Bug 11250 - ext3: kernel BUG on unmounting an intentionally corrupted fs
Summary: ext3: kernel BUG on unmounting an intentionally corrupted fs
Status: CLOSED CODE_FIX
Alias: None
Product: File System
Classification: Unclassified
Component: ext3 (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: Andrew Morton
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-08-05 05:21 UTC by Sami Liedes
Modified: 2012-05-22 13:10 UTC (History)
3 users (show)

See Also:
Kernel Version: 2.6.27-rc1 (+ patch for #10976, now in -mm)
Subsystem:
Regression: No
Bisected commit-id:


Attachments
Test case, corrupted ext3 filesystem hdb.2001017, bzip2 compressed (496.89 KB, application/x-bzip2)
2008-08-05 05:24 UTC, Sami Liedes
Details

Description Sami Liedes 2008-08-05 05:21:17 UTC
Latest working kernel version:
Earliest failing kernel version:
Distribution: Minimal Debian sid (unstable)
Hardware Environment: qemu x86
Software Environment:
Problem Description:

When the attached filesystem is unmounted after some use, a kernel BUG happens.

Steps to reproduce:

1. bunzip2 the attached filesystem image
2. mount hdb.2001017 /mnt
3. cd /mnt
4. cp -R doc doc2
5. mkdir tmp
6. cd /
7. umount /mnt
8. (boom)
Comment 1 Sami Liedes 2008-08-05 05:24:40 UTC
Created attachment 17089 [details]
Test case, corrupted ext3 filesystem hdb.2001017, bzip2 compressed

Here's the backtrace:

