oops when removing sbp2 module

[Paul Mackerras]

I'm getting an oops inside the sysfs stuff when I try to remove the
sbp2 (firewire disk) module.  I am running Linus' current BK tree as
of yesterday, i.e. 2.6.0-test6 (plus).  I'm not sure whether the
problem is in sysfs, kobject, scsi or ieee1394 stuff, which is why I'm
posting this to 3 lists.

I have a 40GB disk in a firewire enclosure.  To use it, I insert the
ohci1394 and sbp2 modules, and the disk appears as a SCSI disk.
If I then remove the sbp2 module I get an oops from a null pointer
dereference in sysfs_hash_and_remove.  At that point dir->d_inode is
NULL.  It turns out that sysfs_remove_dir has already been called for
the directory and that is why dir->d_inode is NULL.

In fact what is happening is that class_device_unregister gets called
twice for the same classdev.  This is because scsi_remove_device gets
called twice for the same device.  The first time, the call chain
looks like this:

scsi_remove_device
sbp2_remove_device
sbp2_remove
device_release_driver
driver_detach
bus_remove_driver
driver_unregister
hpsb_unregister_protocol
sbp2_module_exit

and the second time it looks like this:

scsi_remove_device
scsi_forget_host
scsi_remove_host
sbp2_remove_host
hpsb_unregister_highlevel
sbp2_module_exit

So, is this a reference counting problem on the classdev, a problem
where the scsi layer doesn't remove the scsi device from its internal
lists properly in scsi_remove_device, or a problem in the sbp2 code?
Anyone got a fix?

Thanks,
Paul.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/