Bug#546809: [Pkg-samba-maint] Bug#546809: listing contents of remote directory does not show all content and can cause kernel panic

[Ben Hutchings]

On Wed, 2009-09-16 at 12:02 -0700, Kevin wrote:
> Ben,
> 
> I tried running ls repeatedly with no problems other than the missing
> files.  This worked for a few minutes until it hit the error again.  I
> did not see anything on the console as the system rebooted upon
> hitting the error.  The kern.log file shows this just before the
> system rebooted:
> 
> CIFS VFS: RFC1001 size 35 bigger than SMB for Mid=749
> Sep 16 09:48:31 webdata kernel: [  475.319384] Bad SMB: : dump of 48 bytes of 
> data at 0xf6a10980
> Sep 16 09:48:31 webdata kernel: [  475.319394]  00000023 424d53ff 00000074 
> 00018800 # . . . � S M B t . . . . . . .
> Sep 16 09:48:31 webdata kernel: [  475.319402]  00000000 00000000 00000000 
> 0cec0000 . . . . . . . . . . . . . . � .
> Sep 16 09:48:31 webdata kernel: [  475.319410]  02ed0000 6a00ff00 02000000 
> 00003800 . . � . . � . j . . . . . 8 . .
> Sep 16 09:48:54 webdata kernel: [  501.027724]  CIFS VFS: server not 
> responding
> Sep 16 09:48:54 webdata kernel: [  501.027724]  CIFS VFS: No response to cmd 
> 116 mid 749
> 
> I have found the following bug report which seems to describe the same 
> problem.
> 
> http://www.linux-archive.org/debian-kernel/216752-bug-509428-bug-509428-libsmbclient-system-freeze-when-accessing-samba-cifs-share-network-appliances-storage.html

That could be the same bug.  It was apparently fixed somewhere between
2.6.26 and 2.6.29, but the precise change was not identified.  This
could be it, though:

commit 76c510ad2e7d56cfe8f2cc7b23783e5c687cf704
Author: Shirish Pargaonkar <shiri...@gmail.com>
Date:   Thu Jul 24 14:48:33 2008 +0000

    [CIFS] Fix possible double free if search immediately after search rewind 
fails
    
    Signed-off-by: Shirish Pargaonkar <shiri...@us.ibm.com>
    Signed-off-by: Steve French <sfre...@us.ibm.com>

diff --git a/fs/cifs/readdir.c b/fs/cifs/readdir.c
index 83f3069..5f40ed3 100644
--- a/fs/cifs/readdir.c
+++ b/fs/cifs/readdir.c
@@ -690,6 +690,7 @@ static int find_cifs_entry(const int xid, struct 
cifsTconInfo *pTcon,
                        else
                                cifs_buf_release(cifsFile->srch_inf.
                                                ntwrk_buf_start);
+                       cifsFile->srch_inf.ntwrk_buf_start = NULL;
                }
                rc = initiate_cifs_search(xid, file);
                if (rc) {
--- END ---

Can you test whether this patch fixes the bug?  Instructions for
rebuilding a Debian kernel package are here:
<http://kernel-handbook.alioth.debian.org/ch-common-tasks.html#s-common-official>.

Ben.

-- 
Ben Hutchings
This sentence contradicts itself - no actually it doesn't.

signature.asc
Description: This is a digitally signed message part