Still present in 4.18.5-1.el7.elrepo.x86_64
4.18.5-1.el7.elrepo.x86_64
Code: b1 00 01 00 00 49 8b bf 80 02 00 00 ba 10 00 00 00 e8 44 50 e4
e0 85 c0 0f 85 8c 00 00 00 48 8b 85 78 ff ff ff ba 82 ff ff ff <48> 8b
00 f6 40 08 01 0f 84 b1 00 00 00 48 c7 c6 30 49 56 a0 48 c7
All code
========
0: b1 00 mov $0x0,%cl
2: 01 00 add %eax,(%rax)
4: 00 49 8b add %cl,-0x75(%rcx)
7: bf 80 02 00 00 mov $0x280,%edi
c: ba 10 00 00 00 mov $0x10,%edx
11: e8 44 50 e4 e0 callq 0xffffffffe0e4505a
16: 85 c0 test %eax,%eax
18: 0f 85 8c 00 00 00 jne 0xaa
1e: 48 8b 85 78 ff ff ff mov -0x88(%rbp),%rax
25: ba 82 ff ff ff mov $0xffffff82,%edx
2a:* 48 8b 00 mov (%rax),%rax <--
trapping instruction
2d: f6 40 08 01 testb $0x1,0x8(%rax)
31: 0f 84 b1 00 00 00 je 0xe8
37: 48 c7 c6 30 49 56 a0 mov $0xffffffffa0564930,%rsi
3e: 48 rex.W
3f: c7 .byte 0xc7
Code starting with the faulting instruction
===========================================
0: 48 8b 00 mov (%rax),%rax
3: f6 40 08 01 testb $0x1,0x8(%rax)
7: 0f 84 b1 00 00 00 je 0xbe
d: 48 c7 c6 30 49 56 a0 mov $0xffffffffa0564930,%rsi
14: 48 rex.W
15: c7 .byte 0xc7
Code: 48 8b 0d 89 6b 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d
01 f0 ff ff 73 01 c3 48 8b 0d 56 6b 2c 00 f7 d8 64 89 01 48
All code
========
0: 48 8b 0d 89 6b 2c 00 mov 0x2c6b89(%rip),%rcx # 0x2c6b90
7: f7 d8 neg %eax
9: 64 89 01 mov %eax,%fs:(%rcx)
c: 48 83 c8 ff or $0xffffffffffffffff,%rax
10: c3 retq
11: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
18: 00 00 00
1b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
20: 49 89 ca mov %rcx,%r10
23: b8 a5 00 00 00 mov $0xa5,%eax
28: 0f 05 syscall
2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
<-- trapping instruction
30: 73 01 jae 0x33
32: c3 retq
33: 48 8b 0d 56 6b 2c 00 mov 0x2c6b56(%rip),%rcx # 0x2c6b90
3a: f7 d8 neg %eax
3c: 64 89 01 mov %eax,%fs:(%rcx)
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
6: 73 01 jae 0x9
8: c3 retq
9: 48 8b 0d 56 6b 2c 00 mov 0x2c6b56(%rip),%rcx # 0x2c6b66
10: f7 d8 neg %eax
12: 64 89 01 mov %eax,%fs:(%rcx)
15: 48 rex.W
Code: b1 00 01 00 00 49 8b bf 80 02 00 00 ba 10 00 00 00 e8 44 50 e4
e0 85 c0 0f 85 8c 00 00 00 48 8b 85 78 ff ff ff ba 82 ff ff ff <48> 8b
00 f6 40 08 01 0f 84 b1 00 00 00 48 c7 c6 30 49 56 a0 48 c7
All code
========
0: b1 00 mov $0x0,%cl
2: 01 00 add %eax,(%rax)
4: 00 49 8b add %cl,-0x75(%rcx)
7: bf 80 02 00 00 mov $0x280,%edi
c: ba 10 00 00 00 mov $0x10,%edx
11: e8 44 50 e4 e0 callq 0xffffffffe0e4505a
16: 85 c0 test %eax,%eax
18: 0f 85 8c 00 00 00 jne 0xaa
1e: 48 8b 85 78 ff ff ff mov -0x88(%rbp),%rax
25: ba 82 ff ff ff mov $0xffffff82,%edx
2a:* 48 8b 00 mov (%rax),%rax <--
trapping instruction
2d: f6 40 08 01 testb $0x1,0x8(%rax)
31: 0f 84 b1 00 00 00 je 0xe8
37: 48 c7 c6 30 49 56 a0 mov $0xffffffffa0564930,%rsi
3e: 48 rex.W
3f: c7 .byte 0xc7
Code starting with the faulting instruction
===========================================
0: 48 8b 00 mov (%rax),%rax
3: f6 40 08 01 testb $0x1,0x8(%rax)
7: 0f 84 b1 00 00 00 je 0xbe
d: 48 c7 c6 30 49 56 a0 mov $0xffffffffa0564930,%rsi
14: 48 rex.W
15: c7 .byte 0xc7
On Wed, Aug 22, 2018 at 9:13 AM Robin P. Blanchard
<robin.blanchard@xxxxxxxxx> wrote:
>
> OOPS decoding....
