mov    %eax,%fs:(%rcx)
  3f:   48                      rex.W

Code starting with the faulting instruction
===========================================
   0:   48 3d 01 f0 ff ff       cmp    $0xfffffffffffff001,%rax
   6:   73 01                   jae    0x9
   8:   c3                      retq
   9:   48 8b 0d 56 6b 2c 00    mov    0x2c6b56(%rip),%rcx        # 0x2c6b66
  10:   f7 d8                   neg    %eax
  12:   64 89 01                mov    %eax,%fs:(%rcx)
  15:   48                      rex.W


Code: b1 00 01 00 00 49 8b bf 80 02 00 00 ba 10 00 00 00 e8 44 50 e4
e0 85 c0 0f 85 8c 00 00 00 48 8b 85 78 ff ff ff ba 82 ff ff ff <48> 8b
00 f6 40 08 01 0f 84 b1 00 00 00 48 c7 c6 30 49 56 a0 48 c7
All code
========
   0:   b1 00                   mov    $0x0,%cl
   2:   01 00                   add    %eax,(%rax)
   4:   00 49 8b                add    %cl,-0x75(%rcx)
   7:   bf 80 02 00 00          mov    $0x280,%edi
   c:   ba 10 00 00 00          mov    $0x10,%edx
  11:   e8 44 50 e4 e0          callq  0xffffffffe0e4505a
  16:   85 c0                   test   %eax,%eax
  18:   0f 85 8c 00 00 00       jne    0xaa
  1e:   48 8b 85 78 ff ff ff    mov    -0x88(%rbp),%rax
  25:   ba 82 ff ff ff          mov    $0xffffff82,%edx
  2a:*  48 8b 00                mov    (%rax),%rax              <--
trapping instruction
  2d:   f6 40 08 01             testb  $0x1,0x8(%rax)
  31:   0f 84 b1 00 00 00       je     0xe8
  37:   48 c7 c6 30 49 56 a0    mov    $0xffffffffa0564930,%rsi
  3e:   48                      rex.W
  3f:   c7                      .byte 0xc7

Code starting with the faulting instruction
===========================================
   0:   48 8b 00                mov    (%rax),%rax
   3:   f6 40 08 01             testb  $0x1,0x8(%rax)
   7:   0f 84 b1 00 00 00       je     0xbe
   d:   48 c7 c6 30 49 56 a0    mov    $0xffffffffa0564930,%rsi
  14:   48                      rex.W
  15:   c7                      .byte 0xc7
On Wed, Aug 22, 2018 at 9:13 AM Robin P. Blanchard
<robin.blanchard@xxxxxxxxx> wrote:
>
> OOPS decoding....
>
>
> DFS, vers=2.1, sec=ntlmsspi
>
> # dmesg |grep Code: |awk -F'] ' '{print $NF}' |while read line ; do
> echo "${line}" |/usr/src/kernels/$(uname -r)/scripts/decodecode ; echo
> ; done
> Code: b1 00 01 00 00 49 8b bf 80 02 00 00 ba 10 00 00 00 e8 d4 ff e3
> e0 85 c0 0f 85 8c 00 00 00 48 8b 85 78 ff ff ff ba 82 ff ff ff <48> 8b
> 00 f6 40 08 01 0f 84 b1 00 00 00 48 c7 c6 30 99 56 a0 48 c7
> All code
> ========
>    0:   b1 00                   mov    $0x0,%cl
>    2:   01 00                   add    %eax,(%rax)
>    4:   00 49 8b                add    %cl,-0x75(%rcx)
>    7:   bf 80 02 00 00          mov    $0x280,%edi
>    c:   ba 10 00 00 00          mov    $0x10,%edx
>   11:   e8 d4 ff e3 e0          callq  0xffffffffe0e3ffea
>   16:   85 c0                   test   %eax,%eax
>   18:   0f 85 8c 00 00 00       jne    0xaa
>   1e:   48 8b 85 78 ff ff ff    mov    -0x88(%rbp),%rax
>   25:   ba 82 ff ff ff          mov    $0xffffff82,%edx
>   2a:*  48 8b 00                mov    (%rax),%rax              <--
> trapping instruction
>   2d:   f6 40 08 01             testb  $0x1,0x8(%rax)
>   31:   0f 84 b1 00 00 00       je     0xe8
>   37:   48 c7 c6 30 99 56 a0    mov    $0xffffffffa0569930,%rsi
>   3e:   48                      rex.W
>   3f:   c7                      .byte 0xc7
>
> Code starting with the faulting instruction
> ===========================================
>    0:   48 8b 00                mov    (%rax),%rax
>    3:   f6 40 08 01             testb  $0x1,0x8(%rax)
>    7:   0f 84 b1 00 00 00       je     0xbe
>    d:   48 c7 c6 30 99 56 a0    mov    $0xffffffffa0569930,%rsi
>   14:   48                      rex.W
>   15:   c7                      .byte 0xc7
>
> Code: 48 8b 0d 89 6b 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
> 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d
> 01 f0 ff ff 73 01 c3 48 8b 0d 56 6b 2c 00 f7 d8 64 89 01 48
> All code
> ========
>    0:   48 8b 0d 89 6b 2c 00    mov    0x2c6b89(%rip),%rcx        # 0x2c6b90
>    7:   f7 d8                   neg    %eax
>    9:   64 89 01                mov    %eax,%fs:(%rcx)
>    c:   48 83 c8 ff             or     $0xffffffffffffffff,%rax
>   10:   c3                      retq
>   11:   66 2e 0f 1f 84 00 00    nopw   %cs:0x0(%rax,%rax,1)
>   18:   00 00 00
>   1b:   0f 1f 44 00 00          nopl   0x0(%rax,%rax,1)
>   20:   49 89 ca                mov    %rcx,%r10
>   23:   b8 a5 00 00 00          mov    $0xa5,%eax
>   28:   0f 05                   syscall
>   2a:*  48 3d 01 f0 ff ff       cmp    $0xfffffffffffff001,%rax
>  <-- trapping instruction
>   30:   73 01                   jae    0x33
