panic handing cifs reconnect in cifs_send_recv or smb2_reconnect or mutex_unlock due to a use after free of struct cifs_ses

Solution Verified - Updated -

Issue

  • kernel crashed with one of the following logs:
  • crash log 1
[3391089.999306] general protection fault: 0000 [#1] SMP 
[3391090.008015] Workqueue: cifsiod smb2_reconnect_server [cifs]
[3391090.010236] RIP: 0010:[<ffffffffc07c5599>]  [<ffffffffc07c5599>] cifs_send_recv+0x2b9/0x3d0 [cifs]
  • crash log 2
[87704.045236] CPU: 38 PID: 84826 Comm: kworker/38:3 Kdump: loaded Tainted: P           OEL ------------   3.10.0-957.5.1.el7.x86_64 #1
[87704.045237] Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 06/07/2018
[87704.045250] Workqueue: cifsiod smb2_reconnect_server [cifs]
[87704.045252] task: ffff8f9356e691a0 ti: ffff8f992d688000 task.ti: ffff8f992d688000
[87704.045254] RIP: 0010:[<ffffffffc1b4ac88>]  [<ffffffffc1b4ac88>] smb2_reconnect+0x58/0x440 [cifs]
  • crash log 3
[ 1979.225457] CIFS VFS: Send error in SessSetup = -11 
[ 1979.230363] BUG: unable to handle kernel NULL pointer dereference at 0000000000000040 
[ 1979.323028] CPU: 2 PID: 20198 Comm: kworker/2:0 Kdump: loaded Tainted: G           OE  ------------   3.10.0-957.27.4.el7.x86_64 #1 
[ 1979.334840] Hardware name: IBM IBM System x -[7944Q05]-/90Y4784, BIOS -[D6E150CUS-1.11]- 02/08/2011 
[ 1979.343915] Workqueue: cifsiod smb2_reconnect_server [cifs] 
[ 1979.349509] task: ffff90bf7c80c100 ti: ffff90c05de3c000 task.ti: ffff90c05de3c000 
[ 1979.356988] RIP: 0010:[<ffffffffabd68136>]  [<ffffffffabd68136>] mutex_unlock+0x6/0x20
  • crash log 4
[306077.305516] CIFS VFS: Free previous auth_key.response = ffff9270dc7eea00
[311947.893637] CIFS VFS: ioctl error in smb2_get_dfs_refer rc=-5
[312003.006874] CIFS VFS: ioctl error in smb2_get_dfs_refer rc=-5
[312075.420999] BUG: unable to handle kernel NULL pointer dereference at           (null)
[312075.422137] IP: [<ffffffff8db96919>] __list_del_entry+0x29/0xd0
[312075.423169] PGD 8000000278b68067 PUD 1445d3067 PMD 12330c067 PTE 0
[312075.424180] Oops: 0000 [#1] SMP 
[312075.430209] CPU: 1 PID: 18436 Comm: kworker/1:4 Kdump: loaded Not tainted 3.10.0-957.27.2.el7.x86_64 #1
[312075.431187] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 04/05/2016
[312075.432178] Workqueue: cifsiod smb2_reconnect_server [cifs]
[312075.433139] task: ffff926dc6545140 ti: ffff926ce1168000 task.ti: ffff926ce1168000
[312075.434068] RIP: 0010:[<ffffffff8db96919>]  [<ffffffff8db96919>] __list_del_entry+0x29/0xd0

Environment

  • Red Hat Enterprise Linux 7
    • Seen on kernel-3.10.0-957.5.1.el7~3.10.0-957.23.2.el7
  • Red Hat Enterprise Linux 8
    • Seen on kernel-4.18.0-147.el8
  • cifs
    • mount options: vers=3.0 or vers=2.1 and multiuser
  • network or server issues leading to cifs having to reconnect

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content