[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a8e1da0707300258k4ee5ed93yadd9e87af45b9330@mail.gmail.com>
Date: Mon, 30 Jul 2007 09:58:34 +0000
From: "Dave Young" <hidave.darkstar@...il.com>
To: "Grant Wilson" <grant.wilson@....co.uk>
Cc: "Andrew Morton" <akpm@...ux-foundation.org>,
linux-kernel@...r.kernel.org
Subject: Re: 2.6.23-rc1-mm1
> Hi,
> I get an oops when trying to mount an ISO file using the loopback device.
> If I revert the patch 'loop-use-unlocked_ioctl.patch' the mount works.
>
> Here's the oops:
>
> [ 85.697033] Unable to handle kernel NULL pointer dereference at 0000000000000100 RIP:
> [ 85.702528] [<ffffffff80477885>] lo_ioctl+0x25/0xaa0
> [ 85.710066] PGD 73fd067 PUD 735b067 PMD 0
> [ 85.714221] Oops: 0000 [1] PREEMPT SMP
> [ 85.718117] CPU 1
> [ 85.720159] Modules linked in:
> [ 85.723242] Pid: 3976, comm: mount Not tainted 2.6.23-rc1-mm1 #4
> [ 85.729247] RIP: 0010:[<ffffffff80477885>] [<ffffffff80477885>] lo_ioctl+0x25/0xaa0
> [ 85.737011] RSP: 0018:ffff8100076a3708 EFLAGS: 00010282
> [ 85.742326] RAX: ffffffff80477860 RBX: 00000000fffffdfd RCX: 0000000000005310
> [ 85.749459] RDX: ffff8100076a3b58 RSI: 0000000000005310 RDI: 0000000000000000
> [ 85.756591] RBP: ffff8100076a3908 R08: ffff8100076a3b58 R09: ffff81000649da80
> [ 85.763723] R10: 0000000000000000 R11: 2222222222222222 R12: 0000000000005310
> [ 85.770856] R13: ffff8100076a3b58 R14: 0000000000005310 R15: 0000000000000000
> [ 85.777988] FS: 00002b4fab3a0e20(0000) GS:ffff810004017180(0000) knlGS:0000000000000000
> [ 85.786081] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> [ 85.791829] CR2: 0000000000000100 CR3: 00000000073d7000 CR4: 00000000000006e0
> [ 85.798970] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [ 85.806102] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> [ 85.813235] Process mount (pid: 3976, threadinfo ffff8100076a2000, task ffff8100062f66d0)
> [ 85.821413] Stack: 0000000200000001 ffff8100062f6e90 ffff8100062f6e90 000000000013638a
> [ 85.829533] ffffffff80a78ef0 0000000000000000 ffff8100076a37b8 ffffffff8025c690
> [ 85.837020] ffff8100062f66d0 ffff8100062f6e58 0000000200000001 0000000000000000
> [ 85.844308] Call Trace:
> [ 85.846961] [<ffffffff8025c690>] __lock_acquire+0x3d0/0x1170
> [ 85.852715] [<ffffffff8025baee>] mark_held_locks+0x3e/0x80
> [ 85.858290] [<ffffffff8064ff0a>] __mutex_lock_slowpath+0x1ca/0x330
> [ 85.864565] [<ffffffff8025baee>] mark_held_locks+0x3e/0x80
> [ 85.870139] [<ffffffff8064fd39>] mutex_unlock+0x9/0x10
> [ 85.875366] [<ffffffff8064fc69>] __mutex_unlock_slowpath+0xd9/0x1a0
> [ 85.881720] [<ffffffff8025bcca>] trace_hardirqs_on+0xda/0x180
> [ 85.887555] [<ffffffff8064fd39>] mutex_unlock+0x9/0x10
> [ 85.892782] [<ffffffff802c3ba1>] do_open+0x231/0x320
> [ 85.897839] [<ffffffff803b7113>] blkdev_driver_ioctl+0x43/0x90
> [ 85.903758] [<ffffffff803b7429>] blkdev_ioctl+0x2c9/0x780
> [ 85.909247] [<ffffffff8065149d>] trace_hardirqs_on_thunk+0x35/0x37
> [ 85.915522] [<ffffffff8020c320>] restore_args+0x0/0x30
