Bug 683286

Summary: ls causes a Segmentation fault
Product: [Fedora] Fedora Reporter: Glen Basshem <glen>
Component: ncpfsAssignee: Vitezslav Crhonek <vcrhonek>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 15CC: agajania, avs001, kklic, ovasik, scotty_beamer, stvlad, vcrhonek
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-08-13 06:30:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
kernel oops backtrace
none
abrt backtrace none

Description Glen Basshem 2011-03-09 00:57:32 UTC 
Created attachment 483080 [details]
kernel oops backtrace

Description of problem:
ls causes a Segmentation fault when used on a directory with a lot of files.


Version-Release number of selected component (if applicable):
NetWare 4.10
ipxutils-2.2.6-14.fc15.i686
ncpfs-2.2.6-14.fc15.i686
kernel 2.6.38-0.rc6.git6.1.fc15.i686.PAE     

How reproducible:
Every time on two different computers with fedora 15rc2. Works ok on fedora 12

Steps to Reproduce:
1.ipx_interface add -p pci6p1 802.3
2.mount.ncp -S ods -U glen /ods
3.cd /ods/sys/nms/glen
4.ls -l
  
Actual results:
Segmentation fault

Expected results:
A listing of the files should be displayed

Additional info:
I also submitted this via abrt to kernel oops
Comment 1 Ondrej Vasik 2011-03-09 08:46:26 UTC 
Could you please attach the abrt backtrace here as well (with installed debuginfos) (if always reproducable) ? I just want to make sure that the error is not in ls itself (and coreutils package) ...
Comment 2 Glen Basshem 2011-03-09 23:35:32 UTC 
The Kerneloops plugin for abrt gets this crash not the CCpp one.
I don't know how to cause the Kerneloops plugin to include the debug info or how to steer the crash to the CCpp plugin.

I deleted many files from that directory, there are now 47 items. Now ls doesn't crash the first time but produces a segment fault the second time it is invoked.  now.
Comment 3 Karel Klíč 2011-03-10 10:20:12 UTC 
CCpp plugin is run when kernel generates a coredump because of user space problem. In this case no user space problem was detected and no coredump was generated, so user space backtrace is not available.
Comment 4 vvs 2011-05-27 10:33:20 UTC 
Created attachment 501275 [details]
abrt backtrace
Comment 5 vvs 2011-05-27 10:34:14 UTC 
Same thing here with latest kernel 2.6.38.6-27.fc15.i686.PAE.
Comment 6 Alex Sm 2011-06-03 09:37:58 UTC 
I have same bug too. :( Fedora 14 was fine.

