56091 – kernel oops when copying data to ext4 fs

Bug 56091 - kernel oops when copying data to ext4 fs

Summary: kernel oops when copying data to ext4 fs

Status:	RESOLVED OBSOLETE

Alias:	None

Product:	File System
Classification:	Unclassified
Component:	ext4 (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	fs_ext4@kernel-bugs.osdl.org

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-04-02 09:38 UTC by David Maciejak
Modified:	2022-08-02 13:22 UTC (History)
CC List:	4 users (show)

See Also:
Kernel Version:	3.8.5
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
FS poc file (427.42 KB, application/x-xz) 2013-04-02 09:43 UTC, David Maciejak	Details
Add an attachment (proposed patch, testcase, etc.)

Description David Maciejak 2013-04-02 09:38:30 UTC

Hi,

i am doing some filesystems testing (aka fuzzing), got this issue on vanilla 3.8.5:

Apr  2 11:20:15 linux kernel: [  214.925737] JBD2: Spotted dirty metadata buffer (dev = loop0, blocknr = 0). There's a risk of filesystem corruption in case of system crash.
Apr  2 11:20:15 linux kernel: [  214.925778] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2781: comm cp: Allocating blocks 7643-7644 which overlap fs metadata
Apr  2 11:20:15 linux kernel: [  214.944861] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2781: comm cp: Allocating blocks 7646-7647 which overlap fs metadata
Apr  2 11:20:15 linux kernel: [  214.963965] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2781: comm cp: Allocating blocks 26555-26556 which overlap fs metadata
Apr  2 11:20:15 linux kernel: [  214.983102] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2781: comm cp: Allocating blocks 7640-7641 which overlap fs metadata
Apr  2 11:20:15 linux kernel: [  215.002272] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2781: comm cp: Allocating blocks 26553-26554 which overlap fs metadata
Apr  2 11:20:15 linux kernel: [  215.021448] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2781: comm cp: Allocating blocks 26559-26560 which overlap fs metadata
Apr  2 11:20:15 linux kernel: [  215.040668] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2781: comm cp: Allocating blocks 7644-7645 which overlap fs metadata
Apr  2 11:20:15 linux kernel: [  215.059921] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2781: comm cp: Allocating blocks 7647-7648 which overlap fs metadata

Apr  2 11:22:43 linux kernel: [  362.827503] INFO: task jbd2/loop0-8:1853 blocked for more than 120 seconds.
Apr  2 11:22:43 linux kernel: [  362.837075] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Apr  2 11:22:43 linux kernel: [  362.846633] jbd2/loop0-8    D ffff880227233f00     0  1853      2 0x00000000
Apr  2 11:22:43 linux kernel: [  362.846637]  ffff8802087c5c88 0000000000000046 ffff880206795c00 ffff8802087c5fd8
Apr  2 11:22:43 linux kernel: [  362.846641]  ffff8802087c5fd8 ffff8802087c5fd8 ffff880225d49700 ffff880206795c00
Apr  2 11:22:43 linux kernel: [  362.846644]  ffff8802087c5c98 ffff8802087c5d80 ffff8802080970e0 ffff8802087c5d68
Apr  2 11:22:43 linux kernel: [  362.846654] Call Trace:
Apr  2 11:22:43 linux kernel: [  362.846663]  [<ffffffff816b4db9>] schedule+0x29/0x70
Apr  2 11:22:43 linux kernel: [  362.846669]  [<ffffffff8127fea1>] jbd2_journal_commit_transaction+0x211/0x1930
Apr  2 11:22:43 linux kernel: [  362.846676]  [<ffffffff8101358e>] ? __switch_to+0x13e/0x4a0
Apr  2 11:22:43 linux kernel: [  362.846686]  [<ffffffff810999c0>] ? idle_balance+0x1b0/0x300
Apr  2 11:22:43 linux kernel: [  362.846689]  [<ffffffff8107e080>] ? finish_wait+0x80/0x80
Apr  2 11:22:43 linux kernel: [  362.846694]  [<ffffffff816b5fde>] ? _raw_spin_lock_irqsave+0x2e/0x40
Apr  2 11:22:43 linux kernel: [  362.846702]  [<ffffffff81069baf>] ? try_to_del_timer_sync+0x4f/0x70
Apr  2 11:22:43 linux kernel: [  362.846707]  [<ffffffff81285f6d>] kjournald2+0xbd/0x240
Apr  2 11:22:43 linux kernel: [  362.846710]  [<ffffffff8107e080>] ? finish_wait+0x80/0x80
Apr  2 11:22:43 linux kernel: [  362.846713]  [<ffffffff81285eb0>] ? jbd2_journal_release_jbd_inode+0x130/0x130
Apr  2 11:22:43 linux kernel: [  362.846716]  [<ffffffff8107d730>] kthread+0xc0/0xd0
Apr  2 11:22:43 linux kernel: [  362.846719]  [<ffffffff8107d670>] ? kthread_create_on_node+0x130/0x130
Apr  2 11:22:43 linux kernel: [  362.846723]  [<ffffffff816be5ac>] ret_from_fork+0x7c/0xb0
Apr  2 11:22:43 linux kernel: [  362.846733]  [<ffffffff8107d670>] ? kthread_create_on_node+0x130/0x130



how to reproduce:

*you need* to be root to issue the cmds below

mkdir /media/test
gunzip ext4.poc.img.gz
mount -t ext4 -o loop ext4.poc.img /media/test/
ls -alR /media/test
cp /etc/passwd /media/test/INSTALL


Copy will never return, CPU is reaching 100% and call trace is written some minutes after.
Hope this help.


best regards,

David Maciejak
Fortinet's FortiGuard Labs

Comment 1 David Maciejak 2013-04-02 09:43:20 UTC

Created attachment 97011 [details]
FS poc file

FS poc file

Comment 2 David Maciejak 2013-04-02 09:44:10 UTC

i used xz instead of gz to compress the file

Comment 3 shakilk1729@gmail.com 2014-02-01 01:01:56 UTC

Not able to reproduce this in kernel 3.13. Does this mean we have to still fix this in 3.8.5

Regards
Shakil

Note You need to log in before you can comment on or make changes to this bug.