Hi,
While playing around with loop mounts on kernel 2.6.9 I managed to get
a kernel panic. After messing around with it I can reproduce the
problem reliably. The sequence I came up with to cause the problem:
mount -o loop /dev/loop/0 /mnt
mount -o loop /dev/loop/1 /mnt
mount -o loop /dev/loop/2 /mnt
mount /dev/loop/0 /mnt -t ext2
I know the above is silly and contrived.
An example oops is as follows (I copied this down on paper and then
back, so hopefully I made no transcription errors):
Unable to handle kernel paging request at virtual address 98858a6f
printing eip:
c011345a
*pde = 00000000
Oops: 0000 [#1]
SMP
Modules linked in:
CPU 0
EIP 0060:[<c011345a>] Not tainted VLI
EFLAGS 00010083 (2.6.9)
EIP is at do_page_fault+0x99/0x599
eax: c9100000 ebx: 65642f3c ecx: 0000007b edx: f7d4858b
esi: 00000000 edi: c01133c1 ebp: 988589ff esp: c9100108
ds: 007b es: 007b ss: 0068
Unable to handle kernel NULL pointer dereference at virtual address 00000070
printing eip:
c011345a
*pde = 00000000
I ran this through ksymoops, but it just spit it back at me with the
following tacked on:
Warning (Oops_read): Code line not seen, dumping what data is available
>>eax; c9100000 <pg0+8b9f000/3fa9d400>
>>edx; f7d4858b <pg0+377e758b/3fa9d400>
>>edi; c01133c1 <do_page_fault+0/599>
>>esp; c9100108 <pg0+8b9f108/3fa9d400>
1 warning issued. Results may not be reliable.
So I'm not sure if that's useful. I could also get my system to lock up
if I did the above, but without the loop1 and 2 devices. One time it
just froze, no messages. Another time I got:
double fault, gdt at c1408260 [255 bytes]
I'm attaching my kernel config if that's of any help. If you'd like me
to reply to the list, please CC me so I can set the In-Reply-To header
properly.
Chris
On Fri, Nov 12, 2004 at 02:49:34AM -0800, Chris Spiegel wrote:
> While playing around with loop mounts on kernel 2.6.9 I managed to get
> a kernel panic. After messing around with it I can reproduce the
> problem reliably. The sequence I came up with to cause the problem:
>
> mount -o loop /dev/loop/0 /mnt
> mount -o loop /dev/loop/1 /mnt
> mount -o loop /dev/loop/2 /mnt
> mount /dev/loop/0 /mnt -t ext2
>
> Unable to handle kernel paging request at virtual address 98858a6f
> printing eip:
> c011345a
> *pde = 00000000
> Oops: 0000 [#1]
> SMP
> Modules linked in:
> CPU 0
> EIP 0060:[<c011345a>] Not tainted VLI
> EFLAGS 00010083 (2.6.9)
> EIP is at do_page_fault+0x99/0x599
> eax: c9100000 ebx: 65642f3c ecx: 0000007b edx: f7d4858b
> esi: 00000000 edi: c01133c1 ebp: 988589ff esp: c9100108
> ds: 007b es: 007b ss: 0068
> Unable to handle kernel NULL pointer dereference at virtual address 00000070
> printing eip:
> c011345a
> *pde = 00000000
I do not see precisely the same - but I do not use devfs.
What happens for me is: the "mount -o loop /dev/loop0 /mnt"
takes the first unused loop device, /dev/loop0, and then
does "losetup /dev/loop0 /dev/loop0", and then does mount.
But there is a loop in the loop devices and the kernel dies in
infinite recursion.
The easiest fix is saying "don't do that then".
But, on the other hand, maybe it is reasonable to add a check.
Hope to send a patch later this evening.
Andries