Latest working kernel version: Earliest failing kernel version: Distribution: Minimal Debian sid (unstable) Hardware Environment: qemu x86 Software Environment: Problem Description: When the attached filesystem is unmounted after some use, a kernel BUG happens. Steps to reproduce: 1. bunzip2 the attached filesystem image 2. mount hdb.2001017 /mnt 3. cd /mnt 4. cp -R doc doc2 5. mkdir tmp 6. cd / 7. umount /mnt 8. (boom)
Created attachment 17089 [details] Test case, corrupted ext3 filesystem hdb.2001017, bzip2 compressed Here's the backtrace: ---------- fstest:~# mount /dev/hdb /mnt [ 15.475144] kjournald starting. Commit interval 5 seconds [ 15.475144] EXT3 FS on hdb, internal journal [ 15.475144] EXT3-fs: mounted filesystem with ordered data mode. fstest:~# cd /mnt fstest:/mnt# cp -R doc doc2 [ 19.174443] EXT3-fs error (device hdb): ext3_valid_block_bitmap: Invalid block bitmap - block_group = 0, block = 44 [ 19.178191] EXT3-fs error (device hdb): htree_dirblock_to_tree: bad entry in directory #1517: inode out of bounds - offset=24, inode=131832, rec_len=12, name_len=4 fstest:/mnt# mkdir tmp fstest:/mnt# cd fstest:~# umount /mnt [ 23.200523] ------------[ cut here ]------------ [ 23.200854] kernel BUG at fs/buffer.c:2926! [ 23.201011] invalid opcode: 0000 [#1] [ 23.201158] [ 23.201256] Pid: 663, comm: umount Not tainted (2.6.27-rc1 #1) [ 23.201444] EIP: 0060:[<c028177f>] EFLAGS: 00000246 CPU: 0 [ 23.201676] EIP is at submit_bh+0xe9/0xf1 [ 23.201815] EAX: 00000005 EBX: c748b038 ECX: 00000000 EDX: c748b038 [ 23.202012] ESI: 00000001 EDI: 00000011 EBP: c7aedd38 ESP: c7aedd2c [ 23.202211] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 [ 23.202400] Process umount (pid: 663, ti=c7aec000 task=c7824bc0 task.ti=c7aec000) [ 23.202625] Stack: c748b038 00000001 c7adec14 c7aedd48 c0282c01 c7adec00 c713e800 c7aedd64 [ 23.202995] c031677f 00000001 c748b038 c7adec00 0000000d 0000000a c7aedd80 c03152c8 [ 23.203344] c7adec14 c7adedc0 c748bce8 c7adedc0 c7aedec4 c7aedeb0 c03154a3 c7aec000 [ 23.203692] Call Trace: [ 23.203815] [<c0282c01>] ? sync_dirty_buffer+0x4f/0xd5 [ 23.204019] [<c031677f>] ? journal_update_superblock+0x75/0xc7 [ 23.204248] [<c03152c8>] ? cleanup_journal_tail+0x88/0xea [ 23.204450] [<c03154a3>] ? log_do_checkpoint+0x138/0x41d [ 23.204655] [<c02130f4>] ? __dequeue_entity+0x24/0x95 [ 23.204850] [<c0210ff3>] ? update_curr+0x7a/0x9d [ 23.205033] [<c0213279>] ? set_next_entity+0x114/0x13d [ 23.205144] [<c0546392>] ? _spin_unlock_irq+0x1d/0x21 [ 23.205144] [<c0215956>] ? finish_task_switch+0x54/0x98 [ 23.205144] [<c021592c>] ? finish_task_switch+0x2a/0x98 [ 23.205144] [<c05446fc>] ? schedule+0x293/0x41c [ 23.205144] [<c0546533>] ? _spin_lock_irqsave+0x36/0x3f [ 23.205144] [<c0546481>] ? _spin_lock+0x32/0x38 [ 