[] 0xffffffff > > -> #0 (&bb->mutex){--..}: > [] validate_chain+0x6b7/0xf50 > [] __lock_acquire+0x2cb/0x5b0 > [] lock_acquire+0x89/0xc0 > [] __mutex_lock_common+0xab/0x3c0 > [] mutex_lock_nested+0x38/0x50 > [] mmap+0x40/0xa0 > [] mmap_region+0x14e/0x450 > [] do_mmap_pgoff+0x2ef/0x310 > [] sys_mmap2+0xad/0xc0 > [] sysenter_do_call+0x12/0x43 > [] 0xffffffff > > other info that might help us debug this: > > 1 lock held by X/4873: > #0: (&mm->mmap_sem){----}, at: [] sys_mmap2+0x8e/0xc0 > > stack backtrace: > Pid: 4873, comm: X Not tainted 2.6.27-rc6-tip #1 > [] print_circular_bug_tail+0x79/0xc0 > [] validate_chain+0x6b7/0xf50 > [] ? trace_hardirqs_off_caller+0x15/0xb0 > [] __lock_acquire+0x2cb/0x5b0 > [] lock_acquire+0x89/0xc0 > [] ? mmap+0x40/0xa0 > [] __mutex_lock_common+0xab/0x3c0 > [] ? mmap+0x40/0xa0 > [] mutex_lock_nested+0x38/0x50 > [] ? mmap+0x40/0xa0 > [] mmap+0x40/0xa0 > [] mmap_region+0x14e/0x450 > [] ? arch_get_unmapped_area_topdown+0xf8/0x160 > [] do_mmap_pgoff+0x2ef/0x310 > [] sys_mmap2+0xad/0xc0 > [] sysenter_do_call+0x12/0x43 > [] ? __switch_to+0x130/0x220 > ======================= > evbug.c: Event. Dev: input3, Type: 20, Code: 0, Value: 500 > warning: `sudo' uses deprecated v2 capabilities in a way that may be insecure. > > i've attached the config. > > at first sight it looks like a genuine bug in fs/sysfs/bin.c? Yes, it is a real bug by the looks. bin.c takes bb->mutex under mmap_sem when it is mmapped, and then does its copy_*_user under bb->mutex too. Here is a basic fix for the sysfs lor. From: Nick Piggin Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman