Re: Oops in 2.6.13-rc5-git-current (0d317fb72fe3cf0f611608cf3a3015bbe6cd2a66)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Alexander Nyberg <alexn@telia.com>
To: Ryan Anderson <ryan@michonline.com>,
	Andrew Morton <akpm@osdl.org>, Robert Love <rml@novell.com>
Cc: Linux Kernel <linux-kernel@vger.kernel.org>
Subject: Re: Oops in 2.6.13-rc5-git-current (0d317fb72fe3cf0f611608cf3a3015bbe6cd2a66)
Date: Sun, 7 Aug 2005 22:08:14 +0200	[thread overview]
Message-ID: <20050807200814.GA2464@localhost.localdomain> (raw)
In-Reply-To: <20050807035630.GA5271@mythryan2.michonline.com>

> Unable to handle kernel paging request at virtual address 6b6b6b6b
>  printing eip:
> c0188d15
> *pde = 00000000
> Oops: 0000 [#1]
> PREEMPT 
> CPU:    0
> EIP:    0060:[inotify_inode_queue_event+85/336]    Not tainted VLI
> EFLAGS: 00010206   (2.6.13-rc5-g0d317fb7) 
> EIP is at inotify_inode_queue_event+0x55/0x150
> eax: 6b6b6b6b   ebx: 6b6b6b63   ecx: 00000000   edx: 00000066
> esi: c3effe34   edi: ce8c76ac   ebp: d4bb864c   esp: d8655eb0
> ds: 007b   es: 007b   ss: 0068
> Process nfsd (pid: 3750, threadinfo=d8654000 task=d6155020)
> Stack: 00000286 00000286 00000000 00000400 d4bb8760 d4bb8768 00000000 c3effe34 
>        ce8c76ac d4bb864c c0170626 00000000 c3effe34 d6608ad4 db74b17c c3effe34 
>        e0cfe9a4 00000013 e0d01b34 c0dd91b4 ce8c76ac ffffc000 d66092dc d66093c4 
> Call Trace:
>  [vfs_unlink+358/560] vfs_unlink+0x166/0x230
>  [pg0+544348580/1067586560] nfsd_unlink+0x104/0x230 [nfsd]
>  [pg0+544361268/1067586560] nfsd_cache_lookup+0x1c4/0x3c0 [nfsd]
>  [pg0+544371728/1067586560] nfsd3_proc_remove+0x80/0xc0 [nfsd]
>  [pg0+544381018/1067586560] nfs3svc_decode_diropargs+0x8a/0x100 [nfsd]
>  [pg0+544380880/1067586560] nfs3svc_decode_diropargs+0x0/0x100 [nfsd]
>  [pg0+544321698/1067586560] nfsd_dispatch+0x82/0x1f0 [nfsd]
>  [svc_authenticate+112/336] svc_authenticate+0x70/0x150
>  [svc_process+960/1648] svc_process+0x3c0/0x670
>  [pg0+544323105/1067586560] nfsd+0x1a1/0x350 [nfsd]
>  [ret_from_fork+6/20] ret_from_fork+0x6/0x14
>  [pg0+544322688/1067586560] nfsd+0x0/0x350 [nfsd]
>  [kernel_thread_helper+5/16] kernel_thread_helper+0x5/0x10

(akpm: a fix for this needs to go into 2.6.13, inotify + nfs 
trivially oopses otherwise, even if inotify isn't actively used)

It looks like the following sequence is done in the wrong order.
When vfs_unlink() is called from sys_unlink() it has taken a ref
on the inode and sys_unlink() does the last iput() but when called
from other callsites vfs_unlink() might do the last iput() and
free inode, so inotify_inode_queue_event() will receive an already
freed object and dereference an already freed object.

Signed-off-by: Alexander Nyberg <alexn@telia.com>

Index: mm/fs/namei.c
===================================================================
--- mm.orig/fs/namei.c	2005-08-07 12:06:16.000000000 +0200
+++ mm/fs/namei.c	2005-08-07 18:17:20.000000000 +0200
@@ -1869,8 +1869,8 @@
 	/* We don't d_delete() NFS sillyrenamed files--they still exist. */
 	if (!error && !(dentry->d_flags & DCACHE_NFSFS_RENAMED)) {
 		struct inode *inode = dentry->d_inode;
-		d_delete(dentry);
 		fsnotify_unlink(dentry, inode, dir);
+		d_delete(dentry);
 	}
 
 	return error;

next prev parent reply	other threads:[~2005-08-07 20:08 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-08-07  3:56 Oops in 2.6.13-rc5-git-current (0d317fb72fe3cf0f611608cf3a3015bbe6cd2a66) Ryan Anderson
2005-08-07 17:08 ` Alexander Nyberg
2005-08-07 18:00   ` Ryan Anderson
2005-08-07 20:08 ` Alexander Nyberg [this message]
2005-08-07 23:24   ` Ryan Anderson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050807200814.GA2464@localhost.localdomain \
    --to=alexn@telia.com \
    --cc=akpm@osdl.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=rml@novell.com \
    --cc=ryan@michonline.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.