2.5.64 sysfs bug

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Pavel Machek: "Re: BitBucket: GPL-ed *notrademarkhere* clone"
• Previous message: Ingo Molnar: "Re: [patch] "HT scheduler", sched-2.5.63-B3"

[root@host135 root]# insmod /tmp/cachefs.ko
[root@host135 root]# rmmod -f cachefs
[root@host135 root]# insmod /tmp/cachefs.ko
[root@host135 root]# rmmod -f cachefs
Segmentation fault
[root@host135 root]#

I see this appearing on the console:

[insmod] ==> cachefs_init()
CacheFS: Started kcachefs_jnld 1161
[insmod] ==> cachefs_fs_init()
[insmod] <== cachefs_fs_init() = 0
[insmod] <== cachefs_init()
[rmmod ] ==> cachefs_exit()
[rmmod ] ==> cachefs_fs_exit()
[rmmod ] <== cachefs_fs_exit()
[kujnld] <== kcachefs_jnld()
[rmmod ] <== cachefs_exit() = 0
[insmod] ==> cachefs_init()
CacheFS: Started kcachefs_jnld 1164
[insmod] ==> cachefs_fs_init()
[insmod] <== cachefs_fs_init() = 0
[insmod] <== cachefs_init()
[rmmod ] ==> cachefs_exit()
[rmmod ] ==> cachefs_fs_exit()
------------[ cut here ]------------
kernel BUG at include/linux/dcache.h:266!
invalid operand: 0000
CPU: 0
EIP: 0060:[<c019016c>] Not tainted
EFLAGS: 00010246
EIP is at sysfs_remove_dir+0x1c/0x14e
eax: 00000000 ebx: c886b494 ecx: c0331bc4 edx: c886b480
esi: c6a7abcc edi: c69be000 ebp: c69be000 esp: c69bff00
ds: 007b es: 007b ss: 0068
Process rmmod (pid: 1165, threadinfo=c69be000 task=c6e40ca0)
Stack: 00001b05 00001b27 fffffffd c886b494 c886b480 c69be000 c69be000 c01faa13
c886b494 c886b494 c01faa43 c886b494 00000000 c017516b c886b494 c69be000
00000000 c886661d c886b480 c6e40f96 c88669b4 c886b560 c88665a8 c8867500
Call Trace:
[<c886b494>] cachefs_fs_type+0x14/0x80 [cachefs]
[<c886b480>] cachefs_fs_type+0x0/0x80 [cachefs]
[<c01faa13>] kobject_del+0x13/0x30
[<c886b494>] cachefs_fs_type+0x14/0x80 [cachefs]
[<c886b494>] cachefs_fs_type+0x14/0x80 [cachefs]
[<c01faa43>] kobject_unregister+0x13/0x30
[<c886b494>] cachefs_fs_type+0x14/0x80 [cachefs]
[<c017516b>] unregister_filesystem+0x3b/0x40
[<c886b494>] cachefs_fs_type+0x14/0x80 [cachefs]
[<c886661d>] cachefs_fs_exit+0x4d/0xb0 [cachefs]
[<c886b480>] cachefs_fs_type+0x0/0x80 [cachefs]
[<c88669b4>] __func__.1+0x0/0x10 [cachefs]
[<c886b560>] +0x0/0x120 [cachefs]
[<c88665a8>] cachefs_exit+0x28/0x50 [cachefs]
[<c8867500>] +0xa80/0x1511 [cachefs]
[<c013538e>] sys_delete_module+0x1ae/0x1e0
[<c013538e>] sys_delete_module+0x1ae/0x1e0
[<c886b560>] +0x0/0x120 [cachefs]
[<c014804e>] sys_brk+0xfe/0x130
[<c0117380>] do_page_fault+0x0/0x47f
[<c0109ac3>] syscall_call+0x7/0xb

Code: 0f 0b 0a 01 8b 37 2e c0 f0 ff 06 83 4e 04 08 85 f6 0f 84 13

The cachefs_fs_exit() function is:

void __exit cachefs_fs_exit(void)
{
kenter("");

unregister_filesystem(&cachefs_fs_type);

/* destroy our private inode cache */
kmem_cache_destroy(cachefs_inode_cachep);

kleave("");
} /* end cachefs_fs_exit() */

The function causing the bug report is:

[include/linux/dcache.h]
static __inline__ struct dentry * dget(struct dentry *dentry)
{
if (dentry) {
if (!atomic_read(&dentry->d_count))
BUG();
atomic_inc(&dentry->d_count);
dentry->d_vfs_flags |= DCACHE_REFERENCED;
}
return dentry;
}

David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Pavel Machek: "Re: BitBucket: GPL-ed *notrademarkhere* clone"
• Previous message: Ingo Molnar: "Re: [patch] "HT scheduler", sched-2.5.63-B3"