12192 – kernel BUG at /build/buildd/linux-2.6.27/fs/cifs/cifs_dfs_ref.c:274

Bug 12192 - kernel BUG at /build/buildd/linux-2.6.27/fs/cifs/cifs_dfs_ref.c:274

Summary: kernel BUG at /build/buildd/linux-2.6.27/fs/cifs/cifs_dfs_ref.c:274

Status:	RESOLVED CODE_FIX

Alias:	None

Product:	File System
Classification:	Unclassified
Component:	CIFS (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	Steve French

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-12-10 05:56 UTC by Luis Miguel
Modified:	2009-02-10 10:04 UTC (History)
CC List:	1 user (show)

See Also:
Kernel Version:	2.6.27-9
Subsystem:
Regression:	---
Bisected commit-id:

Attachments
Fix for DFS oops (4.22 KB, text/x-diff) 2009-02-10 10:04 UTC, Steve French	Details
Add an attachment (proposed patch, testcase, etc.)

Description Luis Miguel 2008-12-10 05:56:48 UTC

Latest working kernel version:
Earliest failing kernel version:  2.6.27-9-generic
Distribution: Ubuntu 8.10
Hardware Environment: Laptop Compaq 6710b
Software Environment: 
Problem Description: When trying to mount a MS DFS file system, it works fine, no error returned but when accessing or "ls" the mounted point it returns a:
"Segmentation fault".

This is the fstab config:

//server/share /mnt/share cifs nounix,username=username,password=password,file_mode=0777,dir_mode=0777 0 0

From dmesg output I can see:


