On Sun, Mar 17, 2013 at 2:33 AM, Sasha Levin <levinsasha...@gmail.com> wrote: > > I don't think it shows what we want it to show thought: > > [ 327.416905] Pid: 10504, comm: trinity-child98 Tainted: G W > 3.9.0-rc2-next-20130315-sasha-00046-gecde602-dirty #301 > [ 327.418815] Call Trace: > [ 327.419255] [<ffffffff812f880e>] release_sysfs_dirent+0x4e/0x120 > [ 327.420595] [<ffffffff812f89d2>] sysfs_dir_pos+0x92/0x130 > [ 327.421608] [<ffffffff812f8b8d>] sysfs_readdir+0x11d/0x280 > [ 327.422562] [<ffffffff8128b070>] ? SyS_ioctl+0xa0/0xa0 > [ 327.423441] [<ffffffff8128b070>] ? SyS_ioctl+0xa0/0xa0 > [ 327.424314] [<ffffffff8128b3e8>] vfs_readdir+0x78/0xc0 > [ 327.425263] [<ffffffff8128b54c>] SyS_getdents+0x8c/0x110 > [ 327.426173] [<ffffffff83d919d8>] tracesys+0xe1/0xe6 >
Sasha, looks there is a race when sys_readdir() is run concurrently on same directory, and the below patch may fix the race, could you test the attachment patch to see if the use after free can be fixed? Thanks, -- Ming Lei
sysfs-fix-readdir.patch
Description: Binary data