kernel BUG at fs/dcache.c:2134!
invalid opcode: 0000 [#1] SMP 
last sysfs file: /sys/devices/virtual/sound/timer/uevent
CPU 1 
Modules linked in: nls_cp866 nls_utf8 ncpfs vboxnetadp vboxnetflt sunrpc vboxdrv cpufreq_ondemand powernow_k8 freq_table mperf snd_hda_codec_idt snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm snd_timer snd soundcore snd_page_alloc serio_raw sp5100_tco i2c_piix4 atl1 edac_core edac_mce_amd k8temp mii ata_generic pata_acpi pata_atiixp nouveau ttm drm_kms_helper drm i2c_algo_bit i2c_core video [last unloaded: scsi_wait_scan]
Pid: 2242, comm: krusader Not tainted 2.6.38.6-27.fc15.x86_64 #1 ECS A780GM-A/A780GM-A
RIP: 0010:[<ffffffff81131e95>]  [<ffffffff81131e95>] dentry_update_name_case+0x1d/0x54
RSP: 0018:ffff8800264f79b8  EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff880020d7bcc0 RCX: 0000000000000079
RDX: 000000000000000a RSI: ffff8800264f7a90 RDI: ffff880020d7bcc0
RBP: ffff8800264f79c8 R08: 0000000000000000 R09: ffff880020d7bcf8
R10: ffff880020d7bcc0 R11: ffff8800264f7bc8 R12: ffff8800264f7a90
R13: ffff8800264f7c48 R14: ffff8800223ab780 R15: ffff880020d7bcc0
FS:  00007f3d6030e840(0000) GS:ffff88003fc40000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007fde4dd17000 CR3: 000000003ae78000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process krusader (pid: 2242, threadinfo ffff8800264f6000, task ffff88002a6b0000)
Stack:
 ffff8800264f7e58 ffff880020da0048 ffff8800264f7bd8 ffffffffa03eac5d
 ffff8800264f7a38 ffffffff8100878f ffff88002a6b03b8 ffffffff8112f5e7
 ffff8800264f7f40 0000000000000002 0000000000000001 0000000000000000
Call Trace:
 [<ffffffffa03eac5d>] ncp_fill_cache+0x1f8/0x4bf [ncpfs]
 [<ffffffff8100878f>] ? __switch_to+0x141/0x220
 [<ffffffff8112f5e7>] ? filldir+0x0/0xc7
 [<ffffffff81080b33>] ? arch_local_irq_save+0x15/0x1b
 [<ffffffff8147588c>] ? _raw_spin_unlock_irqrestore+0x17/0x19
 [<ffffffffa03f1469>] ? ncp_do_request+0x30d/0x31f [ncpfs]
 [<ffffffff8106f212>] ? autoremove_wake_function+0x0/0x3d
 [<ffffffffa03f1d7c>] ? ncp_request2+0x4f/0x83 [ncpfs]
 [<ffffffffa03f1ed0>] ? ncp_unlock_server+0x38/0x3c [ncpfs]
 [<ffffffffa03f0484>] ? ncp_search_for_fileset+0x119/0x15b [ncpfs]
 [<ffffffffa03eb182>] ncp_do_readdir+0x162/0x1b8 [ncpfs]
 [<ffffffff8112f5e7>] ? filldir+0x0/0xc7
 [<ffffffff8106f212>] ? autoremove_wake_function+0x0/0x3d
 [<ffffffffa03f1d7c>] ? ncp_request2+0x4f/0x83 [ncpfs]
 [<ffffffff8104127e>] ? should_resched+0xe/0x2d
 [<ffffffff814742d0>] ? _cond_resched+0xe/0x22
 [<ffffffff810d8045>] ? lock_page+0x2e/0x3e
 [<ffffffff810d814c>] ? find_lock_page+0x30/0x53
 [<ffffffffa03ebdb4>] ncp_readdir+0x4f4/0x57d [ncpfs]
 [<ffffffff8112f5e7>] ? filldir+0x0/0xc7
 [<ffffffff8112f5e7>] ? filldir+0x0/0xc7
 [<ffffffff8112f8a6>] vfs_readdir+0x76/0xac
 [<ffffffff8112f9c2>] sys_getdents+0x7e/0xce
 [<ffffffff81009bc2>] system_call_fastpath+0x16/0x1b
Code: c1 66 41 ff 44 24 5c 31 c0 5b 41 5c 5d c3 55 48 89 e5 41 54 53 66 66 66 66 90 48 8b 47 30 48 89 fb 49 89 f4 8b 40 28 ff c8 75 02 <0f> 0b 8b 46 04 39 47 24 74 02 0f 0b 48 8d 7f 5c e8 6e 39 34 00 
RIP  [<ffffffff81131e95>] dentry_update_name_case+0x1d/0x54
 RSP <ffff8800264f79b8>
Comment 7 Alex Sm 2011-06-09 03:42:53 UTC 
Latest kernel 2.6.38.7-30.fc15.x86_64 still doesn't work
kernel BUG at fs/dcache.c:2134!
...
Comment 8 saavik 2011-06-27 11:33:12 UTC 
Same error here 

2.6.38.8-32.fc15.x86_64 #1 SMP Mon Jun 13 19:49:05 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux

Fedora release 15 (Lovelock)
Comment 9 Vlad 2011-07-15 13:50:19 UTC 
ncpmount -S prodsrv -U user.prod -s /mnt/novell -p cp866 -y utf8 -A prodsrv.local.com -o tcp

cd /mnt/novell/home

Same error

2.6.38.8-35.fc15.x86_64 #1 SMP Wed Jul 6 13:58:54 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux

Fedora release 15 (Lovelock)
Comment 10 vvs 2011-08-12 17:06:21 UTC 
Looks like it was fixed in kernel-2.6.40
Comment 11 Glen Basshem 2011-08-12 23:19:07 UTC 
It is also fixes on my system with the new kernel. ls -R lists more than 20,000 items with no crash.

Someone should mark this fixed.
Comment 12 Ondrej Vasik 2011-08-13 06:30:42 UTC 
Ok, closing currentrelease. Feel free to reopen if the problem reoccurs.