>
>
> DFS, vers=2.1, sec=ntlmsspi
>
> # dmesg |grep Code: |awk -F'] ' '{print $NF}' |while read line ; do
> echo "${line}" |/usr/src/kernels/$(uname -r)/scripts/decodecode ; echo
> ; done
> Code: b1 00 01 00 00 49 8b bf 80 02 00 00 ba 10 00 00 00 e8 d4 ff e3
> e0 85 c0 0f 85 8c 00 00 00 48 8b 85 78 ff ff ff ba 82 ff ff ff <48> 8b
> 00 f6 40 08 01 0f 84 b1 00 00 00 48 c7 c6 30 99 56 a0 48 c7
> All code
> ========
> 0: b1 00 mov $0x0,%cl
> 2: 01 00 add %eax,(%rax)
> 4: 00 49 8b add %cl,-0x75(%rcx)
> 7: bf 80 02 00 00 mov $0x280,%edi
> c: ba 10 00 00 00 mov $0x10,%edx
> 11: e8 d4 ff e3 e0 callq 0xffffffffe0e3ffea
> 16: 85 c0 test %eax,%eax
> 18: 0f 85 8c 00 00 00 jne 0xaa
> 1e: 48 8b 85 78 ff ff ff mov -0x88(%rbp),%rax
> 25: ba 82 ff ff ff mov $0xffffff82,%edx
> 2a:* 48 8b 00 mov (%rax),%rax <--
> trapping instruction
> 2d: f6 40 08 01 testb $0x1,0x8(%rax)
> 31: 0f 84 b1 00 00 00 je 0xe8
> 37: 48 c7 c6 30 99 56 a0 mov $0xffffffffa0569930,%rsi
> 3e: 48 rex.W
> 3f: c7 .byte 0xc7
>
> Code starting with the faulting instruction
> ===========================================
> 0: 48 8b 00 mov (%rax),%rax
> 3: f6 40 08 01 testb $0x1,0x8(%rax)
> 7: 0f 84 b1 00 00 00 je 0xbe
> d: 48 c7 c6 30 99 56 a0 mov $0xffffffffa0569930,%rsi
> 14: 48 rex.W
> 15: c7 .byte 0xc7
>
> Code: 48 8b 0d 89 6b 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
> 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d
> 01 f0 ff ff 73 01 c3 48 8b 0d 56 6b 2c 00 f7 d8 64 89 01 48
> All code
> ========
> 0: 48 8b 0d 89 6b 2c 00 mov 0x2c6b89(%rip),%rcx # 0x2c6b90
> 7: f7 d8 neg %eax
> 9: 64 89 01 mov %eax,%fs:(%rcx)
> c: 48 83 c8 ff or $0xffffffffffffffff,%rax
> 10: c3 retq
> 11: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
> 18: 00 00 00
> 1b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
> 20: 49 89 ca mov %rcx,%r10
> 23: b8 a5 00 00 00 mov $0xa5,%eax
> 28: 0f 05 syscall
> 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
> <-- trapping instruction
> 30: 73 01 jae 0x33
> 32: c3 retq
> 33: 48 8b 0d 56 6b 2c 00 mov 0x2c6b56(%rip),%rcx # 0x2c6b90
> 3a: f7 d8 neg %eax
> 3c: 64 89 01 mov %eax,%fs:(%rcx)
> 3f: 48 rex.W
>
> Code starting with the faulting instruction
> ===========================================
> 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
> 6: 73 01 jae 0x9
> 8: c3 retq
> 9: 48 8b 0d 56 6b 2c 00 mov 0x2c6b56(%rip),%rcx # 0x2c6b66
> 10: f7 d8 neg %eax
> 12: 64 89 01 mov %eax,%fs:(%rcx)
> 15: 48 rex.W
>
> Code: b1 00 01 00 00 49 8b bf 80 02 00 00 ba 10 00 00 00 e8 d4 ff e3
> e0 85 c0 0f 85 8c 00 00 00 48 8b 85 78 ff ff ff ba 82 ff ff ff <48> 8b
> 00 f6 40 08 01 0f 84 b1 00 00 00 48 c7 c6 30 99 56 a0 48 c7
> All code
> ========
> 0: b1 00 mov $0x0,%cl
> 2: 01 00 add %eax,(%rax)
> 4: 00 49 8b add %cl,-0x75(%rcx)
> 7: bf 80 02 00 00 mov $0x280,%edi
> c: ba 10 00 00 00 mov $0x10,%edx
> 11: e8 d4 ff e3 e0 callq 0xffffffffe0e3ffea
> 16: 85 c0 test %eax,%eax
> 18: 0f 85 8c 00 00 00 jne 0xaa
> 1e: 48 8b 85 78 ff ff ff mov -0x88(%rbp),%rax
> 25: ba 82 ff ff ff mov $0xffffff82,%edx
> 2a:* 48 8b 00 mov (%rax),%rax <--
> trapping instruction
> 2d: f6 40 08 01 testb $0x1,0x8(%rax)
> 31: 0f 84 b1 00 00 00 je 0xe8
> 37: 48 c7 c6 30 99 56 a0 mov $0xffffffffa0569930,%rsi
> 3e: 48 rex.W
> 3f: c7 .byte 0xc7
>
> Code starting with the faulting instruction
> ===========================================
> 0: 48 8b 00 mov (%rax),%rax
> 3: f6 40 08 01 testb $0x1,0x8(%rax)
> 7: 0f 84 b1 00 00 00 je 0xbe
> d: 48 c7 c6 30 99 56 a0 mov $0xffffffffa0569930,%rsi
> 14: 48 rex.W
> 15: c7 .byte 0xc7
>
>
>
> ( reboot )
>
> DFS, vers=2.1, sec=ntlmssp
>
>
> # dmesg |grep Code: |awk -F'] ' '{print $NF}' |while read line ; do
> echo "${line}" |/usr/src/kernels/$(uname -r)/scripts/decodecode ; echo
> ; done
> Code: b1 00 01 00 00 49 8b bf 80 02 00 00 ba 10 00 00 00 e8 d4 ff e3
> e0 85 c0 0f 85 8c 00 00 00 48 8b 85 78 ff ff ff ba 82 ff ff ff <48> 8b
> 00 f6 40 08 01 0f 84 b1 00 00 00 48 c7 c6 30 99 56 a0 48 c7
> All code
> ========
> 0: b1 00 mov $0x0,%cl
> 2: 01 00 add %eax,(%rax)
> 4: 00 49 8b add %cl,-0x75(%rcx)
> 7: bf 80 02 00 00 mov $0x280,%edi
> c: ba 10 00 00 00 mov $0x10,%edx
> 11: e8 d4 ff e3 e0 callq 0xffffffffe0e3ffea
> 16: 85 c0 test %eax,%eax
> 18: 0f 85 8c 00 00 00 jne 0xaa
> 1e: 48 8b 85 78 ff ff ff mov -0x88(%rbp),%rax
> 25: ba 82 ff ff ff mov $0xffffff82,%edx
> 2a:* 48 8b 00 mov (%rax),%rax <--
> trapping instruction
> 2d: f6 40 08 01 testb $0x1,0x8(%rax)
> 31: 0f 84 b1 00 00 00 je 0xe8
> 37: 48 c7 c6 30 99 56 a0 mov $0xffffffffa0569930,%rsi
> 3e: 48 rex.W
> 3f: c7 .byte 0xc7
>
> Code starting with the faulting instruction
> ===========================================
