Bug#639416: linux-image-3.0.0-1-686-pae: system hangs after a lot of oopses (after login prompt)

To: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
Cc: 639416@bugs.debian.org, "Nelson A. de Oliveira" <naoliv@debian.org>
Subject: Bug#639416: linux-image-3.0.0-1-686-pae: system hangs after a lot of oopses (after login prompt)
From: Jonathan Nieder <jrnieder@gmail.com>
Date: Fri, 26 Aug 2011 20:01:23 -0500
Message-id: <[🔎] 20110827010123.GA24655@elie.gateway.2wire.net>
Reply-to: Jonathan Nieder <jrnieder@gmail.com>, 639416@bugs.debian.org
In-reply-to: <[🔎] 20110827003116.2914.27535.reportbug@kero.dot.net>
References: <[🔎] 20110827003116.2914.27535.reportbug@kero.dot.net>

forcemerge 637436 639416
tags 637436 + upstream fixed-upstream
quit

Hi,

Simon Wunderlich wrote:

> After booting (and logging in), the system works for some seconds and then i
> see quite some oopses for around 5 to 10 seconds. Then the system hangs
> completely.
[...]
> 2.6.39-2-686-pae works fine for me. linux-image-3.0.0-1-amd64 shows a similar
> behaviour (hangs after a few seconds)
[...]
> [   20.616754] CIFS: Unknown mount option codepage
> [   20.621903] CIFS VFS: default security mechanism requested.  The default security mechanism will be upgraded from ntlm to ntlmv2 in kernel release 3.1
> [   29.507499] ------------[ cut here ]------------
> [   29.507562] kernel BUG at [...]/mm/slab.c:3059!

Hm, the same assertion as in <http://bugs.debian.org/637436>.  Thanks
for pointing out the regression range!

I suspect this is fixed by the following patch, which is part of
v3.1-rc3 and will probably be included in v3.0.4.  Testing (of -rc
kernels or of the patch below alone) welcome, of course. :)

commit 13589c437daf
Author: Steve French <sfrench@us.ibm.com>
Date:   Thu Aug 18 04:41:55 2011 +0000

    [CIFS] possible memory corruption on mount
    
    CIFS cleanup_volume_info_contents() looks like having a memory
    corruption problem.
    When UNCip is set to "&vol->UNC[2]" in cifs_parse_mount_options(), it
    should not be kfree()-ed in cleanup_volume_info_contents().
    
    Introduced in commit b946845a9dc523c759cae2b6a0f6827486c3221a
    
    Signed-off-by: J.R. Okajima <hooanon05@yahoo.co.jp>
    Reviewed-by: Jeff Layton <jlayton@redhat.com>
    CC: Stable <stable@kernel.org>
    Signed-off-by: Steve French <sfrench@us.ibm.com>

diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 80c2e3add3a2..633c246b6775 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -2878,7 +2878,8 @@ cleanup_volume_info_contents(struct smb_vol *volume_info)
 	kfree(volume_info->username);
 	kzfree(volume_info->password);
 	kfree(volume_info->UNC);
-	kfree(volume_info->UNCip);
+	if (volume_info->UNCip != volume_info->UNC + 2)
+		kfree(volume_info->UNCip);
 	kfree(volume_info->domainname);
 	kfree(volume_info->iocharset);
 	kfree(volume_info->prepath);

Reply to:

Follow-Ups:
- Processed: Re: linux-image-3.0.0-1-686-pae: system hangs after a lot of oopses (after login prompt)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#639416: linux-image-3.0.0-1-686-pae: system hangs after a lot of oopses (after login prompt)
  - From: Ben Hutchings <ben@decadent.org.uk>

References:
- Bug#639416: linux-image-3.0.0-1-686-pae: system hangs after a lot of oopses (after login prompt)
  - From: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>

Prev by Date: Processed: Re: BUG: unable to handle kernel NULL pointer dereference
Next by Date: Bug#639418: linux-image-3.0.0-1-686-pae: kernel BUGs and hangs after boot up and prompt
Previous by thread: Bug#639416: linux-image-3.0.0-1-686-pae: system hangs after a lot of oopses (after login prompt)
Next by thread: Processed: Re: linux-image-3.0.0-1-686-pae: system hangs after a lot of oopses (after login prompt)
Index(es):
- Date
- Thread