Processed: Re: Bug#1060052: cifs-utils: Copy file from same cifs mount to cifs mount --> kernel NULL pointer derefernce

[Debian Bug Tracking System]

Processing control commands:

> severity -1 normal
Bug #1060052 [cifs-utils] cifs-utils: Copy file from same cifs mount to cifs 
mount --> kernel NULL pointer derefernce
Severity set to 'normal' from 'grave'
> merge 1060005 -1
Bug #1060005 [cifs-utils] cifs-utils: Copy file with cp, hangs with a kernel 
NULL pointer dereference.
Bug #1060052 [cifs-utils] cifs-utils: Copy file from same cifs mount to cifs 
mount --> kernel NULL pointer derefernce
Merged 1060005 1060052

-- 
1060005: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060005
1060052: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060052
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1060052: cifs-utils: Copy file from same cifs mount to cifs mount --> kernel NULL pointer derefernce

[Michael Tokarev]

Control: severity -1 normal
Control: merge 1060005 -1

FWIW, this is kernel bug, not cifs-utils bug, - guess it's 6.1.0-17 regression.

/mjt

Bug#1060052: cifs-utils: Copy file from same cifs mount to cifs mount --> kernel NULL pointer derefernce

[Hans66]

Package: cifs-utils
Version: 2:7.0-2
Severity: grave
Justification: renders package unusable

Dear Maintainer,

* Pristine up2date Bookworm install (no GUI, only SSH, cifs-utils, rsyslog 
installed)
* Mount smb/cifs share (/mnt/truenas)
* All works fine if I do same from Win-10 or Win-11 OS

* I have run below commands on clean Debian Bookworm install in bash shell:

sudo mount -t cifs //truenas.fritz.box/mount -o username=user /mnt/truenas
user@server:/mnt/truenas/temp$ 
sudo cp main.cf main.cf.1
Killed

-rwxr-xr-x 1 root root   1332 Jul 28 17:25  main.cf
-rwxr-xr-x 1 root root  0 Jan  5 09:40  main.cf.1

resulting in a kernel NULL pointer derefernce

Shell hangs if I try to remove the empty file.