> [ 85.920751] [<ffffffff802c2d60>] kill_bdev+0x0/0x40
> [ 85.925718] [<ffffffff802c4084>] ioctl_by_bdev+0x34/0x50
> [ 85.931119] [<ffffffff80336019>] isofs_fill_super+0x969/0xaf0
> [ 85.936954] [<ffffffff80299b9c>] sget+0x3c/0x3f0
> [ 85.941662] [<ffffffff80299760>] test_bdev_super+0x0/0x20
> [ 85.947150] [<ffffffff80651fc0>] _spin_unlock+0x30/0x60
> [ 85.952464] [<ffffffff80299760>] test_bdev_super+0x0/0x20
> [ 85.957951] [<ffffffff80299f4a>] sget+0x3ea/0x3f0
> [ 85.962747] [<ffffffff803c662f>] strlcpy+0x4f/0x70
> [ 85.967628] [<ffffffff8029aa9c>] get_sb_bdev+0x15c/0x190
> [ 85.973029] [<ffffffff803356b0>] isofs_fill_super+0x0/0xaf0
> [ 85.978693] [<ffffffff80334fb3>] isofs_get_sb+0x13/0x20
> [ 85.984006] [<ffffffff8029a4c8>] vfs_kern_mount+0x58/0xc0
> [ 85.989494] [<ffffffff802b2366>] do_mount+0x206/0x850
> [ 85.994635] [<ffffffff8027b891>] __mod_zone_page_state+0x21/0x90
> [ 86.000729] [<ffffffff80273160>] rmqueue_bulk+0x90/0xb0
> [ 86.006043] [<ffffffff80651fc0>] _spin_unlock+0x30/0x60
> [ 86.011358] [<ffffffff80273160>] rmqueue_bulk+0x90/0xb0
> [ 86.016673] [<ffffffff80274425>] get_page_from_freelist+0x395/0x500
> [ 86.023026] [<ffffffff8025bcca>] trace_hardirqs_on+0xda/0x180
> [ 86.028860] [<ffffffff802742b3>] get_page_from_freelist+0x223/0x500
> [ 86.035213] [<ffffffff80274639>] __alloc_pages+0x59/0x3a0
> [ 86.040702] [<ffffffff80246d68>] sigprocmask+0x38/0xf0
> [ 86.045929] [<ffffffff802940e8>] kmem_cache_alloc+0x98/0xd0
> [ 86.051590] [<ffffffff80274a00>] __get_free_pages+0x80/0x90
> [ 86.057251] [<ffffffff802b2a44>] sys_mount+0x94/0xf0
> [ 86.062305] [<ffffffff8065149d>] trace_hardirqs_on_thunk+0x35/0x37
> [ 86.068572] [<ffffffff8020bd7e>] system_call+0x7e/0x83
> [ 86.073799]
> [ 86.075296] INFO: lockdep is turned off.
> [ 86.079226]
> [ 86.079227] Code: 48 8b 87 00 01 00 00 49 89 d6 48 8b 18 48 8b 83 10 03 00 00
> [ 86.088306] RIP [<ffffffff80477885>] lo_ioctl+0x25/0xaa0
> [ 86.093734] RSP <ffff8100076a3708>
> [ 86.097231] CR2: 0000000000000100
>
Hi, andrew,
I debugged this problem. The oops is caused by NUll file pointer.
I change the unlocked_ioctl to ioctl in fops. print some debug info :
[ 51.018272] hidave ### cmd : get_status
[ 51.018281] hidave ### cmd : 19459 inode : c2024b9c file : c2e89c00
[ 51.052419] hidave ### cmd : set_fd
[ 51.052426] hidave ### cmd : 19456 inode : c2024b9c file : c2e89100
[ 51.052494] hidave ### cmd : set_status64
[ 51.052500] hidave ### cmd : 19460 inode : c2024b9c file : c2e89100
[ 51.125241] hidave ### cmd : unknown
>>(The 21264 cmd is a cdrom ioctl command.)
[ 51.125248] hidave ### cmd : 21264 inode : c2024b9c file : 00000000
>>if use ioctl interface the inode is transfered, but in the
unlocked_ioctl interface only the file pointer is transfered, so NULL
caused the panic.
PS: I noticed the fs/block_dev.c: line 1374:
res = blkdev_ioctl(bdev->bd_inode, NULL, cmd, arg);
So, just changeback from unlocked_ioctl to ioctl, the lock_kernel
remove is still ok.
Regards
dave
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists