Maran reported the bug below (vanilla 2.6.30-rc8):
BUG: sleeping function called from invalid context at /mnt/s390test/linux-2.6-tip/arch/s390/include/asm/uaccess.h:234 in_atomic(): 1, irqs_disabled(): 0, pid: 3245, name: sysctl CPU: 1 Not tainted 2.6.30-rc8-tipjun10-02053-g39ae214 #1 Process sysctl (pid: 3245, task: 000000007f675da0, ksp: 000000007eb17cf0) 0000000000000000 000000007eb17be8 0000000000000002 0000000000000000 000000007eb17c88 000000007eb17c00 000000007eb17c00 0000000000048156 00000000003e2de8 000000007f676118 000000007eb17f10 0000000000000000 0000000000000000 000000007eb17be8 000000000000000d 000000007eb17c58 00000000003e2050 000000000001635c 000000007eb17be8 000000007eb17c30 Call Trace: (Ã<00000000000162e6>Â show_trace+0x13a/0x148) Ã<00000000000349ea>Â __might_sleep+0x13a/0x164 Ã<0000000000050300>Â proc_dostring+0x134/0x22c Ã<0000000000312b70>Â nf_log_proc_dostring+0xfc/0x188 Ã<0000000000136f5e>Â proc_sys_call_handler+0xf6/0x118 Ã<0000000000136fda>Â proc_sys_read+0x26/0x34 Ã<00000000000d6e9c>Â vfs_read+0xac/0x158 Ã<00000000000d703e>Â SyS_read+0x56/0x88 Ã<0000000000027f42>Â sysc_noemu+0x10/0x16
The code that introduces the bug came in with 17625274 "netfilter:
sysctl support of logger choice".
There we have this chunk:
+ rcu_read_lock();
+ logger = rcu_dereference(nf_loggers[tindex]);
+ if (!logger)
+ table->data = "NONE";
+ else
+ table->data = logger->name;
+ r = proc_dostring(table, write, filp, buffer, lenp, ppos);
+ rcu_read_unlock();
proc_dostring() will call copy_from_user() while preemption is disabled
because of rcu_read_lock().
Looks like somebody needs to fix this ;)