>   32:   c3                      retq
>   33:   48 8b 0d 56 6b 2c 00    mov    0x2c6b56(%rip),%rcx        # 0x2c6b90
>   3a:   f7 d8                   neg    %eax
>   3c:   64 89 01                mov    %eax,%fs:(%rcx)
>   3f:   48                      rex.W
>
> Code starting with the faulting instruction
> ===========================================
>    0:   48 3d 01 f0 ff ff       cmp    $0xfffffffffffff001,%rax
>    6:   73 01                   jae    0x9
>    8:   c3                      retq
>    9:   48 8b 0d 56 6b 2c 00    mov    0x2c6b56(%rip),%rcx        # 0x2c6b66
>   10:   f7 d8                   neg    %eax
>   12:   64 89 01                mov    %eax,%fs:(%rcx)
>   15:   48                      rex.W
>
> Code: b1 00 01 00 00 49 8b bf 80 02 00 00 ba 10 00 00 00 e8 d4 ff e3
> e0 85 c0 0f 85 8c 00 00 00 48 8b 85 78 ff ff ff ba 82 ff ff ff <48> 8b
> 00 f6 40 08 01 0f 84 b1 00 00 00 48 c7 c6 30 99 56 a0 48 c7
> All code
> ========
>    0:   b1 00                   mov    $0x0,%cl
>    2:   01 00                   add    %eax,(%rax)
>    4:   00 49 8b                add    %cl,-0x75(%rcx)
>    7:   bf 80 02 00 00          mov    $0x280,%edi
>    c:   ba 10 00 00 00          mov    $0x10,%edx
>   11:   e8 d4 ff e3 e0          callq  0xffffffffe0e3ffea
>   16:   85 c0                   test   %eax,%eax
>   18:   0f 85 8c 00 00 00       jne    0xaa
>   1e:   48 8b 85 78 ff ff ff    mov    -0x88(%rbp),%rax
>   25:   ba 82 ff ff ff          mov    $0xffffff82,%edx
>   2a:*  48 8b 00                mov    (%rax),%rax              <--
> trapping instruction
>   2d:   f6 40 08 01             testb  $0x1,0x8(%rax)
>   31:   0f 84 b1 00 00 00       je     0xe8
>   37:   48 c7 c6 30 99 56 a0    mov    $0xffffffffa0569930,%rsi
>   3e:   48                      rex.W
>   3f:   c7                      .byte 0xc7
>
> Code starting with the faulting instruction
> ===========================================
>    0:   48 8b 00                mov    (%rax),%rax
>    3:   f6 40 08 01             testb  $0x1,0x8(%rax)
>    7:   0f 84 b1 00 00 00       je     0xbe
>    d:   48 c7 c6 30 99 56 a0    mov    $0xffffffffa0569930,%rsi
>   14:   48                      rex.W
>   15:   c7                      .byte 0xc7
>
>
>
> ( reboot )
>
> DFS, vers=2.1, sec=ntlmssp
>
>
> # dmesg |grep Code: |awk -F'] ' '{print $NF}' |while read line ; do
> echo "${line}" |/usr/src/kernels/$(uname -r)/scripts/decodecode ; echo
> ; done
> Code: b1 00 01 00 00 49 8b bf 80 02 00 00 ba 10 00 00 00 e8 d4 ff e3
> e0 85 c0 0f 85 8c 00 00 00 48 8b 85 78 ff ff ff ba 82 ff ff ff <48> 8b
> 00 f6 40 08 01 0f 84 b1 00 00 00 48 c7 c6 30 99 56 a0 48 c7
> All code
> ========
>    0:   b1 00                   mov    $0x0,%cl
>    2:   01 00                   add    %eax,(%rax)
>    4:   00 49 8b                add    %cl,-0x75(%rcx)
>    7:   bf 80 02 00 00          mov    $0x280,%edi
>    c:   ba 10 00 00 00          mov    $0x10,%edx
>   11:   e8 d4 ff e3 e0          callq  0xffffffffe0e3ffea
>   16:   85 c0                   test   %eax,%eax
>   18:   0f 85 8c 00 00 00       jne    0xaa
>   1e:   48 8b 85 78 ff ff ff    mov    -0x88(%rbp),%rax
>   25:   ba 82 ff ff ff          mov    $0xffffff82,%edx
>   2a:*  48 8b 00                mov    (%rax),%rax              <--
> trapping instruction
>   2d:   f6 40 08 01             testb  $0x1,0x8(%rax)
>   31:   0f 84 b1 00 00 00       je     0xe8
>   37:   48 c7 c6 30 99 56 a0    mov    $0xffffffffa0569930,%rsi
>   3e:   48                      rex.W
>   3f:   c7                      .byte 0xc7
>
> Code starting with the faulting instruction
> ===========================================
>    0:   48 8b 00                mov    (%rax),%rax
>    3:   f6 40 08 01             testb  $0x1,0x8(%rax)
>    7:   0f 84 b1 00 00 00       je     0xbe
>    d:   48 c7 c6 30 99 56 a0    mov    $0xffffffffa0569930,%rsi
>   14:   48                      rex.W
>   15:   c7                      .byte 0xc7
>
> Code: 48 8b 0d 89 6b 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
> 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d
> 01 f0 ff ff 73 01 c3 48 8b 0d 56 6b 2c 00 f7 d8 64 89 01 48
> All code
> ========
>    0:   48 8b 0d 89 6b 2c 00    mov    0x2c6b89(%rip),%rcx        # 0x2c6b90
>    7:   f7 d8                   neg    %eax
>    9:   64 89 01                mov    %eax,%fs:(%rcx)
>    c:   48 83 c8 ff             or     $0xffffffffffffffff,%rax
>   10:   c3                      retq
>   11:   66 2e 0f 1f 84 00 00    nopw   %cs:0x0(%rax,%rax,1)
>   18:   00 00 00
>   1b:   0f 1f 44 00 00          nopl   0x0(%rax,%rax,1)
>   20:   49 89 ca                mov    %rcx,%r10
>   23:   b8 a5 00 00 00          mov    $0xa5,%eax
