Bug 12192

Summary: kernel BUG at /build/buildd/linux-2.6.27/fs/cifs/cifs_dfs_ref.c:274
Product: File System Reporter: Luis Miguel (luis.rodriguez)
Component: CIFSAssignee: Steve French (sfrench)
Status: RESOLVED CODE_FIX    
Severity: normal CC: shirishp
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.27-9 Subsystem:
Regression: --- Bisected commit-id:
Attachments: Fix for DFS oops

Description Luis Miguel 2008-12-10 05:56:48 UTC 
Latest working kernel version:
Earliest failing kernel version:  2.6.27-9-generic
Distribution: Ubuntu 8.10
Hardware Environment: Laptop Compaq 6710b
Software Environment: 
Problem Description: When trying to mount a MS DFS file system, it works fine, no error returned but when accessing or "ls" the mounted point it returns a:
"Segmentation fault".

This is the fstab config:

//server/share /mnt/share cifs nounix,username=username,password=password,file_mode=0777,dir_mode=0777 0 0

From dmesg output I can see:


[ 3464.104084] ------------[ cut here ]------------
[ 3464.104094] kernel BUG at /build/buildd/linux-2.6.27/fs/cifs/cifs_dfs_ref.c:274!
[ 3464.104101] invalid opcode: 0000 [#10] SMP
[ 3464.104109] Modules linked in: i915 drm af_packet binfmt_misc rfcomm sco bridge stp bnep l2cap bluetooth ppdev acpi_cpufreq cpufreq_conservative cpufreq_stats cpufreq_userspace cpufreq_powersave cpufreq_ondemand freq_table sbs sbshc pci_slot ipv6 nls_cp437 cifs iptable_filter ip_tables x_tables dm_crypt dm_mod sbp2 lp pata_pcmcia joydev pcmcia arc4 ecb crypto_blkcipher iwl3945 rfkill mac80211 serio_raw yenta_socket snd_hda_intel evdev parport_pc rsrc_nonstatic psmouse led_class pcmcia_core pcspkr parport cfg80211 snd_pcm_oss snd_mixer_oss snd_pcm tpm_infineon tpm video tpm_bios container snd_seq_dummy output snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device battery wmi snd intel_agp iTCO_wdt iTCO_vendor_support agpgart ac button soundcore snd_page_alloc shpchp pci_hotplug ext3 jbd mbcache usbhid hid sr_mod cdrom sd_mod crc_t10dif sg ata_piix pata_acpi ahci ohci1394 ata_generic ieee1394 libata scsi_mod tg3 dock libphy ehci_hcd uhci_hcd usbcore thermal processor fan fbcon tileblit font bitblit softcursor fuse
[ 3464.104335]
[ 3464.104341] Pid: 10981, comm: ls Tainted: G      D   (2.6.27-9-generic #1)
[ 3464.104348] EIP: 0060:[<f9050b58>] EFLAGS: 00210246 CPU: 0
[ 3464.104374] EIP is at cifs_dfs_follow_mountpoint+0x438/0x480 [cifs]
[ 3464.104380] EAX: ef9242a8 EBX: ef9242a8 ECX: f90690a0 EDX: f07ffed4
[ 3464.104386] ESI: ef9242a8 EDI: f07ffed4 EBP: f07ffe10 ESP: f07ffdcc
[ 3464.104391]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 3464.104397] Process ls (pid: 10981, ti=f07fe000 task=f07f1920 task.ti=f07fe000)
[ 3464.104402] Stack: c037e6dd f07ffe00 f79090e8 f07ffe78 00000000 f07ffe00 c01cb0d2 f7909080
[ 3464.104420]        00000000 f07ffe00 f07ffed4 f07ffe78 00000000 00000000 f07ffed4 ef9242a8
[ 3464.104436]        00000000 f07ffe3c c01bc6ae f07ffe78 f07ffe3c ef9242a8 f07ffe78 f07ffe64
[ 3464.104453] Call Trace:
[ 3464.104457]  [<c037e6dd>] ? _spin_lock+0xd/0x10
[ 3464.104472]  [<c01cb0d2>] ? mntput_no_expire+0x22/0x120
[ 3464.104485]  [<c01bc6ae>] ? do_follow_link+0xfe/0x2c0
[ 3464.104495]  [<c01bc15b>] ? __link_path_walk+0x6eb/0xb40
[ 3464.104504]  [<c023528f>] ? apparmor_path_permission+0x5f/0x80
[ 3464.104515]  [<c014ba18>] ? up_read+0x8/0x20
[ 3464.104525]  [<c0214848>] ? cap_dentry_open+0x8/0x10
[ 3464.104537]  [<c01bca14>] ? path_walk+0x54/0xb0
[ 3464.104546]  [<c01bcbc6>] ? do_path_lookup+0xb6/0x1a0
[ 3464.104555]  [<c01bd7da>] ? user_path_at+0x4a/0x80
[ 3464.104564]  [<c019a20b>] ? vma_link+0x5b/0xf0
[ 3464.104574]  [<c019ac60>] ? mmap_region+0x2b0/0x4a0
[ 3464.104584]  [<c01b5e26>] ? vfs_stat_fd+0x26/0x60
[ 3464.104595]  [<c01b5f66>] ? vfs_stat+0x16/0x20
[ 3464.104604]  [<c01b5f89>] ? sys_stat64+0x19/0x30
[ 3464.104614]  [<c014ba38>] ? up_write+0x8/0x20
[ 3464.104623]  [<c0107f61>] ? sys_mmap2+0x61/0xc0
[ 3464.104633]  [<c0103f7b>] ? sysenter_do_call+0x12/0x2f
[ 3464.104643]  [<c0370000>] ? netdev_exit+0x10/0x20
[ 3464.104652]  =======================
[ 3464.104655] Code: c0 8b 80 cc 02 00 00 c7 44 24 04 68 40 05 f9 c7 04 24 00 03 06 f9 89 44 24 0c 8b 45 d0 89 44 24 08 e8 46 b9 32 c7 e9 13 fc ff ff <0f> 0b eb fe c7 44 24 04 68 40 05 f9 c7 04 24 8c 02 06 f9 e8 29
[ 3464.104752] EIP: [<f9050b58>] cifs_dfs_follow_mountpoint+0x438/0x480 [cifs] SS:ESP 0068:f07ffdcc
[ 3464.104783] ---[ end trace 34769c89649fbe1c ]---


It's useful saying that there's no issue accessing into that share using smbclient.


Steps to reproduce:
Comment 1 Shirish Pargaonkar 2009-01-31 16:44:37 UTC 
Can you please check whether following kernel options are enabled or not?
  CONFIG_CIFS_EXPERIMENTAL
  CONFIG_CIFS_DFS_UPCALL

Could you check whether these packages are installed
 keyutils
 keyutils-libs
and /etc/request.conf configured like below:

create      cifs.spnego    * * /usr/sbin/cifs.upcall -c %k
create      dns_resolver   * * /usr/sbin/cifs.upcall %k
Comment 2 Steve French 2009-02-07 19:12:02 UTC 
This is a duplicate of Samba bug 6086.  There is a patch that fixes this on the linux-cifs-client mailing list which I am evaluating (may make minor changes) but which fixes this.
Comment 3 Steve French 2009-02-10 10:04:11 UTC 
Created attachment 20182 [details]
Fix for DFS oops
Comment 4 Steve French 2009-02-10 10:04:46 UTC 
Let us know if this doesn't fix the problem.  Has been reviewed by various people and will push upstream for 2.6.29