Bug 491465

Summary: Fedora11 Alpha gives call trace while mounting Samba direcotory
Product: [Fedora] Fedora Reporter: IBM Bug Proxy <bugproxy>
Component: kernelAssignee: Jeff Layton <jlayton>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: rawhideCC: gdeschner, kernel-maint, quintela, ssorce, steved
Target Milestone: ---   
Target Release: ---   
Hardware: ppc64   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-04-03 17:34:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
CIFSTCon fix none

Description IBM Bug Proxy 2009-03-21 12:48:00 UTC
=Comment: #0=================================================
Pavan Naregundi <pavan.naregundi.com> - 
Mounting a samba directory which has following options in smb.conf

[SAMBA1]
        path = /SAMBA1
        guest ok = yes
        only guest = yes
        writeable = yes
        printable =yes

gives the following Call Trace with error no 2(No such file or directory)

$ mount.cifs //9.124.111.125/SAMBA1 /SAMBA1 -o username=root
Password: 
 CIFS VFS: cifs_read_super: get root inode failed
=============================================================================
BUG kmalloc-8 (Not tainted): Redzone overwritten
-----------------------------------------------------------------------------

INFO: 0xc00000003a13fa08-0xc00000003a13fa0c. First byte 0x80 instead of 0xcc
INFO: Allocated in .CIFSTCon+0x3fc/0x560 [cifs] age=64 cpu=1 pid=2418
INFO: Slab 0xf000000001798198 objects=51 used=33 fp=0xc00000003a13fa50 flags=0x00c3
INFO: Object 0xc00000003a13fa00 @offset=2560 fp=0xc00000003a13fa50

Bytes b4 0xc00000003a13f9f0:  00 00 00 00 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a ........ZZZZZZZZ
  Object 0xc00000003a13fa00:  e4 b8 80 e5 90 80 e4 98                         ��.�..�.        
 Redzone 0xc00000003a13fa08:  80 e5 8c 80 00 cc cc cc                         .�...���        
 Padding 0xc00000003a13fa48:  5a 5a 5a 5a 5a 5a 5a 5a                         ZZZZZZZZ        
Call Trace:
[c000000035a6f490] [c0000000000117d8] .show_stack+0x6c/0x16c (unreliable)
[c000000035a6f540] [c000000000149c18] .print_trailer+0x150/0x178
[c000000035a6f5e0] [c00000000014a424] .check_bytes_and_report+0x104/0x170
[c000000035a6f6a0] [c00000000014a508] .check_object+0x78/0x260
[c000000035a6f740] [c00000000014ca18] .__slab_free+0x298/0x3dc
[c000000035a6f7f0] [c00000000014d608] .kfree+0x134/0x190
[c000000035a6f8a0] [d000000000a73e30] .tconInfoFree+0x60/0xc4 [cifs]
[c000000035a6f930] [d000000000a62b18] .cifs_put_tcon+0x11c/0x148 [cifs]
[c000000035a6f9d0] [d000000000a62b68] .cifs_umount+0x24/0x58 [cifs]
[c000000035a6fa50] [d000000000a51c44] .cifs_get_sb+0x264/0x32c [cifs]
[c000000035a6fb10] [c00000000015c7dc] .vfs_kern_mount+0xd4/0x1b0
[c000000035a6fbc0] [c00000000015c928] .do_kern_mount+0x60/0x138
[c000000035a6fc70] [c000000000179254] .do_mount+0x854/0x8d8
[c000000035a6fd60] [c0000000001a0054] .compat_sys_mount+0x20c/0x28c
[c000000035a6fe30] [c0000000000085f0] syscall_exit+0x0/0x40
FIX kmalloc-8: Restoring 0xc00000003a13fa08-0xc00000003a13fa0c=0xcc

mount error 2 = No such file or directory
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)

====================================


However, client is able to mount the directory if 'printable' option is set to 'no', i.e "printable =no"

Server is started with following commands

/usr/sbin/smbd -D
/usr/sbin/nmbd -D
=Comment: #5=================================================
Shirish S. Pargaonkar <shirishp.com> - 
Looking at the problem
=Comment: #6=================================================
Shirish S. Pargaonkar <shirishp.com> - 
Not sure whether this is cifs vfs client bug, cifs sends the same requests. It is Samba server that
reacts differently with 
 printable = yes
option in the stanza in the smb.conf file.