[ 3464.104084] ------------[ cut here ]------------
[ 3464.104094] kernel BUG at /build/buildd/linux-2.6.27/fs/cifs/cifs_dfs_ref.c:274!
[ 3464.104101] invalid opcode: 0000 [#10] SMP
[ 3464.104109] Modules linked in: i915 drm af_packet binfmt_misc rfcomm sco bridge stp bnep l2cap bluetooth ppdev acpi_cpufreq cpufreq_conservative cpufreq_stats cpufreq_userspace cpufreq_powersave cpufreq_ondemand freq_table sbs sbshc pci_slot ipv6 nls_cp437 cifs iptable_filter ip_tables x_tables dm_crypt dm_mod sbp2 lp pata_pcmcia joydev pcmcia arc4 ecb crypto_blkcipher iwl3945 rfkill mac80211 serio_raw yenta_socket snd_hda_intel evdev parport_pc rsrc_nonstatic psmouse led_class pcmcia_core pcspkr parport cfg80211 snd_pcm_oss snd_mixer_oss snd_pcm tpm_infineon tpm video tpm_bios container snd_seq_dummy output snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device battery wmi snd intel_agp iTCO_wdt iTCO_vendor_support agpgart ac button soundcore snd_page_alloc shpchp pci_hotplug ext3 jbd mbcache usbhid hid sr_mod cdrom sd_mod crc_t10dif sg ata_piix pata_acpi ahci ohci1394 ata_generic ieee1394 libata scsi_mod tg3 dock libphy ehci_hcd uhci_hcd usbcore thermal processor fan fbcon tileblit font bitblit softcursor fuse
[ 3464.104335]
[ 3464.104341] Pid: 10981, comm: ls Tainted: G      D   (2.6.27-9-generic #1)
[ 3464.104348] EIP: 0060:[<f9050b58>] EFLAGS: 00210246 CPU: 0
[ 3464.104374] EIP is at cifs_dfs_follow_mountpoint+0x438/0x480 [cifs]
[ 3464.104380] EAX: ef9242a8 EBX: ef9242a8 ECX: f90690a0 EDX: f07ffed4
[ 3464.104386] ESI: ef9242a8 EDI: f07ffed4 EBP: f07ffe10 ESP: f07ffdcc
[ 3464.104391]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 3464.104397] Process ls (pid: 10981, ti=f07fe000 task=f07f1920 task.ti=f07fe000)
[ 3464.104402] Stack: c037e6dd f07ffe00 f79090e8 f07ffe78 00000000 f07ffe00 c01cb0d2 f7909080
[ 3464.104420]        00000000 f07ffe00 f07ffed4 f07ffe78 00000000 00000000 f07ffed4 ef9242a8
[ 3464.104436]        00000000 f07ffe3c c01bc6ae f07ffe78 f07ffe3c ef9242a8 f07ffe78 f07ffe64
[ 3464.104453] Call Trace:
[ 3464.104457]  [<c037e6dd>] ? _spin_lock+0xd/0x10
[ 3464.104472]  [<c01cb0d2>] ? mntput_no_expire+0x22/0x120
[ 3464.104485]  [<c01bc6ae>] ? do_follow_link+0xfe/0x2c0
[ 3464.104495]  [<c01bc15b>] ? __link_path_walk+0x6eb/0xb40
[ 3464.104504]  [<c023528f>] ? apparmor_path_permission+0x5f/0x80
[ 3464.104515]  [<c014ba18>] ? up_read+0x8/0x20
[ 3464.104525]  [<c0214848>] ? cap_dentry_open+0x8/0x10
[ 3464.104537]  [<c01bca14>] ? path_walk+0x54/0xb0
[ 3464.104546]  [<c01bcbc6>] ? do_path_lookup+0xb6/0x1a0
[ 3464.104555]  [<c01bd7da>] ? user_path_at+0x4a/0x80
[ 3464.104564]  [<c019a20b>] ? vma_link+0x5b/0xf0
[ 3464.104574]  [<c019ac60>] ? mmap_region+0x2b0/0x4a0
[ 3464.104584]  [<c01b5e26>] ? vfs_stat_fd+0x26/0x60
[ 3464.104595]  [<c01b5f66>] ? vfs_stat+0x16/0x20
[ 3464.104604]  [<c01b5f89>] ? sys_stat64+0x19/0x30
[ 3464.104614]  [<c014ba38>] ? up_write+0x8/0x20
[ 3464.104623]  [<c0107f61>] ? sys_mmap2+0x61/0xc0
[ 3464.104633]  [<c0103f7b>] ? sysenter_do_call+0x12/0x2f
[ 3464.104643]  [<c0370000>] ? netdev_exit+0x10/0x20
[ 3464.104652]  =======================
[ 3464.104655] Code: c0 8b 80 cc 02 00 00 c7 44 24 04 68 40 05 f9 c7 04 24 00 03 06 f9 89 44 24 0c 8b 45 d0 89 44 24 08 e8 46 b9 32 c7 e9 13 fc ff ff <0f> 0b eb fe c7 44 24 04 68 40 05 f9 c7 04 24 8c 02 06 f9 e8 29
[ 3464.104752] EIP: [<f9050b58>] cifs_dfs_follow_mountpoint+0x438/0x480 [cifs] SS:ESP 0068:f07ffdcc
[ 3464.104783] ---[ end trace 34769c89649fbe1c ]---


It's useful saying that there's no issue accessing into that share using smbclient.


Steps to reproduce:

Comment 1 Shirish Pargaonkar 2009-01-31 16:44:37 UTC

Can you please check whether following kernel options are enabled or not?
  CONFIG_CIFS_EXPERIMENTAL
  CONFIG_CIFS_DFS_UPCALL

Could you check whether these packages are installed
 keyutils
 keyutils-libs
and /etc/request.conf configured like below:

create      cifs.spnego    * * /usr/sbin/cifs.upcall -c %k
create      dns_resolver   * * /usr/sbin/cifs.upcall %k

Comment 2 Steve French 2009-02-07 19:12:02 UTC

This is a duplicate of Samba bug 6086.  There is a patch that fixes this on the linux-cifs-client mailing list which I am evaluating (may make minor changes) but which fixes this.

Comment 3 Steve French 2009-02-10 10:04:11 UTC

Created attachment 20182 [details]
Fix for DFS oops

Comment 4 Steve French 2009-02-10 10:04:46 UTC

Let us know if this doesn't fix the problem.  Has been reviewed by various people and will push upstream for 2.6.29

Note You need to log in before you can comment on or make changes to this bug.