Bug 454942 - RHEL5.2: ext3 panic in dx_probe
RHEL5.2: ext3 panic in dx_probe
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
All Linux
high Severity high
: rc
: ---
Assigned To: Josef Bacik
Red Hat Kernel QE team
Depends On:
Blocks: 483701
  Show dependency treegraph
Reported: 2008-07-10 18:14 EDT by Jarod Wilson
Modified: 2009-09-02 04:24 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-09-02 04:24:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
4M ext3 fs image that triggered panic (4.00 MB, application/octet-stream)
2008-07-10 18:14 EDT, Jarod Wilson
no flags Details
patch to fix the problem. (1.80 KB, patch)
2008-08-07 10:47 EDT, Josef Bacik
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:1243 normal SHIPPED_LIVE Important: Red Hat Enterprise Linux 5.4 kernel security and bug fix update 2009-09-01 04:53:34 EDT

  None (edit)
Description Jarod Wilson 2008-07-10 18:14:34 EDT
While beating on ecryptfs with fsfuzzer (which I've set up to overlay ecryptfs
atop ext3), I hit the following panic, which appears to be in the ext3 code:

crash> bt
PID: 9184   TASK: ffff810020b11820  CPU: 1   COMMAND: "fstest"
 #0 [ffff81002008f9d0] crash_kexec at ffffffff800aaaa2
 #1 [ffff81002008fa90] __die at ffffffff800650af
 #2 [ffff81002008fad0] die at ffffffff8006b7d1
 #3 [ffff81002008fb00] do_invalid_op at ffffffff8006bd91
 #4 [ffff81002008fbc0] error_exit at ffffffff8005dde9
    [exception RIP: dx_probe+331]
    RIP: ffffffff880531d9  RSP: ffff81002008fc78  RFLAGS: 00010282
    RAX: 0000000000000081  RBX: ffff8100219b0418  RCX: ffffffff80450560
    RDX: 00000000ffffffff  RSI: 0000000000000000  RDI: ffffffff802ed9dc
    RBP: 0000000000000000   R8: 00000000000000a0   R9: 0000000000000020
    R10: 00000000ffffffff  R11: 0000000000000000  R12: 0000000000000000
    R13: ffff81001f9deb50  R14: ffff810020610110  R15: ffff81002008fd24
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 #5 [ffff81002008fc70] dx_probe at ffffffff880531d9
 #6 [ffff81002008fcc0] ext3_htree_fill_tree at ffffffff880545da
 #7 [ffff81002008fd60] ext3_readdir at ffffffff8804ce35
 #8 [ffff81002008fe40] vfs_readdir at ffffffff80034df6
 #9 [ffff81002008fe80] ecryptfs_readdir at ffffffff8855e3fb
#10 [ffff81002008fef0] vfs_readdir at ffffffff80034df6
#11 [ffff81002008ff30] sys_getdents at ffffffff8003869f
#12 [ffff81002008ff80] tracesys at ffffffff8005d28d (via system_call)
    RIP: 000000354e49499b  RSP: 00007fffd0f6d5e0  RFLAGS: 00000202
    RAX: ffffffffffffffda  RBX: ffffffff8005d28d  RCX: ffffffffffffffff
    RDX: 0000000000001000  RSI: 0000000012653f38  RDI: 0000000000000005
    RBP: 0000000000000000   R8: 0000000012653f38   R9: 0000000000000004
    R10: 0000000000000003  R11: 0000000000000202  R12: 0000000000000005
    R13: ffffffffffffffb0  R14: 0000000012653f00  R15: 00007fffd0f6e6b0
    ORIG_RAX: 000000000000004e  CS: 0033  SS: 002b

vmcore available upon request, attaching the image file that produced the panic
when fsfuzzer's fstest was examining it.
Comment 1 Jarod Wilson 2008-07-10 18:14:35 EDT
Created attachment 311520 [details]
4M ext3 fs image that triggered panic
Comment 2 Jarod Wilson 2008-07-10 18:15:20 EDT
Oops, that wasn't supposed to be private...
Comment 3 Jarod Wilson 2008-07-10 18:29:04 EDT
And neither was the dependency. Ugh. That's what I get for being lazy and
cloning instead of just starting a new bug...
Comment 4 Eric Sandeen 2008-07-29 18:11:56 EDT
Josef, any desire to look into this one to put another notch in your fsfuzzer
belt?  ;)
Comment 5 Josef Bacik 2008-07-30 15:18:57 EDT
can I get the core, my box isn't cooperating with me.
Comment 9 Josef Bacik 2008-08-07 10:47:24 EDT
Created attachment 313698 [details]
patch to fix the problem.

Here's a patch thats fixes the assert that happens due to the corrupt dirents.  Tested and verified the problem is fixed.
Comment 10 RHEL Product and Program Management 2009-02-16 10:24:17 EST
Updating PM score.
Comment 11 Josef Bacik 2009-04-20 15:40:54 EDT
posted 4/20.
Comment 12 Don Zickus 2009-04-27 11:57:49 EDT
in kernel-2.6.18-141.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5

Please do NOT transition this bugzilla state to VERIFIED until our QE team
has sent specific instructions indicating when to do so.  However feel free
to provide a comment indicating that this fix has been verified.
Comment 16 errata-xmlrpc 2009-09-02 04:24:44 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.