got a reproducible oops with 2.4.0-test8 when trying to login via kdm
as user with restricted quota on local fs - ssh/telnet do not trigger
this issue. 2.4.0-test7 was fine too.
The enclosed trace shows a NULL pointer dereference of an unchecked
struct dquot * passed to check_idq() - called from dquot_transfer().
Looking at the diff's of test7 vs. test8, I believe the reason might
be the new cnt=0..MAXQUOTAS-loop from which check_idq() is called.
Located after the first loop of this kind it might happen that
transfer_to[cnt] is initialized to NODQUOT from the first loop
(due to several continue's e.g.) when entering the second loop.
Unfortunately I do not feel familiar enough to the quota code to
provide a patch for this problem.
Martin
PS: chown of a root-owned file (no quota for root) to some user with
quota triggers the same problem. After several repetitions the chown
ended up in 'D' state even prohibiting sync'ing the disks.
output from ksymoops as follows:
-------------------------------------------------------
ksymoops 2.3.3 on i586 2.4.0-test8. Options used
-V (default)
-k /proc/ksyms (default)
-l /proc/modules (default)
-o /lib/modules/2.4.0-test8/ (default)
-m /boot/System.map-2.4.0-test8 (specified)
Sep 11 00:36:47 srv kernel: Unable to handle kernel NULL pointer
dereference at virtual address 00000034
Sep 11 00:36:47 srv kernel: c015e131
Sep 11 00:36:47 srv kernel: *pde = 00000000
Sep 11 00:36:47 srv kernel: Oops: 0000
Sep 11 00:36:47 srv kernel: CPU: 0
Sep 11 00:36:47 srv kernel: EIP: 0010:[check_idq+13/304]
Sep 11 00:36:47 srv kernel: EFLAGS: 00010202
Sep 11 00:36:47 srv kernel: eax: 00000000 ebx: 00000000 ecx: 00000001
edx: 00000001
Sep 11 00:36:47 srv kernel: esi: 00008180 edi: 00000004 ebp: c2f7df24
esp: c2f7dee8
Sep 11 00:36:47 srv kernel: ds: 0018 es: 0018 ss: 0018
Sep 11 00:36:47 srv kernel: Process kdm (pid: 889, stackpage=c2f7d000)
Sep 11 00:36:47 srv kernel: Stack: 00000000 c015ee77 00000000 00000001
c2f7df54 00008180 c2fc71c0 bfffea6c
Sep 11 00:36:47 srv kernel: 00000001 c2f7df2c 0000000b c01346a2
ffffff86 0000df58 c2fe27e0 00000000
Sep 11 00:36:47 srv kernel: 00000000 00000000 00000000 c012aba2
c2fc71c0 c2f7df54 c2fe27e0 ffffffff
Sep 11 00:36:47 srv kernel: Call Trace: [dquot_transfer+615/1168]
[cached_lookup+14/80]
[chown_common+254/280]
[__user_walk+75/84]
[sys_chown+47/68]
[sys_chown16+47/52]
[system_call+51/64]
Sep 11 00:36:47 srv kernel: Code: f6 43 34 40 74 09 31 c0 e9 11 01 00 00
89 f6 8b 53 48 85 d2
Using defaults from ksymoops -t elf32-i386 -a i386
Code; 00000000 Before first symbol
00000000 <_EIP>:
Code; 00000000 Before first symbol
0: f6 43 34 40 testb $0x40,0x34(%ebx)
Code; 00000004 Before first symbol
4: 74 09 je f <_EIP+0xf> 0000000f Before first symbol
Code; 00000006 Before first symbol
6: 31 c0 xor %eax,%eax
Code; 00000008 Before first symbol
8: e9 11 01 00 00 jmp 11e <_EIP+0x11e> 0000011e Before first symbol
Code; 0000000d Before first symbol
d: 89 f6 mov %esi,%esi
Code; 0000000f Before first symbol
f: 8b 53 48 mov 0x48(%ebx),%edx
Code; 00000012 Before first symbol
12: 85 d2 test %edx,%edx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Sep 15 2000 - 21:00:13 EST