Reiserfs crashes if regular file .reiserfs_priv exists in root directory of reiserfs partitions. This is reproducible on different builds of 2.6.29, 2.6.30 and 2.6.31 kernel. On 2.6.29 and older 2.6.30 kernels, crash will occur only if CONFIG_REISERFS_XATTR=y. How to reproduce: 1. Create reiserfs partition. 2. On older kernel compiled with CONFIG_REISERFS_XATTR=n create file .reiserfs_priv in partition root. 3. Mount this partition on newer kernel. Older kernels compiled with CONFIG_REISERFS_XATTR=y will crash too, but only when trying to delete some file/directory. 4. Oops. Software versions: Gnu C 4.4.0 Gnu make 3.81 binutils 2.19.51.20090622 util-linux 2.15.1-rc1 mount support module-init-tools 3.8 e2fsprogs 1.41.5 reiserfsprogs 3.6.21 pcmciautils 014 Linux C Library 2.9 Dynamic linker (ldd) 2.9 Procps 3.2.8 Net-tools 1.60 Kbd 1.15 Sh-utils 7.4 wireless-tools 29 Modules Loaded usb_storage tun binfmt_misc ppdev kqemu sbp2 lp parport snd_hda_codec_realtek snd_hda_intel snd_hda_codec joydev snd_pcm_oss snd_mixer_oss snd_pcm arc4 snd_seq_dummy snd_seq_oss ecb snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq ath5k pcmcia snd_timer snd_seq_device mac80211 nsc_ircc uvcvideo ath yenta_socket rsrc_nonstatic snd soundcore videodev sdhci_pci psmouse irda acer_wmi pcmcia_core snd_page_alloc v4l1_compat v4l2_compat_ioctl32 tifm_7xx1 tifm_core iTCO_wdt iTCO_vendor_support sdhci serio_raw pcspkr cfg80211 crc_ccitt led_class ohci1394 ieee1394 tg3 usbhid fbcon tileblit font bitblit softcursor i915 drm i2c_algo_bit video output intel_agp dmesg output: [ 95.335301] REISERFS (device sdb): found reiserfs format "3.6" with standard journal [ 95.336228] REISERFS (device sdb): using ordered data mode [ 95.360648] REISERFS (device sdb): journal params: device sdb, size 8192, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30 [ 95.364551] REISERFS (device sdb): checking transaction log (sdb) [ 95.394471] REISERFS (device sdb): Using r5 hash to sort names [ 95.397182] BUG: unable to handle kernel NULL pointer dereference at (null) [ 95.397803] IP: [<(null)>] (null) [ 95.398043] PGD 1d9f067 PUD 3a36067 PMD 0 [ 95.398324] Oops: 0010 [#1] SMP [ 95.398645] last sysfs file: /sys/kernel/uevent_seqnum [ 95.398846] CPU 0 [ 95.398965] Modules linked in: reiserfs ppdev virtio_balloon psmouse serio_raw pcspkr parport_pc i2c_piix4 parport ne2k_pci 8390 virtio_pci virtio_ring floppy virtio fbcon tileblit font bitblit softcursor i915 drm i2c_algo_bit video output intel_agp [ 95.399985] Pid: 1917, comm: mount Not tainted 2.6.31-rc1-git10-generic-vanilla #1 [ 95.400169] RIP: 0010:[<0000000000000000>] [<(null)>] (null) [ 95.400169] RSP: 0018:ffff880003a9dbc0 EFLAGS: 00000286 [ 95.400169] RAX: ffffffffa0167180 RBX: ffff88000386d600 RCX: 0000000000000000 [ 95.400169] RDX: 0000000000000000 RSI: ffff88000386d600 RDI: ffff8800039e2350 [ 95.400169] RBP: ffff880003a9dc08 R08: ffff8800019a2d73 R09: 00000000000000c0 [ 95.400169] R10: ffde61db876d5807 R11: 0000000000000000 R12: ffff880003a9dc28 [ 95.400169] R13: ffff8800039e2350 R14: fffffffffffffff4 R15: 0000000000000000 [ 95.400169] FS: 00007f11d793b7d0(0000) GS:ffff880001991000(0000) knlGS:0000000000000000 [ 95.400169] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 95.400169] CR2: 0000000000000000 CR3: 0000000002995000 CR4: 00000000000006b0 [ 95.400169] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 95.400169] DR3: 0000000000000000 DR6: 0000000000000000 DR7: 0000000000000000 [ 95.400169] Process mount (pid: 1917, threadinfo ffff880003a9c000, task ffff880000cb2d60) [ 95.400169] Stack: [ 95.400169] ffffffff8111901a ffff880003a9dc18 ffffffff8111901a 0000000000000001 [ 95.400169] <0> ffff880000804540 ffffffffa016cfd0 0000000000000000 0000000000000000 [ 95.400169] <0> ffff880003386000 ffff880003a9dc48 ffffffff811192e7 ffff880003a9dc58 [ 95.400169] Call Trace: [ 95.400169] [<ffffffff8111901a>] ? __lookup_hash+0xfa/0x150 [ 95.400169] [<ffffffff8111901a>] ? __lookup_hash+0xfa/0x150 [ 95.400169] [<ffffffff811192e7>] lookup_one_len+0xc7/0x110 [ 95.400169] [<ffffffff811192e7>] ? lookup_one_len+0xc7/0x110 [ 95.400169] [<ffffffffa016530c>] reiserfs_xattr_init+0x1dc/0x260 [reiserfs] [ 95.400169] [<ffffffffa0150da7>] reiserfs_fill_super+0x8c7/0xc00 [reiserfs] [ 95.400169] [<ffffffff8111132f>] get_sb_bdev+0x16f/0x1b0 [ 95.400169] [<ffffffffa01504e0>] ? reiserfs_fill_super+0x0/0xc00 [reiserfs] [ 95.400169] [<ffffffff8110959b>] ? __alloc_percpu+0xb/0x10 [ 95.400169] [<ffffffffa014d653>] get_super_block+0x13/0x20 [reiserfs] [ 95.400169] [<ffffffff81110e06>] vfs_kern_mount+0x76/0x180 [ 95.400169] [<ffffffff81110f7d>] do_kern_mount+0x4d/0x120 [ 95.400169] [<ffffffff8112929f>] do_mount+0x2ff/0x880 [ 95.400169] [<ffffffff811298af>] sys_mount+0x8f/0xe0 [ 95.400169] [<ffffffff81011ec2>] system_call_fastpath+0x16/0x1b [ 95.400169] Code: Bad RIP value. [ 95.400169] RIP [<(null)>] (null) [ 95.400169] RSP <ffff880003a9dbc0> [ 95.400169] CR2: 0000000000000000 [ 95.426324] ---[ end trace 5768429dcc99b425 ]--- BTW, it will be good if any special treatment of .reiserfs_priv could be disabled by mount option. -- To unsubscribe from this list: send the line "unsubscribe reiserfs-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html