> 0: 48 8b 00 mov (%rax),%rax
> 3: f6 40 08 01 testb $0x1,0x8(%rax)
> 7: 0f 84 b1 00 00 00 je 0xbe
> d: 48 c7 c6 30 99 56 a0 mov $0xffffffffa0569930,%rsi
> 14: 48 rex.W
> 15: c7 .byte 0xc7
>
> Code: 48 8b 0d 89 6b 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
> 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d
> 01 f0 ff ff 73 01 c3 48 8b 0d 56 6b 2c 00 f7 d8 64 89 01 48
> All code
> ========
> 0: 48 8b 0d 89 6b 2c 00 mov 0x2c6b89(%rip),%rcx # 0x2c6b90
> 7: f7 d8 neg %eax
> 9: 64 89 01 mov %eax,%fs:(%rcx)
> c: 48 83 c8 ff or $0xffffffffffffffff,%rax
> 10: c3 retq
> 11: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
> 18: 00 00 00
> 1b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
> 20: 49 89 ca mov %rcx,%r10
> 23: b8 a5 00 00 00 mov $0xa5,%eax
> 28: 0f 05 syscall
> 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
> <-- trapping instruction
> 30: 73 01 jae 0x33
> 32: c3 retq
> 33: 48 8b 0d 56 6b 2c 00 mov 0x2c6b56(%rip),%rcx # 0x2c6b90
> 3a: f7 d8 neg %eax
> 3c: 64 89 01 mov %eax,%fs:(%rcx)
> 3f: 48 rex.W
>
> Code starting with the faulting instruction
> ===========================================
> 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
> 6: 73 01 jae 0x9
> 8: c3 retq
> 9: 48 8b 0d 56 6b 2c 00 mov 0x2c6b56(%rip),%rcx # 0x2c6b66
> 10: f7 d8 neg %eax
> 12: 64 89 01 mov %eax,%fs:(%rcx)
> 15: 48 rex.W
>
> Code: b1 00 01 00 00 49 8b bf 80 02 00 00 ba 10 00 00 00 e8 d4 ff e3
> e0 85 c0 0f 85 8c 00 00 00 48 8b 85 78 ff ff ff ba 82 ff ff ff <48> 8b
> 00 f6 40 08 01 0f 84 b1 00 00 00 48 c7 c6 30 99 56 a0 48 c7
> All code
> ========
> 0: b1 00 mov $0x0,%cl
> 2: 01 00 add %eax,(%rax)
> 4: 00 49 8b add %cl,-0x75(%rcx)
> 7: bf 80 02 00 00 mov $0x280,%edi
> c: ba 10 00 00 00 mov $0x10,%edx
> 11: e8 d4 ff e3 e0 callq 0xffffffffe0e3ffea
> 16: 85 c0 test %eax,%eax
> 18: 0f 85 8c 00 00 00 jne 0xaa
> 1e: 48 8b 85 78 ff ff ff mov -0x88(%rbp),%rax
> 25: ba 82 ff ff ff mov $0xffffff82,%edx
> 2a:* 48 8b 00 mov (%rax),%rax <--
> trapping instruction
> 2d: f6 40 08 01 testb $0x1,0x8(%rax)
> 31: 0f 84 b1 00 00 00 je 0xe8
> 37: 48 c7 c6 30 99 56 a0 mov $0xffffffffa0569930,%rsi
> 3e: 48 rex.W
> 3f: c7 .byte 0xc7
>
> Code starting with the faulting instruction
> ===========================================
> 0: 48 8b 00 mov (%rax),%rax
> 3: f6 40 08 01 testb $0x1,0x8(%rax)
> 7: 0f 84 b1 00 00 00 je 0xbe
> d: 48 c7 c6 30 99 56 a0 mov $0xffffffffa0569930,%rsi
> 14: 48 rex.W
> 15: c7 .byte 0xc7
> On Tue, Aug 21, 2018 at 2:13 PM Robin P. Blanchard
> <robin.blanchard@xxxxxxxxx> wrote:
> >
> > looks the same with or without signing (i)
> >
> > ** DFS, vers=2.1 ,sec=ntlmssp
> >
> > [ 50.772801] Key type dns_resolver registered
> > [ 50.798894] Key type cifs.spnego registered
> > [ 50.798917] Key type cifs.idmap registered
> > [ 50.820848] BUG: unable to handle kernel NULL pointer dereference
> > at 0000000000000000
> > [ 50.820880] PGD 0 P4D 0
> > [ 50.820893] Oops: 0000 [#1] SMP PTI
> > [ 50.820910] CPU: 0 PID: 2129 Comm: mount.cifs Kdump: loaded Not
> > tainted 4.18.3-1.el7.elrepo.x86_64 #1
> > [ 50.820940] Hardware name: VMware, Inc. VMware Virtual
> > Platform/440BX Desktop Reference Platform, BIOS 6.00 09/21/2015
> > [ 50.820991] RIP: 0010:smb2_calc_signature+0x120/0x2f0 [cifs]
> > [ 50.821011] Code: b1 00 01 00 00 49 8b bf 80 02 00 00 ba 10 00 00
> > 00 e8 d4 2f e4 e0 85 c0 0f 85 8c 00 00 00 48 8b 85 78 ff ff ff ba 82
> > ff ff ff <48> 8b 00 f6 40 08 01 0f 84 b1 00 00 00 48 c7 c6 30 69 56 a0
> > 48 c7
> > [ 50.821088] RSP: 0018:ffffc9000174ba40 EFLAGS: 00010246
> > [ 50.821107] RAX: 0000000000000000 RBX: ffff880078327540 RCX: 0000000000000000
> > [ 50.821134] RDX: 00000000ffffff82 RSI: ffffc9000174b998 RDI: ffff88007bda4110
> > [ 50.821160] RBP: ffffc9000174bac8 R08: ffffffffa0583280 R09: ffffffffa0583280
> > [ 50.821184] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc9000174bbd0
> > [ 50.821208] R13: ffffc9000174bbb0 R14: ffff880078327570 R15: ffff88007b544c00
> > [ 50.821233] FS: 00007f40e2731780(0000) GS:ffff88007fc00000(0000)
> > knlGS:0000000000000000
> > [ 50.821260] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [ 50.821280] CR2: 0000000000000000 CR3: 000000007959a004 CR4: 00000000001606f0
> > [ 50.821346] Call Trace:
> > [ 50.821364] ? kmem_cache_alloc+0xae/0x1d0
> > [ 50.821382] ? mempool_alloc_slab+0x15/0x20
> > [ 50.821410] smb2_sign_rqst+0x36/0x50 [cifs]
> > [ 50.821436] smb2_setup_request+0x10f/0x1d0 [cifs]
> > [ 50.821463] cifs_send_recv+0xa6/0x3e0 [cifs]
> > [ 50.821489] SMB2_tcon+0x198/0x580 [cifs]
> > [ 50.821513] cifs_get_smb_ses+0x741/0xda0 [cifs]
