Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian Kernel (http://www.linux-archive.org/debian-kernel/)
-   -   Bug#463508: linux-image-2.6.22-3-686: nfs4 client crash on long filename (http://www.linux-archive.org/debian-kernel/44333-bug-463508-linux-image-2-6-22-3-686-nfs4-client-crash-long-filename.html)

Andrew Dixie 02-01-2008 02:22 AM

Bug#463508: linux-image-2.6.22-3-686: nfs4 client crash on long filename
 
Package: linux-image-2.6.22-3-686
Severity: grave

This program run within an nfs4 mount causes the kernel to crash.


Program:
#include <unistd.h>

int main()
{
return access(
"AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
"AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
"AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
"AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
"AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
"AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
"AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
"AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
"AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
"AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
"AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
"AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
"AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
"AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
"AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
"AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
"AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
"AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
"AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
"AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
,0);
}

Crash message:
RESERVE_SPACE(608) failed in function encode_lookup
------------[ cut here ]------------
kernel BUG at fs/nfs/nfs4xdr.c:849!
invalid opcode: 0000 [#1]
SMP
Modules linked in: binfmt_misc ocfs2_dlmfs ocfs2_dlm ocfs2_nodemanager
configfs nfs lockd nfs_acl sunrpc ipv6 dm_snapshot dm_mirror dm_mod
ip_vs sd_mod psmouse ide_cd cdrom i2c_i801 e7xxx_edac edac_mc i2c_core
shpchp pci_hotplug iTCO_wdt parport_pc parport evdev rtc pcspkr ext3 jbd
mbcache raid1 md_mod ide_disk ata_generic libata piix e1000 aic79xx
scsi_transport_spi scsi_mod generic ide_core uhci_hcd floppy usbcore
thermal processor fan
CPU: 0
EIP: 0060:[<f8ce3099>] Not tainted VLI
EFLAGS: 00010296 (2.6.22-3-686 #1)
EIP is at encode_lookup+0x33/0x5a [nfs]
eax: 00000037 ebx: 00000258 ecx: 00000086 edx: 00000000
esi: 00000260 edi: eb369d0c ebp: f728f300 esp: ee115ba4
ds: 007b es: 007b fs: 00d8 gs: 0033 ss: 0068
Process testengine (pid: 5174, ti=ee114000 task=f75c9a50
task.ti=ee114000)
Stack: f8cee730 00000260 f8ceaff6 ee3d0068 ee115cb8 ee115bd0 f8ce43fd
00000000
00000004 00000000 00000000 ee3d008c f728f304 ee3d0234 f728f304
00000000
f6828c80 f728f300 f8ce43ad f8c62ebd f8c62f62 f8c5f8f2 00000000
ee115c38
Call Trace:
[<f8ce43fd>] nfs4_xdr_enc_lookup+0x50/0x71 [nfs]
[<f8ce43ad>] nfs4_xdr_enc_lookup+0x0/0x71 [nfs]
[<f8c62ebd>] rpcauth_wrap_req+0x6c/0x74 [sunrpc]
[<f8c62f62>] rpcauth_marshcred+0x4b/0x52 [sunrpc]
[<f8c5f8f2>] xprt_prepare_transmit+0x78/0x81 [sunrpc]
[<f8c5d427>] call_transmit+0x1a4/0x207 [sunrpc]
[<f8c5d172>] call_reserve+0x3c/0x65 [sunrpc]
[<f8ce43ad>] nfs4_xdr_enc_lookup+0x0/0x71 [nfs]
[<f8c623a5>] __rpc_execute+0x78/0x22e [sunrpc]
[<f8c61a17>] rpc_set_active+0x1c/0x58 [sunrpc]
[<f8c5db4b>] rpc_call_sync+0x6f/0x91 [sunrpc]
[<f8cdda4c>] nfs4_proc_lookup+0xdb/0x264 [nfs]
[<c0102f7d>] __switch_to+0xa3/0x126
[<f8ccb48e>] nfs_lookup+0xdf/0x243 [nfs]
[<f8c62e49>] rpcauth_unwrap_resp+0x6c/0x74 [sunrpc]
[<f8c62f10>] rpcauth_checkverf+0x4b/0x52 [sunrpc]
[<c02a4298>] __wait_on_bit+0x50/0x58
[<f8c61ea2>] rpc_wait_bit_interruptible+0x0/0x1f [sunrpc]
[<c011c349>] __wake_up+0x32/0x43
[<f8c5dd5f>] rpc_release_client+0x4c/0x62 [sunrpc]
[<c012b02d>] recalc_sigpending+0xb/0x1d
[<f8c63117>] rpcauth_lookupcred+0x65/0x8a [sunrpc]
[<f8ccbc9c>] nfs_access_get_cached+0x1c/0xed [nfs]
[<f8ccbefe>] nfs_permission+0x191/0x19d [nfs]
[<c01780bb>] dput+0x15/0xdc
[<f8ccd2a5>] nfs_atomic_lookup+0x48/0x14b [nfs]
[<c0178e24>] d_alloc+0x138/0x17b
[<c01700be>] do_lookup+0xa3/0x140
[<c0171d5c>] __link_path_walk+0x7d8/0xc2d
[<f8c6035f>] xs_sendpages+0x76/0x1c1 [sunrpc]
[<c012a943>] lock_timer_base+0x19/0x35
[<c015506e>] activate_page+0x81/0xa7
[<c01721f5>] link_path_walk+0x44/0xb3
[<c01780e2>] dput+0x3c/0xdc
[<c017c20c>] mntput_no_expire+0x11/0x6a
[<c01724d5>] do_path_lookup+0x15a/0x175
[<c01712c5>] getname+0x59/0x8f
[<c0172c8f>] __user_walk_fd+0x2f/0x45
[<c0169173>] sys_faccessat+0x9c/0x133
[<c01780e2>] dput+0x3c/0xdc
[<c017c20c>] mntput_no_expire+0x11/0x6a
[<c0169229>] sys_access+0x1f/0x23
[<c0103d86>] syscall_call+0x7/0xb
[<c02a0000>] atm_dev_ioctl+0x4b5/0x567
=======================
Code: 8b 5a 04 8d 73 08 89 f2 e8 46 68 f8 ff 85 c0 89 c2 75 1c 89 74 24
04 c7 44 24 08 f6 af ce f8 c7 04 24 30 e7 ce f8 e8 2c 06 44 c7 <0f> 0b
eb fe c7 00 00 00 00 0f 89 d8 89 d9 0f c8 89 42 04 8d 42
EIP: [<f8ce3099>] encode_lookup+0x33/0x5a [nfs] SS:ESP 0068:ee115ba4

-- System Information:
Debian Release: lenny
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.22-3-686
Locale: LANG=en_NZ, LC_CTYPE=en_NZ (charmap=ISO-8859-1)



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

maximilian attems 02-01-2008 09:28 AM

Bug#463508: linux-image-2.6.22-3-686: nfs4 client crash on long filename
 
severity 463508 important
stop

On Fri, Feb 01, 2008 at 04:22:31PM +1300, Andrew Dixie wrote:
> Package: linux-image-2.6.22-3-686
> Severity: grave

please against 2.6.24 found in unstable.
nfsd had some updates since.

> This program run within an nfs4 mount causes the kernel to crash.

i see, fun




--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

"Andrew Dixie" 02-03-2008 08:21 PM

Bug#463508: linux-image-2.6.22-3-686: nfs4 client crash on long filename
 
> please against 2.6.24 found in unstable.
> nfsd had some updates since.

The problem is fixed in 2.6.24-1.

Thanks.




--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


All times are GMT. The time now is 12:42 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.