SYSLOG
2024-01-05T10:06:35.361488+01:00 server kernel: [   85.532965] CIFS: Attempting 
to mount \\truenas.fritz.box\share
2024-01-05T10:07:45.994338+01:00 server kernel: [  156.163492] BUG: kernel NULL 
pointer dereference, address: 
2024-01-05T10:07:45.994348+01:00 server kernel: [  156.163524] #PF: supervisor 
read access in kernel mode
2024-01-05T10:07:45.994350+01:00 server kernel: [  156.163539] #PF: 
error_code(0x) - not-present page
2024-01-05T10:07:45.994350+01:00 server kernel: [  156.163553] PGD 0 P4D 0
2024-01-05T10:07:45.994352+01:00 server kernel: [  156.163565] Oops:  [#1] 
PREEMPT SMP PTI
2024-01-05T10:07:45.994353+01:00 server kernel: [  156.163578] CPU: 3 PID: 621 
Comm: cp Not tainted 6.1.0-17-amd64 #1  Debian 6.1.69-1
2024-01-05T10:07:45.994354+01:00 server kernel: [  156.163598] Hardware name:  
/DZ68DB, BIOS DBZ6810H.86A.0048.2018.1024.1605 10/24/2018
2024-01-05T10:07:45.994354+01:00 server kernel: [  156.163617] RIP: 
0010:cifs_flush_folio+0x3f/0x100 [cifs]
2024-01-05T10:07:45.994355+01:00 server kernel: [  156.163683] Code: d2 41 54 
49 89 cc 31 c9 55 48 89 f5 48 c1 ee 0c 53 48 83 ec 08 48 8b 7f 30 e8 8d 0a 5d 
dd 48 3d 00 f0 ff ff 0f 87 a5 00 00 00 <48> 8b 10 48 89 c3 b8 00 10 00 00 f7 c2 
00 00 01 00 74 07 0f b6 4b
2024-01-05T10:07:45.994356+01:00 server kernel: [  156.163721] RSP: 
0018:ab5dc0833c88 EFLAGS: 00010207
2024-01-05T10:07:45.994357+01:00 server kernel: [  156.163736] RAX: 
 RBX: 0534 RCX: 
2024-01-05T10:07:45.994357+01:00 server kernel: [  156.163754] RDX: 
 RSI:  RDI: 9a3e21e3
2024-01-05T10:07:45.994358+01:00 server kernel: [  156.163771] RBP: 
 R08: 0001 R09: 
2024-01-05T10:07:45.994359+01:00 server kernel: [  156.163789] R10: 
0533 R11: 9a3e0a189c00 R12: ab5dc0833cf8
2024-01-05T10:07:45.994360+01:00 server kernel: [  156.163806] R13: 
ab5dc0833cf0 R14: 9a3e05945410 R15: 0001
2024-01-05T10:07:45.994361+01:00 server kernel: [  156.163824] FS:  
7f46b32ba500() GS:9a410fb8() knlGS:
2024-01-05T10:07:45.994361+01:00 server kernel: [  156.163844] CS:  0010 DS: 
 ES:  CR0: 80050033
2024-01-05T10:07:45.994362+01:00 server kernel: [  156.163859] CR2: 
 CR3: 000108a5c005 CR4: 000606e0
2024-01-05T10:07:45.994363+01:00 server kernel: [  156.163876] Call Trace:
2024-01-05T10:07:45.994364+01:00 server kernel: [  156.163887]  
2024-01-05T10:07:45.994364+01:00 server kernel: [  156.163897]  ? 
__die_body.cold+0x1a/0x1f
2024-01-05T10:07:45.994365+01:00 server kernel: [  156.163913]  ? 
page_fault_oops+0xd2/0x2b0
2024-01-05T10:07:45.994366+01:00 server kernel: [  156.163928]  ? 
exc_page_fault+0x70/0x170
2024-01-05T10:07:45.994367+01:00 server kernel: [  156.163942]  ? 
asm_exc_page_fault+0x22/0x30
2024-01-05T10:07:45.994367+01:00 server kernel: [  156.163958]  ? 
cifs_flush_folio+0x3f/0x100 [cifs]
2024-01-05T10:07:45.994368+01:00 server kernel: [  156.164011]  ? 
cifs_flush_folio+0x33/0x100 [cifs]
2024-01-05T10:07:45.994369+01:00 server kernel: [  156.164062]  ? 
cifs_precopy_set_eof+0x2b/0x150 [cifs]
2024-01-05T10:07:45.994369+01:00 server kernel: [  156.164115]  
cifs_remap_file_range+0x16d/0x680 [cifs]
2024-01-05T10:07:45.994370+01:00 server kernel: [  156.164169]  
do_clone_file_range+0xe9/0x230
2024-01-05T10:07:45.994371+01:00 server kernel: [  156.164185]  
vfs_clone_file_range+0x37/0x140
2024-01-05T10:07:45.994371+01:00 server kernel: [  156.164199]  
ioctl_file_clone+0x49/0xb0
2024-01-05T10:07:45.994372+01:00 server kernel: [  156.164213]  
do_vfs_ioctl+0x77/0x910
2024-01-05T10:07:45.994372+01:00 server kernel: [  156.164226]  
__x64_sys_ioctl+0x6e/0xd0
2024-01-05T10:07:45.994373+01:00 server kernel: [  156.164239]  
do_syscall_64+0x5b/0xc0
2024-01-05T10:07:45.994374+01:00 server kernel: [  156.164253]  ? 
syscall_exit_to_user_mode+0x27/0x40
2024-01-05T10:07:45.994374+01:00 server kernel: [  156.164268]  ? 
do_syscall_64+0x67/0xc0
2024-01-05T10:07:45.994375+01:00 server kernel: [  156.164281]  ? 
syscall_exit_to_user_mode+0x27/0x40
2024-01-05T10:07:45.994376+01:00 server kernel: [  156.164296]  ?