> > [ 50.821539] cifs_mount+0x62f/0x1090 [cifs]
> > [ 50.821558] ? kstrdup+0x49/0x60
> > [ 50.821579] cifs_smb3_do_mount+0x11c/0x5d0 [cifs]
> > [ 50.821603] cifs_do_mount+0x11/0x20 [cifs]
> > [ 50.821621] mount_fs+0x3e/0x150
> > [ 50.821636] vfs_kern_mount+0x67/0x130
> > [ 50.821652] do_mount+0x1f0/0xca0
> > [ 50.821666] ksys_mount+0x83/0xd0
> > [ 50.821680] __x64_sys_mount+0x25/0x30
> > [ 50.821697] do_syscall_64+0x60/0x190
> > [ 50.821713] entry_SYSCALL_64_after_hwframe+0x44/0xa9
> > [ 50.821732] RIP: 0033:0x7f40e204f30a
> > [ 50.821746] Code: 48 8b 0d 89 6b 2c 00 f7 d8 64 89 01 48 83 c8 ff
> > c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00
> > 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 56 6b 2c 00 f7 d8 64 89
> > 01 48
> > [ 50.821825] RSP: 002b:00007ffe3e9aaf18 EFLAGS: 00000206 ORIG_RAX:
> > 00000000000000a5
> > [ 50.821851] RAX: ffffffffffffffda RBX: 00007f40e274291a RCX: 00007f40e204f30a
> > [ 50.822575] RDX: 00005566982d53b2 RSI: 00005566982d53f9 RDI: 00007ffe3e9ab494
> > [ 50.823307] RBP: 00007ffe3e9ab489 R08: 0000556699a45060 R09: 00007f40e2731780
> > [ 50.824027] R10: 0000000000000001 R11: 0000000000000206 R12: 00007f40e2740000
> > [ 50.824796] R13: 0000556699a45060 R14: 00007f40e274290f R15: 0000000000000000
> > [ 50.825554] Modules linked in: arc4 md4 nls_utf8 cifs ccm
> > dns_resolver binfmt_misc nf_conntrack_netbios_ns
> > nf_conntrack_broadcast xt_CT ip6t_rpfilter ipt_REJECT nf_reject_ipv4
> > ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat
> > ebtable_broute ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6
> > nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw iptable_nat
> > nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack
> > libcrc32c iptable_mangle iptable_security iptable_raw ebtable_filter
> > ebtables ip6table_filter ip6_tables iptable_filter
> > vmw_vsock_vmci_transport vsock sb_edac crct10dif_pclmul crc32_pclmul
> > ghash_clmulni_intel pcbc aesni_intel crypto_simd cryptd glue_helper
> > intel_rapl_perf vmw_balloon joydev pcspkr input_leds sg vmw_vmci
> > i2c_piix4 auth_rpcgss tcp_bbr sch_fq sunrpc
> > [ 50.830486] ip_tables ext4 mbcache jbd2 sr_mod cdrom ata_generic
> > pata_acpi sd_mod crc32c_intel serio_raw vmwgfx vmxnet3 ata_piix
> > drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops
> > vmw_pvscsi ttm drm libata dm_mirror dm_region_hash dm_log dm_mod
> > [ 50.832273] Dumping ftrace buffer:
> > [ 50.833136] (ftrace buffer empty)
> > [ 50.833971] CR2: 0000000000000000
> > [ 50.834818] ---[ end trace 0695b117c9de0188 ]---
> > [ 50.835670] RIP: 0010:smb2_calc_signature+0x120/0x2f0 [cifs]
> > [ 50.836507] Code: b1 00 01 00 00 49 8b bf 80 02 00 00 ba 10 00 00
> > 00 e8 d4 2f e4 e0 85 c0 0f 85 8c 00 00 00 48 8b 85 78 ff ff ff ba 82
> > ff ff ff <48> 8b 00 f6 40 08 01 0f 84 b1 00 00 00 48 c7 c6 30 69 56 a0
> > 48 c7
> > [ 50.838308] RSP: 0018:ffffc9000174ba40 EFLAGS: 00010246
> > [ 50.839203] RAX: 0000000000000000 RBX: ffff880078327540 RCX: 0000000000000000
> > [ 50.840154] RDX: 00000000ffffff82 RSI: ffffc9000174b998 RDI: ffff88007bda4110
> > [ 50.841042] RBP: ffffc9000174bac8 R08: ffffffffa0583280 R09: ffffffffa0583280
> > [ 50.841921] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc9000174bbd0
> > [ 50.842824] R13: ffffc9000174bbb0 R14: ffff880078327570 R15: ffff88007b544c00
> > [ 50.843757] FS: 00007f40e2731780(0000) GS:ffff88007fc00000(0000)
> > knlGS:0000000000000000
> > [ 50.844675] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [ 50.845568] CR2: 0000000000000000 CR3: 000000007959a004 CR4: 00000000001606f0
> >
> >
> > ** DFS, vers=2.1, sec=ntlmsspi
> >
> > [ 39.193361] Key type dns_resolver registered
> > [ 39.217764] Key type cifs.spnego registered
> > [ 39.217791] Key type cifs.idmap registered
> > [ 39.242647] BUG: unable to handle kernel NULL pointer dereference
> > at 0000000000000000
> > [ 39.242679] PGD 0 P4D 0
> > [ 39.242693] Oops: 0000 [#1] SMP PTI
> > [ 39.242709] CPU: 0 PID: 2117 Comm: mount.cifs Kdump: loaded Not
> > tainted 4.18.3-1.el7.elrepo.x86_64 #1
> > [ 39.242740] Hardware name: VMware, Inc. VMware Virtual
> > Platform/440BX Desktop Reference Platform, BIOS 6.00 09/21/2015
> > [ 39.242791] RIP: 0010:smb2_calc_signature+0x120/0x2f0 [cifs]
> > [ 39.242811] Code: b1 00 01 00 00 49 8b bf 80 02 00 00 ba 10 00 00
> > 00 e8 d4 2f e5 e0 85 c0 0f 85 8c 00 00 00 48 8b 85 78 ff ff ff ba 82
> > ff ff ff <48> 8b 00 f6 40 08 01 0f 84 b1 00 00 00 48 c7 c6 30 69 55 a0
> > 48 c7
> > [ 39.242892] RSP: 0018:ffffc900016fba40 EFLAGS: 00010246
> > [ 39.242911] RAX: 0000000000000000 RBX: ffff88007b9e6540 RCX: 0000000000000000
