ext4: BUG_ON on null-pointer when mounting corrupted filesystem
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Linux |
Fix Released
|
Medium
|
|||
linux (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Seems that fs/ext4/
before timer->function is set at end of fs/ext4/
sbi->
This causes BUG_ON(
Confirmed, patch available, see https:/
Device stays blocked, mount receives segfault. Reboot fails because unmounting not possible.
[ 2823.694907] ------------[ cut here ]------------
[ 2823.695673] kernel BUG at /build/
[ 2823.695910] invalid opcode: 0000 [#3] SMP
[ 2823.696591] last sysfs file: /sys/devices/
[ 2823.696594] Modules linked in: dm_crypt ppdev psmouse parport_pc parport serio_raw shpchp i2c_piix4 mptspi mptscsih mptbase floppy pcnet32 scsi_transport_spi
[ 2823.696594]
[ 2823.696594] Pid: 1008, comm: mount Tainted: G D 2.6.38-8-generic #42-Ubuntu VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
[ 2823.696594] EIP: 0060:[<c105e392>] EFLAGS: 00010246 CPU: 0
[ 2823.696594] EIP is at mod_timer+
[ 2823.696594] EAX: 00000000 EBX: 0153378b ECX: 00000000 EDX: 0153378b
[ 2823.696594] ESI: cbc0e220 EDI: 00001385 EBP: c1ba1d54 ESP: c1ba1d38
[ 2823.696594] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 2823.696594] Process mount (pid: 1008, ti=c1ba0000 task=c9623f20 task.ti=c1ba0000)
[ 2823.696594] Stack:
[ 2823.696594] 00000122 00000000 0153378b 00000000 cbc22400 c98c297c 00001385 c1ba1d6c
[ 2823.696594] c11c144a c152b447 c98c2800 00000000 00000000 c1ba1d78 c11c5aa6 c910fd08
[ 2823.696594] c1ba1dac c11c7816 c1ba1d90 cb743b28 00000000 cbc22400 00000000 c1ba1df4
[ 2823.696594] Call Trace:
[ 2823.696594] [<c11c144a>] __save_
[ 2823.696594] [<c11c5aa6>] save_error_
[ 2823.696594] [<c11c7816>] ext4_error_
[ 2823.696594] [<c11af8f7>] ext4_iget+
[ 2823.696594] [<c15097cd>] ? _raw_spin_
[ 2823.696594] [<c106838d>] ? __alloc_
[ 2823.696594] [<c11ca874>] ext4_fill_
[ 2823.696594] [<c10fc1ac>] ? pcpu_alloc+
[ 2823.696594] [<c1129a21>] mount_bdev+
[ 2823.696594] [<c11c9620>] ? ext4_fill_
[ 2823.696594] [<c11bfd0f>] ext4_mount+
[ 2823.696594] [<c11c9620>] ? ext4_fill_
[ 2823.696594] [<c1129315>] vfs_kern_
[ 2823.696594] [<c113fa63>] ? get_fs_
[ 2823.696594] [<c11bfcf0>] ? ext4_mount+0x0/0x30
[ 2823.696594] [<c112954e>] do_kern_
[ 2823.696594] [<c1142993>] do_mount+
[ 2823.696594] [<c1142d2b>] sys_mount+0x6b/0xa0
[ 2823.696594] [<c1509bf4>] syscall_
[ 2823.696594] Code: ff 8b 5d ec 29 c3 c1 eb 08 e9 18 fe ff ff 8d 76 00 c7 45 e4 01 00 00 00 8b 45 e4 83 c4 10 5b 5e 5f 5d c3 8b 5d e8 e9 c3 fe ff ff <0f> 0b 8b 55 04 89 f0 e8 02 f9 ff ff e9 0a fe ff ff 8d b6 00 00
[ 2823.696594] EIP: [<c105e392>] mod_timer+
[ 2823.833903] ---[ end trace 5f96819bf291fd14 ]---
Reproduce:
dd if=/dev/zero bs=1M count=64 of=test
mkfs.ext4 -F test
echo -n " " | dd of=test bs=1 count=1 seek=297195 conv=notrunc
mount -o loop test /mnt/test
Segmentation fault
# lsb_release -rd
Description: Ubuntu 11.04
Release: 11.04
# apt-cache policy linux-image-
linux-image-
Installed: 2.6.38-8.42
Candidate: 2.6.38-8.42
Version table:
*** 2.6.38-8.42 0
500 http://
100 /var/lib/
CVE References
Changed in linux: | |
importance: | Unknown → Medium |
status: | Unknown → Fix Released |
Thanks, we'll get this fixed. :)
http:// git.kernel. org/?p= linux/kernel/ git/torvalds/ linux-2. 6.git;a= commitdiff; h=0449641130f5