Bug 11785 - CIFS stuck in failing credentials on reconnect
CIFS stuck in failing credentials on reconnect
Status: NEW
Product: CifsVFS
Classification: Unclassified
Component: kernel fs
3.x
x86 Linux
: P5 major
: ---
Assigned To: Steve French
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-03-10 14:45 UTC by Jan-Marek Glogowski
Modified: 2016-03-10 14:45 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jan-Marek Glogowski 2016-03-10 14:45:12 UTC
The probematic system is a Kubuntu 12.04 machine with 14.04 HWE stack => Linux 3.13 based

The system is stuck on shutdown, when the CIFS VFS fails to reconnect to the server. The actual error case happened because the user changed her password in her session (password expired).
So a new session can't be re-established, as the credentials have changed in comparison to the original credentials from the users login.

2016-03-04 15:08:22,301 DEBUG [rsync stdout] >f..t...... .mozilla/firefox-24esr/<uid>/cookies.sqlite
2016-03-04 15:08:22,303 DEBUG [rsync stdout] >f..t...... .mozilla/firefox-24esr/<uid>/key3.db
2016-03-04 15:08:22,305 DEBUG [rsync stdout] >f.st...... .mozilla/firefox-24esr/<uid>/localstore.rdf
2016-03-04 15:08:22,306 DEBUG [rsync stdout] >f..t...... .mozilla/firefox-24esr/<uid>/marionette.log
2016-03-04 15:08:22,486 DEBUG [rsync stdout] >f..t...... .mozilla/firefox-24esr/<uid>/permissions.sqlite

Stuck roaming profile sync log @ 15:08:22

Syslog:

Mar  4 15:08:20 <hostname> kernel: [24696.207417] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
Mar  4 15:08:20 <hostname> kernel: [24696.217188] EXT4-fs (loop0): barriers disabled
Mar  4 15:08:20 <hostname> kernel: [24696.227891] EXT4-fs (loop0): mounted filesystem with journalled data mode. Opts: barrier=0,data=journal

^^^ Roaming profile image mounted from CIFS filer.

Mar  4 15:09:19 <hostname> kernel: [24755.206237] CIFS VFS: sends on sock ee5cb800 stuck for 15 seconds
Mar  4 15:09:19 <hostname> kernel: [24755.206245] CIFS VFS: Error -11 sending data on socket to server
Mar  4 15:09:19 <hostname> kernel: [24755.206289] CIFS VFS: Send error in read = -11

^^^ CIFS connection error
CIFS VFS trying to reconnect:

Mar  4 15:09:29 <hostname> kernel: [24765.225997] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Mar  4 15:09:29 <hostname> kernel: [24765.226005] CIFS VFS: Send error in SessSetup = -13
Mar  4 15:09:30 <hostname> kernel: [24765.278273] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Mar  4 15:09:30 <hostname> kernel: [24765.278280] CIFS VFS: Send error in SessSetup = -13
Mar  4 15:09:30 <hostname> kernel: [24765.324020] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Mar  4 15:09:30 <hostname> kernel: [24765.324027] CIFS VFS: Send error in SessSetup = -13
Mar  4 15:09:30 <hostname> kernel: [24765.368960] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Mar  4 15:09:30 <hostname> kernel: [24765.368967] CIFS VFS: Send error in SessSetup = -13
Mar  4 15:09:30 <hostname> kernel: [24765.414862] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Mar  4 15:09:30 <hostname> kernel: [24765.414869] CIFS VFS: Send error in SessSetup = -13

After 5 reconnects with bad credentials, the account is locked.

Mar  4 15:09:30 <hostname> kernel: [24765.447627] Status code returned 0xc0000234 NT_STATUS_ACCOUNT_LOCKED_OUT
Mar  4 15:09:30 <hostname> kernel: [24765.447634] CIFS VFS: Send error in SessSetup = -13
Mar  4 15:09:30 <hostname> kernel: [24765.480181] Status code returned 0xc0000234 NT_STATUS_ACCOUNT_LOCKED_OUT
Mar  4 15:09:30 <hostname> kernel: [24765.480188] CIFS VFS: Send error in SessSetup = -13

$ grep NT_STATUS_ACCOUNT_LOCKED_OUT syslog.2 | wc -l
1447804

$ grep 07:41:46 syslog.2 | wc -l
56

I'm not sure what the best solution would be. I just saw that the "soft" parameter is actually the default for CIFS, so I thought this would be prevented. From my POV there is no reason for the module to hammer on the server with 60 msg/s, if it already reports wrong credentials or even a locked account.