Latest working kernel version: 2.6.27 Earliest failing kernel version: 2.6.28 Distribution: Debian Etch Hardware Environment: /proc/cpuinfoprocessor : 0 vendor_id : AuthenticAMD cpu family : 15 model : 127 model name : AMD Sempron(tm) Processor LE-1150 stepping : 1 cpu MHz : 2000.168 cache size : 256 KB fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 1 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext fxsr_opt rdtscp lm 3dnowext 3dnow up pni cx16 lahf_lm extapic cr8_legacy 3dnowprefetch bogomips : 4000.33 clflush size : 64 power management: ts fid vid ttp tm stc 100mhzsteps Software Environment: scripts/ver_linux If some fields are empty or look unusual you may have an old version. Compare to the current minimal requirements in Documentation/Changes. Linux tvwan 2.6.28 #8 SMP Wed Mar 4 16:28:33 CET 2009 i686 GNU/Linux Gnu C 4.1.2 Gnu make 3.81 binutils 2.17 util-linux 2.12r mount 2.12r module-init-tools 3.3-pre2 e2fsprogs 1.40-WIP jfsutils 1.1.11 Linux C Library 2.3.6 Dynamic linker (ldd) 2.3.6 Procps 3.2.7 Net-tools 1.60 Console-tools 0.2.3 Sh-utils 5.97 udev 125 wireless-tools 28 Modules Loaded blowfish cbc ipv6 jfs nls_base nvidia agpgart i2c_core loop snd_hda_codec_nvhdmi snd_hda_codec_realtek fan snd_hda_intel snd_hda_codec snd_hwdep snd_pcm_oss snd_mixer_oss thermal snd_pcm snd_timer button ohci_hcd ehci_hcd processor thermal_sys k8temp snd soundcore usbcore forcedeth rtc_cmos rtc_core rtc_lib sg evdev snd_page_alloc sr_mod cdrom Problem Description: When i tried to move a file in read-only cifs filesystem and cifs kernel module crashed. BUG: unable to handle kernel paging request at fffffff0 IP: [<f8835b36>] cifs_unlink+0x41e/0x544 [cifs] *pde = 00011067 *pte = 00000000 Oops: 0000 [#1] SMP last sysfs file: /sys/class/net/eth0/address Modules linked in: blowfish cbc nls_utf8 cifs ipv6 ac battery jfs nls_base nvidia(P) agpgart i2c_core loop fan snd_hda_intel snd_pcm_oss snd_mixer_oss snd_pcm snd_timer ehci_hcd ohci_hcd snd button thermal k8temp processor thermal_sys soundcore usbcore evdev forcedeth snd_page_alloc rtc_cmos rtc_core rtc_lib sg sr_mod cdrom Pid: 3448, comm: mv Tainted: P (2.6.28 #2) Unknow EIP: 0060:[<f8835b36>] EFLAGS: 00010282 CPU: 0 EIP is at cifs_unlink+0x41e/0x544 [cifs] EAX: e28d4280 EBX: f43e3b00 ECX: 000080d0 EDX: ffffffdc ESI: e5acfc00 EDI: f83323c0 EBP: 0000001e ESP: ded7fe2c DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 Process mv (pid: 3448, ti=ded7e000 task=e592f480 task.ti=ded7e000) Stack: eab64b28 eaab4024 fffffff4 e58ba720 00000000 ffffffdc e5998200 e28d4280 00000000 00000000 e58ba660 00000000 5c8ba1a0 f883eb40 0000001d e58ba180 0000001d fffffff3 f43e3b00 f8836c19 eaab4024 eab63c38 e58ba660 e58ba180 Call Trace: [<f8836c19>] cifs_rename+0x1aa/0x212 [cifs] [<c0165b50>] vfs_rename+0x270/0x3bc [<c016532b>] __lookup_hash+0x65/0xdf [<c01671dd>] sys_renameat+0x151/0x1c4 [<c0161c84>] sys_lstat64+0xf/0x23 [<c0167261>] sys_rename+0x11/0x15 [<c010373d>] sysenter_do_call+0x12/0x25 Code: 20 00 0f 85 81 00 00 00 ba d0 80 00 00 b8 58 de 3c c0 e8 e3 63 92 c7 85 c0 89 44 24 1c c7 44 24 08 f4 ff ff ff 74 7b 8b 54 24 14 <8b> 52 14 85 d2 89 54 24 24 75 0c b2 80 c7 44 24 24 80 00 00 00 EIP: [<f8835b36>] cifs_unlink+0x41e/0x544 [cifs] SS:ESP 0068:ded7fe2c ---[ end trace ef12a295f03a19c7 ]--- I do a little patch to prevent this oops, it's a trivial solution but it work for me. diff -Naur linux-2.6.28/fs/cifs/inode.c linux-2.6.28-new/fs/cifs/inode.c --- linux-2.6.28/fs/cifs/inode.c 2008-12-25 00:26:37.000000000 +0100 +++ linux-2.6.28-new/fs/cifs/inode.c 2009-02-13 10:18:16.703909551 +0100 @@ -1370,7 +1370,7 @@ checking the UniqueId via FILE_INTERNAL_INFO */ unlink_target: - if ((rc == -EACCES) || (rc == -EEXIST)) { + if (rc == -EEXIST) { tmprc = cifs_unlink(target_dir, target_dentry); if (tmprc) goto cifs_rename_exit; Steps to reproduce: - Mount filesystem with following options mount XXXX /media/mountpoint -o rw,sync,dirsync,nosuid,noexec,unc=\\tvwan-vista\Videos,username=tvwan,uid=0,gid=0,file_mode=02767,dir_mode=0777,rsize=16384,wsize=57344 - Move a file mv a b
Looking into this.
Where is the source file (a) and where is it being moved (b)? Is source file on the server share being moved to another file on the same server share? It is a read-only filesystem but mount option is rw. Is this a samba share you are trying to mount and if so, can you paste the share stanza in smb.conf from the server?
Sorry, i didn't explain very well. It happen when you move or rename a file into same share folder. I know i should mount with ro option however it allowed discover this bug. Remote filesystems is a windows vista share folder if you like i can send you folder settings.
If you can send folder settings, that would help, will try to recreate the bug. With samba read-only share, it did not allow move.
Created attachment 20975 [details] Share settings
yes, it (mv) crashed my system with a Windows share mounted with similar folder settings. Let me try again with samba server again with a share with similar permissions.
http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commitdiff;h=14121bdccc17b8c0e4368a9c0e4f82c3dd47f240 Will wait for Jeff Layton's comment on this.
Thanks for the bug report, I've been able to reproduce this too. I'm still looking at the problem, but I don't think that patch is quite what we want. I suspect that the issue is that target_dentry is a negative dentry. We probably just need to check for that before calling cifs_unlink here. Let me experiment a bit...
Created attachment 21032 [details] patch -- only try unlinking positive dentries Does this patch also fix it for you?
I tried the patch, it works. No crash and permission denied error, as prior. Thanks.
Fixed by http://bugzilla.kernel.org/attachment.cgi?id=21032 which avoids the call to cifs_unlink in that case, and a fix to cifs_unlink so it wouldn't oops even if called that way (I will attach git changeset ff6945279d45edd8f6b0a5ddb1ef16cecce3ea9c from the linux kernel tree)
Created attachment 21336 [details] fix so cifs_unlink does not oops even if passed negative dentry
Fixed now in mainline