>   28:   0f 05                   syscall
>   2a:*  48 3d 01 f0 ff ff       cmp    $0xfffffffffffff001,%rax
>  <-- trapping instruction
>   30:   73 01                   jae    0x33
>   32:   c3                      retq
>   33:   48 8b 0d 56 6b 2c 00    mov    0x2c6b56(%rip),%rcx        # 0x2c6b90
>   3a:   f7 d8                   neg    %eax
>   3c:   64 89 01                mov    %eax,%fs:(%rcx)
>   3f:   48                      rex.W
>
> Code starting with the faulting instruction
> ===========================================
>    0:   48 3d 01 f0 ff ff       cmp    $0xfffffffffffff001,%rax
>    6:   73 01                   jae    0x9
>    8:   c3                      retq
>    9:   48 8b 0d 56 6b 2c 00    mov    0x2c6b56(%rip),%rcx        # 0x2c6b66
>   10:   f7 d8                   neg    %eax
>   12:   64 89 01                mov    %eax,%fs:(%rcx)
>   15:   48                      rex.W
>
> Code: b1 00 01 00 00 49 8b bf 80 02 00 00 ba 10 00 00 00 e8 d4 ff e3
> e0 85 c0 0f 85 8c 00 00 00 48 8b 85 78 ff ff ff ba 82 ff ff ff <48> 8b
> 00 f6 40 08 01 0f 84 b1 00 00 00 48 c7 c6 30 99 56 a0 48 c7
> All code
> ========
>    0:   b1 00                   mov    $0x0,%cl
>    2:   01 00                   add    %eax,(%rax)
>    4:   00 49 8b                add    %cl,-0x75(%rcx)
>    7:   bf 80 02 00 00          mov    $0x280,%edi
>    c:   ba 10 00 00 00          mov    $0x10,%edx
>   11:   e8 d4 ff e3 e0          callq  0xffffffffe0e3ffea
>   16:   85 c0                   test   %eax,%eax
>   18:   0f 85 8c 00 00 00       jne    0xaa
>   1e:   48 8b 85 78 ff ff ff    mov    -0x88(%rbp),%rax
>   25:   ba 82 ff ff ff          mov    $0xffffff82,%edx
>   2a:*  48 8b 00                mov    (%rax),%rax              <--
> trapping instruction
>   2d:   f6 40 08 01             testb  $0x1,0x8(%rax)
>   31:   0f 84 b1 00 00 00       je     0xe8
>   37:   48 c7 c6 30 99 56 a0    mov    $0xffffffffa0569930,%rsi
>   3e:   48                      rex.W
>   3f:   c7                      .byte 0xc7
>
> Code starting with the faulting instruction
> ===========================================
>    0:   48 8b 00                mov    (%rax),%rax
>    3:   f6 40 08 01             testb  $0x1,0x8(%rax)
>    7:   0f 84 b1 00 00 00       je     0xbe
>    d:   48 c7 c6 30 99 56 a0    mov    $0xffffffffa0569930,%rsi
>   14:   48                      rex.W
>   15:   c7                      .byte 0xc7
> On Tue, Aug 21, 2018 at 2:13 PM Robin P. Blanchard
> <robin.blanchard@xxxxxxxxx> wrote:
> >
> > looks the same with or without signing (i)
> >
> > ** DFS, vers=2.1 ,sec=ntlmssp
> >
> > [   50.772801] Key type dns_resolver registered
> > [   50.798894] Key type cifs.spnego registered
> > [   50.798917] Key type cifs.idmap registered
> > [   50.820848] BUG: unable to handle kernel NULL pointer dereference
> > at 0000000000000000
> > [   50.820880] PGD 0 P4D 0
> > [   50.820893] Oops: 0000 [#1] SMP PTI
> > [   50.820910] CPU: 0 PID: 2129 Comm: mount.cifs Kdump: loaded Not
> > tainted 4.18.3-1.el7.elrepo.x86_64 #1
> > [   50.820940] Hardware name: VMware, Inc. VMware Virtual
> > Platform/440BX Desktop Reference Platform, BIOS 6.00 09/21/2015
> > [   50.820991] RIP: 0010:smb2_calc_signature+0x120/0x2f0 [cifs]
> > [   50.821011] Code: b1 00 01 00 00 49 8b bf 80 02 00 00 ba 10 00 00
> > 00 e8 d4 2f e4 e0 85 c0 0f 85 8c 00 00 00 48 8b 85 78 ff ff ff ba 82
> > ff ff ff <48> 8b 00 f6 40 08 01 0f 84 b1 00 00 00 48 c7 c6 30 69 56 a0
> > 48 c7
> > [   50.821088] RSP: 0018:ffffc9000174ba40 EFLAGS: 00010246
> > [   50.821107] RAX: 0000000000000000 RBX: ffff880078327540 RCX: 0000000000000000
> > [   50.821134] RDX: 00000000ffffff82 RSI: ffffc9000174b998 RDI: ffff88007bda4110
> > [   50.821160] RBP: ffffc9000174bac8 R08: ffffffffa0583280 R09: ffffffffa0583280
> > [   50.821184] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc9000174bbd0
> > [   50.821208] R13: ffffc9000174bbb0 R14: ffff880078327570 R15: ffff88007b544c00
> > [   50.821233] FS:  00007f40e2731780(0000) GS:ffff88007fc00000(0000)
> > knlGS:0000000000000000
> > [   50.821260] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [   50.821280] CR2: 0000000000000000 CR3: 000000007959a004 CR4: 00000000001606f0
> > [   50.821346] Call Trace:
> > [   50.821364]  ? kmem_cache_alloc+0xae/0x1d0
> > [   50.821382]  ? mempool_alloc_slab+0x15/0x20
> > [   50.821410]  smb2_sign_rqst+0x36/0x50 [cifs]
> > [   50.821436]  smb2_setup_request+0x10f/0x1d0 [cifs]
> > [   50.821463]  cifs_send_recv+0xa6/0x3e0 [cifs]
> > [   50.821489]  SMB2_tcon+0x198/0x580 [cifs]
> > [   50.821513]  cifs_get_smb_ses+0x741/0xda0 [cifs]
> > [   50.821539]  cifs_mount+0x62f/0x1090 [cifs]
> > [   50.821558]  ? kstrdup+0x49/0x60
