Bug 249716 - oops in kref_put when exercising sysfs
Summary: oops in kref_put when exercising sysfs
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.0
Hardware: All
OS: Linux
low
low
Target Milestone: ---
: ---
Assignee: Eric Sandeen
QA Contact: Red Hat Kernel QE team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-07-26 16:44 UTC by Eric Sandeen
Modified: 2012-01-09 23:14 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-01-09 23:14:51 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Eric Sandeen 2007-07-26 16:44:55 UTC 
While running this script in an attempt to test another sysfs bug:
#!/bin/bash

while true; do modprobe snd_usb_audio; modprobe -r snd_usb_audio; done &
cd  /sys/bus/usb/drivers
while true; do find . | xargs cat &>/dev/null; done &
while true; do find .  &>/dev/null; done &

I get a few of these:
find: WARNING: Hard link count is wrong for .: this may be a bug in your
filesystem driver.  Automatically turning on find's -noleaf option.  Earlier
results may have failed to include directories that should have been searched.
find: ./snd-usb-audio: No such file or directory

shortly followed by this:


Unable to handle kernel paging request at ffffffff8851e8ec RIP: 
 [<ffffffff80034af6>] kref_put+0x5e/0x80
PGD 203067 PUD 205063 PMD 734cb067 PTE 0
Oops: 0000 [1] SMP 
last sysfs file: /bus/usb/drivers/snd-usb-audio/unbind
CPU 1 
Modules linked in: snd_usb_lib snd_rawmidi snd_hwdep snd_seq_dummy snd_seq_oss
snd_seq_midi_event snd_seq snd_pcm_oss snd_mixer_oss snd_pcm snd_timer
snd_page_alloc snd_seq_device snd soundcore autofs4 hidp rfcomm l2cap bluetooth
sunrpc ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink
iptable_filter ip_tables ip6t_REJECT xt_tcpudp ip6table_filter ip6_tables
x_tables ipv6 cpufreq_ondemand dm_mirror dm_mod video sbs backlight i2c_ec
button battery asus_acpi acpi_memhotplug ac parport_pc lp parport joydev sg
ide_cd shpchp cdrom i2c_i801 i2c_core tg3 pcspkr serio_raw ata_piix libata
sd_mod scsi_mod ext3 jbd ehci_hcd ohci_hcd uhci_hcd
Pid: 21155, comm: cat Not tainted 2.6.18-24.el5 #1
RIP: 0010:[<ffffffff80034af6>]  [<ffffffff80034af6>] kref_put+0x5e/0x80
RSP: 0018:ffff81006831fc38  EFLAGS: 00010206
RAX: 000000000000003c RBX: ffffffff8851e8ec RCX: 0000000000000000
RDX: 000000000000003b RSI: ffffffff8013d53f RDI: ffffffff8851e8ec
RBP: ffffffff8013d53f R08: 0000000000000000 R09: ffff81007f5c30c0
R10: ffff81007fc96540 R11: ffffffff800fccec R12: ffff8100707026e0
R13: ffff810071c7a4b0 R14: 0000000000000000 R15: 0000000000000000
FS:  00002aaaaaabc260(0000) GS:ffff810037e2c7c0(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: ffffffff8851e8ec CR3: 00000000682ab000 CR4: 00000000000006e0
Process cat (pid: 21155, threadinfo ffff81006831e000, task ffff8100682a87e0)
Stack:  ffff8100707026e0 ffff810070ba4a60 ffff810070a84cd0 ffffffff800fcd3d
 ffff810071c7a4b0 ffff81006831fea8 0000000000000000 ffffffff8000cfac
 0000000000000000 ffff8100681ba000 ffff81006831fea8 ffffffff8000a255
Call Trace:
 [<ffffffff800fcd3d>] sysfs_d_iput+0x51/0x7d
 [<ffffffff8000cfac>] dput+0xf6/0x114
 [<ffffffff8000a255>] __link_path_walk+0xd7e/0xf42
 [<ffffffff8000e5d7>] link_path_walk+0x5c/0xe5
 [<ffffffff801199ee>] inode_has_perm+0x56/0x63
 [<ffffffff8000c802>] do_path_lookup+0x270/0x2ec
 [<ffffffff80023233>] __path_lookup_intent_open+0x56/0x97
 [<ffffffff8001a6cc>] open_namei+0x7d/0x6d6
 [<ffffffff80119a8f>] file_has_perm+0x94/0xa3
 [<ffffffff80027037>] do_filp_open+0x1c/0x38
 [<ffffffff8001947d>] do_sys_open+0x44/0xbe
 [<ffffffff8005b249>] tracesys+0xd1/0xdc


Code: 8b 03 ff c8 74 0c f0 ff 0b 0f 94 c0 31 d2 84 c0 74 0a 48 89 
RIP  [<ffffffff80034af6>] kref_put+0x5e/0x80
 RSP <ffff81006831fc38>
CR2: ffffffff8851e8ec
 <0>Kernel panic - not syncing: Fatal exception

Hit this on stock 2.6.18-24.el5 on an x86_64
Note You need to log in before you can comment on or make changes to this bug.