Package: linux-image
Version: 3.16.0-6-i586
I am seeing a kernel NULL pointer deference mounting a cifs share on
jessie 8.11. This only occurs when you try to mount with vers=3.0 in the
fstab
file://192.168.1.30/share /mnt/share cifs
defaults,noauto,noserverino,x-systemd.automount,rw,uid=aroberts,gid=aroberts,credentials=/etc/cifs-credentials,vers=3.0
0 0
using vers=2.1 works ok. This bug also affects the SAME kernel
(3.16.57-2) on ArchLinux ARM (odroid-c2, aarch64). Other boxes with
different kernels (Debian stretch, ArchLinux raspberry pi, Fedora etc)
are all fine, as was a previous kernel on odroid (3.14).
See odroid-c2 bug report at Arch Linux Arm:
https://archlinuxarm.org/forum/viewtopic.php?f=15&t=13045
The shares are served from a Centos (RHEL 7.5.1804 x86_64) box with the
following options in the smb.conf file:
hosts deny = ALL
hosts allow = 127. 192.168.1.
nt pipe support = no
client max protocol = SMB3
client min protocol = SMB2_10
server min protocol = SMB2_10
I'm trying to use vers=3.0 as a CERT advisory suggested that previous
versions of the protocol are not secure, so this is a securty issue.
Obviously I'm still using debian 8.11 as this is a i586 box...
uname -a
Linux pentium 3.16.0-6-586 #1 Debian 3.16.57-2 (2018-07-14) i586 GNU/Linux
journalctl -b0
...Sep 16 06:06:38 pentium kernel: BUG: unable to handle kernel NULL
pointer dereference at 00000034
Sep 16 06:06:38 pentium kernel: IP: [<c11e87de>]
crypto_shash_setkey+0xe/0xb0
Sep 16 06:06:38 pentium kernel: *pde = 00000000
Sep 16 06:06:38 pentium kernel: Oops: 0000 [#1]
Sep 16 06:06:38 pentium kernel: Modules linked in: arc4 ecb md4 hmac
nls_utf8 isofs udf crc_itu_t cifs dns_resolver nfsd auth_rpcgss
oid_registry nfs_acl nfs lockd fscache sunrpc ppdev snd_emu10k1
snd_util_mem snd_rawmidi snd_hwdep snd_seq_device snd_ac97_codec evdev
snd_pcm snd_timer serio_raw snd pcspkr soundcore emu10k1_gp ac97_bus
gameport parport_pc parport processor button fuse autofs4 ext4 crc16
mbcache jbd2 hid_generic usbhid sg hid sd_mod sr_mod crc_t10dif
crct10dif_generic cdrom crct10dif_common ata_generic ata_piix uhci_hcd
libata ehci_hcd usbcore i2c_piix4 scsi_mod 3c59x mii i2c_core usb_common
thermal fan thermal_sys floppy
Sep 16 06:06:38 pentium kernel: CPU: 0 PID: 3932 Comm: mount.cifs Not
tainted 3.16.0-6-586 #1 Debian 3.16.57-2
Sep 16 06:06:38 pentium kernel: Hardware name: /i430TX-SMC669, BIOS
4.51 PG 07/20/98
Sep 16 06:06:38 pentium kernel: task: cd184500 ti: cfbc0000 task.ti:
cfbc0000
Sep 16 06:06:38 pentium kernel: EIP: 0060:[<c11e87de>] EFLAGS: 00010296
CPU: 0
Sep 16 06:06:38 pentium kernel: EIP is at crypto_shash_setkey+0xe/0xb0
Sep 16 06:06:38 pentium kernel: EAX: 00000000 EBX: cfab81e0 ECX:
00000010 EDX: cd8daac4
Sep 16 06:06:38 pentium kernel: ESI: cfbc1d18 EDI: cdba4000 EBP:
cfbc1c30 ESP: cfbc1c18
Sep 16 06:06:38 pentium kernel: DS: 007b ES: 007b FS: 0000 GS: 00e0 SS:
0068
Sep 16 06:06:38 pentium kernel: CR0: 8005003b CR2: 00000034 CR3:
0fa79000 CR4: 00000010
Sep 16 06:06:38 pentium kernel: Stack:
Sep 16 06:06:38 pentium kernel: 00000246 c10efd02 00011200 cfab81e0
cfbc1d18 cdba4000 cfbc1c7c d0f16e39
Sep 16 06:06:38 pentium kernel: c10efd02 00000082 cfbc1cd0 cfab81e0
cdba4008 f85388a6 00000002 c15e3ac0
Sep 16 06:06:38 pentium kernel: 00000246 00000000 00000000 00000000
00000000 9b528262 cfa234c0 cd8daa00
Sep 16 06:06:38 pentium kernel: Call Trace:
Sep 16 06:06:38 pentium kernel: [<c10efd02>] ? mempool_alloc+0x42/0x120
Sep 16 06:06:38 pentium kernel: [<d0f16e39>] ?
