Kernel bug when mounting corrupt JFFS2
Ingo van Lil
inguin at gmx.de
Thu Aug 25 06:09:18 EDT 2011
Hi there,
while hacking the CFI flash driver I managed to corrupt my JFFS2 image
in a way that it triggers the following kernel bug when trying to mount it:
JFFS2 error: (7668) jffs2_link_node_ref: Adding new ref c90eb408 at
(0x001639ec-0x00163a58) not immediately after previous
(0x001639ec-0x001639ec)
The mount process will be killed with a segmentation fault, and there is
no way to recover from this situation except by rebooting: The MTD
device appears to remain locked, and a subsequent mount attempt will
simply block.
The kernel version is 2.6.40.3 (which is the Fedora 15 alias for 3.0.3),
but I can reproduce the same crash on 2.6.38.8 on ARM. You can download
the image from http://dl.dropbox.com/u/24416392/jffs2-corrupt.bin (2MiB,
128kiB erase size).
Regards,
Ingo
Full backtrace:
[10768.303463] JFFS2 error: (7668) jffs2_link_node_ref: Adding new ref
c90eb408 at (0x001639ec-0x00163a58) not immediately after previous
(0x001639ec-0x001639ec)
[10768.303489] ------------[ cut here ]------------
[10768.303493] kernel BUG at fs/jffs2/nodelist.c:644!
[10768.303497] invalid opcode: 0000 [#1] SMP
[10768.303502] Modules linked in: mtdblock block2mtd mtd_blkdevs jffs2
zlib_deflate mtdchar mtd tun cdc_acm nfs tcp_lp fuse bnep bluetooth
rfkill openafs(P) ppdev parport_pc lp parport nfsd lockd nfs_acl
auth_rpcgss sunrpc cpufreq_ondemand acpi_cpufreq mperf des_generic md4
nls_utf8 cifs fscache nvidia(P) snd_hda_codec_realtek snd_hda_intel
snd_hda_codec snd_hwdep snd_seq snd_seq_device ftdi_sio snd_pcm
snd_timer snd iTCO_wdt i7core_edac microcode e1000e edac_core i2c_i801
iTCO_vendor_support soundcore i2c_core snd_page_alloc virtio_net
kvm_intel kvm ipv6 firewire_ohci firewire_core crc_itu_t [last unloaded:
block2mtd]
[10768.303570]
[10768.303575] Pid: 7668, comm: mount Tainted: P W
2.6.40.3-0.fc15.i686.PAE #1 /DP55WB
[10768.303583] EIP: 0060:[<f13a03a3>] EFLAGS: 00010292 CPU: 5
[10768.303596] EIP is at jffs2_link_node_ref+0xc9/0x115 [jffs2]
[10768.303600] EAX: 000000a8 EBX: c31c25e0 ECX: 00000046 EDX: 00000000
[10768.303605] ESI: c90eb408 EDI: 00163a58 EBP: cbcd7cf0 ESP: cbcd7cbc
[10768.303609] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[10768.303613] Process mount (pid: 7668, ti=cbcd6000 task=c31c25e0
task.ti=cbcd6000)
[10768.303617] Stack:
[10768.303619] f13af124 00001df4 f13ae990 c90eb408 001639ec 00163a58
001639ec 001639ec
[10768.303630] c9113c00 001639ec c9113a3c c9113c00 000039ec cbcd7d14
f13ad600 0000006c
[10768.303640] e662ab80 000039ec c9113c00 c9020a78 00000000 c9020000
cbcd7d68 f13add88
[10768.303651] Call Trace:
[10768.303667] [<f13ad600>] sum_link_node_ref+0x54/0x5c [jffs2]
[10768.303681] [<f13add88>] jffs2_sum_scan_sumnode+0x1c0/0x57d [jffs2]
[10768.303695] [<f13a433e>] jffs2_scan_medium+0x2dc/0x117e [jffs2]
[10768.303704] [<c04e5e68>] ? kmalloc_order_trace+0x40/0x4a
[10768.303719] [<f13ad682>] ? jffs2_sum_init+0x7a/0xc7 [jffs2]
[10768.303732] [<f13a6d62>] jffs2_do_mount_fs+0x19f/0x43d [jffs2]
[10768.303738] [<c04e77e3>] ? __kmalloc+0x103/0x110
[10768.303751] [<f13a8a67>] ? jffs2_do_fill_super+0x109/0x212 [jffs2]
[10768.303764] [<f13a8a83>] jffs2_do_fill_super+0x125/0x212 [jffs2]
[10768.303777] [<f13a8f85>] jffs2_fill_super+0xdb/0xe1 [jffs2]
[10768.303786] [<f1354abf>] mount_mtd_aux+0x46/0x8d [mtd]
[10768.303799] [<f13a8eaa>] ? jffs2_alloc_inode+0x25/0x25 [jffs2]
[10768.303808] [<f1354bd1>] mount_mtd+0xcb/0x132 [mtd]
[10768.303821] [<f13a8eaa>] ? jffs2_alloc_inode+0x25/0x25 [jffs2]
[10768.303834] [<f13a8cf4>] jffs2_mount+0x1f/0x24 [jffs2]
[10768.303847] [<f13a8eaa>] ? jffs2_alloc_inode+0x25/0x25 [jffs2]
[10768.303854] [<c04f6c33>] mount_fs+0x5c/0x13d
[10768.303862] [<c0507aef>] ? alloc_vfsmnt+0x9b/0x116
[10768.303868] [<c0507d80>] vfs_kern_mount+0x52/0x7f
[10768.303875] [<c05085a5>] do_kern_mount+0x39/0xb5
[10768.303880] [<c05098e1>] do_mount+0x5b7/0x601
[10768.303886] [<c04ca1e1>] ? strndup_user+0x2e/0x3f
[10768.303891] [<c0509b52>] sys_mount+0x6d/0x99
[10768.303898] [<c08026df>] sysenter_do_call+0x12/0x28
[10768.303901] Code: fc 01 c8 01 d7 89 4c 24 18 89 7c 24 14 89 54 24 10
89 44 24 1c 8b 83 08 02 00 00 c7 04 24 24 f1 3a f1 89 44 24 04 e8 8a 4c
45 cf <0f> 0b 85 d2 89 73 2c 74 0a 8b 4a 04 89 0e 89 72 04 eb 06 c7 06
[10768.303949] EIP: [<f13a03a3>] jffs2_link_node_ref+0xc9/0x115 [jffs2]
SS:ESP 0068:cbcd7cbc
[10768.303980] ---[ end trace 53ff1149b45b61dc ]---
More information about the linux-mtd
mailing list