Re: Oops in ufs_fill_super at mount time

[Linus Torvalds]

On Fri, 13 Jan 2006, Alexey Dobriyan wrote:
>
> Version 2.6.15-43ecb9a33ba8c93ebbda81d48ca05f0d1bbf9056
> 
> Actually more or less latest -git is affected too, but
> I'm sick of recompiling right now so please wait for bisecting results.

Hmm.. I don't see any recent changes that could affect this. Not after 
2.6.15, but in fact not even after 2.6.14.

Your oops is also interesting in another way...

> Unable to handle kernel paging request at virtual address d734c158
>  printing eip:
> c019f138
> *pde = 0005c067
> *pte = 1734c000
> Oops: 0000 [#1]
> PREEMPT DEBUG_PAGEALLOC

This is a free'd page fault, so it's due to DEBUG_PAGEALLOC rather than a 
wild pointer.

Is that something new for you? Maybe the bug is older, but you've enabled 
PAGEALLOC only recently? Also, out of interest, have you enabled slab 
debugging?

That said, the whole ubh_get_usb_second() and ubh_get_usb_third() thing is 
pretty damn scary. There's no testing of the values passed in at all and 
comparing them to the allocated buffer heads. But from what I can tell, 
ubh_bread_uspi() will zero out any unallocated bh's, and it certainly 
_looks_ like the calculations to calculate "usb2" should fit within the 
sectors that were read..

Very strange.

			Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/