23.205144] [<c0316ab5>] ? journal_destroy+0xf9/0x1a4 [ 23.205144] [<c022a8cc>] ? autoremove_wake_function+0x0/0x3a [ 23.205144] [<c02e78cd>] ? ext3_put_super+0x24/0x1bc [ 23.205144] [<c0545467>] ? mutex_unlock+0x8/0xa [ 23.205144] [<c0274fd3>] ? invalidate_inodes+0xcd/0xd8 [ 23.205144] [<c02640f2>] ? generic_shutdown_super+0x55/0xeb [ 23.205144] [<c0264197>] ? kill_block_super+0xf/0x20 [ 23.205144] [<c0264238>] ? deactivate_super+0x3f/0x51 [ 23.205144] [<c02776c8>] ? mntput_no_expire+0x62/0xba [ 23.205144] [<c0277997>] ? sys_umount+0x49/0x2cd [ 23.205144] [<c0277c34>] ? sys_oldumount+0x19/0x1b [ 23.205144] [<c0202dfe>] ? syscall_call+0x7/0xb [ 23.205144] ======================= [ 23.205144] Code: 46 0c 24 80 3c 01 19 db f7 d3 83 e3 a1 89 f0 e8 b2 31 00 00 89 d8 5b 5e 5f 5d c3 8d 43 01 80 63 01 f7 e9 6e ff ff ff 0f 0b eb fe <0f> 0b eb fe 0f 0b eb fe 55 89 e5 53 89 c3 8b 48 38 83 fa a1 75 [ 23.205144] EIP: [<c028177f>] submit_bh+0xe9/0xf1 SS:ESP 0068:c7aedd2c [ 23.205229] ---[ end trace f54de0003e80c8c1 ]--- [ 23.205357] ------------[ cut here ]------------ [ 23.205471] WARNING: at kernel/exit.c:1002 do_exit+0x404/0x78e() [ 23.205647] Pid: 663, comm: umount Tainted: G D 2.6.27-rc1 #1 [ 23.205802] [<c0544178>] ? printk+0x18/0x20 [ 23.205930] [<c021905a>] warn_on_slowpath+0x49/0x6d [ 23.206066] [<c0460922>] ? delay_tsc+0x17/0x21 [ 23.206201] [<c05463d9>] ? _spin_unlock+0x1d/0x20 [ 23.206338] [<c0489a8f>] ? serial8250_console_putchar+0x0/0xa7 [ 23.206500] [<c0546533>] ? _spin_lock_irqsave+0x36/0x3f [ 23.206649] [<c02197a8>] ? release_console_sem+0x1a4/0x1ae [ 23.206804] [<c021c1f9>] do_exit+0x404/0x78e [ 23.206927] [<c020b27e>] ? smp_apic_timer_interrupt+0x42/0x73 [ 23.207086] [<c0544178>] ? printk+0x18/0x20 [ 23.207211] [<c0218f92>] ? print_oops_end_marker+0x2a/0x2c [ 23.207365] [<c020356d>] oops_begin+0x0/0x6b [ 23.207487] [<c0203e95>] die+0x4e/0x64 [ 23.207596] [<c020429d>] do_trap+0x83/0xab [ 23.208669] [<c0204598>] ? do_invalid_op+0x0/0x92 [ 23.209952] [<c0204620>] do_invalid_op+0x88/0x92 [ 23.210252] [<c028177f>] ? submit_bh+0xe9/0xf1 [ 23.210526] [<c044fba3>] ? freed_request+0x1f/0x3e [ 23.210798] [<c044fc28>] ? __blk_put_request+0x66/0x7e [ 23.211089] [<c044fcb1>] ? end_that_request_last+0x71/0x1e5 [ 23.211394] [<c044db1b>] ? elv_queue_empty+0x22/0x24 [ 23.211670] [<c0497bf3>] ? ide_do_request+0x91/0xa56 [ 23.211949] [<c054681a>] error_code+0x6a/0x70 [ 23.212192] [<c028177f>] ? submit_bh+0xe9/0xf1 [ 23.212447] [<c0282c01>] sync_dirty_buffer+0x4f/0xd5 [ 23.212708] [<c031677f>] journal_update_superblock+0x75/0xc7 [ 23.213003] [<c03152c8>] cleanup_journal_tail+0x88/0xea [ 23.213282] [<c03154a3>] log_do_checkpoint+0x138/0x41d [ 23.213555] [<c02130f4>] ? __dequeue_entity+0x24/0x95 [ 23.213834] [<c0210ff3>] ? update_curr+0x7a/0x9d [ 