Bug 5144 - Kernel crashes on mount
Summary: Kernel crashes on mount
Alias: None
Product: CifsVFS
Classification: Unclassified
Component: kernel fs (show other bugs)
Version: 2.6
Hardware: x64 Linux
: P3 critical
Target Milestone: ---
Assignee: Steve French
QA Contact:
Depends on:
Reported: 2007-12-14 12:37 UTC by Diederik van Lierop
Modified: 2009-03-06 15:19 UTC (History)
1 user (show)

See Also:

patch to fix oopses (935 bytes, patch)
2009-03-05 21:54 UTC, shirishpargaonkar@gmail.com
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Diederik van Lierop 2007-12-14 12:37:11 UTC
The kernel crashes when I try to mount a NAS. As root, I do:

mount -t cifs // /mnt/iomega

When it asks for a password, I just press enter as no password should be needed. See the details and trace below.

Linux localhost #1 SMP Thu Nov 22 20:39:56 EST 2007 x86_64 x86_64 x86_64 GNU/Linux

This is the NAS I'm trying to connect to:

I can access it using Nautilus without any problems. In the specs it says:

# Network File Protocols Supported:
    * Microsoft (CIFS/SMB)
    * Linux/UNIX (NFS)

Does this really mean that I cannot use CIFS in Linux, only in Windows? That would be weird!

Anyway, it shouldn't crash the kernel:

Unable to handle kernel NULL pointer dereference at 0000000000000010 RIP: 
 [<ffffffff883ee181>] :cifs:cifs_strfromUCS_le+0x61/0x74
PGD 3456a067 PUD 34472067 PMD 0 
Oops: 0002 [1] SMP 
CPU 0 
Modules linked in: cifs autofs4 nf_conntrack_netbios_ns nf_conntrack_ipv4 ipt_REJECT iptable_filter ip_tables nf_conntrack_ipv6 xt_state nf_conntrack nfnetlink xt_tcpudp ip6t_REJECT ip6table_filter ip6_tables x_tables hidp rfcomm l2cap bluetooth sunrpc cpufreq_ondemand fuse nls_utf8 nls_cp850 vfat fat dm_multipath video output sbs battery ac ipv6 arc4 ecb blkcipher snd_hda_intel snd_seq_dummy rt61pci rt2x00pci rt2x00lib snd_seq_oss rfkill snd_seq_midi_event input_polldev mac80211 snd_seq firewire_ohci firewire_core cfg80211 snd_seq_device eeprom_93cx6 pcspkr crc_itu_t snd_pcm_oss floppy snd_mixer_oss snd_pcm snd_timer snd button k8temp soundcore snd_page_alloc hwmon tg3 shpchp sg sr_mod cdrom dm_snapshot dm_zero dm_mirror dm_mod pata_ali sata_uli libata sd_mod scsi_mod ext3 jbd mbcache ehci_hcd ohci_hcd uhci_hcd
Pid: 3031, comm: mount.cifs Not tainted #1
RIP: 0010:[<ffffffff883ee181>]  [<ffffffff883ee181>] :cifs:cifs_strfromUCS_le+0x61/0x74
RSP: 0000:ffff8100345a1908  EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff883003e0
RDX: 0000000000000000 RSI: ffff81003445e1ee RDI: 0000000000000010
RBP: ffff81003445e1ee R08: ffff810023c82278 R09: ffff8100353553c0
R10: ffff8100345a1840 R11: ffffffff81070cd8 R12: ffff81002ee20e40
R13: 0000000000000000 R14: 0000000000000010 R15: ffffffff883003e0
FS:  00002aaaaaad06f0(0000) GS:ffffffff813b3000(0000) knlGS:00000000f7fd1b00
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000010 CR3: 00000000344d7000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process mount.cifs (pid: 3031, threadinfo ffff8100345a0000, task ffff8100345c0000)
Stack:  0000000000000000 0000000000000000 000000000000000b ffff81002ee20e40
 0000000000000000 ffff81003445e1ee 0000000000000000 ffffffff883f168d
 0000000000000000 ffffffff883003e0 ffff8100027af800 00000000ffffffff
Call Trace:
 [<ffffffff883f168d>] :cifs:CIFS_SessSetup+0x546/0x81d
 [<ffffffff883dd850>] :cifs:cifs_setup_session+0x11d/0xbcb
 [<ffffffff8125515d>] wait_for_completion+0xa0/0xb3
 [<ffffffff8102febf>] default_wake_function+0x0/0xe
 [<ffffffff883e1070>] :cifs:cifs_mount+0x1bf9/0x2214
 [<ffffffff81118987>] idr_get_new+0xb/0x28
 [<ffffffff81099754>] set_anon_super+0x3c/0xab
 [<ffffffff81099718>] set_anon_super+0x0/0xab
 [<ffffffff883d3666>] :cifs:cifs_get_sb+0x9e/0x1be
 [<ffffffff810992b4>] vfs_kern_mount+0x93/0x123
 [<ffffffff81099393>] do_kern_mount+0x43/0xdd
 [<ffffffff810ad087>] do_mount+0x691/0x705
 [<ffffffff8107d8bf>] handle_mm_fault+0x471/0x976
 [<ffffffff8111b5ef>] __up_read+0x19/0x7f
 [<ffffffff81258a3c>] do_page_fault+0x490/0x7e4
 [<ffffffff8116b401>] tty_ldisc_deref+0x62/0x75
 [<ffffffff8116ea26>] tty_ioctl+0xc03/0xc52
 [<ffffffff8107b535>] unmap_vmas+0x49c/0x773
 [<ffffffff810abac3>] copy_mount_options+0xce/0x127
 [<ffffffff810ad185>] sys_mount+0x8a/0xcd
 [<ffffffff8100bd35>] tracesys+0xd5/0xda

Code: 41 c6 04 06 00 89 d8 5a 5b 5d 41 5c 41 5d 41 5e 41 5f c3 41 
RIP  [<ffffffff883ee181>] :cifs:cifs_strfromUCS_le+0x61/0x74
 RSP <ffff8100345a1908>
CR2: 0000000000000010
Comment 1 Steve French 2008-12-05 14:06:53 UTC
I noticed this in cleaning up old defects, does this still fail on your system.  This area of code has had multiple fixes applied and we are not aware of any current problems in the area which failed in your problem description.
Comment 2 Diederik van Lierop 2008-12-05 15:55:35 UTC
Well, I've now got a different NAS, a new PC, another kernel and new distro, so I cannot be of any help I guess. You might as well close this bug report, or mark it as "works for me". Thanks anyway....
Comment 3 shirishpargaonkar@gmail.com 2009-03-05 21:54:04 UTC
Created attachment 3980 [details]
patch to fix oopses

Similar problem as kernel bugzill bug 10451.
Can you please apply this patch and see if it fixes the oops?
Comment 4 Diederik van Lierop 2009-03-06 02:03:41 UTC
I could apply this patch, but I cannot tell if it has solved the problem because I do not have the hardware any longer. There's no way that I can reproduce the original behavior.

Comment 5 Steve French 2009-03-06 15:19:35 UTC
This oops is fixed (see attached fix, and in mainline and stable)