> > [ 39.242935] RDX: 00000000ffffff82 RSI: ffffc900016fb998 RDI: ffff8800361c1310
> > [ 39.242959] RBP: ffffc900016fbac8 R08: ffffffffa0573280 R09: ffffffffa0573280
> > [ 39.242983] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc900016fbbd0
> > [ 39.243007] R13: ffffc900016fbbb0 R14: ffff88007b9e6570 R15: ffff88007b580000
> > [ 39.243032] FS: 00007f7a7c8d2780(0000) GS:ffff88007fc00000(0000)
> > knlGS:0000000000000000
> > [ 39.243059] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [ 39.243079] CR2: 0000000000000000 CR3: 000000007b5bc005 CR4: 00000000001606f0
> > [ 39.243143] Call Trace:
> > [ 39.243161] ? kmem_cache_alloc+0xae/0x1d0
> > [ 39.243179] ? mempool_alloc_slab+0x15/0x20
> > [ 39.243207] smb2_sign_rqst+0x36/0x50 [cifs]
> > [ 39.243234] smb2_setup_request+0x10f/0x1d0 [cifs]
> > [ 39.243261] cifs_send_recv+0xa6/0x3e0 [cifs]
> > [ 39.243288] SMB2_tcon+0x198/0x580 [cifs]
> > [ 39.243312] cifs_get_smb_ses+0x741/0xda0 [cifs]
> > [ 39.243337] cifs_mount+0x62f/0x1090 [cifs]
> > [ 39.243355] ? kstrdup+0x49/0x60
> > [ 39.243375] cifs_smb3_do_mount+0x11c/0x5d0 [cifs]
> > [ 39.243400] cifs_do_mount+0x11/0x20 [cifs]
> > [ 39.243417] mount_fs+0x3e/0x150
> > [ 39.243432] vfs_kern_mount+0x67/0x130
> > [ 39.243448] do_mount+0x1f0/0xca0
> > [ 39.243462] ksys_mount+0x83/0xd0
> > [ 39.243477] __x64_sys_mount+0x25/0x30
> > [ 39.243492] do_syscall_64+0x60/0x190
> > [ 39.243508] entry_SYSCALL_64_after_hwframe+0x44/0xa9
> > [ 39.243527] RIP: 0033:0x7f7a7c1f030a
> > [ 39.243540] Code: 48 8b 0d 89 6b 2c 00 f7 d8 64 89 01 48 83 c8 ff
> > c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00
> > 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 56 6b 2c 00 f7 d8 64 89
> > 01 48
> > [ 39.243619] RSP: 002b:00007fff2d469d48 EFLAGS: 00000206 ORIG_RAX:
> > 00000000000000a5
> > [ 39.243646] RAX: ffffffffffffffda RBX: 00007f7a7c8e391a RCX: 00007f7a7c1f030a
> > [ 39.244368] RDX: 00005629843fd3b2 RSI: 00005629843fd3f9 RDI: 00007fff2d46b493
> > [ 39.245089] RBP: 00007fff2d46b488 R08: 00005629849ce060 R09: 00007f7a7c8d2780
> > [ 39.245808] R10: 0000000000000001 R11: 0000000000000206 R12: 00007f7a7c8e1000
> > [ 39.246527] R13: 00005629849ce060 R14: 00007f7a7c8e390f R15: 0000000000000000
> > [ 39.247242] Modules linked in: arc4 md4 nls_utf8 cifs ccm
> > dns_resolver binfmt_misc nf_conntrack_netbios_ns
> > nf_conntrack_broadcast xt_CT ip6t_rpfilter ipt_REJECT nf_reject_ipv4
> > ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat
> > ebtable_broute ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6
> > nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw iptable_nat
> > nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack
> > libcrc32c iptable_mangle iptable_security iptable_raw ebtable_filter
> > ebtables ip6table_filter ip6_tables iptable_filter
> > vmw_vsock_vmci_transport vsock sb_edac crct10dif_pclmul crc32_pclmul
> > ghash_clmulni_intel pcbc aesni_intel crypto_simd cryptd glue_helper
> > intel_rapl_perf vmw_balloon pcspkr joydev input_leds sg vmw_vmci
> > i2c_piix4 auth_rpcgss tcp_bbr sch_fq sunrpc
> > [ 39.252194] ip_tables ext4 mbcache jbd2 sr_mod cdrom ata_generic
> > pata_acpi sd_mod crc32c_intel serio_raw vmwgfx drm_kms_helper
> > syscopyarea sysfillrect sysimgblt fb_sys_fops ttm vmxnet3 ata_piix
> > vmw_pvscsi drm libata dm_mirror dm_region_hash dm_log dm_mod
> > [ 39.253982] Dumping ftrace buffer:
> > [ 39.254845] (ftrace buffer empty)
> > [ 39.255680] CR2: 0000000000000000
> > [ 39.256525] ---[ end trace 69f6a67b269cf41c ]---
> > [ 39.257416] RIP: 0010:smb2_calc_signature+0x120/0x2f0 [cifs]
> > [ 39.258256] Code: b1 00 01 00 00 49 8b bf 80 02 00 00 ba 10 00 00
> > 00 e8 d4 2f e5 e0 85 c0 0f 85 8c 00 00 00 48 8b 85 78 ff ff ff ba 82
> > ff ff ff <48> 8b 00 f6 40 08 01 0f 84 b1 00 00 00 48 c7 c6 30 69 55 a0
> > 48 c7
> > [ 39.260030] RSP: 0018:ffffc900016fba40 EFLAGS: 00010246
> > [ 39.260914] RAX: 0000000000000000 RBX: ffff88007b9e6540 RCX: 0000000000000000
> > [ 39.261807] RDX: 00000000ffffff82 RSI: ffffc900016fb998 RDI: ffff8800361c1310
> > [ 39.262688] RBP: ffffc900016fbac8 R08: ffffffffa0573280 R09: ffffffffa0573280
> > [ 39.263566] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc900016fbbd0
> > [ 39.264486] R13: ffffc900016fbbb0 R14: ffff88007b9e6570 R15: ffff88007b580000
> > [ 39.265366] FS: 00007f7a7c8d2780(0000) GS:ffff88007fc00000(0000)
> > knlGS:0000000000000000
> > [ 39.266285] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [ 39.267186] CR2: 0000000000000000 CR3: 000000007b5bc005 CR4: 00000000001606f0
> > On Fri, Aug 17, 2018 at 4:14 PM Steve French <smfrench@xxxxxxxxx> wrote:
> > >
> > > Did you try it (2.0 dfs) with signing disabled?
