Bug 12370 - kernel BUG at fs/jbd2/journal.c:1108
Summary: kernel BUG at fs/jbd2/journal.c:1108
Status: RESOLVED CODE_FIX
Alias: None
Product: File System
Classification: Unclassified
Component: ext4 (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: Jan Kara
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-01-06 03:14 UTC by David Maciejak
Modified: 2009-01-19 07:58 UTC (History)
0 users

See Also:
Kernel Version: 2.6.28
Tree: Mainline
Regression: ---


Attachments
img poc (500.40 KB, application/x-gzip)
2009-01-06 03:15 UTC, David Maciejak
Details
Patch fixing possible oopses due to failing getblk() (3.10 KB, patch)
2009-01-06 07:13 UTC, Jan Kara
Details | Diff

Description David Maciejak 2009-01-06 03:14:19 UTC
Latest working kernel version: none
Earliest failing kernel version: unkwown
Distribution: ubuntu
Hardware Environment: dell optiplex 740
Software Environment:
Problem Description:
on mounting a specially crafted ext4 image the kernel oops, mount command gives me a seg fault.
Steps to reproduce:
Mount the image provided with the following command:
mount -t ext4  -o loop ext4.212.img /media/tmp

Regards,

David Maciejak
Fortinet's FortiGuard Global Security Research Team
Comment 1 David Maciejak 2009-01-06 03:15:38 UTC
Created attachment 19673 [details]
img poc
Comment 2 David Maciejak 2009-01-06 03:16:43 UTC
Jan  6 12:09:53 koma-lab kernel: [  127.546104] ------------[ cut here ]------------
Jan  6 12:09:53 koma-lab kernel: [  127.546108] kernel BUG at fs/jbd2/journal.c:1108!
Jan  6 12:09:53 koma-lab kernel: [  127.546113] invalid opcode: 0000 [#1] SMP 
Jan  6 12:09:53 koma-lab kernel: [  127.546119] last sysfs file: /sys/block/loop7/dev
Jan  6 12:09:53 koma-lab kernel: [  127.546125] Dumping ftrace buffer:
Jan  6 12:09:53 koma-lab kernel: [  127.546130]    (ftrace buffer empty)
Jan  6 12:09:53 koma-lab kernel: [  127.546134] Modules linked in: loop af_packet isofs udf crc_itu_t binfmt_misc ipv6 powernow_k8 cpufreq_userspace cpufreq_stats cpufreq_ondemand freq_table cpufreq_powersave cpufreq_conservative wmi video output container sbs sbshc ac pci_slot battery hid_dell hid_pl hid_cypress hid_gyration hid_bright hid_sony hid_samsung hid_microsoft hid_monterey hid_ezkey hid_apple hid_a4tech hid_logitech usbhid hid_cherry hid_sunplus hid_petalynx hid_belkin hid_chicony hid fuse sg sr_mod cdrom ohci_hcd ehci_hcd tg3 serio_raw k8temp libphy i2c_nforce2 usbcore i2c_core shpchp pci_hotplug button dcdbas sd_mod crc_t10dif ata_generic sata_nv pata_acpi libata evdev thermal processor fan fbcon tileblit font bitblit softcursor
Jan  6 12:09:53 koma-lab kernel: [  127.546230] 
Jan  6 12:09:53 koma-lab kernel: [  127.546237] Pid: 4231, comm: mount Not tainted (2.6.28 #1) OptiPlex 740
Jan  6 12:09:53 koma-lab kernel: [  127.546242] EIP: 0060:[<c0270fb9>] EFLAGS: 00210246 CPU: 1
Jan  6 12:09:53 koma-lab kernel: [  127.546257] EIP is at jbd2_journal_init_inode+0x159/0x180
Jan  6 12:09:53 koma-lab kernel: [  127.546262] EAX: 00000000 EBX: ec616c00 ECX: ffffffff EDX: 010cd000
Jan  6 12:09:53 koma-lab kernel: [  127.546267] ESI: ec616cb4 EDI: ead34094 EBP: ec4ffd58 ESP: ec4ffd38
