{"id":"CVE-2025-38244","summary":"smb: client: fix potential deadlock when reconnecting channels","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential deadlock when reconnecting channels\n\nFix cifs_signal_cifsd_for_reconnect() to take the correct lock order\nand prevent the following deadlock from happening\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.16.0-rc3-build2+ #1301 Tainted: G S      W\n------------------------------------------------------\ncifsd/6055 is trying to acquire lock:\nffff88810ad56038 (&tcp_ses-\u003esrv_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x134/0x200\n\nbut task is already holding lock:\nffff888119c64330 (&ret_buf-\u003echan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #2 (&ret_buf-\u003echan_lock){+.+.}-{3:3}:\n       validate_chain+0x1cf/0x270\n       __lock_acquire+0x60e/0x780\n       lock_acquire.part.0+0xb4/0x1f0\n       _raw_spin_lock+0x2f/0x40\n       cifs_setup_session+0x81/0x4b0\n       cifs_get_smb_ses+0x771/0x900\n       cifs_mount_get_session+0x7e/0x170\n       cifs_mount+0x92/0x2d0\n       cifs_smb3_do_mount+0x161/0x460\n       smb3_get_tree+0x55/0x90\n       vfs_get_tree+0x46/0x180\n       do_new_mount+0x1b0/0x2e0\n       path_mount+0x6ee/0x740\n       do_mount+0x98/0xe0\n       __do_sys_mount+0x148/0x180\n       do_syscall_64+0xa4/0x260\n       entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-\u003e #1 (&ret_buf-\u003eses_lock){+.+.}-{3:3}:\n       validate_chain+0x1cf/0x270\n       __lock_acquire+0x60e/0x780\n       lock_acquire.part.0+0xb4/0x1f0\n       _raw_spin_lock+0x2f/0x40\n       cifs_match_super+0x101/0x320\n       sget+0xab/0x270\n       cifs_smb3_do_mount+0x1e0/0x460\n       smb3_get_tree+0x55/0x90\n       vfs_get_tree+0x46/0x180\n       do_new_mount+0x1b0/0x2e0\n       path_mount+0x6ee/0x740\n       do_mount+0x98/0xe0\n       __do_sys_mount+0x148/0x180\n       do_syscall_64+0xa4/0x260\n       entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-\u003e #0 (&tcp_ses-\u003esrv_lock){+.+.}-{3:3}:\n       check_noncircular+0x95/0xc0\n       check_prev_add+0x115/0x2f0\n       validate_chain+0x1cf/0x270\n       __lock_acquire+0x60e/0x780\n       lock_acquire.part.0+0xb4/0x1f0\n       _raw_spin_lock+0x2f/0x40\n       cifs_signal_cifsd_for_reconnect+0x134/0x200\n       __cifs_reconnect+0x8f/0x500\n       cifs_handle_standard+0x112/0x280\n       cifs_demultiplex_thread+0x64d/0xbc0\n       kthread+0x2f7/0x310\n       ret_from_fork+0x2a/0x230\n       ret_from_fork_asm+0x1a/0x30\n\nother info that might help us debug this:\n\nChain exists of:\n  &tcp_ses-\u003esrv_lock --\u003e &ret_buf-\u003eses_lock --\u003e &ret_buf-\u003echan_lock\n\n Possible unsafe locking scenario:\n\n       CPU0                    CPU1\n       ----                    ----\n  lock(&ret_buf-\u003echan_lock);\n                               lock(&ret_buf-\u003eses_lock);\n                               lock(&ret_buf-\u003echan_lock);\n  lock(&tcp_ses-\u003esrv_lock);\n\n *** DEADLOCK ***\n\n3 locks held by cifsd/6055:\n #0: ffffffff857de398 (&cifs_tcp_ses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x7b/0x200\n #1: ffff888119c64060 (&ret_buf-\u003eses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x9c/0x200\n #2: ffff888119c64330 (&ret_buf-\u003echan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200","modified":"2026-04-16T04:39:03.020688620Z","published":"2025-07-09T10:42:26.622Z","related":["SUSE-SU-2025:02853-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:02969-1","SUSE-SU-2025:02996-1","SUSE-SU-2025:02997-1","SUSE-SU-2025:03011-1","SUSE-SU-2025:03023-1","SUSE-SU-2025:20577-1","SUSE-SU-2025:20586-1","SUSE-SU-2025:20601-1","SUSE-SU-2025:20602-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","openSUSE-SU-2025:20081-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38244.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/711741f94ac3cf9f4e3aa73aa171e76d188c0819"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7f3ead8ebc0ef65b6c89a13912b4e80218425629"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c82c7041258d96e3286f6790ab700e4edd3cc9e3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fe035dc78aa6ca8f862857d45beaf7a0e03206ca"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38244.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38244"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d7d7a66aacd6fd8ca57baf08a7bac5421282f6f8"},{"fixed":"c82c7041258d96e3286f6790ab700e4edd3cc9e3"},{"fixed":"7f3ead8ebc0ef65b6c89a13912b4e80218425629"},{"fixed":"fe035dc78aa6ca8f862857d45beaf7a0e03206ca"},{"fixed":"711741f94ac3cf9f4e3aa73aa171e76d188c0819"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38244.json"}}],"schema_version":"1.7.5"}