Bug#534690: linux-image-2.6.30-1-686: unable to unmount a loop device
On Fri, 2009-06-26 at 13:50 +0200, Jakub Wilk wrote: Package: linux-image-2.6.30-1-686 Version: 2.6.30-1 Severity: normal # lsmod | grep -c loop 0 # modprobe loop max_part=8 # dd if=/dev/zero of=/tmp/fs bs=1M count=1 1+0 records in 1+0 records out 1048576 bytes (1.0 MB) copied, 0.00407344 s, 257 MB/s # mke2fs -F -q /tmp/fs # mkdir /tmp/mnt/ # mount -o loop /tmp/fs /tmp/mnt/ # umount /tmp/mnt/ [ 284.509864] BUG: unable to handle kernel NULL pointer dereference at 0060 [ 284.509902] IP: [c01f6f27] blkdev_ioctl+0x25/0x842 [ 284.509929] *pde = [ 284.509944] Oops: [#1] SMP [ 284.509963] last sysfs file: /sys/devices/virtual/block/loop0/removable [ 284.509980] Modules linked in: loop ext2 tun kvm_amd kvm binfmt_misc nf_conntrack_ipv6 ip6table_filter ip6_tables nvidiafb fb_ddc vgastate xt_MARK iptable_mangle iptable_nat nf_nat ipt_REJECT xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack iptable_filter ip_tables x_tables fuse snd_hda_codec_realtek tvaudio tda7432 tuner_simple tuner_types tuner arc4 ecb snd_hda_intel snd_hda_codec bttv ir_common snd_hwdep i2c_algo_bit v4l2_common videodev v4l1_compat snd_pcm videobuf_dma_sg snd_seq snd_timer snd_seq_device rt61pci crc_itu_t rt2x00pci snd videobuf_core btcx_risc rt2x00lib soundcore snd_page_alloc led_class input_polldev mac80211 tveeprom cfg80211 eeprom_93cx6 i2c_nforce2 i2c_core evdev processor button k8temp serio_raw psmouse ext3 jbd mbcache ide_gd_mod ide_cd_mod cdrom ata_generic libata scsi_mod ide_pci_generic amd74xx forcedeth ide_core ohci_hcd ehci_hcd usbcore floppy thermal fan thermal_sys [last unloaded: loop] [ 284.510570] [ 284.510581] Pid: 3328, comm: umount Not tainted (2.6.30-1-686 #1) M61SME-S2 [ 284.510600] EIP: 0060:[c01f6f27] EFLAGS: 00010287 CPU: 1 [ 284.510617] EIP is at blkdev_ioctl+0x25/0x842 This matches the source line: struct gendisk *disk = bdev-bd_disk; [ 284.510630] EAX: EBX: 125f ECX: 125f EDX: and bdev == NULL. [ 284.510645] ESI: EDI: EBP: ESP: c3fefe08 [ 284.510662] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 [ 284.510677] Process umount (pid: 3328, ti=c3fee000 task=c3d2e750 task.ti=c3fee000) [ 284.510694] Stack: [ 284.510704] c011dda9 c04ca6ec c3d2e750 c3cacc80 c3cacc80 c3cacc80 c04951c0 [ 284.510756] c031ce8e c38630c0 0b00 c04951c0 0212 c3d2e904 [ 284.510814] 0001 0246 3e1b71e2 0042 c040c840 000c c017160e 000c [ 284.510876] Call Trace: [ 284.510886] [c011dda9] ? pick_next_task_fair+0x80/0x87 [ 284.510909] [c031ce8e] ? __schedule+0x719/0x746 [ 284.510931] [c017160e] ? release_pages+0x11c/0x124 [ 284.510953] [c011cc82] ? update_curr+0x58/0x178 [ 284.510973] [c031cec0] ? schedule+0x5/0x13 [ 284.510991] [c031cfeb] ? schedule_timeout+0x14/0xbd [ 284.511011] [c011cf9e] ? check_preempt_wakeup+0x139/0x173 [ 284.511031] [c031c6c7] ? wait_for_common+0xc1/0x112 [ 284.511051] [c0121ee3] ? default_wake_function+0x0/0x8 [ 284.511075] [c01a9eac] ? ioctl_by_bdev+0x20/0x2f [ 284.511096] [f8463f90] ? loop_clr_fd+0x186/0x1a2 [loop] [ 284.59] [f8463fdb] ? lo_release+0x2f/0x53 [loop] [...] Since this change, lo_release() calls loop_clr_fd() with bdev = NULL: commit bb21488482bd36eae6b30b014d93619063773fd4 Author: Al Viro v...@zeniv.linux.org.uk Date: Sun Mar 2 09:29:48 2008 -0500 [PATCH] switch loop ioctl doesn't need BKL here Signed-off-by: Al Viro v...@zeniv.linux.org.uk Most actions in loop_clr_fd() that use bdev were made conditional on bdev != NULL, with the exception of: if (max_part 0) ioctl_by_bdev(bdev, BLKRRPART, 0); So I think that this if() needs to test bdev as well. Ben. -- Ben Hutchings It is impossible to make anything foolproof because fools are so ingenious. signature.asc Description: This is a digitally signed message part
Bug#534690: linux-image-2.6.30-1-686: unable to unmount a loop device
Package: linux-image-2.6.30-1-686 Version: 2.6.30-1 Severity: normal # lsmod | grep -c loop 0 # modprobe loop max_part=8 # dd if=/dev/zero of=/tmp/fs bs=1M count=1 1+0 records in 1+0 records out 1048576 bytes (1.0 MB) copied, 0.00407344 s, 257 MB/s # mke2fs -F -q /tmp/fs # mkdir /tmp/mnt/ # mount -o loop /tmp/fs /tmp/mnt/ # umount /tmp/mnt/ [ 284.509864] BUG: unable to handle kernel NULL pointer dereference at 0060 [ 284.509902] IP: [c01f6f27] blkdev_ioctl+0x25/0x842 [ 284.509929] *pde = [ 284.509944] Oops: [#1] SMP [ 284.509963] last sysfs file: /sys/devices/virtual/block/loop0/removable [ 284.509980] Modules linked in: loop ext2 tun kvm_amd kvm binfmt_misc nf_conntrack_ipv6 ip6table_filter ip6_tables nvidiafb fb_ddc vgastate xt_MARK iptable_mangle iptable_nat nf_nat ipt_REJECT xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack iptable_filter ip_tables x_tables fuse snd_hda_codec_realtek tvaudio tda7432 tuner_simple tuner_types tuner arc4 ecb snd_hda_intel snd_hda_codec bttv ir_common snd_hwdep i2c_algo_bit v4l2_common videodev v4l1_compat snd_pcm videobuf_dma_sg snd_seq snd_timer snd_seq_device rt61pci crc_itu_t rt2x00pci snd videobuf_core btcx_risc rt2x00lib soundcore snd_page_alloc led_class input_polldev mac80211 tveeprom cfg80211 eeprom_93cx6 i2c_nforce2 i2c_core evdev processor button k8temp serio_raw psmouse ext3 jbd mbcache ide_gd_mod ide_cd_mod cdrom ata_generic libata scsi_mod ide_pci_generic amd74xx forcedeth ide_core ohci_hcd ehci_hcd usbcore floppy thermal fan thermal_sys [last unloaded: loop] [ 284.510570] [ 284.510581] Pid: 3328, comm: umount Not tainted (2.6.30-1-686 #1) M61SME-S2 [ 284.510600] EIP: 0060:[c01f6f27] EFLAGS: 00010287 CPU: 1 [ 284.510617] EIP is at blkdev_ioctl+0x25/0x842 [ 284.510630] EAX: EBX: 125f ECX: 125f EDX: [ 284.510645] ESI: EDI: EBP: ESP: c3fefe08 [ 284.510662] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 [ 284.510677] Process umount (pid: 3328, ti=c3fee000 task=c3d2e750 task.ti=c3fee000) [ 284.510694] Stack: [ 284.510704] c011dda9 c04ca6ec c3d2e750 c3cacc80 c3cacc80 c3cacc80 c04951c0 [ 284.510756] c031ce8e c38630c0 0b00 c04951c0 0212 c3d2e904 [ 284.510814] 0001 0246 3e1b71e2 0042 c040c840 000c c017160e 000c [ 284.510876] Call Trace: [ 284.510886] [c011dda9] ? pick_next_task_fair+0x80/0x87 [ 284.510909] [c031ce8e] ? __schedule+0x719/0x746 [ 284.510931] [c017160e] ? release_pages+0x11c/0x124 [ 284.510953] [c011cc82] ? update_curr+0x58/0x178 [ 284.510973] [c031cec0] ? schedule+0x5/0x13 [ 284.510991] [c031cfeb] ? schedule_timeout+0x14/0xbd [ 284.511011] [c011cf9e] ? check_preempt_wakeup+0x139/0x173 [ 284.511031] [c031c6c7] ? wait_for_common+0xc1/0x112 [ 284.511051] [c0121ee3] ? default_wake_function+0x0/0x8 [ 284.511075] [c01a9eac] ? ioctl_by_bdev+0x20/0x2f [ 284.511096] [f8463f90] ? loop_clr_fd+0x186/0x1a2 [loop] [ 284.59] [f8463fdb] ? lo_release+0x2f/0x53 [loop] [ 284.511141] [c01aa955] ? __blkdev_put+0x7a/0x10f [ 284.511160] [c01ba4dd] ? vfs_quota_off+0x0/0xd [ 284.511183] [c018f4ad] ? deactivate_super+0x4a/0x61 [ 284.511204] [c019e6d5] ? sys_umount+0x29a/0x2c0 [ 284.511225] [c019e706] ? sys_oldumount+0xb/0xe [ 284.511243] [c0103014] ? sysenter_do_call+0x12/0x28 [ 284.511264] Code: 40 e9 30 57 f2 ff 55 89 d5 57 56 89 c6 53 89 cb 81 ec f0 00 00 00 81 f9 65 12 00 00 89 44 24 38 8b bc 24 04 01 00 00 89 44 24 10 8b 50 60 0f 84 cb 03 00 00 77 79 81 f9 60 12 00 00 0f 84 77 07 [ 284.511591] EIP: [c01f6f27] blkdev_ioctl+0x25/0x842 SS:ESP 0068:c3fefe08 [ 284.511618] CR2: 0060 [ 284.511631] ---[ end trace 35bc3eb2ec9cc947 ]--- Killed -- Package-specific info: ** Version: Linux version 2.6.30-1-686 (Debian 2.6.30-1) (wa...@debian.org) (gcc version 4.3.3 (Debian 4.3.3-11) ) #1 SMP Sun Jun 14 16:11:32 UTC 2009 -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (900, 'unstable'), (500, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.30-1-686 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages linux-image-2.6.30-1-686 depends on: ii debconf [debconf-2.0] 1.5.26 Debian configuration management sy ii initramfs-tools [linux-initra 0.93.3 tools for generating an initramfs ii module-init-tools 3.9-2 tools for managing Linux kernel mo Versions of packages linux-image-2.6.30-1-686 recommends: ii libc6-i6862.9-18 GNU C Library: Shared libraries [i Versions of packages linux-image-2.6.30-1-686 suggests: ii lilo 1:22.8-7 LInux LOader - The Classic OS load pn linux-doc-2.6.30 none (no description available) -- debconf-show failed -- Jakub Wilk -- To UNSUBSCRIBE, email to