Re: 2.6.22-rc6-mm1 -- BUG - EIP: [<c01a77a1>] sysfs_addrm_finish+0x1c2/0x226 SS:ESP 0068:c5ff9db8

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Tejun Heo <htejun@gmail.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Miles Lane <miles.lane@gmail.com>,
	LKML <linux-kernel@vger.kernel.org>,
	yi.zhu@intel.com, jketreno@linux.intel.com,
	linux-wireless@vger.kernel.org
Subject: Re: 2.6.22-rc6-mm1 -- BUG - EIP: [<c01a77a1>] sysfs_addrm_finish+0x1c2/0x226  SS:ESP 0068:c5ff9db8
Date: Wed, 04 Jul 2007 15:23:59 +0900	[thread overview]
Message-ID: <468B3CFF.7020903@gmail.com> (raw)
In-Reply-To: <20070703094916.e60d4df7.akpm@linux-foundation.org>

[-- Attachment #1: Type: text/plain, Size: 908 bytes --]

Hello,

Andrew Morton wrote:
>> EIP is at sysfs_addrm_finish+0x1c2/0x226
>> eax: 00000001   ebx: c5ff9dc0   ecx: c058aa40   edx: 00000001
>> esi: c5ff9de8   edi: c37c3240   ebp: c5ff9e1c   esp: c5ff9db8
>> ds: 007b   es: 007b   fs: 0000  gs: 0033  ss: 0068
>> Process modprobe (pid: 3519, ti=c5ff9000 task=c5ef15e0 task.ti=c5ff9000)
>> Stack: c03a3eda c5ff9e24 00000000 00000001 dead4ead ffffffff ffffffff c0657cf0
>>        00000000 c046359d c5ff9de0 c5ff9de0 00000000 00000001 dead4ead ffffffff
>>        ffffffff c0657cf0 00000000 c046359d c5ff9de0 c5ff9de0 c37c3240 c5ff9e24
>> Call Trace:
>>  [<c01a7833>] remove_dir+0x2e/0x35
>>  [<c01a7894>] __sysfs_remove_dir+0x5a/0x61
>>  [<c01a78d1>] sysfs_remove_dir+0x2c/0x30

Hmm... That's weird.  I tried to regenerate it here but mine unloads
happily.  Can you apply the attached patch and report the resulting
messages when oops happens?

Thanks.

-- 
tejun

[-- Attachment #2: debug --]
[-- Type: text/plain, Size: 1158 bytes --]

---
 fs/sysfs/dir.c |    8 ++++++++
 1 file changed, 8 insertions(+)

Index: tree0/fs/sysfs/dir.c
===================================================================
--- tree0.orig/fs/sysfs/dir.c
+++ tree0/fs/sysfs/dir.c
@@ -268,6 +268,9 @@ static void sysfs_deactivate(struct sysf
 	DECLARE_COMPLETION_ONSTACK(wait);
 	int v;
 
+	if (sd->s_sibling || !(sd->s_flags & SYSFS_FLAG_REMOVED))
+		printk("XXX sysfs_deactivate: sd=%p s_sibling=%p s_flags=0x%x\n",
+		       sd, sd->s_sibling, sd->s_flags);
 	BUG_ON(sd->s_sibling || !(sd->s_flags & SYSFS_FLAG_REMOVED));
 	sd->s_sibling = (void *)&wait;
 
@@ -530,6 +533,9 @@ void sysfs_remove_one(struct sysfs_addrm
 		drop_nlink(acxt->parent_inode);
 
 	acxt->cnt++;
+
+	printk("XXX sysfs_remove_one: acxt=%p sd=%p s_flags=0x%x cnt=%d\n",
+	       acxt, sd, sd->s_flags, acxt->cnt);
 }
 
 /**
@@ -624,6 +630,8 @@ int sysfs_addrm_finish(struct sysfs_addr
 		acxt->removed = sd->s_sibling;
 		sd->s_sibling = NULL;
 
+		printk("XXX sysfs_addrm_finish: acxt=%p sd=%p s_sibling=%p s_flags=0x%x\n",
+		       acxt, sd, sd->s_sibling, sd->s_flags);
 		sysfs_drop_dentry(sd);
 		sysfs_deactivate(sd);
 		sysfs_put(sd);

WARNING: multiple messages have this Message-ID (diff)

From: Tejun Heo <htejun@gmail.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Miles Lane <miles.lane@gmail.com>,
	LKML <linux-kernel@vger.kernel.org>,
	yi.zhu@intel.com, jketreno@linux.intel.com,
	linux-wireless@vger.kernel.org
Subject: Re: 2.6.22-rc6-mm1 -- BUG - EIP: [<c01a77a1>] sysfs_addrm_finish+0x1c2/0x226 SS:ESP 0068:c5ff9db8
Date: Wed, 04 Jul 2007 15:23:59 +0900	[thread overview]
Message-ID: <468B3CFF.7020903@gmail.com> (raw)
In-Reply-To: <20070703094916.e60d4df7.akpm@linux-foundation.org>