> > [   50.821579]  cifs_smb3_do_mount+0x11c/0x5d0 [cifs]
> > [   50.821603]  cifs_do_mount+0x11/0x20 [cifs]
> > [   50.821621]  mount_fs+0x3e/0x150
> > [   50.821636]  vfs_kern_mount+0x67/0x130
> > [   50.821652]  do_mount+0x1f0/0xca0
> > [   50.821666]  ksys_mount+0x83/0xd0
> > [   50.821680]  __x64_sys_mount+0x25/0x30
> > [   50.821697]  do_syscall_64+0x60/0x190
> > [   50.821713]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
> > [   50.821732] RIP: 0033:0x7f40e204f30a
> > [   50.821746] Code: 48 8b 0d 89 6b 2c 00 f7 d8 64 89 01 48 83 c8 ff
> > c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00
> > 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 56 6b 2c 00 f7 d8 64 89
> > 01 48
> > [   50.821825] RSP: 002b:00007ffe3e9aaf18 EFLAGS: 00000206 ORIG_RAX:
> > 00000000000000a5
> > [   50.821851] RAX: ffffffffffffffda RBX: 00007f40e274291a RCX: 00007f40e204f30a
> > [   50.822575] RDX: 00005566982d53b2 RSI: 00005566982d53f9 RDI: 00007ffe3e9ab494
> > [   50.823307] RBP: 00007ffe3e9ab489 R08: 0000556699a45060 R09: 00007f40e2731780
> > [   50.824027] R10: 0000000000000001 R11: 0000000000000206 R12: 00007f40e2740000
> > [   50.824796] R13: 0000556699a45060 R14: 00007f40e274290f R15: 0000000000000000
> > [   50.825554] Modules linked in: arc4 md4 nls_utf8 cifs ccm
> > dns_resolver binfmt_misc nf_conntrack_netbios_ns
> > nf_conntrack_broadcast xt_CT ip6t_rpfilter ipt_REJECT nf_reject_ipv4
> > ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat
> > ebtable_broute ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6
> > nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw iptable_nat
> > nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack
> > libcrc32c iptable_mangle iptable_security iptable_raw ebtable_filter
> > ebtables ip6table_filter ip6_tables iptable_filter
> > vmw_vsock_vmci_transport vsock sb_edac crct10dif_pclmul crc32_pclmul
> > ghash_clmulni_intel pcbc aesni_intel crypto_simd cryptd glue_helper
> > intel_rapl_perf vmw_balloon joydev pcspkr input_leds sg vmw_vmci
> > i2c_piix4 auth_rpcgss tcp_bbr sch_fq sunrpc
> > [   50.830486]  ip_tables ext4 mbcache jbd2 sr_mod cdrom ata_generic
> > pata_acpi sd_mod crc32c_intel serio_raw vmwgfx vmxnet3 ata_piix
> > drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops
> > vmw_pvscsi ttm drm libata dm_mirror dm_region_hash dm_log dm_mod
> > [   50.832273] Dumping ftrace buffer:
> > [   50.833136]    (ftrace buffer empty)
> > [   50.833971] CR2: 0000000000000000
> > [   50.834818] ---[ end trace 0695b117c9de0188 ]---
> > [   50.835670] RIP: 0010:smb2_calc_signature+0x120/0x2f0 [cifs]
> > [   50.836507] Code: b1 00 01 00 00 49 8b bf 80 02 00 00 ba 10 00 00
> > 00 e8 d4 2f e4 e0 85 c0 0f 85 8c 00 00 00 48 8b 85 78 ff ff ff ba 82
> > ff ff ff <48> 8b 00 f6 40 08 01 0f 84 b1 00 00 00 48 c7 c6 30 69 56 a0
> > 48 c7
> > [   50.838308] RSP: 0018:ffffc9000174ba40 EFLAGS: 00010246
> > [   50.839203] RAX: 0000000000000000 RBX: ffff880078327540 RCX: 0000000000000000
> > [   50.840154] RDX: 00000000ffffff82 RSI: ffffc9000174b998 RDI: ffff88007bda4110
> > [   50.841042] RBP: ffffc9000174bac8 R08: ffffffffa0583280 R09: ffffffffa0583280
> > [   50.841921] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc9000174bbd0
> > [   50.842824] R13: ffffc9000174bbb0 R14: ffff880078327570 R15: ffff88007b544c00
> > [   50.843757] FS:  00007f40e2731780(0000) GS:ffff88007fc00000(0000)
> > knlGS:0000000000000000
> > [   50.844675] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [   50.845568] CR2: 0000000000000000 CR3: 000000007959a004 CR4: 00000000001606f0
> >
> >
> > ** DFS, vers=2.1, sec=ntlmsspi
> >
> > [   39.193361] Key type dns_resolver registered
> > [   39.217764] Key type cifs.spnego registered
> > [   39.217791] Key type cifs.idmap registered
> > [   39.242647] BUG: unable to handle kernel NULL pointer dereference
> > at 0000000000000000
> > [   39.242679] PGD 0 P4D 0
> > [   39.242693] Oops: 0000 [#1] SMP PTI
> > [   39.242709] CPU: 0 PID: 2117 Comm: mount.cifs Kdump: loaded Not
> > tainted 4.18.3-1.el7.elrepo.x86_64 #1
> > [   39.242740] Hardware name: VMware, Inc. VMware Virtual
> > Platform/440BX Desktop Reference Platform, BIOS 6.00 09/21/2015
> > [   39.242791] RIP: 0010:smb2_calc_signature+0x120/0x2f0 [cifs]
> > [   39.242811] Code: b1 00 01 00 00 49 8b bf 80 02 00 00 ba 10 00 00
> > 00 e8 d4 2f e5 e0 85 c0 0f 85 8c 00 00 00 48 8b 85 78 ff ff ff ba 82
> > ff ff ff <48> 8b 00 f6 40 08 01 0f 84 b1 00 00 00 48 c7 c6 30 69 55 a0
> > 48 c7
> > [   39.242892] RSP: 0018:ffffc900016fba40 EFLAGS: 00010246
> > [   39.242911] RAX: 0000000000000000 RBX: ffff88007b9e6540 RCX: 0000000000000000
> > [   39.242935] RDX: 00000000ffffff82 RSI: ffffc900016fb998 RDI: ffff8800361c1310