23.214100] [<c0213279>] ? set_next_entity+0x114/0x13d [ 23.214382] [<c0546392>] ? _spin_unlock_irq+0x1d/0x21 [ 23.214666] [<c0215956>] ? finish_task_switch+0x54/0x98 [ 23.214953] [<c021592c>] ? finish_task_switch+0x2a/0x98 [ 23.215239] [<c05446fc>] ? schedule+0x293/0x41c [ 23.215496] [<c0546533>] ? _spin_lock_irqsave+0x36/0x3f [ 23.215787] [<c0546481>] ? _spin_lock+0x32/0x38 [ 23.216045] [<c0316ab5>] journal_destroy+0xf9/0x1a4 [ 23.216306] [<c022a8cc>] ? autoremove_wake_function+0x0/0x3a [ 23.216611] [<c02e78cd>] ext3_put_super+0x24/0x1bc [ 23.216862] [<c0545467>] ? mutex_unlock+0x8/0xa [ 23.217126] [<c0274fd3>] ? invalidate_inodes+0xcd/0xd8 [ 23.217411] [<c02640f2>] generic_shutdown_super+0x55/0xeb [ 23.217693] [<c0264197>] kill_block_super+0xf/0x20 [ 23.217951] [<c0264238>] deactivate_super+0x3f/0x51 [ 23.218215] [<c02776c8>] mntput_no_expire+0x62/0xba [ 23.218475] [<c0277997>] sys_umount+0x49/0x2cd [ 23.218718] [<c0277c34>] sys_oldumount+0x19/0x1b [ 23.218969] [<c0202dfe>] syscall_call+0x7/0xb [ 23.219211] ======================= [ 23.219396] ---[ end trace f54de0003e80c8c1 ]--- fstest:~# ----------
Hello tried to reproduce without luck on 2.6.26-1: mlap:/home/mio/Desktop# strings hdb.2001017|less mlap:/home/mio/Desktop# mount hdb.2001017 /mnt mount: /home/mio/Desktop/hdb.2001017 is not a block device (maybe try `-o loop'?) mlap:/home/mio/Desktop# file hdb.2001017 hdb.2001017: Linux rev 1.0 ext3 filesystem data, UUID=91a55942-b577-4a24-995d-f4c612d245cf mlap:/home/mio/Desktop# uname -a Linux mlap 2.6.26-1-686 #1 SMP Sat Jan 10 18:29:31 UTC 2009 i686 GNU/Linux mlap:/home/mio/Desktop# lsmod|grep ext ext3 105512 0 jbd 39444 1 ext3 mbcache 7108 1 ext3 mlap:/home/mio/Desktop# ls -alh hdb.2001017* -rw-r--r-- 1 mio mio 10M 2011-03-10 08:39 hdb.2001017 -rw-r--r-- 1 mio mio 497K 2011-03-10 08:41 hdb.2001017.bz2 mlap:/home/mio/Desktop# mount -o loop hdb.2001017 /mnt mount: wrong fs type, bad option, bad superblock on /dev/loop0, missing codepage or helper program, or other error In some cases useful info is found in syslog - try dmesg | tail or so mlap:/home/mio/Desktop# mount hdb.2001017 /mnt mount: /home/mio/Desktop/hdb.2001017 is not a block device (maybe try `-o loop'?) mlap:/home/mio/Desktop# dmesg|tail [48340.313650] JBD: IO error reading journal superblock [48340.313655] EXT3-fs: error loading journal. [48645.770416] attempt to access beyond end of device [48645.770430] loop0: rw=0, want=4294967734, limit=20480 [48645.770434] JBD: IO error reading journal superblock [48645.770439] EXT3-fs: error loading journal. [48664.337340] attempt to access beyond end of device [48664.337356] loop0: rw=0, want=4294967734, limit=20480 [48664.337360] JBD: IO error reading journal superblock [48664.337366] EXT3-fs: error loading journal.