From: Ingo van Lil <inguin@gmx.de>
To: linux-mtd@lists.infradead.org
Subject: Kernel bug when mounting corrupt JFFS2
Date: Thu, 25 Aug 2011 12:09:18 +0200 [thread overview]
Message-ID: <4E561F4E.8080301@gmx.de> (raw)
Hi there,
while hacking the CFI flash driver I managed to corrupt my JFFS2 image
in a way that it triggers the following kernel bug when trying to mount it:
JFFS2 error: (7668) jffs2_link_node_ref: Adding new ref c90eb408 at
(0x001639ec-0x00163a58) not immediately after previous
(0x001639ec-0x001639ec)
The mount process will be killed with a segmentation fault, and there is
no way to recover from this situation except by rebooting: The MTD
device appears to remain locked, and a subsequent mount attempt will
simply block.
The kernel version is 2.6.40.3 (which is the Fedora 15 alias for 3.0.3),
but I can reproduce the same crash on 2.6.38.8 on ARM. You can download
the image from http://dl.dropbox.com/u/24416392/jffs2-corrupt.bin (2MiB,
128kiB erase size).
Regards,
Ingo
Full backtrace:
[10768.303463] JFFS2 error: (7668) jffs2_link_node_ref: Adding new ref
c90eb408 at (0x001639ec-0x00163a58) not immediately after previous
(0x001639ec-0x001639ec)
[10768.303489] ------------[ cut here ]------------
[10768.303493] kernel BUG at fs/jffs2/nodelist.c:644!
[10768.303497] invalid opcode: 0000 [#1] SMP
[10768.303502] Modules linked in: mtdblock block2mtd mtd_blkdevs jffs2
zlib_deflate mtdchar mtd tun cdc_acm nfs tcp_lp fuse bnep bluetooth
rfkill openafs(P) ppdev parport_pc lp parport nfsd lockd nfs_acl
auth_rpcgss sunrpc cpufreq_ondemand acpi_cpufreq mperf des_generic md4
nls_utf8 cifs fscache nvidia(P) snd_hda_codec_realtek snd_hda_intel
snd_hda_codec snd_hwdep snd_seq snd_seq_device ftdi_sio snd_pcm
snd_timer snd iTCO_wdt i7core_edac microcode e1000e edac_core i2c_i801
iTCO_vendor_support soundcore i2c_core snd_page_alloc virtio_net
kvm_intel kvm ipv6 firewire_ohci firewire_core crc_itu_t [last unloaded:
block2mtd]
[10768.303570]
[10768.303575] Pid: 7668, comm: mount Tainted: P W
2.6.40.3-0.fc15.i686.PAE #1 /DP55WB
[10768.303583] EIP: 0060:[<f13a03a3>] EFLAGS: 00010292 CPU: 5
[10768.303596] EIP is at jffs2_link_node_ref+0xc9/0x115 [jffs2]
[10768.303600] EAX: 000000a8 EBX: c31c25e0 ECX: 00000046 EDX: 00000000
[10768.303605] ESI: c90eb408 EDI: 00163a58 EBP: cbcd7cf0 ESP: cbcd7cbc
[10768.303609] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[10768.303613] Process mount (pid: 7668, ti=cbcd6000 task=c31c25e0
task.ti=cbcd6000)
[10768.303617] Stack:
[10768.303619] f13af124 00001df4 f13ae990 c90eb408 001639ec 00163a58
001639ec 001639ec
[10768.303630] c9113c00 001639ec c9113a3c c9113c00 000039ec cbcd7d14
f13ad600 0000006c
[10768.303640] e662ab80 000039ec c9113c00 c9020a78 00000000 c9020000
cbcd7d68 f13add88
[10768.303651] Call Trace:
[10768.303667] [<f13ad600>] sum_link_node_ref+0x54/0x5c [jffs2]
[10768.303681] [<f13add88>] jffs2_sum_scan_sumnode+0x1c0/0x57d [jffs2]
[10768.303695] [<f13a433e>] jffs2_scan_medium+0x2dc/0x117e [jffs2]
[10768.303704] [<c04e5e68>] ? kmalloc_order_trace+0x40/0x4a
[10768.303719] [<f13ad682>] ? jffs2_sum_init+0x7a/0xc7 [jffs2]
[10768.303732] [<f13a6d62>] jffs2_do_mount_fs+0x19f/0x43d [jffs2]
[10768.303738] [<c04e77e3>] ? __kmalloc+0x103/0x110
[10768.303751] [<f13a8a67>] ? jffs2_do_fill_super+0x109/0x212 [jffs2]
[10768.303764] [<f13a8a83>] jffs2_do_fill_super+0x125/0x212 [jffs2]
[10768.303777] [<f13a8f85>] jffs2_fill_super+0xdb/0xe1 [jffs2]
[10768.303786] [<f1354abf>] mount_mtd_aux+0x46/0x8d [mtd]
[10768.303799] [<f13a8eaa>] ? jffs2_alloc_inode+0x25/0x25 [jffs2]
[10768.303808] [<f1354bd1>] mount_mtd+0xcb/0x132 [mtd]
[10768.303821] [<f13a8eaa>] ? jffs2_alloc_inode+0x25/0x25 [jffs2]
[10768.303834] [<f13a8cf4>] jffs2_mount+0x1f/0x24 [jffs2]
[10768.303847] [<f13a8eaa>] ? jffs2_alloc_inode+0x25/0x25 [jffs2]
[10768.303854] [<c04f6c33>] mount_fs+0x5c/0x13d
[10768.303862] [<c0507aef>] ? alloc_vfsmnt+0x9b/0x116
[10768.303868] [<c0507d80>] vfs_kern_mount+0x52/0x7f
[10768.303875] [<c05085a5>] do_kern_mount+0x39/0xb5
[10768.303880] [<c05098e1>] do_mount+0x5b7/0x601
[10768.303886] [<c04ca1e1>] ? strndup_user+0x2e/0x3f
[10768.303891] [<c0509b52>] sys_mount+0x6d/0x99
[10768.303898] [<c08026df>] sysenter_do_call+0x12/0x28
[10768.303901] Code: fc 01 c8 01 d7 89 4c 24 18 89 7c 24 14 89 54 24 10
89 44 24 1c 8b 83 08 02 00 00 c7 04 24 24 f1 3a f1 89 44 24 04 e8 8a 4c
45 cf <0f> 0b 85 d2 89 73 2c 74 0a 8b 4a 04 89 0e 89 72 04 eb 06 c7 06
[10768.303949] EIP: [<f13a03a3>] jffs2_link_node_ref+0xc9/0x115 [jffs2]
SS:ESP 0068:cbcd7cbc
[10768.303980] ---[ end trace 53ff1149b45b61dc ]---
reply other threads:[~2011-08-25 10:09 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E561F4E.8080301@gmx.de \
--to=inguin@gmx.de \
--cc=linux-mtd@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.