> > [   39.242959] RBP: ffffc900016fbac8 R08: ffffffffa0573280 R09: ffffffffa0573280
> > [   39.242983] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc900016fbbd0
> > [   39.243007] R13: ffffc900016fbbb0 R14: ffff88007b9e6570 R15: ffff88007b580000
> > [   39.243032] FS:  00007f7a7c8d2780(0000) GS:ffff88007fc00000(0000)
> > knlGS:0000000000000000
> > [   39.243059] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [   39.243079] CR2: 0000000000000000 CR3: 000000007b5bc005 CR4: 00000000001606f0
> > [   39.243143] Call Trace:
> > [   39.243161]  ? kmem_cache_alloc+0xae/0x1d0
> > [   39.243179]  ? mempool_alloc_slab+0x15/0x20
> > [   39.243207]  smb2_sign_rqst+0x36/0x50 [cifs]
> > [   39.243234]  smb2_setup_request+0x10f/0x1d0 [cifs]
> > [   39.243261]  cifs_send_recv+0xa6/0x3e0 [cifs]
> > [   39.243288]  SMB2_tcon+0x198/0x580 [cifs]
> > [   39.243312]  cifs_get_smb_ses+0x741/0xda0 [cifs]
> > [   39.243337]  cifs_mount+0x62f/0x1090 [cifs]
> > [   39.243355]  ? kstrdup+0x49/0x60
> > [   39.243375]  cifs_smb3_do_mount+0x11c/0x5d0 [cifs]
> > [   39.243400]  cifs_do_mount+0x11/0x20 [cifs]
> > [   39.243417]  mount_fs+0x3e/0x150
> > [   39.243432]  vfs_kern_mount+0x67/0x130
> > [   39.243448]  do_mount+0x1f0/0xca0
> > [   39.243462]  ksys_mount+0x83/0xd0
> > [   39.243477]  __x64_sys_mount+0x25/0x30
> > [   39.243492]  do_syscall_64+0x60/0x190
> > [   39.243508]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
> > [   39.243527] RIP: 0033:0x7f7a7c1f030a
> > [   39.243540] Code: 48 8b 0d 89 6b 2c 00 f7 d8 64 89 01 48 83 c8 ff
> > c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00
> > 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 56 6b 2c 00 f7 d8 64 89
> > 01 48
> > [   39.243619] RSP: 002b:00007fff2d469d48 EFLAGS: 00000206 ORIG_RAX:
> > 00000000000000a5
> > [   39.243646] RAX: ffffffffffffffda RBX: 00007f7a7c8e391a RCX: 00007f7a7c1f030a
> > [   39.244368] RDX: 00005629843fd3b2 RSI: 00005629843fd3f9 RDI: 00007fff2d46b493
> > [   39.245089] RBP: 00007fff2d46b488 R08: 00005629849ce060 R09: 00007f7a7c8d2780
> > [   39.245808] R10: 0000000000000001 R11: 0000000000000206 R12: 00007f7a7c8e1000
> > [   39.246527] R13: 00005629849ce060 R14: 00007f7a7c8e390f R15: 0000000000000000
> > [   39.247242] Modules linked in: arc4 md4 nls_utf8 cifs ccm
> > dns_resolver binfmt_misc nf_conntrack_netbios_ns
> > nf_conntrack_broadcast xt_CT ip6t_rpfilter ipt_REJECT nf_reject_ipv4
> > ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat
> > ebtable_broute ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6
> > nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw iptable_nat
> > nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack
> > libcrc32c iptable_mangle iptable_security iptable_raw ebtable_filter
> > ebtables ip6table_filter ip6_tables iptable_filter
> > vmw_vsock_vmci_transport vsock sb_edac crct10dif_pclmul crc32_pclmul
> > ghash_clmulni_intel pcbc aesni_intel crypto_simd cryptd glue_helper
> > intel_rapl_perf vmw_balloon pcspkr joydev input_leds sg vmw_vmci
> > i2c_piix4 auth_rpcgss tcp_bbr sch_fq sunrpc
> > [   39.252194]  ip_tables ext4 mbcache jbd2 sr_mod cdrom ata_generic
> > pata_acpi sd_mod crc32c_intel serio_raw vmwgfx drm_kms_helper
> > syscopyarea sysfillrect sysimgblt fb_sys_fops ttm vmxnet3 ata_piix
> > vmw_pvscsi drm libata dm_mirror dm_region_hash dm_log dm_mod
> > [   39.253982] Dumping ftrace buffer:
> > [   39.254845]    (ftrace buffer empty)
> > [   39.255680] CR2: 0000000000000000
> > [   39.256525] ---[ end trace 69f6a67b269cf41c ]---
> > [   39.257416] RIP: 0010:smb2_calc_signature+0x120/0x2f0 [cifs]
> > [   39.258256] Code: b1 00 01 00 00 49 8b bf 80 02 00 00 ba 10 00 00
> > 00 e8 d4 2f e5 e0 85 c0 0f 85 8c 00 00 00 48 8b 85 78 ff ff ff ba 82
> > ff ff ff <48> 8b 00 f6 40 08 01 0f 84 b1 00 00 00 48 c7 c6 30 69 55 a0
> > 48 c7
> > [   39.260030] RSP: 0018:ffffc900016fba40 EFLAGS: 00010246
> > [   39.260914] RAX: 0000000000000000 RBX: ffff88007b9e6540 RCX: 0000000000000000
> > [   39.261807] RDX: 00000000ffffff82 RSI: ffffc900016fb998 RDI: ffff8800361c1310
> > [   39.262688] RBP: ffffc900016fbac8 R08: ffffffffa0573280 R09: ffffffffa0573280
> > [   39.263566] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc900016fbbd0
> > [   39.264486] R13: ffffc900016fbbb0 R14: ffff88007b9e6570 R15: ffff88007b580000
> > [   39.265366] FS:  00007f7a7c8d2780(0000) GS:ffff88007fc00000(0000)
> > knlGS:0000000000000000
> > [   39.266285] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [   39.267186] CR2: 0000000000000000 CR3: 000000007b5bc005 CR4: 00000000001606f0
> > On Fri, Aug 17, 2018 at 4:14 PM Steve French <smfrench@xxxxxxxxx> wrote:
> > >
> > > Did you try it (2.0 dfs) with signing disabled?
