lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <bug-92781-13602@https.bugzilla.kernel.org/>
Date:	Thu, 05 Feb 2015 11:03:10 +0000
From:	bugzilla-daemon@...zilla.kernel.org
To:	linux-ext4@...r.kernel.org
Subject: [Bug 92781] New: mounting via qemu-nbd and killing the process
 causes kernel BUG at fs/buffer.c:3006

https://bugzilla.kernel.org/show_bug.cgi?id=92781

            Bug ID: 92781
           Summary: mounting via qemu-nbd and killing the process causes
                    kernel BUG at fs/buffer.c:3006
           Product: File System
           Version: 2.5
    Kernel Version: 3.19-rc7
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: ext4
          Assignee: fs_ext4@...nel-bugs.osdl.org
          Reporter: james410@...gill.org.uk
        Regression: No

Mounting an ext4 image using qmeu-nbd and then killing the nbd process seems to
cause a kernel bug in the ext4 driver. Also seems to affect the ext2 driver but
not other filesystems. It affects Debian's 3.2.65 kernel as well. I can
reproduce this 100% of the time. The 'sleep 1' seems to be important - if you
remove that line the BUG does not occur (but will if you later run ls /mnt
manually).

root@...ena-test:~# cat test-nbd 
#!/bin/sh -ex
cd /root
qemu-img create -f qcow2 image.img 1G
mkfs.ext4 image.img
modprobe nbd || true
qemu-nbd -c /dev/nbd0 image.img
mount /dev/nbd0 /mnt
killall -KILL qemu-nbd
sleep 1
ls /mnt

root@...ena-test:~# ./test-nbd 
+ cd /root
+ qemu-img create -f qcow2 image.img 1G
Formatting 'image.img', fmt=qcow2 size=1073741824 encryption=off
cluster_size=65536 lazy_refcounts=off 
+ mkfs.ext4 image.img
mke2fs 1.42.12 (29-Aug-2014)

Filesystem too small for a journal
Discarding device blocks: done                            
Creating filesystem with 192 1k blocks and 24 inodes

Allocating group tables: done                            
Writing inode tables: done                            
Writing superblocks and filesystem accounting information: done