smb3_calc_signature+0xb9/0x2a0 [cifs]
Sep 16 06:06:38 pentium kernel: [<c10efd02>] ? mempool_alloc+0x42/0x120
Sep 16 06:06:38 pentium kernel: [<d0f164cf>] ? smb2_sign_rqst+0x2f/0x60
[cifs]
Sep 16 06:06:38 pentium kernel: [<d0f172dc>] ?
smb2_setup_request+0x8c/0x130 [cifs]
Sep 16 06:06:38 pentium kernel: [<d0f06ccc>] ? SendReceive2+0xac/0x3f0
[cifs]
Sep 16 06:06:38 pentium kernel: [<c1060007>] ?
set_security_override_from_ctx+0x7/0x40
Sep 16 06:06:38 pentium kernel: [<d0f1ab73>] ? SMB2_ioctl+0x133/0x2e0
[cifs]
Sep 16 06:06:38 pentium kernel: [<d0f1ae43>] ?
smb3_validate_negotiate+0x123/0x310 [cifs]
Sep 16 06:06:38 pentium kernel: [<d0f18ae1>] ? SMB2_tcon+0x261/0x480 [cifs]
Sep 16 06:06:38 pentium kernel: [<c11049da>] ? kstrdup+0x3a/0x50
Sep 16 06:06:38 pentium kernel: [<d0f18880>] ?
smb2_writev_callback+0xe0/0xe0 [cifs]
Sep 16 06:06:38 pentium kernel: [<d0eeda92>] ?
cifs_get_tcon+0x192/0x400 [cifs]
Sep 16 06:06:38 pentium kernel: [<d0ef2c4d>] ? cifs_mount+0x49d/0xc40
[cifs]
Sep 16 06:06:38 pentium kernel: [<d0edf7b9>] ? cifs_do_mount+0xc9/0x5b0
[cifs]
Sep 16 06:06:38 pentium kernel: [<d0edf6f0>] ?
cifs_drop_inode+0x40/0x40 [cifs]
Sep 16 06:06:38 pentium kernel: [<c113a3d6>] ? mount_fs+0x36/0x190
Sep 16 06:06:38 pentium kernel: [<c11049da>] ? kstrdup+0x3a/0x50
Sep 16 06:06:38 pentium kernel: [<c1151f28>] ? vfs_kern_mount+0x48/0xf0
Sep 16 06:06:38 pentium kernel: [<c1154988>] ? do_mount+0x1e8/0xa60
Sep 16 06:06:38 pentium kernel: [<c1104c99>] ? strndup_user+0x39/0xc0
Sep 16 06:06:38 pentium kernel: [<c11545df>] ?
copy_mount_options+0x2f/0x1c0
Sep 16 06:06:38 pentium kernel: [<c11554cc>] ? SyS_mount+0x9c/0xf0
Sep 16 06:06:38 pentium kernel: [<c145308d>] ? syscall_call+0x10/0x10
Sep 16 06:06:38 pentium kernel: Code: 26 00 8b 55 f0 83 c4 10 5b 5e 89
d0 5f 5d c3 8d b4 26 00 00 00 00 8d bc 27 00 00 00 00 55 89 e5 57 56 53
83 ec 0c 3e 8d 74 26 00 <8b> 78 34 89 4d f0 89 c3 89 d6 8b 4f 1c 85 ca
74 59 89 c8 ba d0
Sep 16 06:06:38 pentium kernel: EIP: [<c11e87de>]
crypto_shash_setkey+0xe/0xb0 SS:ESP 0068:cfbc1c18
Sep 16 06:06:38 pentium kernel: CR2: 0000000000000034
Sep 16 06:06:38 pentium kernel: ---[ end trace fcb11b4e4c9db3f4 ]---
...