> > >
> > > On Fri, Aug 17, 2018, 11:53 Steve French <smfrench@xxxxxxxxx> wrote:
> > >>
> > >> 4.18.1 (last stable release) apparently does not include the fix, but
> > >> I would expect it in 4.18.2. See
> > >>
> > >> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/fs/cifs?h=linux-4.18.y
> > >> On Fri, Aug 17, 2018 at 11:41 AM Pavel Shilovsky <piastryyy@xxxxxxxxx> wrote:
> > >> >
> > >> > пт, 17 авг. 2018 г. в 8:07, Robin P. Blanchard <robin.blanchard@xxxxxxxxx>:
> > >> > >
> > >> > > # sysctl -w kernel.panic_on_oops=0
> > >> > > # sysctl -w kernel.ftrace_dump_on_oops=1
> > >> > >
> > >> > > vers=2.1
> > >> > >
> > >> > > fs/cifs/cifsfs.c: Devname: -REDACTED- flags: 1
> > >> > > fs/cifs/connect.c: Username: -REDACTED-
> > >> > > fs/cifs/connect.c: file mode: 0x1ed  dir mode: 0x1ed
> > >> > > fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 46 with uid: 0
> > >> > > fs/cifs/connect.c: UNC: -REDACTED-
> > >> > > fs/cifs/connect.c: Socket created
> > >> > > fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380 rcvtimeo 0x1b58
> > >> > > fs/cifs/connect.c: CIFS VFS: in cifs_get_smb_ses as Xid: 47 with uid: 0
> > >> > > fs/cifs/connect.c: Existing smb sess not found
> > >> > > fs/cifs/smb2pdu.c: Negotiate protocol
> > >> > > fs/cifs/transport.c: Sending smb: smb_len=106
> > >> > > fs/cifs/connect.c: Demultiplex PID: 11712
> > >> > > fs/cifs/connect.c: RFC1002 header 0xf8
> > >> > > fs/cifs/smb2misc.c: SMB2 data length 120 offset 128
> > >> > > fs/cifs/smb2misc.c: SMB2 len 248
> > >> > > fs/cifs/transport.c: cifs_sync_mid_result: cmd=0 mid=0 state=4
> > >> > > fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
> > >> > > fs/cifs/smb2pdu.c: mode 0x3
> > >> > > fs/cifs/smb2pdu.c: negotiated smb2.1 dialect
> > >> > > fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
> > >> > > fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0xbb92
> > >> > > fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0x1bb92
> > >> > > fs/cifs/asn1.c: OID len = 8 oid = 0x1 0x2 0x348 0x1bb92
> > >> > > fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
> > >> > > fs/cifs/connect.c: Security Mode: 0x3 Capabilities: 0x300007 TimeAdjust: 0
> > >> > > fs/cifs/smb2pdu.c: Session Setup
> > >> > > fs/cifs/smb2pdu.c: sess setup type 4
> > >> > > fs/cifs/transport.c: Sending smb: smb_len=124
> > >> > > fs/cifs/connect.c: RFC1002 header 0x13e
> > >> > > fs/cifs/smb2misc.c: SMB2 data length 246 offset 72
> > >> > > fs/cifs/smb2misc.c: SMB2 len 318
> > >> > > fs/cifs/transport.c: cifs_sync_mid_result: cmd=1 mid=1 state=4
> > >> > > Status code returned 0xc0000016 STATUS_MORE_PROCESSING_REQUIRED
> > >> > > fs/cifs/smb2maperror.c: Mapping SMB2 status code 0xc0000016 to POSIX err -5
> > >> > > fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
> > >> > > fs/cifs/smb2pdu.c: rawntlmssp session setup challenge phase
> > >> > > fs/cifs/transport.c: Sending smb: smb_len=426
> > >> > > fs/cifs/connect.c: RFC1002 header 0x48
> > >> > > fs/cifs/smb2misc.c: SMB2 data length 0 offset 72
> > >> > > fs/cifs/smb2misc.c: SMB2 len 73
> > >> > > fs/cifs/smb2misc.c: Calculated size 73 length 72 mismatch mid 2
> > >> > > fs/cifs/transport.c: cifs_sync_mid_result: cmd=1 mid=2 state=4
> > >> > > fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
> > >> > > fs/cifs/smb2pdu.c: SMB2/3 session established successfully
> > >> > > fs/cifs/connect.c: CIFS VFS: leaving cifs_get_smb_ses (xid = 47) rc = 0
> > >> > > fs/cifs/connect.c: CIFS VFS: in cifs_setup_ipc as Xid: 48 with uid: 0
> > >> > > fs/cifs/smb2pdu.c: TCON
> > >> > > BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
> > >> > > PGD 0 P4D 0
> > >> > > Oops: 0000 [#1] SMP PTI
> > >> > > CPU: 0 PID: 11706 Comm: mount.cifs Kdump: loaded Not tainted
> > >> > > 4.18.1-1.el7.elrepo.x86_64 #1
> > >> > > Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop
> > >> > > Reference Platform, BIOS 6.00 09/21/2015
> > >> > > RIP: 0010:smb2_calc_signature+0x120/0x2f0 [cifs]
> > >> > > Code: b1 00 01 00 00 49 8b bf 80 02 00 00 ba 10 00 00 00 e8 b4 86 e4
> > >> > > e0 85 c0 0f 85 8c 00 00 00 48 8b 85 78 ff ff ff ba 82 ff ff ff <48> 8b
> > >> > > 00 f6 40 08 01 0f 84 b1 00 00 00 48 c7 c6 30 09 56 a0 48 c7
> > >> > > RSP: 0018:ffffc90001d9fa40 EFLAGS: 00010246
