Bug 454942 - RHEL5.2: ext3 panic in dx_probe
Summary: RHEL5.2: ext3 panic in dx_probe
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.2
Hardware: All
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: Josef Bacik
QA Contact: Red Hat Kernel QE team
URL:
Whiteboard:
Depends On:
Blocks: 483701
TreeView+ depends on / blocked
 
Reported: 2008-07-10 22:14 UTC by Jarod Wilson
Modified: 2009-09-02 08:24 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-02 08:24:44 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
4M ext3 fs image that triggered panic (4.00 MB, application/octet-stream)
2008-07-10 22:14 UTC, Jarod Wilson 		no flags Details
patch to fix the problem. (1.80 KB, patch)
2008-08-07 14:47 UTC, Josef Bacik 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:1243 0 normal SHIPPED_LIVE Important: Red Hat Enterprise Linux 5.4 kernel security and bug fix update 2009-09-01 08:53:34 UTC

Description Jarod Wilson 2008-07-10 22:14:34 UTC 
While beating on ecryptfs with fsfuzzer (which I've set up to overlay ecryptfs
atop ext3), I hit the following panic, which appears to be in the ext3 code:

crash> bt
PID: 9184   TASK: ffff810020b11820  CPU: 1   COMMAND: "fstest"
 #0 [ffff81002008f9d0] crash_kexec at ffffffff800aaaa2
 #1 [ffff81002008fa90] __die at ffffffff800650af
 #2 [ffff81002008fad0] die at ffffffff8006b7d1
 #3 [ffff81002008fb00] do_invalid_op at ffffffff8006bd91
 #4 [ffff81002008fbc0] error_exit at ffffffff8005dde9
    [exception RIP: dx_probe+331]
    RIP: ffffffff880531d9  RSP: ffff81002008fc78  RFLAGS: 00010282
    RAX: 0000000000000081  RBX: ffff8100219b0418  RCX: ffffffff80450560
    RDX: 00000000ffffffff  RSI: 0000000000000000  RDI: ffffffff802ed9dc
    RBP: 0000000000000000   R8: 00000000000000a0   R9: 0000000000000020
    R10: 00000000ffffffff  R11: 0000000000000000  R12: 0000000000000000
    R13: ffff81001f9deb50  R14: ffff810020610110  R15: ffff81002008fd24
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 #5 [ffff81002008fc70] dx_probe at ffffffff880531d9
 #6 [ffff81002008fcc0] ext3_htree_fill_tree at ffffffff880545da
 #7 [ffff81002008fd60] ext3_readdir at ffffffff8804ce35
 #8 [ffff81002008fe40] vfs_readdir at ffffffff80034df6
 #9 [ffff81002008fe80] ecryptfs_readdir at ffffffff8855e3fb
#10 [ffff81002008fef0] vfs_readdir at ffffffff80034df6
#11 [ffff81002008ff30] sys_getdents at ffffffff8003869f
#12 [ffff81002008ff80] tracesys at ffffffff8005d28d (via system_call)
    RIP: 000000354e49499b  RSP: 00007fffd0f6d5e0  RFLAGS: 00000202
    RAX: ffffffffffffffda  RBX: ffffffff8005d28d  RCX: ffffffffffffffff
    RDX: 0000000000001000  RSI: 0000000012653f38  RDI: 0000000000000005
    RBP: 0000000000000000   R8: 0000000012653f38   R9: 0000000000000004
    R10: 0000000000000003  R11: 0000000000000202  R12: 0000000000000005
    R13: ffffffffffffffb0  R14: 0000000012653f00  R15: 00007fffd0f6e6b0
    ORIG_RAX: 000000000000004e  CS: 0033  SS: 002b

vmcore available upon request, attaching the image file that produced the panic
when fsfuzzer's fstest was examining it.
Comment 1 Jarod Wilson 2008-07-10 22:14:35 UTC 
Created attachment 311520 [details]
4M ext3 fs image that triggered panic
Comment 2 Jarod Wilson 2008-07-10 22:15:20 UTC 
Oops, that wasn't supposed to be private...
Comment 3 Jarod Wilson 2008-07-10 22:29:04 UTC 
And neither was the dependency. Ugh. That's what I get for being lazy and
cloning instead of just starting a new bug...
Comment 4 Eric Sandeen 2008-07-29 22:11:56 UTC 
Josef, any desire to look into this one to put another notch in your fsfuzzer
belt?  ;)
Comment 5 Josef Bacik 2008-07-30 19:18:57 UTC 
can I get the core, my box isn't cooperating with me.
Comment 9 Josef Bacik 2008-08-07 14:47:24 UTC 
Created attachment 313698 [details]
patch to fix the problem.

Here's a patch thats fixes the assert that happens due to the corrupt dirents.  Tested and verified the problem is fixed.
Comment 10 RHEL Program Management 2009-02-16 15:24:17 UTC 
Updating PM score.
Comment 11 Josef Bacik 2009-04-20 19:40:54 UTC 
posted 4/20.
Comment 12 Don Zickus 2009-04-27 15:57:49 UTC 
in kernel-2.6.18-141.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5

Please do NOT transition this bugzilla state to VERIFIED until our QE team
has sent specific instructions indicating when to do so.  However feel free
to provide a comment indicating that this fix has been verified.
Comment 16 errata-xmlrpc 2009-09-02 08:24:44 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-1243.html
Note You need to log in before you can comment on or make changes to this bug.