Bug#908927: marked as done (Linux Kernel oops in jessie 8.11 linux-image-3.16.0-6-i586 (3.16.57-2) mounting cifs share with vers=3.0)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Fri, 28 May 2021 12:25:50 -0700 (PDT)
with message-id <60b143be.1c69fb81.c14b3.fb8b@mx.google.com>
and subject line Closing this bug (BTS maintenance for src:linux bugs)
has caused the Debian Bug report #908927,
regarding Linux Kernel oops in jessie 8.11 linux-image-3.16.0-6-i586 (3.16.57-2) mounting cifs share with vers=3.0
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
908927: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908927
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: Linux Kernel oops in jessie 8.11 linux-image-3.16.0-6-i586 (3.16.57-2) mounting cifs share with vers=3.0
• From: Andrew Roberts <andrewm.roberts@sky.com>
• Date: Sun, 16 Sep 2018 07:30:14 +0100
• Message-id: <4b4b07a6-6990-3c67-9daf-122df1477b9d@sky.com>

Package: linux-image

Version: 3.16.0-6-i586

I am seeing a kernel NULL pointer deference mounting a cifs share on jessie 8.11. This only occurs when you try to mount with vers=3.0 in the fstab

file://192.168.1.30/share    /mnt/share      cifs defaults,noauto,noserverino,x-systemd.automount,rw,uid=aroberts,gid=aroberts,credentials=/etc/cifs-credentials,vers=3.0 0 0

using vers=2.1 works ok. This bug also affects the SAME kernel (3.16.57-2) on ArchLinux ARM (odroid-c2, aarch64). Other boxes with different kernels (Debian stretch, ArchLinux raspberry pi, Fedora etc) are all fine, as was a previous kernel on odroid (3.14).

See odroid-c2 bug report at Arch Linux Arm: https://archlinuxarm.org/forum/viewtopic.php?f=15&t=13045

The shares are served from a Centos (RHEL 7.5.1804 x86_64) box with the following options in the smb.conf file:

        hosts deny = ALL
        hosts allow = 127. 192.168.1.
        nt pipe support = no
        client max protocol = SMB3
        client min protocol = SMB2_10
        server min protocol = SMB2_10

I'm trying to use vers=3.0 as a CERT advisory suggested that previous versions of the protocol are not secure, so this is a securty issue.

Obviously I'm still using debian 8.11 as this is a i586 box...

uname -a

Linux pentium 3.16.0-6-586 #1 Debian 3.16.57-2 (2018-07-14) i586 GNU/Linux

journalctl -b0

...Sep 16 06:06:38 pentium kernel: BUG: unable to handle kernel NULL pointer dereference at 00000034 Sep 16 06:06:38 pentium kernel: IP: [<c11e87de>] crypto_shash_setkey+0xe/0xb0

Sep 16 06:06:38 pentium kernel: *pde = 00000000
Sep 16 06:06:38 pentium kernel: Oops: 0000 [#1]

Sep 16 06:06:38 pentium kernel: Modules linked in: arc4 ecb md4 hmac nls_utf8 isofs udf crc_itu_t cifs dns_resolver nfsd auth_rpcgss oid_registry nfs_acl nfs lockd fscache sunrpc ppdev snd_emu10k1 snd_util_mem snd_rawmidi snd_hwdep snd_seq_device snd_ac97_codec evdev snd_pcm snd_timer serio_raw snd pcspkr soundcore emu10k1_gp ac97_bus gameport parport_pc parport processor button fuse autofs4 ext4 crc16 mbcache jbd2 hid_generic usbhid sg hid sd_mod sr_mod crc_t10dif crct10dif_generic cdrom crct10dif_common ata_generic ata_piix uhci_hcd libata ehci_hcd usbcore i2c_piix4 scsi_mod 3c59x mii i2c_core usb_common thermal fan thermal_sys floppy Sep 16 06:06:38 pentium kernel: CPU: 0 PID: 3932 Comm: mount.cifs Not tainted 3.16.0-6-586 #1 Debian 3.16.57-2 Sep 16 06:06:38 pentium kernel: Hardware name:  /i430TX-SMC669, BIOS 4.51 PG 07/20/98 Sep 16 06:06:38 pentium kernel: task: cd184500 ti: cfbc0000 task.ti: cfbc0000 Sep 16 06:06:38 pentium kernel: EIP: 0060:[<c11e87de>] EFLAGS: 00010296 CPU: 0

Sep 16 06:06:38 pentium kernel: EIP is at crypto_shash_setkey+0xe/0xb0

Sep 16 06:06:38 pentium kernel: EAX: 00000000 EBX: cfab81e0 ECX: 00000010 EDX: cd8daac4 Sep 16 06:06:38 pentium kernel: ESI: cfbc1d18 EDI: cdba4000 EBP: cfbc1c30 ESP: cfbc1c18 Sep 16 06:06:38 pentium kernel:  DS: 007b ES: 007b FS: 0000 GS: 00e0 SS: 0068 Sep 16 06:06:38 pentium kernel: CR0: 8005003b CR2: 00000034 CR3: 0fa79000 CR4: 00000010

Sep 16 06:06:38 pentium kernel: Stack:

