lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 09 May 2007 17:20:59 -0700
From:	Jeremy Fitzhardinge <jeremy@...p.org>
To:	Andrew Morton <akpm@...ux-foundation.org>
CC:	Ken Chen <kenchen@...gle.com>,
	Peter Zijlstra <a.p.zijlstra@...llo.nl>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Kay Sievers <kay.sievers@...y.org>,
	Alexey Dobriyan <adobriyan@...ru>
Subject: Re: 2.6.21-git11: BUG in loop.ko

Andrew Morton wrote:
> On Wed, 09 May 2007 16:52:41 -0700
> Jeremy Fitzhardinge <jeremy@...p.org> wrote:
>
>   
>> Seems to be getting a 0 refcount.  I don't see anything in the recent
>> changes which might cause this, but this is relatively new behaviour. 
>> It was working for me in the 2.6.21-pre time period, but I haven't tried
>> this since 2.6.21 was released.
>>
>> The BUG is actually triggered by the __module_get(THIS_MODULE) in
>> loop_set_fd.
>>
>>     J
>>
>> loop: module loaded
>> device-mapper: ioctl: 4.11.0-ioctl (2006-10-12) initialised: dm-devel@...hat.com
>> ------------[ cut here ]------------
>> kernel BUG at /home/jeremy/hg/xen/paravirt/linux/include/linux/module.h:396!
>> invalid opcode: 0000 [#1]
>> PREEMPT SMP 
>> Modules linked in: dm_snapshot dm_mod loop
>> CPU:    1
>> EIP:    0061:[<d085a911>]    Not tainted VLI
>> EFLAGS: 00010246   (2.6.21-paravirt #1339)
>> EIP is at lo_ioctl+0x65/0xa52 [loop]
>> eax: 00000000   ebx: cfb92c98   ecx: d085e480   edx: 00000200
>> esi: 00004c00   edi: cf8ad428   ebp: cf37fdc0   esp: cf37fbf8
>> ds: 007b   es: 007b   fs: 00d8  gs: 0033  ss: 0069
>> Process losetup (pid: 440, ti=cf37e000 task=cf30b4d0 task.ti=cf37e000)
>> Stack: c1390080 c1390080 cf37fc10 00000008 cf8ad428 cfbb2258 00000000 cf37fc34 
>>        c01458c5 cfb92c98 c1392a40 cf30ba70 cf30b4d0 cf30ba54 00000002 cf30ba70 
>>        cf30b4d0 cf30ba54 00000002 00000003 c134c088 c134c088 cf37fc90 c01215b8 
>> Call Trace:
>>  [<c0109173>] show_trace_log_lvl+0x1a/0x30
>>  [<c0109226>] show_stack_log_lvl+0x9d/0xa5
>>  [<c0109425>] show_registers+0x1f7/0x336
>>  [<c010967d>] die+0x119/0x21b
>>  [<c0382c78>] do_trap+0x8a/0xa4
>>  [<c0109ad1>] do_invalid_op+0x88/0x92
>>  [<c0382a42>] error_code+0x72/0x78
>>  [<c0211c79>] blkdev_driver_ioctl+0x4c/0x5d
>>  [<c02123de>] blkdev_ioctl+0x754/0x7a2
>>  [<c0198840>] block_ioctl+0x1b/0x1f
>>  [<c0182e2e>] do_ioctl+0x22/0x68
>>  [<c01830a6>] vfs_ioctl+0x232/0x245
>>  [<c0183102>] sys_ioctl+0x49/0x63
>>  [<c0108080>] syscall_call+0x7/0xb
>>  =======================
>> Code: ff 83 f8 06 0f 87 5a 09 00 00 ff 24 85 5c bc 85 d0 8b 9b cc 01 00 00 b8 80 e4 85 d0 89 9d 5c fe ff ff e8 37 0a 8f ef 85 c0 75 04 <0f> 0b eb fe b8 01 00 00 00 e8 79 9f 8c ef e8 ec 4b 9c ef c1 e0 
>> EIP: [<d085a911>] lo_ioctl+0x65/0xa52 [loop] SS:ESP 0069:cf37fbf8
>>
>>     
>
> A few people have been playing with module refcounting lately.  Did you
> work out a reproduce-it recipe?
>   


100% reliable, but a bit obscure.  I'm booting an FC6 livecd with a
paravirt_ops kernel under Xen.  The relevant part of the iso's initrd
script is:

+ mknod /dev/loop118 b 7 118
+ mknod /dev/loop119 b 7 119
+ mknod /dev/loop120 b 7 120
+ mknod /dev/loop121 b 7 121
+ mkdir -p /dev/mapper
+ mknod /dev/mapper/control c 10 63
+ modprobe loop max_loop=128
loop: the max_loop option is obsolete and will be removed in March 2008
loop: module loaded
+ modprobe dm_snapshot
device-mapper: ioctl: 4.11.0-ioctl (2006-10-12) initialised: dm-devel@...hat.com
+ '[' 0 == 1 ']'
+ losetup /dev/loop120 /sysroot/squashfs.img
------------[ cut here ]------------
kernel BUG at /home/jeremy/hg/xen/paravirt/linux/include/linux/module.h:396!
invalid opcode: 0000 [#1]
PREEMPT SMP 
Modules linked in: dm_snapshot dm_mod loop
CPU:    0
EIP:    0061:[<d085a911>]    Not tainted VLI
EFLAGS: 00010246   (2.6.21-paravirt #1339)
[...]


    J
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists