Bug 121926 - oops on smbfs
Summary: oops on smbfs
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
(Show other bugs)
Version: 2
Hardware: i386 Linux
Target Milestone: ---
Assignee: Arjan van de Ven
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2004-04-29 05:28 UTC by Srihari Vijayaraghavan
Modified: 2007-11-30 22:10 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-08-09 11:46:17 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Srihari Vijayaraghavan 2004-04-29 05:28:22 UTC
Description of problem:
oops on smbfs

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. mount //remote/share /mnt/test
2. ls /mnt/test

Actual results:
ls: /mtn/test: Invalid slot

Expected results:
Expect ls to work. :-)

Additional info:
Here is the kksymoops:
smb_lookup: find //.Trash-"deleted_my_username_from_here" failed, error=-5
Unable to handle kernel NULL pointer dereference at virtual address
 printing eip:
*pde = 00000000
Oops: 0000 [#1]
CPU:    0
EIP:    0060:[<00000000>]    Not tainted
EFLAGS: 00210202   (2.6.5-1.327)
EIP is at 0x0
eax: 0c32fd80   ebx: 067d3f00   ecx: 02170b5e   edx: 0ff4bfa0
esi: 06b56024   edi: 07682c80   ebp: 03096ac0   esp: 0ff4bf14
ds: 007b   es: 007b   ss: 0068
Process nautilus (pid: 2145, threadinfo=0ff4b000 task=10382740)
Stack: 2288700d 0ff4bf38 00000000 06b56000 11a4b600 0a92ac98 02170b5e
       0c32fd80 00000000 001d4f9e 0c32fd80 00000000 00000000 06b56000
       00000000 00000000 00000001 00000004 00200246 22890820 0a92ad18
Call Trace:
 [<2288700d>] smb_readdir+0x4d5/0x5f0 [smbfs]
 [<02170b5e>] filldir64+0x0/0x12e
 [<02170848>] vfs_readdir+0x80/0xa4
 [<02170b5e>] filldir64+0x0/0x12e
 [<02170cf1>] sys_getdents64+0x65/0xaa
 [<0216fed9>] generic_file_fcntl+0x19e/0x207
Code:  Bad EIP value.

It looks very similar to the problem reported at the lkml thread:

1. The kernel.org's 2.6.6-rc3 on FC2 Test3 does not oops, however, it
does not list the smbfs mounted directory either.

2. The kernel.org's 2.6.6-rc3 on FC1 does not oops, and it lists smb
mounted directory just fine.

3. The kernel.org's 2.6.6-rc3 on FC2 Test 3 with
samba-common-3.0.2-7-FC1, samba-client-3.0.2-7-FC1 (yes those packages
 are from FC1), produces similar oops. But then you may not be
intrested in that oops, and I may have to take that up with the LKML.
But if you are interested in that oops, I shall provide that too.


Comment 1 Srihari Vijayaraghavan 2004-04-29 05:50:14 UTC
And oh, the remote machine, whose smb share I am trying to mount, is a
Windows NT 4 Work Station (SP6a). I am not sure if that matters.

Comment 2 Scott Russell 2004-05-20 14:13:41 UTC
Confirmed on FC2 Release as well. For me the remote system share is smaba on FC1 with 
all current errata. As the trace indecates Nautilus is involved some how. There are no 
problems mounting/browsing the same share from runlevel 3. (Nautilus not running)

I'll attach a copy of my oops as well:

kernel: Unable to handle kernel NULL pointer dereference at virtual address 00000000
kernel:  printing eip:
kernel: 00000000
kernel: *pde = 00000000
kernel: Oops: 0000 [#1]
kernel: CPU:    0
kernel: EIP:    0060:[<00000000>]    Not tainted
kernel: EFLAGS: 00210246   (2.6.5-1.358) 
kernel: EIP is at 0x0
kernel: eax: 0c13d080   ebx: 1558d290   ecx: 0214edcd   edx: 12de4fa0
kernel: esi: 04079024   edi: 03040f20   ebp: 0c13d080   esp: 12de4f14
kernel: ds: 007b   es: 007b   ss: 0068
kernel: Process nautilus (pid: 2201, threadinfo=12de4000 task=153ef330)
kernel: Stack: 
26e6b976 12de4f38 00000000 04079000 08b01b54 0a427e18 1e2c6080 0214edcd 
mount.smbfs[5690]: [2004/05/19 09:22:59, 0] client/smbmount.c:send_fs_socket(406) 
12de4fa0 00000000 0215fe39 0c13d080 00000000 00000000 04079000 00000002 
mount.smbfs[5690]:   mount.smbfs: entering daemon mode for service \\share\public, 
00000000 00000000 00000001 00000004 00200246 26e73020 0a427e80 0c13d080 
kernel: Call Trace:
kernel:  [<26e6b976>] smb_readdir+0x346/0x3f1 [smbfs]
kernel:  [<0214edcd>] filldir64+0x0/0x12e
kernel:  [<0215fe39>] elf_core_dump+0x8a8/0x94b
kernel:  [<0214eaba>] vfs_readdir+0x7a/0x9b
kernel:  [<0214edcd>] filldir64+0x0/0x12e
kernel:  [<0214ef60>] sys_getdents64+0x65/0xaa
kernel:  [<0214e26c>] generic_file_fcntl+0xd7/0x140
kernel: Code:  Bad EIP value.

Comment 3 Srihari Vijayaraghavan 2004-06-01 03:04:46 UTC
The good news is that in vanilla 2.6.7-rc2 it works great (no oops,
and  data is visible).

