Bug 56091

Summary: kernel oops when copying data to ext4 fs
Product: File System Reporter: David Maciejak (dmaciejak)
Component: ext4Assignee: fs_ext4 (fs_ext4)
Status: RESOLVED OBSOLETE    
Severity: normal CC: dmaciejak, kpraveen.lkml, shakilk1729, szg00000
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 3.8.5 Tree: Mainline
Regression: No
Attachments: FS poc file

Description David Maciejak 2013-04-02 09:38:30 UTC
Hi,

i am doing some filesystems testing (aka fuzzing), got this issue on vanilla 3.8.5:

Apr  2 11:20:15 linux kernel: [  214.925737] JBD2: Spotted dirty metadata buffer (dev = loop0, blocknr = 0). There's a risk of filesystem corruption in case of system crash.
Apr  2 11:20:15 linux kernel: [  214.925778] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2781: comm cp: Allocating blocks 7643-7644 which overlap fs metadata
Apr  2 11:20:15 linux kernel: [  214.944861] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2781: comm cp: Allocating blocks 7646-7647 which overlap fs metadata
Apr  2 11:20:15 linux kernel: [  214.963965] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2781: comm cp: Allocating blocks 26555-26556 which overlap fs metadata
Apr  2 11:20:15 linux kernel: [  214.983102] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2781: comm cp: Allocating blocks 7640-7641 which overlap fs metadata
Apr  2 11:20:15 linux kernel: [  215.002272] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2781: comm cp: Allocating blocks 26553-26554 which overlap fs metadata
Apr  2 11:20:15 linux kernel: [  215.021448] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2781: comm cp: Allocating blocks 26559-26560 which overlap fs metadata
Apr  2 11:20:15 linux kernel: [  215.040668] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2781: comm cp: Allocating blocks 7644-7645 which overlap fs metadata
Apr  2 11:20:15 linux kernel: [  215.059921] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2781: comm cp: Allocating blocks 7647-7648 which overlap fs metadata

Apr  2 11:22:43 linux kernel: [  362.827503] INFO: task jbd2/loop0-8:1853 blocked for more than 120 seconds.
Apr  2 11:22:43 linux kernel: [  362.837075] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Apr  2 11:22:43 linux kernel: [  362.846633] jbd2/loop0-8    D ffff880227233f00     0  1853      2 0x00000000
Apr  2 11:22:43 linux kernel: [  362.846637]  ffff8802087c5c88 0000000000000046 ffff880206795c00 ffff8802087c5fd8
Apr  2 11:22:43 linux kernel: [  362.846641]  ffff8802087c5fd8 ffff8802087c5fd8 ffff880225d49700 ffff880206795c00
Apr  2 11:22:43 linux kernel: [  362.846644]  ffff8802087c5c98 ffff8802087c5d80 ffff8802080970e0 ffff8802087c5d68
Apr  2 11:22:43 linux kernel: [  362.846654] Call Trace:
Apr  2 11:22:43 linux kernel: [  362.846663]  [<ffffffff816b4db9>] schedule+0x29/0x70
Apr  2 11:22:43 linux kernel: [  362.846669]  [<ffffffff8127fea1>] jbd2_journal_commit_transaction+0x211/0x1930
Apr  2 11:22:43 linux kernel: [  362.846676]  [<ffffffff8101358e>] ? __switch_to+0x13e/0x4a0
Apr  2 11:22:43 linux kernel: [  362.846686]  [<ffffffff810999c0>] ? idle_balance+0x1b0/0x300
Apr  2 11:22:43 linux kernel: [  362.846689]  [<ffffffff8107e080>] ? finish_wait+0x80/0x80
Apr  2 11:22:43 linux kernel: [  362.846694]  [<ffffffff816b5fde>] ? _raw_spin_lock_irqsave+0x2e/0x40
Apr  2 11:22:43 linux kernel: [  362.846702]  [<ffffffff81069baf>] ? try_to_del_timer_sync+0x4f/0x70
Apr  2 11:22:43 linux kernel: [  362.846707]  [<ffffffff81285f6d>] kjournald2+0xbd/0x240
Apr  2 11:22:43 linux kernel: [  362.846710]  [<ffffffff8107e080>] ? finish_wait+0x80/0x80
Apr  2 11:22:43 linux kernel: [  362.846713]  [<ffffffff81285eb0>] ? jbd2_journal_release_jbd_inode+0x130/0x130
Apr  2 11:22:43 linux kernel: [  362.846716]  [<ffffffff8107d730>] kthread+0xc0/0xd0
Apr  2 11:22:43 linux kernel: [  362.846719]  [<ffffffff8107d670>] ? kthread_create_on_node+0x130/0x130
Apr  2 11:22:43 linux kernel: [  362.846723]  [<ffffffff816be5ac>] ret_from_fork+0x7c/0xb0
Apr  2 11:22:43 linux kernel: [  362.846733]  [<ffffffff8107d670>] ? kthread_create_on_node+0x130/0x130



how to reproduce:

*you need* to be root to issue the cmds below

mkdir /media/test
gunzip ext4.poc.img.gz
mount -t ext4 -o loop ext4.poc.img /media/test/
ls -alR /media/test
cp /etc/passwd /media/test/INSTALL


Copy will never return, CPU is reaching 100% and call trace is written some minutes after.
Hope this help.


best regards,

David Maciejak
Fortinet's FortiGuard Labs
Comment 1 David Maciejak 2013-04-02 09:43:20 UTC
Created attachment 97011 [details]
FS poc file

FS poc file
Comment 2 David Maciejak 2013-04-02 09:44:10 UTC
i used xz instead of gz to compress the file
Comment 3 shakilk1729@gmail.com 2014-02-01 01:01:56 UTC
Not able to reproduce this in kernel 3.13. Does this mean we have to still fix this in 3.8.5

Regards
Shakil