With
 printable = yes
option, this is the error that is logged by samba server
[2009/02/27 04:00:48,  3] smbd/trans2.c:call_trans2qfilepathinfo(3939)
  call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 512
[2009/02/27 04:00:48,  3] smbd/trans2.c:call_trans2qfilepathinfo(3984)
  call_trans2qfilepathinfo: SMB_VFS_LSTAT of  failed (No such file or directory)
[2009/02/27 04:00:48,  3] smbd/error.c:reply_unix_error(154)
  unix_error_packet: error string = No such file or directory
[2009/02/27 04:00:48,  3] smbd/error.c:error_packet_set(61)
  error packet at smbd/trans2.c(3985) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND

Investigating by printable = yes option can cause this.

=Comment: #7=================================================
Shirish S. Pargaonkar <shirishp.com> - 
With the same staza sans 
 printable = yes, 
generates this log by Samba server for a mount request by a client

[2009/02/27 04:07:55,  3] smbd/trans2.c:call_trans2qfilepathinfo(3939)
  call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 512
[2009/02/27 04:07:55,  5] smbd/filename.c:unix_convert(149)
  unix_convert called on file ""
[2009/02/27 04:07:55,  5] smbd/filename.c:unix_convert(182)
  conversion finished "" -> .

i.e. when mount does not fail.


=Comment: #8=================================================
Shirish S. Pargaonkar <shirishp.com> - 
It is the unix_convert function that returns different values for
the same input and that causes difference of behaviour.

unix_convert returns null fname in case of 
 printable = yes
and . in case of  no printable = yes line in
the stanza in the smb.conf file.

lstat call on a null file fails and so does mount.

Will have to look into what unix_convert in samba code does.

=Comment: #9=================================================
Shirish S. Pargaonkar <shirishp.com> - 
samba server responses are incorrect with 
 printable = yes
in a stanza in smb.conf

Without -o prefixpath=<directory> during mount, a root is not 
identified, with -o prefixpath=<directory>, a share can be mounted
but find first command returns error (i.e. ls returns empty).

Investigating.
=Comment: #10=================================================
Shirish S. Pargaonkar <shirishp.com> - 
I do not think one uses 
 printable = yes
with file shares.  With printers, it is used.
For file shares, the default is
 printable = no
=Comment: #11=================================================
Shirish S. Pargaonkar <shirishp.com> - 
This is not a bug, it is incorrect usage of a samba option for a 
file share.
The stanza option
 printable = yes
is not used alongwith a file share.
=Comment: #12=================================================
Pavan Naregundi <pavan.naregundi.com> - 
Shirish,

Error no 2(No such file or directory) seems ok for the the invalid option "printable = yes" for
sharing of files. Can we avoid the call trace here?

Thanks
Pavan



=Comment: #13=================================================
Shirish S. Pargaonkar <shirishp.com> - 
(In reply to comment #12)
> Shirish,
> Error no 2(No such file or directory) seems ok for the the invalid option
> "printable = yes" for sharing of files. Can we avoid the call trace here?
> Thanks
> Pavan

OK, I missed that.  I had not turned on CONFIG_DEBUG_SLAB
in .config file.  Let me turn it on, build the kernel and modules,
and retry the mount to see whether I can see the stack trace
during a mount error with printable = yes option in the stanza
in smb.conf file on the server, I am using cifs vfs client on a SLES11
system but the source code is 2.6.29-rc7.

=Comment: #14=================================================
Shirish S. Pargaonkar <shirishp.com> - 
At least with 2.6.29-rc7, I do not see the stack trace mentioned
when mount fails.

mount.cifs //cifstest8.austin.ibm.com/smb88 /mnt/smb_a -o remount,nobrl,user=root,pass=password
mount error 22 = Invalid argument
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
cifstest6:/usr/src/linux.ssp.030509/cifs-2.6 # dmesg


syslog buffer is empty.


[smb88]
        path =  /tmp/cifstest88
        browseable = Yes
        read only = No
        guest ok = Yes
        writable = yes
        printable = yes

=Comment: #15=================================================
Shirish S. Pargaonkar <shirishp.com> - 
Forgot to add these,

CONFIG_SLAB=y
CONFIG_SLABINFO=y
CONFIG_DEBUG_SLAB=y
# CONFIG_DEBUG_SLAB_LEAK is not set


Are there any other config options that you think needed
to see the stack trace you state?

