Re: kernel BUG at fs/sysfs/group.c:65!
From: Eric W. Biederman
Date: Sun Mar 10 2013 - 16:35:29 EST
Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> writes:
> On Sun, Mar 10, 2013 at 04:53:11PM +0800, Ming Lei wrote:
>> On Sun, Mar 10, 2013 at 12:36 AM, Tommi Rantala <tt.rantala@xxxxxxxxx> wrote:
>> > [ 40.089036] [<ffffffff81222e29>] sysfs_get_dirent+0x39/0x80
>> > [ 40.089036] [<ffffffff81224ad9>] sysfs_remove_group+0x29/0x100
>> > [ 40.089036] [<ffffffff8113f2c4>] blk_trace_remove_sysfs+0x14/0x20
>> > [ 40.089036] [<ffffffff813453ae>] blk_unregister_queue+0x5e/0x90
>> > [ 40.089036] [<ffffffff8134d417>] del_gendisk+0x107/0x250
>> > [ 40.089036] [<ffffffff814f66b8>] loop_remove+0x18/0x40
>>
>> Then the crash is triggered in device release path, which should have
>> been avoided in device add path.
>>
>> If we want to fix the problem completely, add_disk() must handle failure
>> path correctly and return error code on failures, which may involve big
>> work, since add_disk() are called by 50+ drivers.
>
> Ok, but the root problem here is add_disk() is being called to create a
> disk that was already created, right? Surely the caller should have
> detected this before it called to the block core?
>
> Who is calling add_disk() here? Is this a fuse device? If so, then any
> user can trigger this, right?
>
> That should be the "easier" fix at the moment to resolve this issue.
At first glance this looks like rances in the loop driver.
Still user triggerable but not quite as bad as fuse.
Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/