> > >
> > > On Fri, Aug 17, 2018, 11:53 Steve French <smfrench@xxxxxxxxx> wrote:
> > >>
> > >> 4.18.1 (last stable release) apparently does not include the fix, but
> > >> I would expect it in 4.18.2. See
> > >>
> > >> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/fs/cifs?h=linux-4.18.y
> > >> On Fri, Aug 17, 2018 at 11:41 AM Pavel Shilovsky <piastryyy@xxxxxxxxx> wrote:
> > >> >
> > >> > пт, 17 авг. 2018 г. в 8:07, Robin P. Blanchard <robin.blanchard@xxxxxxxxx>:
> > >> > >
> > >> > > # sysctl -w kernel.panic_on_oops=0
> > >> > > # sysctl -w kernel.ftrace_dump_on_oops=1
> > >> > >
> > >> > > vers=2.1
> > >> > >
> > >> > > fs/cifs/cifsfs.c: Devname: -REDACTED- flags: 1
> > >> > > fs/cifs/connect.c: Username: -REDACTED-
> > >> > > fs/cifs/connect.c: file mode: 0x1ed dir mode: 0x1ed
> > >> > > fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 46 with uid: 0
> > >> > > fs/cifs/connect.c: UNC: -REDACTED-
> > >> > > fs/cifs/connect.c: Socket created
> > >> > > fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380 rcvtimeo 0x1b58
> > >> > > fs/cifs/connect.c: CIFS VFS: in cifs_get_smb_ses as Xid: 47 with uid: 0
> > >> > > fs/cifs/connect.c: Existing smb sess not found
> > >> > > fs/cifs/smb2pdu.c: Negotiate protocol
> > >> > > fs/cifs/transport.c: Sending smb: smb_len=106
> > >> > > fs/cifs/connect.c: Demultiplex PID: 11712
> > >> > > fs/cifs/connect.c: RFC1002 header 0xf8
> > >> > > fs/cifs/smb2misc.c: SMB2 data length 120 offset 128
> > >> > > fs/cifs/smb2misc.c: SMB2 len 248
> > >> > > fs/cifs/transport.c: cifs_sync_mid_result: cmd=0 mid=0 state=4
> > >> > > fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
> > >> > > fs/cifs/smb2pdu.c: mode 0x3
> > >> > > fs/cifs/smb2pdu.c: negotiated smb2.1 dialect
> > >> > > fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
> > >> > > fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0xbb92
> > >> > > fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0x1bb92
> > >> > > fs/cifs/asn1.c: OID len = 8 oid = 0x1 0x2 0x348 0x1bb92
> > >> > > fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
> > >> > > fs/cifs/connect.c: Security Mode: 0x3 Capabilities: 0x300007 TimeAdjust: 0
> > >> > > fs/cifs/smb2pdu.c: Session Setup
> > >> > > fs/cifs/smb2pdu.c: sess setup type 4
> > >> > > fs/cifs/transport.c: Sending smb: smb_len=124
> > >> > > fs/cifs/connect.c: RFC1002 header 0x13e
> > >> > > fs/cifs/smb2misc.c: SMB2 data length 246 offset 72
> > >> > > fs/cifs/smb2misc.c: SMB2 len 318
> > >> > > fs/cifs/transport.c: cifs_sync_mid_result: cmd=1 mid=1 state=4
> > >> > > Status code returned 0xc0000016 STATUS_MORE_PROCESSING_REQUIRED
> > >> > > fs/cifs/smb2maperror.c: Mapping SMB2 status code 0xc0000016 to POSIX err -5
> > >> > > fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
> > >> > > fs/cifs/smb2pdu.c: rawntlmssp session setup challenge phase
> > >> > > fs/cifs/transport.c: Sending smb: smb_len=426
> > >> > > fs/cifs/connect.c: RFC1002 header 0x48
> > >> > > fs/cifs/smb2misc.c: SMB2 data length 0 offset 72
> > >> > > fs/cifs/smb2misc.c: SMB2 len 73
> > >> > > fs/cifs/smb2misc.c: Calculated size 73 length 72 mismatch mid 2
> > >> > > fs/cifs/transport.c: cifs_sync_mid_result: cmd=1 mid=2 state=4
> > >> > > fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
> > >> > > fs/cifs/smb2pdu.c: SMB2/3 session established successfully
> > >> > > fs/cifs/connect.c: CIFS VFS: leaving cifs_get_smb_ses (xid = 47) rc = 0
> > >> > > fs/cifs/connect.c: CIFS VFS: in cifs_setup_ipc as Xid: 48 with uid: 0
> > >> > > fs/cifs/smb2pdu.c: TCON
> > >> > > BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
> > >> > > PGD 0 P4D 0
> > >> > > Oops: 0000 [#1] SMP PTI
> > >> > > CPU: 0 PID: 11706 Comm: mount.cifs Kdump: loaded Not tainted
> > >> > > 4.18.1-1.el7.elrepo.x86_64 #1
> > >> > > Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop
> > >> > > Reference Platform, BIOS 6.00 09/21/2015
> > >> > > RIP: 0010:smb2_calc_signature+0x120/0x2f0 [cifs]
> > >> > > Code: b1 00 01 00 00 49 8b bf 80 02 00 00 ba 10 00 00 00 e8 b4 86 e4
> > >> > > e0 85 c0 0f 85 8c 00 00 00 48 8b 85 78 ff ff ff ba 82 ff ff ff <48> 8b
> > >> > > 00 f6 40 08 01 0f 84 b1 00 00 00 48 c7 c6 30 09 56 a0 48 c7
> > >> > > RSP: 0018:ffffc90001d9fa40 EFLAGS: 00010246
> > >> > > RAX: 0000000000000000 RBX: ffff88007b23d8c0 RCX: 0000000000000000
> > >> > > RDX: 00000000ffffff82 RSI: ffffc90001d9f998 RDI: ffff880036196110
> > >> > > RBP: ffffc90001d9fac8 R08: ffffffffa057d280 R09: ffffffffa057d280
> > >> > > R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90001d9fbd0
> > >> > > R13: ffffc90001d9fbb0 R14: ffff88007b23d8f0 R15: ffff88007a491400
> > >> > > FS: 00007f6d81b77780(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000
> > >> > > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > >> > > CR2: 0000000000000000 CR3: 000000007a58c005 CR4: 00000000001606f0
> > >> > > Call Trace:
> > >> > > ? kmem_cache_alloc+0xae/0x1d0
> > >> > > ? mempool_alloc_slab+0x15/0x20
> > >> > > smb2_sign_rqst+0x36/0x50 [cifs]
> > >> > > smb2_setup_request+0x10f/0x1d0 [cifs]
> > >> > > cifs_send_recv+0xa6/0x3e0 [cifs]
> > >> > > SMB2_tcon+0x198/0x580 [cifs]
> > >> > > ? __dynamic_pr_debug+0x8c/0xb0
> > >> > > cifs_get_smb_ses+0x741/0xda0 [cifs]
> > >> > > cifs_mount+0x62f/0x1090 [cifs]
> > >> > > ? kstrdup+0x49/0x60
> > >> > > cifs_smb3_do_mount+0x11c/0x5d0 [cifs]
> > >> > > cifs_do_mount+0x11/0x20 [cifs]
> > >> > > mount_fs+0x3e/0x150
> > >> > > vfs_kern_mount+0x67/0x130
> > >> > > do_mount+0x1f0/0xca0
> > >> > > ? copy_mount_options+0xc0/0x140
> > >> > > ksys_mount+0x83/0xd0
> > >> > > __x64_sys_mount+0x25/0x30
> > >> > > do_syscall_64+0x60/0x190
> > >> > > entry_SYSCALL_64_after_hwframe+0x44/0xa9
> > >> > > RIP: 0033:0x7f6d8149530a
> > >> > > Code: 48 8b 0d 89 6b 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
> > >> > > 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d
> > >> > > 01 f0 ff ff 73 01 c3 48 8b 0d 56 6b 2c 00 f7 d8 64 89 01 48
> > >> > > RSP: 002b:00007ffeefc36ba8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
> > >> > > RAX: ffffffffffffffda RBX: 00007f6d81b8891a RCX: 00007f6d8149530a
> > >> > > RDX: 0000558d6cbfe3b2 RSI: 0000558d6cbfe3f9 RDI: 00007ffeefc3748f
> > >> > > RBP: 00007ffeefc37484 R08: 0000558d6dfc0090 R09: 00007f6d81b77780
> > >> > > R10: 0000000000000001 R11: 0000000000000202 R12: 00007f6d81b86000
> > >> > > R13: 0000558d6dfc0090 R14: 00007f6d81b8890f R15: 0000000000000000
> > >> > > Modules linked in: cmac arc4 md4 nls_utf8 cifs ccm dns_resolver
> > >> > > binfmt_misc nf_conntrack_netbios_ns nf_conntrack_broadcast xt_CT
> > >> > > ip6t_rpfilter ipt_REJECT nf_reject_ipv4 ip6t_REJECT nf_reject_ipv6
> > >> > > xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute ip6table_nat
> > >> > > nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle
> > >> > > ip6table_security ip6table_raw iptable_nat nf_conntrack_ipv4
> > >> > > nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c
> > >> > > iptable_mangle iptable_security iptable_raw ebtable_filter ebtables
> > >> > > ip6table_filter ip6_tables iptable_filter vmw_vsock_vmci_transport
> > >> > > vsock sb_edac crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc
> > >> > > aesni_intel crypto_simd cryptd glue_helper intel_rapl_perf vmw_balloon
> > >> > > pcspkr joydev input_leds sg vmw_vmci i2c_piix4 tcp_bbr sch_fq
> > >> > > auth_rpcgss sunrpc
> > >> > > ip_tables ext4 mbcache jbd2 sr_mod cdrom ata_generic pata_acpi sd_mod
> > >> > > crc32c_intel serio_raw vmwgfx drm_kms_helper syscopyarea sysfillrect
> > >> > > sysimgblt fb_sys_fops vmxnet3 ttm vmw_pvscsi ata_piix drm libata
> > >> > > dm_mirror dm_region_hash dm_log dm_mod
> > >> > > Dumping ftrace buffer:
> > >> > > (ftrace buffer empty)
> > >> > > CR2: 0000000000000000
> > >> > > ---[ end trace 8d3d1726ae979933 ]---
> > >> > > RIP: 0010:smb2_calc_signature+0x120/0x2f0 [cifs]
> > >> > > Code: b1 00 01 00 00 49 8b bf 80 02 00 00 ba 10 00 00 00 e8 b4 86 e4
> > >> > > e0 85 c0 0f 85 8c 00 00 00 48 8b 85 78 ff ff ff ba 82 ff ff ff <48> 8b
> > >> > > 00 f6 40 08 01 0f 84 b1 00 00 00 48 c7 c6 30 09 56 a0 48 c7
> > >> > > RSP: 0018:ffffc90001d9fa40 EFLAGS: 00010246
> > >> > > RAX: 0000000000000000 RBX: ffff88007b23d8c0 RCX: 0000000000000000
> > >> > > RDX: 00000000ffffff82 RSI: ffffc90001d9f998 RDI: ffff880036196110
> > >> > > RBP: ffffc90001d9fac8 R08: ffffffffa057d280 R09: ffffffffa057d280