Sep 16 06:06:38 pentium kernel:  00000246 c10efd02 00011200 cfab81e0 cfbc1d18 cdba4000 cfbc1c7c d0f16e39 Sep 16 06:06:38 pentium kernel:  c10efd02 00000082 cfbc1cd0 cfab81e0 cdba4008 f85388a6 00000002 c15e3ac0 Sep 16 06:06:38 pentium kernel:  00000246 00000000 00000000 00000000 00000000 9b528262 cfa234c0 cd8daa00

Sep 16 06:06:38 pentium kernel: Call Trace:
Sep 16 06:06:38 pentium kernel:  [<c10efd02>] ? mempool_alloc+0x42/0x120

Sep 16 06:06:38 pentium kernel:  [<d0f16e39>] ? smb3_calc_signature+0xb9/0x2a0 [cifs]

Sep 16 06:06:38 pentium kernel:  [<c10efd02>] ? mempool_alloc+0x42/0x120

Sep 16 06:06:38 pentium kernel:  [<d0f164cf>] ? smb2_sign_rqst+0x2f/0x60 [cifs] Sep 16 06:06:38 pentium kernel:  [<d0f172dc>] ? smb2_setup_request+0x8c/0x130 [cifs] Sep 16 06:06:38 pentium kernel:  [<d0f06ccc>] ? SendReceive2+0xac/0x3f0 [cifs] Sep 16 06:06:38 pentium kernel:  [<c1060007>] ? set_security_override_from_ctx+0x7/0x40 Sep 16 06:06:38 pentium kernel:  [<d0f1ab73>] ? SMB2_ioctl+0x133/0x2e0 [cifs] Sep 16 06:06:38 pentium kernel:  [<d0f1ae43>] ? smb3_validate_negotiate+0x123/0x310 [cifs]

Sep 16 06:06:38 pentium kernel:  [<d0f18ae1>] ? SMB2_tcon+0x261/0x480 [cifs]
Sep 16 06:06:38 pentium kernel:  [<c11049da>] ? kstrdup+0x3a/0x50

Sep 16 06:06:38 pentium kernel:  [<d0f18880>] ? smb2_writev_callback+0xe0/0xe0 [cifs] Sep 16 06:06:38 pentium kernel:  [<d0eeda92>] ? cifs_get_tcon+0x192/0x400 [cifs] Sep 16 06:06:38 pentium kernel:  [<d0ef2c4d>] ? cifs_mount+0x49d/0xc40 [cifs] Sep 16 06:06:38 pentium kernel:  [<d0edf7b9>] ? cifs_do_mount+0xc9/0x5b0 [cifs] Sep 16 06:06:38 pentium kernel:  [<d0edf6f0>] ? cifs_drop_inode+0x40/0x40 [cifs]

Sep 16 06:06:38 pentium kernel:  [<c113a3d6>] ? mount_fs+0x36/0x190
Sep 16 06:06:38 pentium kernel:  [<c11049da>] ? kstrdup+0x3a/0x50
Sep 16 06:06:38 pentium kernel:  [<c1151f28>] ? vfs_kern_mount+0x48/0xf0
Sep 16 06:06:38 pentium kernel:  [<c1154988>] ? do_mount+0x1e8/0xa60
Sep 16 06:06:38 pentium kernel:  [<c1104c99>] ? strndup_user+0x39/0xc0

Sep 16 06:06:38 pentium kernel:  [<c11545df>] ? copy_mount_options+0x2f/0x1c0

Sep 16 06:06:38 pentium kernel:  [<c11554cc>] ? SyS_mount+0x9c/0xf0
Sep 16 06:06:38 pentium kernel:  [<c145308d>] ? syscall_call+0x10/0x10

Sep 16 06:06:38 pentium kernel: Code: 26 00 8b 55 f0 83 c4 10 5b 5e 89 d0 5f 5d c3 8d b4 26 00 00 00 00 8d bc 27 00 00 00 00 55 89 e5 57 56 53 83 ec 0c 3e 8d 74 26 00 <8b> 78 34 89 4d f0 89 c3 89 d6 8b 4f 1c 85 ca 74 59 89 c8 ba d0 Sep 16 06:06:38 pentium kernel: EIP: [<c11e87de>] crypto_shash_setkey+0xe/0xb0 SS:ESP 0068:cfbc1c18

Sep 16 06:06:38 pentium kernel: CR2: 0000000000000034
Sep 16 06:06:38 pentium kernel: ---[ end trace fcb11b4e4c9db3f4 ]---


...

--- End Message ---

--- Begin Message ---

• To: 908927-done@bugs.debian.org
• Cc: 908927-submitter@bugs.debian.org
• Subject: Closing this bug (BTS maintenance for src:linux bugs)
• From: carnil@debian.org
• Date: Fri, 28 May 2021 12:25:50 -0700 (PDT)
• Message-id: <60b143be.1c69fb81.c14b3.fb8b@mx.google.com>

Hi

This bug was filed for a very old kernel or the bug is old itself
without resolution.

If you can reproduce it with

- the current version in unstable/testing
- the latest kernel from backports

please reopen the bug, see https://www.debian.org/Bugs/server-control
for details.

Regards,
Salvatore

--- End Message ---