=Comment: #16=================================================
Shirish S. Pargaonkar <shirishp.com> - 
Sorry, wrong command

mount.cifs //cifstest8.austin.ibm.com/smb88 /mnt/smb_a -o user=root,pass=password
mount error 2 = No such file or directory
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)


I still do not see the stack trace, even with 
echo 7 > /proc/fs/cifs/cifsFYI
turned on

See this, but no stack trace

fs/cifs/cifssmb.c: In QPathInfo (Unix) the path
 fs/cifs/transport.c: For smb_command 50
 fs/cifs/transport.c: Sending smb:  total_len 78
 fs/cifs/connect.c: rfc1002 length 0x27
 fs/cifs/connect.c: invalid transact2 word count
Status code returned 0xc0000034 NT_STATUS_OBJECT_NAME_NOT_FOUND
 fs/cifs/netmisc.c: Mapping smb error code 2 to POSIX err -2
 fs/cifs/cifssmb.c: Send error in QPathInfo = -2
 CIFS VFS: cifs_read_super: get root inode failed
 fs/cifs/connect.c: CIFS VFS: in cifs_put_tcon as Xid: 15 with uid: 0
 fs/cifs/cifssmb.c: In tree disconnect



=Comment: #17=================================================
Sridhar Vinay <vinaysridhar.com> - 
Shirish,

Even without the debug options, I was at least able to see this in dmesg: "CIFS VFS:
cifs_read_super: get root inode failed". Are you not seeing even this?

In the system where we could see the trace I see 

CONFIG_SLUB_DEBUG=y
# CONFIG_SLAB is not set
CONFIG_SLUB=y

=Comment: #18=================================================
Shirish S. Pargaonkar <shirishp.com> - 
(In reply to comment #17)
> Shirish,
> Even without the debug options, I was at least able to see this in dmesg: "CIFS
> VFS: cifs_read_super: get root inode failed". Are you not seeing even this?
> In the system where we could see the trace I see 
> CONFIG_SLUB_DEBUG=y
> # CONFIG_SLAB is not set
> CONFIG_SLUB=y

Yes, I do see that error messages

CIFS VFS: cifs_read_super: get root inode failed

But that is because of incorrect usage of printable = yes option
on a file share which is usage error.

=Comment: #19=================================================
Sridhar Vinay <vinaysridhar.com> - 
(In reply to comment #18)

> 
> Yes, I do see that error messages
> 
> CIFS VFS: cifs_read_super: get root inode failed
> 
> But that is because of incorrect usage of printable = yes option
> on a file share which is usage error.
>

I guess the trace is triggered on calling kfree(cifs_sb) in the cifs_read_super() 



=Comment: #22=================================================
Sridhar Vinay <vinaysridhar.com> - 

CIFSTCon fix

Fix a kzalloc allocation size to avoid overwriting redzone.
=Comment: #26=================================================
Shirish S. Pargaonkar <shirishp.com> - 

This patch looks fine to me, it is correct to allocate twice the 
16 bit characters bytes returned by UniStrnlen.

Steve, if this looks correct to you, it can be committed.
=Comment: #27=================================================
Steven M. French <sfrench.com> - 
Merged into cifs-2.6.git

Will merge into 2.6.30 soon as it opens up (and to the stable kernels).

Recommend for backport to distros that are not based off stable kernel series.

Comment 1 IBM Bug Proxy 2009-03-21 12:48:10 UTC
Created attachment 336158 [details]
CIFSTCon fix

Comment 2 IBM Bug Proxy 2009-04-01 06:40:53 UTC
------- Comment From vinaysridhar.com 2009-04-01 02:33 EDT-------
Red Hat,

Will this fix be considered for f11?

btw, upstream commit: http://lkml.org/lkml/2009/3/31/490

Comment 3 Jeff Layton 2009-04-01 12:55:07 UTC
The patch is already in 2.6.29 and has been proposed for stable. F11 will likely release with a 2.6.29 kernel so this should make it.

I'll leave it open for now and we can close it once F10 has a kernel with this patch.

