[disco] [5.0.0-7.8] can't mount guest cifs share

Bug #1821053 reported by Andreas Hasenack on 2019-03-20
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
High
Tyler Hicks

Bug Description

Hi,

with a simple smb.conf setup like this:
[pub]
path = /pub
guest ok = yes

The following mount command fails when the running kernel is 5.0.0-7:
root@ubuntu:~# dmesg -C
root@ubuntu:~# mount //localhost/pub /mnt -o guest
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
root@ubuntu:~# dmesg
[ 178.469307] CIFS: Attempting to mount //localhost/pub
[ 178.469343] No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.
[ 178.481741] CIFS VFS: failed to connect to IPC (rc=-13)
[ 178.485272] CIFS VFS: cifs_mount failed w/return code = -13

samba server logs, in debug 5, show:
[2019/03/20 17:25:19.365445, 0] ../../libcli/smb/smb2_signing.c:169(smb2_signing_check_pdu)
  Bad SMB2 signature for message
[2019/03/20 17:25:19.365524, 0] ../../lib/util/util.c:508(dump_data)
  [0000] A6 62 5F 50 9C D7 31 42 14 34 52 9F AA 49 C8 31 .b_P..1B .4R..I.1
[2019/03/20 17:25:19.365562, 0] ../../lib/util/util.c:508(dump_data)
  [0000] 31 37 12 A2 D5 D4 59 99 0B 63 C5 21 EB 86 70 74 17....Y. .c.!..pt
[2019/03/20 17:25:19.369055, 0] ../../libcli/smb/smb2_signing.c:169(smb2_signing_check_pdu)
  Bad SMB2 signature for message
[2019/03/20 17:25:19.369092, 0] ../../lib/util/util.c:508(dump_data)
  [0000] 23 2C 4F 10 0E 4E 46 2E 8A 5B E3 70 0F B3 D3 FB #,O..NF. .[.p....
[2019/03/20 17:25:19.369120, 0] ../../lib/util/util.c:508(dump_data)
  [0000] 50 F7 C6 8A 6E BC B2 B7 1C 2F 43 30 90 6A 25 CA P...n... ./C0.j%.

With kernel 4.19.0-12-generic, the exact same system, the command works:

root@ubuntu:~# dmesg -C

root@ubuntu:~# mount //localhost/pub /mnt -o guest

root@ubuntu:~# dmesg
[ 277.745885] FS-Cache: Loaded
[ 277.768408] FS-Cache: Netfs 'cifs' registered for caching
[ 277.768495] Key type cifs.spnego registered
[ 277.768498] Key type cifs.idmap registered
[ 277.768707] No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.

root@ubuntu:~# mount -t cifs
//localhost/pub on /mnt type cifs (rw,relatime,vers=default,sec=none,cache=strict,uid=0,noforceuid,gid=0,noforcegid,addr=127.0.0.1,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=1048576,wsize=1048576,echo_interval=60,actimeo=1)

root@ubuntu:~# uname -r
4.19.0-12-generic

Just looking at the list of patches queued up for the next upstream kernel release, at https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.0, this one looks promising:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.0/cifs-do-not-skip-smb2-message-ids-on-send-failures.patch

I can easily test a new kernel for you.
---
ProblemType: Bug
AlsaDevices:
 total 0
 crw-rw---- 1 root audio 116, 1 Mar 20 18:04 seq
 crw-rw---- 1 root audio 116, 33 Mar 20 18:04 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay': 'aplay'
ApportVersion: 2.20.10-0ubuntu23
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord': 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CRDA: N/A
DistroRelease: Ubuntu 19.04
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig'
Lsusb: Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
Package: linux (not installed)
PciMultimedia:

ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=C.UTF-8
 SHELL=/bin/bash
ProcFB:

ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.0.0-7-generic root=PARTUUID=e2b8e290-77c5-437c-a78d-b59424881b58 ro console=tty1 console=ttyS0
ProcVersionSignature: Ubuntu 5.0.0-7.8-generic 5.0.0
RelatedPackageVersions:
 linux-restricted-modules-5.0.0-7-generic N/A
 linux-backports-modules-5.0.0-7-generic N/A
 linux-firmware N/A
RfKill: Error: [Errno 2] No such file or directory: 'rfkill': 'rfkill'
Tags: disco uec-images
Uname: Linux 5.0.0-7-generic x86_64
UnreportableReason: This report is about a package that is not installed.
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm audio cdrom dialout dip floppy netdev plugdev sudo video
_MarkForUpload: False
dmi.bios.date: 04/01/2014
dmi.bios.vendor: SeaBIOS
dmi.bios.version: 1.10.2-1ubuntu1
dmi.chassis.type: 1
dmi.chassis.vendor: QEMU
dmi.chassis.version: pc-i440fx-bionic
dmi.modalias: dmi:bvnSeaBIOS:bvr1.10.2-1ubuntu1:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-bionic:cvnQEMU:ct1:cvrpc-i440fx-bionic:
dmi.product.name: Standard PC (i440FX + PIIX, 1996)
dmi.product.version: pc-i440fx-bionic
dmi.sys.vendor: QEMU

CVE References

Andreas Hasenack (ahasenack) wrote :

If I force the SMB1 protocol (vers=1.0), then the mount works:

root@ubuntu:~# mount //localhost/pub /mnt -o guest,vers=1.0
root@ubuntu:~# mount -t cifs
//localhost/pub on /mnt type cifs (rw,relatime,vers=1.0,sec=none,cache=strict,uid=0,noforceuid,gid=0,noforcegid,addr=127.0.0.1,soft,unix,posixpaths,serverino,mapposix,acl,rsize=1048576,wsize=65536,echo_interval=60,actimeo=1)
root@ubuntu:~# uname -r
5.0.0-7-generic
root@ubuntu:~#

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1821053

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
tags: added: disco

apport information

tags: added: apport-collected uec-images
description: updated

apport information

apport information

apport information

apport information

apport information

apport information

Tyler Hicks (tyhicks) wrote :

I built you a test kernel with that patch here:

  https://people.canonical.com/~tyhicks/disco-cifs.1/

Let us know if it fixes the problem. Thanks!

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Andreas Hasenack (ahasenack) wrote :

It didn't work :/

same error.

I enabled some cifs debugging (https://wiki.samba.org/index.php/LinuxCIFS_troubleshooting):
# modprobe cifs
# echo 'module cifs +p' > /sys/kernel/debug/dynamic_debug/control
# echo 'file fs/cifs/* +p' > /sys/kernel/debug/dynamic_debug/control
# echo 7 > /proc/fs/cifs/cifsFYI

Attached is dmesg after the failed mount attempt.

Andreas Hasenack (ahasenack) wrote :

A patch was provided:

https://<email address hidden>/t/#u

Tyler Hicks (tyhicks) wrote :

I built you a another test kernel with that patch here:

  https://people.canonical.com/~tyhicks/disco-cifs.2/

Thanks for testing!

Andreas Hasenack (ahasenack) wrote :

Thanks for the build. Unfortunately, that patch didn't work. I followed up in the mailing list.

Andreas Hasenack (ahasenack) wrote :

Extra patch to be applied on top:

https://lore.kernel.org<email address hidden>/

Andreas Hasenack (ahasenack) wrote :

These two patches applied in that order fix the issue:

https://<email address hidden>/t/#u
https://lore.kernel.org<email address hidden>/

Andreas Hasenack (ahasenack) wrote :

I installed linux-source in disco, applied those two patches to the source tree, copied the config file from /boot and rebuilt the kernel, rebooted, and can confirm the bug is fixed.