> > >> > > RAX: 0000000000000000 RBX: ffff88007b23d8c0 RCX: 0000000000000000
> > >> > > RDX: 00000000ffffff82 RSI: ffffc90001d9f998 RDI: ffff880036196110
> > >> > > RBP: ffffc90001d9fac8 R08: ffffffffa057d280 R09: ffffffffa057d280
> > >> > > R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90001d9fbd0
> > >> > > R13: ffffc90001d9fbb0 R14: ffff88007b23d8f0 R15: ffff88007a491400
> > >> > > FS:  00007f6d81b77780(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000
> > >> > > CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > >> > > CR2: 0000000000000000 CR3: 000000007a58c005 CR4: 00000000001606f0
> > >> > > Call Trace:
> > >> > >  ? kmem_cache_alloc+0xae/0x1d0
> > >> > >  ? mempool_alloc_slab+0x15/0x20
> > >> > >  smb2_sign_rqst+0x36/0x50 [cifs]
> > >> > >  smb2_setup_request+0x10f/0x1d0 [cifs]
> > >> > >  cifs_send_recv+0xa6/0x3e0 [cifs]
> > >> > >  SMB2_tcon+0x198/0x580 [cifs]
> > >> > >  ? __dynamic_pr_debug+0x8c/0xb0
> > >> > >  cifs_get_smb_ses+0x741/0xda0 [cifs]
> > >> > >  cifs_mount+0x62f/0x1090 [cifs]
> > >> > >  ? kstrdup+0x49/0x60
> > >> > >  cifs_smb3_do_mount+0x11c/0x5d0 [cifs]
> > >> > >  cifs_do_mount+0x11/0x20 [cifs]
> > >> > >  mount_fs+0x3e/0x150
> > >> > >  vfs_kern_mount+0x67/0x130
> > >> > >  do_mount+0x1f0/0xca0
> > >> > >  ? copy_mount_options+0xc0/0x140
> > >> > >  ksys_mount+0x83/0xd0
> > >> > >  __x64_sys_mount+0x25/0x30
> > >> > >  do_syscall_64+0x60/0x190
> > >> > >  entry_SYSCALL_64_after_hwframe+0x44/0xa9
> > >> > > RIP: 0033:0x7f6d8149530a
> > >> > > Code: 48 8b 0d 89 6b 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
> > >> > > 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d
> > >> > > 01 f0 ff ff 73 01 c3 48 8b 0d 56 6b 2c 00 f7 d8 64 89 01 48
> > >> > > RSP: 002b:00007ffeefc36ba8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
> > >> > > RAX: ffffffffffffffda RBX: 00007f6d81b8891a RCX: 00007f6d8149530a
> > >> > > RDX: 0000558d6cbfe3b2 RSI: 0000558d6cbfe3f9 RDI: 00007ffeefc3748f
> > >> > > RBP: 00007ffeefc37484 R08: 0000558d6dfc0090 R09: 00007f6d81b77780
> > >> > > R10: 0000000000000001 R11: 0000000000000202 R12: 00007f6d81b86000
> > >> > > R13: 0000558d6dfc0090 R14: 00007f6d81b8890f R15: 0000000000000000
> > >> > > Modules linked in: cmac arc4 md4 nls_utf8 cifs ccm dns_resolver
> > >> > > binfmt_misc nf_conntrack_netbios_ns nf_conntrack_broadcast xt_CT
> > >> > > ip6t_rpfilter ipt_REJECT nf_reject_ipv4 ip6t_REJECT nf_reject_ipv6
> > >> > > xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute ip6table_nat
> > >> > > nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle
> > >> > > ip6table_security ip6table_raw iptable_nat nf_conntrack_ipv4
> > >> > > nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c
> > >> > > iptable_mangle iptable_security iptable_raw ebtable_filter ebtables
> > >> > > ip6table_filter ip6_tables iptable_filter vmw_vsock_vmci_transport
> > >> > > vsock sb_edac crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc
> > >> > > aesni_intel crypto_simd cryptd glue_helper intel_rapl_perf vmw_balloon
> > >> > > pcspkr joydev input_leds sg vmw_vmci i2c_piix4 tcp_bbr sch_fq
> > >> > > auth_rpcgss sunrpc
> > >> > >  ip_tables ext4 mbcache jbd2 sr_mod cdrom ata_generic pata_acpi sd_mod
> > >> > > crc32c_intel serio_raw vmwgfx drm_kms_helper syscopyarea sysfillrect
> > >> > > sysimgblt fb_sys_fops vmxnet3 ttm vmw_pvscsi ata_piix drm libata
> > >> > > dm_mirror dm_region_hash dm_log dm_mod
> > >> > > Dumping ftrace buffer:
> > >> > >    (ftrace buffer empty)
> > >> > > CR2: 0000000000000000
> > >> > > ---[ end trace 8d3d1726ae979933 ]---
> > >> > > RIP: 0010:smb2_calc_signature+0x120/0x2f0 [cifs]
> > >> > > Code: b1 00 01 00 00 49 8b bf 80 02 00 00 ba 10 00 00 00 e8 b4 86 e4
> > >> > > e0 85 c0 0f 85 8c 00 00 00 48 8b 85 78 ff ff ff ba 82 ff ff ff <48> 8b
> > >> > > 00 f6 40 08 01 0f 84 b1 00 00 00 48 c7 c6 30 09 56 a0 48 c7
> > >> > > RSP: 0018:ffffc90001d9fa40 EFLAGS: 00010246
> > >> > > RAX: 0000000000000000 RBX: ffff88007b23d8c0 RCX: 0000000000000000
> > >> > > RDX: 00000000ffffff82 RSI: ffffc90001d9f998 RDI: ffff880036196110
> > >> > > RBP: ffffc90001d9fac8 R08: ffffffffa057d280 R09: ffffffffa057d280
> > >> > > R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90001d9fbd0