I will see if I can work out the diff between Fedora 2's kernel
(2.6.5-1.358) and 2.5.7-rc2, which fixes this fault.


PS: I am on FC2 final like Scott Russell.

Comment 4 Srihari Vijayaraghavan 2004-06-01 03:47:43 UTC
There is no diff between FC2 and 2.6.7-rc2 smbfs files. I am lost
(Maybe something was fixed at the VFS level, I do not know).

If you want me to test some patches etc., please let me know.


Comment 5 Arjan van de Ven 2004-06-01 06:37:29 UTC
We're working on an update based on 2.6.7-rc2 for FC2, you can get a
preliminary version of that kernel from

Comment 6 Srihari Vijayaraghavan 2004-06-02 06:41:03 UTC
Thanks Arjan. I have used the kernel-2.6.6-1.406.i686.rpm package from
that URL, but unfortunately that does not fix the problem.

Here is the oops report from that kernel:
smb_lookup: find //.Trash-"deleted-user-name" failed, error=-5
Unable to handle kernel NULL pointer dereference at virtual address
 printing eip:
*pde = 00000000
Oops: 0000 [#1]
Modules linked in: smbfs snd_mixer_oss snd_intel8x0 snd_ac97_codec
snd_pcm snd_timer snd_page_alloc gameport snd_mpu401_uart snd_rawmidi
snd_seq_device snd soundcore parport_pc lp parport autofs4 sunrpc e100
mii ipt_REJECT ipt_state ip_conntrack iptable_filter ip_tables floppy
sg scsi_mod microcode dm_mod uhci_hcd ehci_hcd button battery
asus_acpi ac i830 ipv6 ext3 jbd
CPU:    0
EIP:    0060:[<00000000>]    Not tainted
EFLAGS: 00210246   (2.6.6-1.406)
EIP is at 0x0
eax: 0f479280   ebx: 12b966d8   ecx: 0214da2d   edx: 11161fa0
esi: 0f3f0024   edi: 031a7e00   ebp: 0f479280   esp: 11161f14
ds: 007b   es: 007b   ss: 0068
Process nautilus (pid: 2807, threadinfo=11161000 task=11107730)
Stack: 2253b982 11161f38 00000000 0f3f0000 21749638 0f3f4e18 0f5af50c
       11161fa0 00000000 fffdf71c 0f479280 00000000 00000000 0f3f0000
       00000000 00000000 00000001 00000004 00200246 22543060 0f3f4e80
Call Trace:
 [<2253b982>] smb_readdir+0x346/0x3f1 [smbfs]
 [<0214da2d>] filldir64+0x0/0x12e
 [<0214d71a>] vfs_readdir+0x7a/0x9b
 [<0214da2d>] filldir64+0x0/0x12e
 [<0214dbc0>] sys_getdents64+0x65/0xaa
 [<0214cecc>] generic_file_fcntl+0xd7/0x140
Code:  Bad EIP value.

I am unable to explain this theory, but let me try: If I use my
minimal .config that I used under vanilla 2.6.7-rc2 on FC2 kernel
(2.6.5-1.358) and compile a custom kernel, then I do not see the
crash. IOW there is some setting in the FC2's .config that upsets
smbfs, which of course is not present in my custom .config. Alas, I am
unable to identify what that is. (Initially I thought components like
NLS and UTF-8 etc.. are to blame, but I proved myself wrong)

If you want I can provide my custom .config in which I do not see any
crashes (on both vanilla 2.6.7-rc2 and kernel built from FC2's
2.6.5-1.358 source).


Comment 7 Henry Leung 2004-06-03 08:48:23 UTC
My box is running FC2 release with latest updates. The smbfs crash
problem still exists. It seems that the smbfs has conflict with nautilus.

When I shut down nautilus, smbfs mounting will not crash:
# su
# rpm -e --nodeps nautilus
# kill `/var/run/nautilus.pid`
# mount //ictsamba/www /mnt/www -t smbfs -o user=henry

Now my FC2 box has nautilus removed, and smbfs is working. (Crazy

Henry Leung from Hong Kong

Comment 8 Richard Theil 2004-06-29 15:04:00 UTC
I reliably saw this bug with our corporate SMB servers (under
Nautilus). Checking up on the state, I installed kernel-2.6.7-1.456
and mounted under both nautilus (Gnome session) and konqueror (KDE
session). Still oopsed with nautilus, but mounted and worked well with
konq. To make sure I'd file my backtrace dmesg with the latest
software, I got arjans kernel-2.6.7-1.459 and tried again. Guess what.
The oops is gone. No related entries in dmesg (Linux version
2.6.7-1.459 (bhcompile@porky.build.redhat.com) (gcc version 3.4.0
20040621 (Red Hat Linux 3.4.0-7)) #1 Mon Jun 28 16:20:56 EDT 2004) either.

Comment 9 Srihari Vijayaraghavan 2004-06-30 00:35:19 UTC
The following patch, by Zwane Mwaikambo, titled "[PATCH] Fix smbfs
readdir oops", which appeared in 2.6.7-bk11 solves the problem:


PS: I have confirmed that the bug exists in 2.6.7-bk10; indeed, it is
fixed in 2.6.7-bk11.

Comment 10 Srihari Vijayaraghavan 2004-06-30 00:38:59 UTC
This URL is recommened as a bookmarkable link:


Comment 11 Srihari Vijayaraghavan 2004-08-05 23:25:23 UTC
The 2.6.7-1.494.2.2 fedora core 2 kernel update, which was released
few days ago, fixes the issue.

Please refer to this article:
Fedora Update Notification
for more information.

Thank you.

Note You need to log in before you can comment on or make changes to this bug.