This is happening at line 443 in cache_clean() -- "ch" (in ebx)
points into userspace data addresses:
420 /* find a cleanable entry in the bucket and clean it, or set to next bucket
*/
421
422 if (current_detail && current_index < current_detail->hash_size) {
423 struct cache_head *ch, **cp;
424 struct cache_detail *d;
425
426 write_lock(¤t_detail->hash_lock);
427
428 /* Ok, now to clean this strand */
429
430 cp = & current_detail->hash_table[current_index];
431 ch = *cp;
432 for (; ch; cp= & ch->next, ch= *cp) {
433 if (current_detail->nextcheck > ch->expiry_time)
434 current_detail->nextcheck = ch->expiry_time+1;
435 if (ch->expiry_time >= get_seconds()
436 && ch->last_refresh >= current_detail->flush_time
437 )
438 continue;
439 if (test_and_clear_bit(CACHE_PENDING, &ch->flags))
440 queue_loose(current_detail, ch);
441
442 if (atomic_read(&ch->ref.refcount) == 1)
443 break;
444 }
BUG: unable to handle kernel paging request at virtual address 51c503f6
printing eip:
f0b973d9
*pde = 00000000
Oops: 0000 [#1]
SMP
last sysfs file: /devices/pci0000:00/0000:00:01.0/irq
Modules linked in: nfsd exportfs lockd nfs_acl sunrpc ipv6 ipt_REJECT xt_state
ip_conntrack nfnetlink xt_tcpudp iptable_filter ip_tables x_tables video sbs
i2c_ec button battery asus_acpi ac lp sg scb2_flash floppy mtdcore chipreg
map_funcs 3c59x i2c_piix4 mii pcspkr i2c_core tg3 parport_pc parport serio_raw
ide_cd cdrom dm_snapshot dm_zero dm_mirror dm_mod mptspi mptscsih mptbase
scsi_transport_spi sd_mod scsi_mod raid456 xor ext3 jbd ehci_hcd ohci_hcd
uhci_hcd
1
0060:[<f0b973d9>] Not tainted VLI
EFLAGS: 00010202 (2.6.19-1.2911.fc6 #1)
EIP is at cache_clean+0xb5/0x194 [sunrpc]
eax: ffffffff ebx: 51c503f2 ecx: f0bae840 edx: f0bae840
cce9dc80 edi: efd811c0 ebp: 00000282 esp: c17d9f58
ds: 007b es: 007b ss: 0068
Process events/1 (pid: 9, ti=c17d9000 task=eff45630 task.ti=c17d9000)
Stack: f0baea00 f0baea04 f0b97cd4 c043692f 00000282 efd811c0 efd811e0 f0b97ccf
00000000 efd811e0 efd811c0 efd811d8 00000000 c04372ec 00000001 00000000
00000001 00010000 00000000 00000000 eff45630 c04215f1 00100100 00200200
Call Trace:
[<f0b97cd4>] do_cache_clean+0x5/0x2e [sunrpc]
[<c043692f>] run_workqueue+0x97/0xdd
[<c04372ec>] worker_thread+0xd9/0x10d
[<c0439878>] kthread+0xc0/0xec
[<c0404c03>] kernel_thread_helper+0x7/0x10
=======================
Code: 8d f6 00 00 00 8d 41 0c e8 37 e5 a8 cf a1 64 08 bb f0 8d 34 85 00 00 00 00
a1 60 08 bb f0 03 70 08 8b 1e eb 47 8b 15 60 08 bb f0 <8b> 43 04 39 42 50 7e 04
40 89 42 50 8b 43 04 3b 05 00 60 85 c0
[<f0b973d9>] cache_clean+0xb5/0x194 [sunrpc] SS:ESP 0068:c17d9f58
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