Comment 4 Chuck Ebbert 2009-04-01 16:26:25 UTC
The fix is in 2.6.30 and is going into 2.6.29.1. F11 will have at least that kernel and possibly a later one. F10 will be getting that kernel too.

Comment 5 Jeff Layton 2009-04-03 17:34:45 UTC
Fix is now upstream. Closing bug with resolution of RAWHIDE.

Comment 6 IBM Bug Proxy 2009-04-06 03:30:36 UTC
------- Comment From vinaysridhar.com 2009-04-05 23:20 EDT-------
Closing on IBM side

Comment 7 IBM Bug Proxy 2009-04-09 07:31:17 UTC
------- Comment From pavan.naregundi.com 2009-04-09 03:27 EDT-------
I still geting the call trace in F11beta

# uname -a
Linux mjs22lp1 2.6.29-0.258.2.3.rc8.git2.fc11.ppc64 #1 SMP Tue Mar 24 18:41:15 EDT 2009 ppc64 ppc64 ppc64 GNU/Linux

# mount.cifs //9.126.89.222/SAMBA /SAMBA1/ -o username=root
Password:
mount error(2): No such file or directory
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)

[root@mjs22lp1 /]# dmesg
CIFS VFS: cifs_read_super: get root inode failed
=============================================================================
BUG kmalloc-8 (Not tainted): Redzone overwritten
-----------------------------------------------------------------------------

INFO: 0xc00000005aedf378-0xc00000005aedf37c. First byte 0x80 instead of 0xcc
INFO: Allocated in .CIFSTCon+0x414/0x580 [cifs] age=3 cpu=5 pid=6792
INFO: Slab 0xf0000000024f0a98 objects=51 used=11 fp=0xc00000005aedf000 flags=0x00c3
INFO: Object 0xc00000005aedf370 @offset=880 fp=0xc00000005aedf3c0

Bytes b4 0xc00000005aedf360:  00 00 00 01 06 5f 29 b7 5a 5a 5a 5a 5a 5a 5a 5a ....._)???ZZZZZZZZ
Object 0xc00000005aedf370:  e4 b8 80 e5 90 80 e4 98                         ??????.???..???.
Redzone 0xc00000005aedf378:  80 e5 8c 80 00 cc cc cc                         .???...?????????
Padding 0xc00000005aedf3b8:  5a 5a 5a 5a 5a 5a 5a 5a                         ZZZZZZZZ
Call Trace:
[c00000002903f380] [c000000000012530] .show_stack+0x98/0x188 (unreliable)
[c00000002903f430] [c000000000611e94] .dump_stack+0x28/0x3c
[c00000002903f4b0] [c000000000176230] .print_trailer+0x164/0x190
[c00000002903f550] [c000000000176b84] .check_bytes_and_report+0x11c/0x17c
[c00000002903f620] [c000000000176c78] .check_object+0x94/0x28c
[c00000002903f6d0] [c000000000179580] .__slab_free+0x254/0x3cc
[c00000002903f790] [c00000000017a180] .kfree+0x144/0x1a0
[c00000002903f850] [d000000000c285a8] .tconInfoFree+0x74/0xdc [cifs]
[c00000002903f8e0] [d000000000c16778] .cifs_put_tcon+0x10c/0x140 [cifs]
[c00000002903f980] [d000000000c167e0] .cifs_umount+0x34/0x6c [cifs]
[c00000002903fa10] [d000000000c04dbc] .cifs_get_sb+0x27c/0x34c [cifs]
[c00000002903faf0] [c00000000018b0e0] .vfs_kern_mount+0xe4/0x1c4
[c00000002903fbb0] [c00000000018b280] .do_kern_mount+0x6c/0x140
[c00000002903fc70] [c0000000001aacc0] .do_mount+0x864/0x8ec
[c00000002903fd60] [c0000000001d5824] .compat_sys_mount+0x21c/0x29c
[c00000002903fe30] [c0000000000085f0] syscall_exit+0x0/0x40
FIX kmalloc-8: Restoring 0xc00000005aedf378-0xc00000005aedf37c=0xcc

Comment 8 Jeff Layton 2009-04-09 12:12:22 UTC
That kernel predates the inclusion of the current upstream patch. I believe the latest F11 kernels have it.