[-- Attachment #1: Type: text/plain, Size: 908 bytes --]

Hello,

Andrew Morton wrote:
>> EIP is at sysfs_addrm_finish+0x1c2/0x226
>> eax: 00000001   ebx: c5ff9dc0   ecx: c058aa40   edx: 00000001
>> esi: c5ff9de8   edi: c37c3240   ebp: c5ff9e1c   esp: c5ff9db8
>> ds: 007b   es: 007b   fs: 0000  gs: 0033  ss: 0068
>> Process modprobe (pid: 3519, ti=c5ff9000 task=c5ef15e0 task.ti=c5ff9000)
>> Stack: c03a3eda c5ff9e24 00000000 00000001 dead4ead ffffffff ffffffff c0657cf0
>>        00000000 c046359d c5ff9de0 c5ff9de0 00000000 00000001 dead4ead ffffffff
>>        ffffffff c0657cf0 00000000 c046359d c5ff9de0 c5ff9de0 c37c3240 c5ff9e24
>> Call Trace:
>>  [<c01a7833>] remove_dir+0x2e/0x35
>>  [<c01a7894>] __sysfs_remove_dir+0x5a/0x61
>>  [<c01a78d1>] sysfs_remove_dir+0x2c/0x30

Hmm... That's weird.  I tried to regenerate it here but mine unloads
happily.  Can you apply the attached patch and report the resulting
messages when oops happens?

Thanks.

-- 
tejun

[-- Attachment #2: debug --]
[-- Type: text/plain, Size: 1158 bytes --]

---
 fs/sysfs/dir.c |    8 ++++++++
 1 file changed, 8 insertions(+)

Index: tree0/fs/sysfs/dir.c
===================================================================
--- tree0.orig/fs/sysfs/dir.c
+++ tree0/fs/sysfs/dir.c
@@ -268,6 +268,9 @@ static void sysfs_deactivate(struct sysf
 	DECLARE_COMPLETION_ONSTACK(wait);
 	int v;
 
+	if (sd->s_sibling || !(sd->s_flags & SYSFS_FLAG_REMOVED))
+		printk("XXX sysfs_deactivate: sd=%p s_sibling=%p s_flags=0x%x\n",
+		       sd, sd->s_sibling, sd->s_flags);
 	BUG_ON(sd->s_sibling || !(sd->s_flags & SYSFS_FLAG_REMOVED));
 	sd->s_sibling = (void *)&wait;
 
@@ -530,6 +533,9 @@ void sysfs_remove_one(struct sysfs_addrm
 		drop_nlink(acxt->parent_inode);
 
 	acxt->cnt++;
+
+	printk("XXX sysfs_remove_one: acxt=%p sd=%p s_flags=0x%x cnt=%d\n",
+	       acxt, sd, sd->s_flags, acxt->cnt);
 }
 
 /**
@@ -624,6 +630,8 @@ int sysfs_addrm_finish(struct sysfs_addr
 		acxt->removed = sd->s_sibling;
 		sd->s_sibling = NULL;
 
+		printk("XXX sysfs_addrm_finish: acxt=%p sd=%p s_sibling=%p s_flags=0x%x\n",
+		       acxt, sd, sd->s_sibling, sd->s_flags);
 		sysfs_drop_dentry(sd);
 		sysfs_deactivate(sd);
 		sysfs_put(sd);

next prev parent reply	other threads:[~2007-07-04  6:24 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-07-03 16:32 2.6.22-rc6-mm1 -- BUG - EIP: [<c01a77a1>] sysfs_addrm_finish+0x1c2/0x226 SS:ESP 0068:c5ff9db8 Miles Lane
2007-07-03 16:49 ` Andrew Morton
2007-07-03 16:49   ` Andrew Morton
2007-07-04  6:23   ` Tejun Heo [this message]
2007-07-04  6:23     ` Tejun Heo
2007-07-04  7:36     ` Miles Lane
2007-07-05  7:32       ` Tejun Heo
2007-07-05  7:32         ` Tejun Heo
     [not found]         ` <a44ae5cd0707060101g38147b2gb3d33d9903082113@mail.gmail.com>
2007-07-07  6:47           ` Tejun Heo
2007-07-08  0:53             ` Miles Lane
2007-07-08  1:07               ` Tejun Heo
2007-07-08  4:56                 ` Miles Lane
2007-07-11  7:21                   ` Tejun Heo
2007-07-11  9:48                     ` Tejun Heo
2007-07-11 22:39                       ` Miles Lane
2007-07-12  3:04                         ` Tejun Heo
2007-07-12  8:25                           ` Miles Lane
2007-07-13  8:35                             ` Tejun Heo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=468B3CFF.7020903@gmail.com \
    --to=htejun@gmail.com \
    --cc=akpm@linux-foundation.org \
    --cc=jketreno@linux.intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-wireless@vger.kernel.org \
    --cc=miles.lane@gmail.com \
    --cc=yi.zhu@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.