Tyler Hicks (tyhicks) on 2019-03-25
Changed in linux (Ubuntu):
assignee: nobody → Tyler Hicks (tyhicks)
importance: Undecided → High
status: Confirmed → In Progress
Tyler Hicks (tyhicks) wrote :

Thanks for all your work on this! I've submitted the fixes to be included in the Disco kernel:

 https://lists.ubuntu.com/archives/kernel-team/2019-March/099491.html

Seth Forshee (sforshee) on 2019-03-26
Changed in linux (Ubuntu):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (50.5 KiB)

This bug was fixed in the package linux - 5.0.0-11.12

---------------
linux (5.0.0-11.12) disco; urgency=medium

  * linux: 5.0.0-11.12 -proposed tracker (LP: #1824383)

  * hns3: PPU_PF_ABNORMAL_INT_ST over_8bd_no_fe found [error status=0x1]
    (LP: #1824194)
    - net: hns3: fix for not calculating tx bd num correctly

  * disco: unable to use iptables/enable ufw under -virtual kernel
    (LP: #1823862)
    - [Packaging] add bpfilter to linux-modules

  * Make shiftfs a module rather than built-in (LP: #1824354)
    - [Config] CONFIG_SHIFT_FS=m

  * shiftfs: chown sets untranslated ids in lower fs (LP: #1824350)
    - SAUCE: shiftfs: use translated ids when chaning lower fs attrs

  * [Hyper-V] KVP daemon fails to start on first boot of disco VM (LP: #1820063)
    - [Packaging] bind hv_kvp_daemon startup to hv_kvp device

linux (5.0.0-10.11) disco; urgency=medium

  * linux: 5.0.0-10.11 -proposed tracker (LP: #1823936)

  * Apparmor enforcement failure in lxc selftests (LP: #1823379)
    - SAUCE: apparmor: Restore Y/N in /sys for apparmor's "enabled"

  * systemd cause kernel trace "BUG: unable to handle kernel paging request at
    6db23a14" on Cosmic i386 (LP: #1813244)
    - openvswitch: fix flow actions reallocation

linux (5.0.0-9.10) disco; urgency=medium

  * linux: 5.0.0-9.10 -proposed tracker (LP: #1823228)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

  * Huawei Hi1822 NIC has poor performance (LP: #1820187)
    - net-next/hinic: replace disable_irq_nosync/enable_irq

  * Add uid shifting overlay filesystem (shiftfs) (LP: #1823186)
    - shiftfs: uid/gid shifting bind mount
    - shiftfs: rework and extend
    - shiftfs: support some btrfs ioctls
    - [Config] enable shiftfs

  * Cannot boot or install - have to use nomodeset (LP: #1821820)
    - Revert "drm/i915/fbdev: Actually configure untiled displays"

  * Disco update: v5.0.6 upstream stable release (LP: #1823060)
    - netfilter: nf_tables: fix set double-free in abort path
    - dccp: do not use ipv6 header for ipv4 flow
    - genetlink: Fix a memory leak on error path
    - gtp: change NET_UDP_TUNNEL dependency to select
    - ipv6: make ip6_create_rt_rcu return ip6_null_entry instead of NULL
    - mac8390: Fix mmio access size probe
    - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
    - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6
    - net: datagram: fix unbounded loop in __skb_try_recv_datagram()
    - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
    - net: phy: meson-gxl: fix interrupt support
    - net: rose: fix a possible stack overflow
    - net: stmmac: fix memory corruption with large MTUs
    - net-sysfs: call dev_hold if kobject_init_and_add success
    - net: usb: aqc111: Extend HWID table by QNAP device
    - packets: Always register packet sk in the same order
    - rhashtable: Still do rehash when we get EEXIST
    - sctp: get sctphdr by offset in sctp_compute_cksum
    - sctp: use memdup_user instead of vmemdup_user
    - tcp: do not use ipv6 header for ipv4 flow
    - tipc: allow servic...

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Brad Figg (brad-figg) on 2019-07-24
tags: added: cscc
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers