Re: NFS bug?

On Fri, 2006-04-21 at 00:55 -0700, Andrew Morton wrote:
> Trond Myklebust <[email protected]> wrote:
> >
> > On Thu, 2006-04-20 at 11:14 -0700, Robert Merrill wrote:
> >  > > Oh... and could you also send us the Oops/stack trace from the BUG_ON()?
> >  > >
> >  >  ------------[ cut here ]------------
> >  > kernel BUG at arch/i386/lib/usercopy.c:582!
> >  > invalid operand: 0000 [#49]
> >  > SMP
> >  > Modules linked in: w83627hf eeprom lm85 w83781d hwmon_vid i2c_isa
> >  > i2c_dev thermal fan button processor ac battery nfs lockd nfs_acl
> >  > sunrpc ipv6 quota_v1 ide_cd cdrom generic joydev piix psmouse evdev
> >  > uhci_hcd ehci_hcd parport_pc parport e1000 rtc serio_raw floppy
> >  > usbcore i2c_i801 ide_core i2c_core mousedev pcspkr shpchp pci_hotplug
> >  > CPU:    2
> >  > EIP:    0060:[<c01ff157>]    Not tainted VLI
> >  > EFLAGS: 00010282   (2.6.15.7-soda0)
> >  > EIP is at __copy_from_user_ll+0x12/0xe2
> >  > eax: 00000000   ebx: 00000003   ecx: fffffffb   edx: fffffffb
> >  > esi: 0804a024   edi: 00000000   ebp: 00000000   esp: f6964f84
> >  > ds: 007b   es: 007b   ss: 0068
> >  > Process a.out (pid: 6994, threadinfo=f6964000 task=f70e7030)
> >  > Stack: fffffffb b7f55ff4 f893c2a0 00000000 0804a024 fffffffb fffffffb 000000d0
> >  >        f70e7030 00000003 0804a024 b7f55ff4 f6964000 f893dc1d 00000003 0804a024
> >  >        00004000 0804a024 b7f55ff4 bf973d50 ffffffda 0000007b c010007b 000000dc
> >  > Call Trace:
> >  > Code: 07 29 c8 f3 a4 89 c1 c1 e9 02 83 e0 03 90 f3 a5 89 c1 f3 a4 89
> >  > c8 5e 5f c3 57 56 8b 7c 24 0c 8b 74 24 10 8b 4c 24 14 85 c9 79 08 <0f>
> >  > 0b 46 02 63 92 2f c0 83 f9 3f 0f 86 99 00 00 00 89 f8 31 f0
> > 
> >  Was there no stack trace in that Oops? AFAICS, getdents64() isn't
> >  supposed to be calling __copy_from_user_ll() at all, so you appear to
> >  have something very weird going here.
> 
> I'd be guessing that filldir64() was passed a negative namlen.

Why would that trigger a bug in __copy_from_user_ll()? I could see it
triggering errors in copy_to_user(), but not copy_from_*...

Cheers,
  Trond


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: NFS bug?
    • From: Andrew Morton <[email protected]>
  • Re: NFS bug?
    • From: "Joshua Hudson" <[email protected]>

• References:
  • NFS bug?
    • From: "Robert Merrill" <[email protected]>
  • Re: NFS bug?
    • From: Trond Myklebust <[email protected]>
  • Re: NFS bug?
    • From: "Robert Merrill" <[email protected]>
  • Re: NFS bug?
    • From: Trond Myklebust <[email protected]>
  • Re: NFS bug?
    • From: "Robert Merrill" <[email protected]>
  • Re: NFS bug?
    • From: Trond Myklebust <[email protected]>
  • Re: NFS bug?
    • From: Andrew Morton <[email protected]>

• Prev by Date: Re: [PATCH/RFC] s390: Hypervisor File System
• Next by Date: Re: unix socket connection tracking
• Previous by thread: Re: NFS bug?
• Next by thread: Re: NFS bug?
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]