+ modprobe nbd
modprobe: ERROR: ../libkmod/libkmod.c:557 kmod_search_moddep() could not open
moddep file '/lib/modules/3.19.0-rc7/modules.dep.bin'
+ true
+ qemu-nbd -c /dev/nbd0 image.img
+ mount /dev/nbd0 /mnt
[   11.972324] EXT4-fs (nbd0): mounted filesystem without journal. Opts: (null)
+ killall -KILL qemu-nbd
[   11.996675] nbd (pid 1480: qemu-nbd) got signal 9
[   11.997437] block nbd0: shutting down socket
[   11.997987] block nbd0: Receive control failed (result -4)
[   11.999345] block nbd0: queue cleared
+ sleep 1
+ ls /mnt
[   13.030364] block nbd0: Attempted send on closed socket
[   13.034188] blk_update_request: I/O error, dev nbd0, sector 8
[   13.038737] EXT4-fs warning (device nbd0): __ext4_read_dirblock:884: error
-5 reading directory block (ino 2, block 0)
[   13.045232] block nbd0: Attempted send on closed socket
[   13.048804] blk_update_request: I/O error, dev nbd0, sector 72
[   13.053099] block nbd0: Attempted send on closed socket
[   13.055493] blk_update_request: I/O error, dev nbd0, sector 70
[   13.056417] EXT4-fs error (device nbd0): __ext4_get_inode_loc:3769: inode
#2: block 35: comm ls: unable to read itable block
[   13.057817] ------------[ cut here ]------------
[   13.058487] kernel BUG at fs/buffer.c:3006!
[   13.058797] invalid opcode: 0000 [#1] SMP 
[   13.058797] CPU: 0 PID: 1489 Comm: ls Not tainted 3.19.0-rc7 #3
[   13.058797] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.7.5-20140531_083030-gandalf 04/01/2014
[   13.058797] task: ffff88003ce3ac10 ti: ffff88003d5e4000 task.ti:
ffff88003d5e4000
[   13.058797] RIP: 0010:[<ffffffff8118a480>]  [<ffffffff8118a480>]
_submit_bh+0x160/0x180
[   13.058797] RSP: 0000:ffff88003d5e7ba8  EFLAGS: 00010246
[   13.058797] RAX: 0000000000000005 RBX: ffff88003d22ad68 RCX:
0000000000000001
[   13.058797] RDX: 0000000000000000 RSI: ffff88003d22ad68 RDI:
0000000000000411
[   13.058797] RBP: ffff88003d5e7bc8 R08: ffffffff81cc75a0 R09:
00000000000001b7
[   13.058797] R10: 0000000000000000 R11: 00000000000001b7 R12:
0000000000000411
[   13.058797] R13: ffff88003cc43400 R14: 0000000000000002 R15:
ffff88003d691000
[   13.058797] FS:  00007f5b0e2f1800(0000) GS:ffff88003fc00000(0000)
knlGS:0000000000000000
[   13.058797] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[   13.058797] CR2: 00007f307f381000 CR3: 000000003ce02000 CR4:
00000000000006f0
[   13.058797] Stack:
[   13.058797]  ffff88003d22ad68 0000000000000411 ffff88003cc43400
0000000000000002
[   13.058797]  ffff88003d5e7be8 ffffffff8118a9a9 ffffffff81cc75a0
ffff88003d22ad68
[   13.058797]  ffff88003d5e7bf8 ffffffff8118aa6e ffff88003d5e7c48
ffffffff811f02c0
[   13.058797] Call Trace:
[   13.058797]  [<ffffffff8118a9a9>] __sync_dirty_buffer+0x59/0x110
[   13.058797]  [<ffffffff8118aa6e>] sync_dirty_buffer+0xe/0x10
[   13.058797]  [<ffffffff811f02c0>] ext4_commit_super+0x1b0/0x240
[   13.058797]  [<ffffffff811f0835>] __ext4_error_inode+0x85/0x150
[   13.058797]  [<ffffffff811d38b9>] __ext4_get_inode_loc+0x209/0x400
[   13.058797]  [<ffffffff811d5458>] ext4_get_inode_loc+0x18/0x20
[   13.058797]  [<ffffffff811d6ebf>] ext4_reserve_inode_write+0x1f/0x90
[   13.058797]  [<ffffffff811da35b>] ? ext4_dirty_inode+0x3b/0x60
[   13.058797]  [<ffffffff811d6f78>] ext4_mark_inode_dirty+0x48/0x1f0
[   13.058797]  [<ffffffff811da35b>] ext4_dirty_inode+0x3b/0x60
[   13.058797]  [<ffffffff81182a86>] __mark_inode_dirty+0x186/0x290
[   13.058797]  [<ffffffff811710a9>] update_time+0x79/0xc0
[   13.058797]  [<ffffffff81172fc6>] touch_atime+0xc6/0x130
[   13.058797]  [<ffffffff8116b100>] iterate_dir+0xe0/0x130
[   13.058797]  [<ffffffff8116b25c>] SyS_getdents+0x7c/0xf0
[   13.058797]  [<ffffffff8116ae10>] ? fillonedir+0xd0/0xd0
[   13.058797]  [<ffffffff81040d6c>] ? do_page_fault+0xc/0x10
[   13.058797]  [<ffffffff81729152>] system_call_fastpath+0x12/0x17
[   13.058797] Code: d8 5b 41 5c 41 5d 41 5e 5d c3 90 40 f6 c7 01 0f 84 0e ff
ff ff 3e 80 63 01 f7 e9 04 ff ff ff 0f 1f 40 00 0f 0b 66 0f 1f 44 00 00 <0f> 0b
66 0f 1f 44 00 00 0f 0b 66 0f 1f 44 00 00 0f 0b 66 0f 1f 
[   13.058797] RIP  [<ffffffff8118a480>] _submit_bh+0x160/0x180
[   13.058797]  RSP <ffff88003d5e7ba8>
[   13.094762] ---[ end trace 781a35c72740e2c9 ]---
Segmentation fault

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