124117 – kernel oops on mounting cifs share

Bug 124117 - kernel oops on mounting cifs share

Summary: kernel oops on mounting cifs share

Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:	(Show other bugs)
Version:	2
Hardware:	athlon Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Dave Jones
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-05-24 08:43 UTC by Nils O. Selåsdal
Modified:	2015-01-04 22:06 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2005-04-16 05:23:09 UTC
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Nils O. Selåsdal 2004-05-24 08:43:03 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6)
Gecko/20040510 Galeon/1.3.14

Description of problem:
Mounting a share on a win2003k server(and other winxp/win2k machines
in an Active Directory domain) oopses the kernel when ExtendedSecurity
is on. 

Version-Release number of selected component (if applicable):
kernel-2.6.5-1.358

How reproducible:
Always

Steps to Reproduce:
1. Turn on ExtendedSecurity
   echo 1 > /proc/fs/cifs/ExtendedSecurity 
2. Mount a share
   mount -t cifs //grimm/Documents /mnt/Documents/ -o
user=xxx,password=yyy

    

Actual Results:  Kernel oops:
 CIFS VFS: cifs_mount failed w/return code = 1
Unable to handle kernel NULL pointer dereference at virtual address
0000003d
 printing eip:
0214648b
*pde = 00000000
Oops: 0000 [#1]
CPU:    0
EIP:    0060:[<0214648b>]    Not tainted
EFLAGS: 00010246   (2.6.5-1.358)
EIP is at do_kern_mount+0xa9/0x124
eax: 00000000   ebx: 00000000   ecx: 022cfa00   edx: 13946000
esi: 00000001   edi: 21fad980   ebp: 229caf60   esp: 13929f0c
ds: 007b   es: 007b   ss: 0068
Process mount.cifs (pid: 2752, threadinfo=13929000 task=1fcf1430)
Stack: 13946000 1390d000 00000040 1fc14000 00000040 1fc14004 13929f5c
021562b0
       160db000 00000000 00000040 13929f5c 21fde000 021565af 00000000
1390d000
       160db000 00000000 1fc14000 1390d000 1d3eb680 21fadfc0 08f094c0
00001000
Call Trace:
 [<021562b0>] do_add_mount+0x55/0x145
 [<021565af>] do_mount+0x178/0x190
 [<0213f3d3>] get_user_size+0x30/0x57
 [<0215689a>] sys_mount+0x7b/0xe4
 
Code: 8b 56 3c 85 d2 74 10 8b 02 85 c0 75 08 0f 0b 17 01 36 22 29
 <7>PCI: Setting latency timer of device 0000:00:11.5 to 64


Expected Results:  Atleast the kernel not to oops. And preferrably the
share to get mounted ;)


Additional info:

I had this working on RH 8.0 with cifs 1.x I compiled myself.
Without the ExtendedSecurity the mount fails
with 
mount error 13 = Permission denied
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)

Ethereal shows it's some auth negotiating that fails.

Trying with smbfs I only get:
cli_negprot: SMB signing is mandatory and we have disabled it.
3117: protocol negotiation failed
SMB connection failed

Comment 1 Dave Jones 2005-04-16 05:23:09 UTC

Fedora Core 2 has now reached end of life, and no further updates will be
provided by Red Hat.  The Fedora legacy project will be producing further kernel
updates for security problems only.

If this bug has not been fixed in the latest Fedora Core 2 update kernel, please
try to reproduce it under Fedora Core 3, and reopen if necessary, changing the
product version accordingly.

Thank you.

Note You need to log in before you can comment on or make changes to this bug.