> > >> > > R13: ffffc90001d9fbb0 R14: ffff88007b23d8f0 R15: ffff88007a491400
> > >> > > FS:  00007f6d81b77780(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000
> > >> > > CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > >> > > CR2: 0000000000000000 CR3: 000000007a58c005 CR4: 00000000001606f0
> > >> > >
> > >> > > On Fri, Aug 17, 2018 at 8:21 AM Robin P. Blanchard
> > >> > > <robin.blanchard@xxxxxxxxx> wrote:
> > >> > > >
> > >> > > > On Fri, Aug 17, 2018 at 7:52 AM Tom Talpey <ttalpey@xxxxxxxxxxxxx> wrote:
> > >> > > > >
> > >> > > > > > -----Original Message-----
> > >> > > > > > From: linux-cifs-owner@xxxxxxxxxxxxxxx <linux-cifs-owner@xxxxxxxxxxxxxxx> On
> > >> > > > > > Behalf Of Robin P. Blanchard
> > >> > > > > > Sent: Thursday, August 16, 2018 4:51 PM
> > >> > > > > > To: Steve French <smfrench@xxxxxxxxx>
> > >> > > > > > Cc: linux-cifs@xxxxxxxxxxxxxxx
> > >> > > > > > Subject: Re: regression in CIFS(?) between 4.17.14 and 4.18.0
> > >> > > > > >
> > >> > > > > > Correct.
> > >> > > > > >
> > >> > > > > > Interplay between DFS referrals and vers=2.[01] seems to be where we're at...
> > >> > > > >
> > >> > > > > Curious. What OS and SMB dialect are these DFS servers running?
> > >> > > >
> > >> > > > vers=2.0 and vers=2.1 trigger spontaneous reboots **with DFS pathing** to
> > >> > > > - Microsoft Windows Server 2008 R2 Enterprise
> > >> > > > - Microsoft Windows Server 2016 Datacenter
> > >> > > >
> > >> > > > mounting directly to one of the underlying DFS targets (above OSes) does NOT trigger spontaneous reboot.
> > >> > > >
> > >> > > > vers=3.0 and vers=3.11 does NOT trigger spontaneous reboot **with DFS pathing** to
> > >> > > > - Microsoft Windows Server 2016 Datacenter
> > >> > > >
> > >> > > >
> > >> > > > > The DFS referral protocol is pretty much identical across dialects, so it must be
> > >> > > > > something in the new mount/connection plumbing in the client that's going
> > >> > > > > flooey.
> > >> > > > >
> > >> > > > > Tom.
> > >> > > > >
> > >> > > > >
> > >> > > > > > On Thu, Aug 16, 2018 at 3:46 PM Steve French <smfrench@xxxxxxxxx> wrote:
> > >> > > > > > >
> > >> > > > > > > and to clarify - DFS referral to Windows 2016 works with 3.0 or later,
> > >> > > > > > > but reboots with 2.0 or 2.1?
> > >> > > > > > > On Thu, Aug 16, 2018 at 3:42 PM Robin P. Blanchard
> > >> > > > > > > <robin.blanchard@xxxxxxxxx> wrote:
> > >> > > > > > > >
> > >> > > > > > > > Summary of regression between 4.17.14 and 4.18.0
> > >> > > > > > > >
> > >> > > > > > > > pam_mount is/was red herring
> > >> > > > > > > >
> > >> > > > > > > > vers=2.0 and vers=2.1 trigger spontaneous reboots **using DFS pathing**
> > >> > > > > > to
> > >> > > > > > > > - Microsoft Windows Server 2008 R2 Enterprise
> > >> > > > > > > > - Microsoft Windows Server 2016 Datacenter
> > >> > > > > > > >
> > >> > > > > > > > mounting directly to one of the underlying DFS member servers does NOT
> > >> > > > > > > > trigger spontaneous reboot.
> > >> > > > >
> > >> >
> > >> > It might be the bug Aurelien fixed recently:
> > >> >
> > >> > commit a5c62f4833c2c8e6e0f35367b99b717b78f5c029
> > >> > Author: Aurelien Aptel <aaptel@xxxxxxxx>
> > >> > Date:   Thu Aug 2 16:39:52 2018 +0200
> > >> >
> > >> >     CIFS: fix uninitialized ptr deref in smb2 signing
> > >> >
> > >> >     server->secmech.sdeschmacsha256 is not properly initialized before
> > >> >     smb2_shash_allocate(), set shash after that call.
> > >> >
> > >> >     also fix typo in error message
> > >> >
> > >> >     Fixes: 8de8c4608fe9 ("cifs: Fix validation of signed data in smb2")
> > >> >
> > >> >     Signed-off-by: Aurelien Aptel <aaptel@xxxxxxxx>
> > >> >     Reviewed-by: Paulo Alcantara <palcantara@xxxxxxxx>
> > >> >     Reported-by: Xiaoli Feng <xifeng@xxxxxxxxxx>
> > >> >     Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
> > >> >     CC: Stable <stable@xxxxxxxxxxxxxxx>
> > >> >
> > >> >
> > >> > You can apply the fix or wait until v4.17.y stable kernel includes it.
> > >> >
> > >> > --
> > >> > Best regards,
> > >> > Pavel Shilovsky
> > >>
> > >>
> > >>
> > >> --
> > >> Thanks,
> > >>
> > >> Steve




[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux