Bug 12686

Summary: kernel oops __ticket_spin_lock
Product: File System Reporter: David Maciejak (dmaciejak)
Component: ext4Assignee: fs_ext4 (fs_ext4)
Status: RESOLVED UNREPRODUCIBLE    
Severity: normal CC: tytso
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.29-rc4 Subsystem:
Regression: No Bisected commit-id:
Attachments: kern.log extract
gzip ext4 poc

Description David Maciejak 2009-02-11 02:54:08 UTC 
Latest working kernel version: NA
Earliest failing kernel version: NA
Distribution: Ubuntu
Hardware Environment: Dell Optiplex 740
Software Environment: NA

Hi,

playing around with crafted ext4 fs raised a kernel oops (see attached extract from kern.log)

Steps to reproduce:
*gunzip the poc enclosed
*mount -t ext4 ext4.poc.img /media/here -o loop
*touch /media/here/test

Regards,

David Maciejak
Fortinet's FortiGuard Global Security Research Team
Comment 1 David Maciejak 2009-02-11 02:55:11 UTC 
Created attachment 20189 [details]
kern.log extract
Comment 2 David Maciejak 2009-02-11 02:55:41 UTC 
Created attachment 20190 [details]
gzip ext4 poc
Comment 3 Theodore Tso 2009-05-19 19:08:39 UTC 
I can't reproduce this on a recent kernel.  Even after removing the bogus indirect and triple indirect block which causes modern kernels to refuse to mount the filesystem, it still doesn't crash, even after giving all of the ext4_claim_inode() errors caused by the very large s_first_ino value.   So it looks like this problem is no longer an issue on 2.6.30-rc6 kernels.