----------
fstest:~# mount /dev/hdb /mnt
[   15.475144] kjournald starting.  Commit interval 5 seconds
[   15.475144] EXT3 FS on hdb, internal journal
[   15.475144] EXT3-fs: mounted filesystem with ordered data mode.
fstest:~# cd /mnt
fstest:/mnt# cp -R doc doc2
[   19.174443] EXT3-fs error (device hdb): ext3_valid_block_bitmap: Invalid block bitmap - block_group = 0, block = 44
[   19.178191] EXT3-fs error (device hdb): htree_dirblock_to_tree: bad entry in directory #1517: inode out of bounds - offset=24, inode=131832, rec_len=12, name_len=4
fstest:/mnt# mkdir tmp
fstest:/mnt# cd
fstest:~# umount /mnt
[   23.200523] ------------[ cut here ]------------
[   23.200854] kernel BUG at fs/buffer.c:2926!
[   23.201011] invalid opcode: 0000 [#1] 
[   23.201158] 
[   23.201256] Pid: 663, comm: umount Not tainted (2.6.27-rc1 #1)
[   23.201444] EIP: 0060:[<c028177f>] EFLAGS: 00000246 CPU: 0
[   23.201676] EIP is at submit_bh+0xe9/0xf1
[   23.201815] EAX: 00000005 EBX: c748b038 ECX: 00000000 EDX: c748b038
[   23.202012] ESI: 00000001 EDI: 00000011 EBP: c7aedd38 ESP: c7aedd2c
[   23.202211]  DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
[   23.202400] Process umount (pid: 663, ti=c7aec000 task=c7824bc0 task.ti=c7aec000)
[   23.202625] Stack: c748b038 00000001 c7adec14 c7aedd48 c0282c01 c7adec00 c713e800 c7aedd64 
[   23.202995]        c031677f 00000001 c748b038 c7adec00 0000000d 0000000a c7aedd80 c03152c8 
[   23.203344]        c7adec14 c7adedc0 c748bce8 c7adedc0 c7aedec4 c7aedeb0 c03154a3 c7aec000 
[   23.203692] Call Trace:
[   23.203815]  [<c0282c01>] ? sync_dirty_buffer+0x4f/0xd5
[   23.204019]  [<c031677f>] ? journal_update_superblock+0x75/0xc7
[   23.204248]  [<c03152c8>] ? cleanup_journal_tail+0x88/0xea
[   23.204450]  [<c03154a3>] ? log_do_checkpoint+0x138/0x41d
[   23.204655]  [<c02130f4>] ? __dequeue_entity+0x24/0x95
[   23.204850]  [<c0210ff3>] ? update_curr+0x7a/0x9d
[   23.205033]  [<c0213279>] ? set_next_entity+0x114/0x13d
[   23.205144]  [<c0546392>] ? _spin_unlock_irq+0x1d/0x21
[   23.205144]  [<c0215956>] ? finish_task_switch+0x54/0x98
[   23.205144]  [<c021592c>] ? finish_task_switch+0x2a/0x98
[   23.205144]  [<c05446fc>] ? schedule+0x293/0x41c
[   23.205144]  [<c0546533>] ? _spin_lock_irqsave+0x36/0x3f
[   23.205144]  [<c0546481>] ? _spin_lock+0x32/0x38
[   23.205144]  [<c0316ab5>] ? journal_destroy+0xf9/0x1a4
[   23.205144]  [<c022a8cc>] ? autoremove_wake_function+0x0/0x3a
[   23.205144]  [<c02e78cd>] ? ext3_put_super+0x24/0x1bc
[   23.205144]  [<c0545467>] ? mutex_unlock+0x8/0xa
[   23.205144]  [<c0274fd3>] ? invalidate_inodes+0xcd/0xd8
[   23.205144]  [<c02640f2>] ? generic_shutdown_super+0x55/0xeb
[   23.205144]  [<c0264197>] ? kill_block_super+0xf/0x20
[   23.205144]  [<c0264238>] ? deactivate_super+0x3f/0x51
[   23.205144]  [<c02776c8>] ? mntput_no_expire+0x62/0xba
[   23.205144]  [<c0277997>] ? sys_umount+0x49/0x2cd
[   23.205144]  [<c0277c34>] ? sys_oldumount+0x19/0x1b
[   23.205144]  [<c0202dfe>] ? syscall_call+0x7/0xb
[   23.205144]  =======================
[   23.205144] Code: 46 0c 24 80 3c 01 19 db f7 d3 83 e3 a1 89 f0 e8 b2 31 00 00 89 d8 5b 5e 5f 5d c3 8d 43 01 80 63 01 f7 e9 6e ff ff ff 0f 0b eb fe <0f> 0b eb fe 0f 0b eb fe 55 89 e5 53 89 c3 8b 48 38 83 fa a1 75 
[   23.205144] EIP: [<c028177f>] submit_bh+0xe9/0xf1 SS:ESP 0068:c7aedd2c
[   23.205229] ---[ end trace f54de0003e80c8c1 ]---
[   23.205357] ------------[ cut here ]------------
[   23.205471] WARNING: at kernel/exit.c:1002 do_exit+0x404/0x78e()
[   23.205647] Pid: 663, comm: umount Tainted: G      D   2.6.27-rc1 #1
[   23.205802]  [<c0544178>] ? printk+0x18/0x20
[   23.205930]  [<c021905a>] warn_on_slowpath+0x49/0x6d
[   23.206066]  [<c0460922>] ? delay_tsc+0x17/0x21
[   23.206201]  [<c05463d9>] ? _spin_unlock+0x1d/0x20
[   23.206338]  [<c0489a8f>] ? serial8250_console_putchar+0x0/0xa7
[   23.206500]  [<c0546533>] ? _spin_lock_irqsave+0x36/0x3f
[   23.206649]  [<c02197a8>] ? release_console_sem+0x1a4/0x1ae
[   23.206804]  [<c021c1f9>] do_exit+0x404/0x78e
[   23.206927]  [<c020b27e>] ? smp_apic_timer_interrupt+0x42/0x73
[   23.207086]  [<c0544178>] ? printk+0x18/0x20
[   23.207211]  [<c0218f92>] ? print_oops_end_marker+0x2a/0x2c
[   23.207365]  [<c020356d>] oops_begin+0x0/0x6b
[   23.207487]  [<c0203e95>] die+0x4e/0x64
[   23.207596]  [<c020429d>] do_trap+0x83/0xab
[   23.208669]  [<c0204598>] ? do_invalid_op+0x0/0x92
[   23.209952]  [<c0204620>] do_invalid_op+0x88/0x92
[   23.210252]  [<c028177f>] ? submit_bh+0xe9/0xf1
[   23.210526]  [<c044fba3>] ? freed_request+0x1f/0x3e
[   23.210798]  [<c044fc28>] ? __blk_put_request+0x66/0x7e
[   23.211089]  [<c044fcb1>] ? end_that_request_last+0x71/0x1e5
[   23.211394]  [<c044db1b>] ? elv_queue_empty+0x22/0x24
[   23.211670]  [<c0497bf3>] ? ide_do_request+0x91/0xa56
[   23.211949]  [<c054681a>] error_code+0x6a/0x70
[   23.212192]  [<c028177f>] ? submit_bh+0xe9/0xf1
[   23.212447]  [<c0282c01>] sync_dirty_buffer+0x4f/0xd5
[   23.212708]  [<c031677f>] journal_update_superblock+0x75/0xc7
[   23.213003]  [<c03152c8>] cleanup_journal_tail+0x88/0xea
[   23.213282]  [<c03154a3>] log_do_checkpoint+0x138/0x41d
[   23.213555]  [<c02130f4>] ? __dequeue_entity+0x24/0x95
[   23.213834]  [<c0210ff3>] ? update_curr+0x7a/0x9d
[   23.214100]  [<c0213279>] ? set_next_entity+0x114/0x13d
[   23.214382]  [<c0546392>] ? _spin_unlock_irq+0x1d/0x21
[   23.214666]  [<c0215956>] ? finish_task_switch+0x54/0x98
[   23.214953]  [<c021592c>] ? finish_task_switch+0x2a/0x98
[   23.215239]  [<c05446fc>] ? schedule+0x293/0x41c
[   23.215496]  [<c0546533>] ? _spin_lock_irqsave+0x36/0x3f
[   23.215787]  [<c0546481>] ? _spin_lock+0x32/0x38
[   23.216045]  [<c0316ab5>] journal_destroy+0xf9/0x1a4
[   23.216306]  [<c022a8cc>] ? autoremove_wake_function+0x0/0x3a
[   23.216611]  [<c02e78cd>] ext3_put_super+0x24/0x1bc
[   23.216862]  [<c0545467>] ? mutex_unlock+0x8/0xa
[   23.217126]  [<c0274fd3>] ? invalidate_inodes+0xcd/0xd8
[   23.217411]  [<c02640f2>] generic_shutdown_super+0x55/0xeb
[   23.217693]  [<c0264197>] kill_block_super+0xf/0x20
[   23.217951]  [<c0264238>] deactivate_super+0x3f/0x51
[   23.218215]  [<c02776c8>] mntput_no_expire+0x62/0xba
[   23.218475]  [<c0277997>] sys_umount+0x49/0x2cd
[   23.218718]  [<c0277c34>] sys_oldumount+0x19/0x1b
[   23.218969]  [<c0202dfe>] syscall_call+0x7/0xb
[   23.219211]  =======================
[   23.219396] ---[ end trace f54de0003e80c8c1 ]---
fstest:~#
----------
Comment 2 Michael Ole Olsen 2011-03-10 07:47:31 UTC
Hello tried to reproduce without luck on 2.6.26-1:

mlap:/home/mio/Desktop# strings hdb.2001017|less
mlap:/home/mio/Desktop# mount hdb.2001017 /mnt
mount: /home/mio/Desktop/hdb.2001017 is not a block device (maybe try `-o loop'?)
mlap:/home/mio/Desktop# file hdb.2001017
hdb.2001017: Linux rev 1.0 ext3 filesystem data, UUID=91a55942-b577-4a24-995d-f4c612d245cf
mlap:/home/mio/Desktop# uname -a
Linux mlap 2.6.26-1-686 #1 SMP Sat Jan 10 18:29:31 UTC 2009 i686 GNU/Linux
mlap:/home/mio/Desktop# lsmod|grep ext
ext3                  105512  0 
jbd                    39444  1 ext3
mbcache                 7108  1 ext3
mlap:/home/mio/Desktop# ls -alh hdb.2001017*
-rw-r--r-- 1 mio mio  10M 2011-03-10 08:39 hdb.2001017
-rw-r--r-- 1 mio mio 497K 2011-03-10 08:41 hdb.2001017.bz2

mlap:/home/mio/Desktop# mount -o loop hdb.2001017 /mnt
mount: wrong fs type, bad option, bad superblock on /dev/loop0,
       missing codepage or helper program, or other error
       In some cases useful info is found in syslog - try
       dmesg | tail  or so

mlap:/home/mio/Desktop# mount hdb.2001017 /mnt
mount: /home/mio/Desktop/hdb.2001017 is not a block device (maybe try `-o loop'?)
mlap:/home/mio/Desktop# dmesg|tail
[48340.313650] JBD: IO error reading journal superblock
[48340.313655] EXT3-fs: error loading journal.
[48645.770416] attempt to access beyond end of device
[48645.770430] loop0: rw=0, want=4294967734, limit=20480
[48645.770434] JBD: IO error reading journal superblock
[48645.770439] EXT3-fs: error loading journal.
[48664.337340] attempt to access beyond end of device
[48664.337356] loop0: rw=0, want=4294967734, limit=20480
[48664.337360] JBD: IO error reading journal superblock
[48664.337366] EXT3-fs: error loading journal.

Note You need to log in before you can comment on or make changes to this bug.