> > >> > > R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90001d9fbd0
> > >> > > R13: ffffc90001d9fbb0 R14: ffff88007b23d8f0 R15: ffff88007a491400
> > >> > > FS: 00007f6d81b77780(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000
> > >> > > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > >> > > CR2: 0000000000000000 CR3: 000000007a58c005 CR4: 00000000001606f0
> > >> > >
> > >> > > On Fri, Aug 17, 2018 at 8:21 AM Robin P. Blanchard
> > >> > > <robin.blanchard@xxxxxxxxx> wrote:
> > >> > > >
> > >> > > > On Fri, Aug 17, 2018 at 7:52 AM Tom Talpey <ttalpey@xxxxxxxxxxxxx> wrote:
> > >> > > > >
> > >> > > > > > -----Original Message-----
> > >> > > > > > From: linux-cifs-owner@xxxxxxxxxxxxxxx <linux-cifs-owner@xxxxxxxxxxxxxxx> On
> > >> > > > > > Behalf Of Robin P. Blanchard
> > >> > > > > > Sent: Thursday, August 16, 2018 4:51 PM
> > >> > > > > > To: Steve French <smfrench@xxxxxxxxx>
> > >> > > > > > Cc: linux-cifs@xxxxxxxxxxxxxxx
> > >> > > > > > Subject: Re: regression in CIFS(?) between 4.17.14 and 4.18.0
> > >> > > > > >
> > >> > > > > > Correct.
> > >> > > > > >
> > >> > > > > > Interplay between DFS referrals and vers=2.[01] seems to be where we're at...
> > >> > > > >
> > >> > > > > Curious. What OS and SMB dialect are these DFS servers running?
> > >> > > >
> > >> > > > vers=2.0 and vers=2.1 trigger spontaneous reboots **with DFS pathing** to
> > >> > > > - Microsoft Windows Server 2008 R2 Enterprise
> > >> > > > - Microsoft Windows Server 2016 Datacenter
> > >> > > >
> > >> > > > mounting directly to one of the underlying DFS targets (above OSes) does NOT trigger spontaneous reboot.
> > >> > > >
> > >> > > > vers=3.0 and vers=3.11 does NOT trigger spontaneous reboot **with DFS pathing** to
> > >> > > > - Microsoft Windows Server 2016 Datacenter
> > >> > > >
> > >> > > >
> > >> > > > > The DFS referral protocol is pretty much identical across dialects, so it must be
> > >> > > > > something in the new mount/connection plumbing in the client that's going
> > >> > > > > flooey.
> > >> > > > >
> > >> > > > > Tom.
> > >> > > > >
> > >> > > > >
> > >> > > > > > On Thu, Aug 16, 2018 at 3:46 PM Steve French <smfrench@xxxxxxxxx> wrote:
> > >> > > > > > >
> > >> > > > > > > and to clarify - DFS referral to Windows 2016 works with 3.0 or later,
> > >> > > > > > > but reboots with 2.0 or 2.1?
> > >> > > > > > > On Thu, Aug 16, 2018 at 3:42 PM Robin P. Blanchard
> > >> > > > > > > <robin.blanchard@xxxxxxxxx> wrote:
> > >> > > > > > > >
> > >> > > > > > > > Summary of regression between 4.17.14 and 4.18.0
> > >> > > > > > > >
> > >> > > > > > > > pam_mount is/was red herring
> > >> > > > > > > >
> > >> > > > > > > > vers=2.0 and vers=2.1 trigger spontaneous reboots **using DFS pathing**
> > >> > > > > > to
> > >> > > > > > > > - Microsoft Windows Server 2008 R2 Enterprise
> > >> > > > > > > > - Microsoft Windows Server 2016 Datacenter
> > >> > > > > > > >
> > >> > > > > > > > mounting directly to one of the underlying DFS member servers does NOT
> > >> > > > > > > > trigger spontaneous reboot.
> > >> > > > >
> > >> >
> > >> > It might be the bug Aurelien fixed recently:
> > >> >
> > >> > commit a5c62f4833c2c8e6e0f35367b99b717b78f5c029
> > >> > Author: Aurelien Aptel <aaptel@xxxxxxxx>
> > >> > Date: Thu Aug 2 16:39:52 2018 +0200
> > >> >
> > >> > CIFS: fix uninitialized ptr deref in smb2 signing
> > >> >
> > >> > server->secmech.sdeschmacsha256 is not properly initialized before
> > >> > smb2_shash_allocate(), set shash after that call.
> > >> >
> > >> > also fix typo in error message
> > >> >
> > >> > Fixes: 8de8c4608fe9 ("cifs: Fix validation of signed data in smb2")
> > >> >
> > >> > Signed-off-by: Aurelien Aptel <aaptel@xxxxxxxx>
> > >> > Reviewed-by: Paulo Alcantara <palcantara@xxxxxxxx>
> > >> > Reported-by: Xiaoli Feng <xifeng@xxxxxxxxxx>
> > >> > Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
> > >> > CC: Stable <stable@xxxxxxxxxxxxxxx>
> > >> >
> > >> >
> > >> > You can apply the fix or wait until v4.17.y stable kernel includes it.
> > >> >
> > >> > --
> > >> > Best regards,
> > >> > Pavel Shilovsky
> > >>
> > >>
> > >>
> > >> --
> > >> Thanks,
> > >>
> > >> Steve
