Bug#463508: linux-image-2.6.22-3-686: nfs4 client crash on long filename

Andrew Dixie Thu, 31 Jan 2008 19:26:43 -0800

Package: linux-image-2.6.22-3-686
Severity: grave

This program run within an nfs4 mount causes the kernel to crash.



Program:
#include <unistd.h>

int main()
{
        return access(
        "AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
        "AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
        "AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
        "AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
        "AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
        "AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
        "AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
        "AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
        "AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
        "AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
        "AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
        "AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
        "AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
        "AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
        "AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
        "AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
        "AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
        "AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
        "AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
        "AAAAAAAAAABBBBBBBBBBCCCCCCCCCC"
        ,0);
}

Crash message:
RESERVE_SPACE(608) failed in function encode_lookup
------------[ cut here ]------------
kernel BUG at fs/nfs/nfs4xdr.c:849!
invalid opcode: 0000 [#1]
SMP
Modules linked in: binfmt_misc ocfs2_dlmfs ocfs2_dlm ocfs2_nodemanager
configfs nfs lockd nfs_acl sunrpc ipv6 dm_snapshot dm_mirror dm_mod
ip_vs sd_mod psmouse ide_cd cdrom i2c_i801 e7xxx_edac edac_mc i2c_core
shpchp pci_hotplug iTCO_wdt parport_pc parport evdev rtc pcspkr ext3 jbd
mbcache raid1 md_mod ide_disk ata_generic libata piix e1000 aic79xx
scsi_transport_spi scsi_mod generic ide_core uhci_hcd floppy usbcore
thermal processor fan
CPU:    0
EIP:    0060:[<f8ce3099>]    Not tainted VLI
EFLAGS: 00010296   (2.6.22-3-686 #1)
EIP is at encode_lookup+0x33/0x5a [nfs]
eax: 00000037   ebx: 00000258   ecx: 00000086   edx: 00000000
esi: 00000260   edi: eb369d0c   ebp: f728f300   esp: ee115ba4
ds: 007b   es: 007b   fs: 00d8  gs: 0033  ss: 0068
Process testengine (pid: 5174, ti=ee114000 task=f75c9a50
task.ti=ee114000)
Stack: f8cee730 00000260 f8ceaff6 ee3d0068 ee115cb8 ee115bd0 f8ce43fd
00000000
       00000004 00000000 00000000 ee3d008c f728f304 ee3d0234 f728f304
00000000
       f6828c80 f728f300 f8ce43ad f8c62ebd f8c62f62 f8c5f8f2 00000000
ee115c38
Call Trace:
 [<f8ce43fd>] nfs4_xdr_enc_lookup+0x50/0x71 [nfs]
 [<f8ce43ad>] nfs4_xdr_enc_lookup+0x0/0x71 [nfs]
 [<f8c62ebd>] rpcauth_wrap_req+0x6c/0x74 [sunrpc]
 [<f8c62f62>] rpcauth_marshcred+0x4b/0x52 [sunrpc]
 [<f8c5f8f2>] xprt_prepare_transmit+0x78/0x81 [sunrpc]
 [<f8c5d427>] call_transmit+0x1a4/0x207 [sunrpc]
 [<f8c5d172>] call_reserve+0x3c/0x65 [sunrpc]
 [<f8ce43ad>] nfs4_xdr_enc_lookup+0x0/0x71 [nfs]
 [<f8c623a5>] __rpc_execute+0x78/0x22e [sunrpc]
 [<f8c61a17>] rpc_set_active+0x1c/0x58 [sunrpc]
 [<f8c5db4b>] rpc_call_sync+0x6f/0x91 [sunrpc]
 [<f8cdda4c>] nfs4_proc_lookup+0xdb/0x264 [nfs]
 [<c0102f7d>] __switch_to+0xa3/0x126
 [<f8ccb48e>] nfs_lookup+0xdf/0x243 [nfs]
 [<f8c62e49>] rpcauth_unwrap_resp+0x6c/0x74 [sunrpc]
 [<f8c62f10>] rpcauth_checkverf+0x4b/0x52 [sunrpc]
 [<c02a4298>] __wait_on_bit+0x50/0x58
 [<f8c61ea2>] rpc_wait_bit_interruptible+0x0/0x1f [sunrpc]
 [<c011c349>] __wake_up+0x32/0x43
 [<f8c5dd5f>] rpc_release_client+0x4c/0x62 [sunrpc]
 [<c012b02d>] recalc_sigpending+0xb/0x1d
 [<f8c63117>] rpcauth_lookupcred+0x65/0x8a [sunrpc]
 [<f8ccbc9c>] nfs_access_get_cached+0x1c/0xed [nfs]
 [<f8ccbefe>] nfs_permission+0x191/0x19d [nfs]
 [<c01780bb>] dput+0x15/0xdc
 [<f8ccd2a5>] nfs_atomic_lookup+0x48/0x14b [nfs]
 [<c0178e24>] d_alloc+0x138/0x17b
 [<c01700be>] do_lookup+0xa3/0x140
 [<c0171d5c>] __link_path_walk+0x7d8/0xc2d
 [<f8c6035f>] xs_sendpages+0x76/0x1c1 [sunrpc]
 [<c012a943>] lock_timer_base+0x19/0x35
 [<c015506e>] activate_page+0x81/0xa7
 [<c01721f5>] link_path_walk+0x44/0xb3
 [<c01780e2>] dput+0x3c/0xdc
 [<c017c20c>] mntput_no_expire+0x11/0x6a
 [<c01724d5>] do_path_lookup+0x15a/0x175
 [<c01712c5>] getname+0x59/0x8f
 [<c0172c8f>] __user_walk_fd+0x2f/0x45
 [<c0169173>] sys_faccessat+0x9c/0x133
 [<c01780e2>] dput+0x3c/0xdc
 [<c017c20c>] mntput_no_expire+0x11/0x6a
 [<c0169229>] sys_access+0x1f/0x23
 [<c0103d86>] syscall_call+0x7/0xb
 [<c02a0000>] atm_dev_ioctl+0x4b5/0x567
 =======================
Code: 8b 5a 04 8d 73 08 89 f2 e8 46 68 f8 ff 85 c0 89 c2 75 1c 89 74 24
04 c7 44 24 08 f6 af ce f8 c7 04 24 30 e7 ce f8 e8 2c 06 44 c7 <0f> 0b
eb fe c7 00 00 00 00 0f 89 d8 89 d9 0f c8 89 42 04 8d 42
EIP: [<f8ce3099>] encode_lookup+0x33/0x5a [nfs] SS:ESP 0068:ee115ba4

-- System Information:
Debian Release: lenny
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.22-3-686
Locale: LANG=en_NZ, LC_CTYPE=en_NZ (charmap=ISO-8859-1)



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#463508: linux-image-2.6.22-3-686: nfs4 client crash on long filename

Reply via email to