Bug 27082

Summary: CIFS related seg fault
Product: File System Reporter: Peter Teoh (htmldeveloper)
Component: CIFSAssignee: Jeff Layton (jlayton)
Status: RESOLVED CODE_FIX    
Severity: normal CC: htmldeveloper, jlayton
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: v2.6.37-3737-g0c21e3a Subsystem:
Regression: No Bisected commit-id:
Attachments: kernel config for compilation

Description Peter Teoh 2011-01-20 01:09:02 UTC 
Created attachment 44212 [details]
kernel config for compilation

While doing an unzip operation on a CIFS mounted filesystem I got a seg fault:

unzip ../xf86-video-via-0.2.2.zip 
Archive:  ../xf86-video-via-0.2.2.zip
   creating: xf86-video-via-0.2.2/
Segmentation fault

Checking the dmesg:

[ 7273.369563] ------------[ cut here ]------------
[ 7273.369575] kernel BUG at fs/dcache.c:1358!
[ 7273.369582] invalid opcode: 0000 [#1] SMP 
[ 7273.369590] last sysfs file: /sys/devices/pci0000:00/0000:00:1c.1/0000:03:00.0/ieee80211/phy0/rfkill0/state
[ 7273.369598] Modules linked in: nls_cp437 cifs vga16fb vgastate isofs udf crc_itu_t usbhid i915 binfmt_misc drm_kms_helper drm i2c_algo_bit ppdev bridge stp bnep kvm_intel kvm xfs exportfs lp parport snd_hda_codec_conexant arc4 snd_hda_intel snd_hda_codec iwlagn snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy pcmcia iwlcore snd_seq_oss snd_seq_midi video thinkpad_acpi mac80211 snd_rawmidi tpm_tis yenta_socket pcmcia_rsrc pcmcia_core tpm tpm_bios nvram psmouse snd_seq_midi_event intel_agp intel_gtt output serio_raw snd_seq snd_timer snd_seq_device cfg80211 agpgart iTCO_wdt iTCO_vendor_support snd pcspkr soundcore snd_page_alloc reiserfs e1000e
[ 7273.369732] 
[ 7273.369740] Pid: 12963, comm: unzip Not tainted 2.6.37+ #4 7440A82/7440A82
[ 7273.369748] EIP: 0060:[<c021e902>] EFLAGS: 00210286 CPU: 1
[ 7273.369763] EIP is at d_set_d_op+0x52/0x60
[ 7273.369769] EAX: f4ada400 EBX: 00000000 ECX: fcdfc5c0 EDX: fcdfc5c0
[ 7273.369775] ESI: cff344ac EDI: f2263a00 EBP: f10c7dbc ESP: f10c7dbc
[ 7273.369782]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 7273.369790] Process unzip (pid: 12963, ti=f10c6000 task=ce833f20 task.ti=f10c6000)
[ 7273.369795] Stack:
[ 7273.369799]  f10c7e64 fcde60ed f4540a00 00000109 f10c7e56 f10c7e56 f10c7e50 f22a9380
[ 7273.369816]  fce2ffe0 00000000 f10c7e56 000081a4 f4ada400 e4f1a62c 00000109 c0000000
[ 7273.369833]  f4540e00 f21ca000 f2263a00 f450a480 f22a9380 00000005 00000080 e4f1a62c
[ 7273.369849] Call Trace:
[ 7273.369870]  [<fcde60ed>] cifs_create+0x59d/0x800 [cifs]
[ 7273.369882]  [<c0216165>] ? generic_permission+0x25/0xc0
[ 7273.369895]  [<fcdd41b0>] ? cifs_permission+0x0/0x70 [cifs]
[ 7273.369907]  [<fcdd41f6>] ? cifs_permission+0x46/0x70 [cifs]
[ 7273.369919]  [<c0301940>] ? security_inode_permission+0x20/0x30
[ 7273.369929]  [<c0217202>] vfs_create+0x92/0xb0
[ 7273.369937]  [<c0218710>] do_last+0x240/0x2c0
[ 7273.369946]  [<c021a7a6>] do_filp_open+0x366/0x670
[ 7273.369959]  [<c020b14d>] do_sys_open+0x6d/0x110
[ 7273.369968]  [<c020b25e>] sys_open+0x2e/0x40
[ 7273.369976]  [<c010301c>] sysenter_do_call+0x12/0x28
[ 7273.369981] Code: 10 00 00 8b 4a 08 85 c9 74 06 81 08 00 20 00 00 8b 0a 85 c9 74 06 81 08 00 40 00 00 8b 52 0c 85 d2 74 06 81 08 00 80 00 00 5d c3 <0f> 0b eb fe 66 90 0f 0b eb fe 8d 74 26 00 55 89 e5 53 3e 8d 74 
[ 7273.370075] EIP: [<c021e902>] d_set_d_op+0x52/0x60 SS:ESP 0068:f10c7dbc
[ 7273.370091] ---[ end trace f39537f02ebb1dd3 ]---

Kernel is sync with linus git tree:

git describe
v2.6.37-3737-g0c21e3a
Comment 1 Peter Teoh 2011-01-20 01:33:50 UTC 
BTW, all description is applicable for the CIFS client only.   The CIFS server appeared to have no error at all.   

Further test indicate that "mkdir", "ls", "cp" operation (from CIFS client) are still possible on the mounted filesystem.   "unzip" operation on the zip file consistently generate the same error message inside the dmesg log - it just append and accumulate.

Moreover, "unzip -t" and "unzip -l" on binary tested alright - binary has no error.  

If I do a "unzip" on other filesystem, and then "mv" back the entire directory to that of the CIFS mounted filesystem - no error as well.

Looking in line 1358 of fs/dcache.c in my repository is as below:

   1355
   1356 void d_set_d_op(struct dentry *dentry, const struct dentry_operations *op)
   1357 {
   1358         BUG_ON(dentry->d_op);
   1359         BUG_ON(dentry->d_flags & (DCACHE_OP_HASH        |
   1360                                 DCACHE_OP_COMPARE       |
   1361                                 DCACHE_OP_REVALIDATE    |
   1362                                 DCACHE_OP_DELETE ));
   1363         dentry->d_op = op;
   1364         if (!op)
   1365                 return;
   1366         if (op->d_hash)
   1367                 dentry->d_flags |= DCACHE_OP_HASH;
   1368         if (op->d_compare)

So how do u solve the puzzle?
Comment 2 Jeff Layton 2011-01-20 01:39:28 UTC 
This is fixed in recent versions of Linus' tree. This patch may also help, but isn't really needed as much now that the VFS has been fixed.

http://marc.info/?l=linux-fsdevel&m=129500778415116&w=2
Comment 3 Jeff Layton 2011-01-20 01:40:54 UTC 
Closing with a resolution of CODE_FIX. Please reopen if it's not fixed in a more recent tree.