Jan  6 12:09:53 koma-lab kernel: [  127.546272]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Jan  6 12:09:53 koma-lab kernel: [  127.546278] Process mount (pid: 4231, ti=ec4fe000 task=f4d73240 task.ti=ec4fe000)
Jan  6 12:09:53 koma-lab kernel: [  127.546282] Stack:
Jan  6 12:09:53 koma-lab kernel: [  127.546285]  00000800 c055340a 00000008 00000013 0000c500 ead34094 ec616600 ec616600
Jan  6 12:09:53 koma-lab kernel: [  127.546297]  ec4ffd70 c024c9f1 ec6780cc 00000000 00000008 ec616600 ec4ffe9c c0250ba2
Jan  6 12:09:53 koma-lab kernel: [  127.546309]  00000800 ec678064 00000000 00000000 ec4ffdd0 00000029 00000000 ffffffff
Jan  6 12:09:53 koma-lab kernel: [  127.546322] Call Trace:
Jan  6 12:09:53 koma-lab kernel: [  127.546326]  [<c024c9f1>] ? ext4_get_journal+0x41/0xd0
Jan  6 12:09:53 koma-lab kernel: [  127.546337]  [<c0250ba2>] ? ext4_fill_super+0x1542/0x2400
Jan  6 12:09:53 koma-lab kernel: [  127.546348]  [<c03490c0>] ? exact_match+0x0/0x10
Jan  6 12:09:53 koma-lab kernel: [  127.546357]  [<c047db1b>] ? mutex_lock+0xb/0x20
Jan  6 12:09:53 koma-lab kernel: [  127.546367]  [<c01ef549>] ? disk_name+0x39/0xc0
Jan  6 12:09:53 koma-lab kernel: [  127.546374]  [<c01aef02>] ? get_sb_bdev+0x112/0x140
Jan  6 12:09:53 koma-lab kernel: [  127.546384]  [<c018d145>] ? kstrdup+0x35/0x60
Jan  6 12:09:53 koma-lab kernel: [  127.546391]  [<c024c771>] ? ext4_get_sb+0x21/0x30
Jan  6 12:09:53 koma-lab kernel: [  127.546398]  [<c024f660>] ? ext4_fill_super+0x0/0x2400
Jan  6 12:09:53 koma-lab kernel: [  127.546405]  [<c01ae3c8>] ? vfs_kern_mount+0x58/0x120
Jan  6 12:09:53 koma-lab kernel: [  127.546413]  [<c01ae4e9>] ? do_kern_mount+0x39/0xd0
Jan  6 12:09:53 koma-lab kernel: [  127.546419]  [<c01c291e>] ? do_mount+0x55e/0x6e0
Jan  6 12:09:53 koma-lab kernel: [  127.546427]  [<c0186015>] ? __get_free_pages+0x25/0x30
Jan  6 12:09:53 koma-lab kernel: [  127.546436]  [<c01c0485>] ? copy_mount_options+0x35/0x140
Jan  6 12:09:53 koma-lab kernel: [  127.546443]  [<c01c2b0f>] ? sys_mount+0x6f/0xb0
Jan  6 12:09:53 koma-lab kernel: [  127.546450]  [<c0103e0b>] ? sysenter_do_call+0x12/0x2f
Jan  6 12:09:53 koma-lab kernel: [  127.546457] Code: 5b 5e 5f 5d c3 c7 44 24 04 70 75 49 c0 c7 04 24 8c 93 56 c0 e8 69 23 ec ff 89 d8 e8 a2 dc ff ff 89 d8 31 db e8 f9 5e f3 ff eb d0 <0f> 0b eb fe 8d 76 00 c7 44 24 04 70 75 49 c0 c7 04 24 60 93 56 
Jan  6 12:09:53 koma-lab kernel: [  127.546521] EIP: [<c0270fb9>] jbd2_journal_init_inode+0x159/0x180 SS:ESP 0068:ec4ffd38
Jan  6 12:09:53 koma-lab kernel: [  127.546532] ---[ end trace b76702c8f157530e ]---
Comment 3 Jan Kara 2009-01-06 07:11:16 UTC
I'll attach a patch that fixes the problem for me.
Comment 4 Jan Kara 2009-01-06 07:13:02 UTC
Created attachment 19677 [details]
Patch fixing possible oopses due to failing getblk()
Comment 5 Jan Kara 2009-01-13 11:22:15 UTC
David, could you please check whether the patch fixes the issue for you? Thanks.
Comment 6 David Maciejak 2009-01-19 04:36:10 UTC
Works for me, I got in the log "jbd2_journal_init_inode: Cannot get buffer for journal superblock" when I am trying to mount the image.
Comment 7 Jan Kara 2009-01-19 07:58:32 UTC
Thanks for checking. I've submitted the patches so I'm closing this bug as fixed.

Note You need to log in before you can comment on or make changes to this bug.