Bug 12686 - kernel oops __ticket_spin_lock
Summary: kernel oops __ticket_spin_lock
Status: RESOLVED UNREPRODUCIBLE
Alias: None
Product: File System
Classification: Unclassified
Component: ext4 (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: fs_ext4@kernel-bugs.osdl.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-02-11 02:54 UTC by David Maciejak
Modified: 2009-05-19 19:08 UTC (History)
1 user (show)

See Also:
Kernel Version: 2.6.29-rc4
Subsystem:
Regression: No
Bisected commit-id:

Attachments
kern.log extract (10.06 KB, application/octet-stream)
2009-02-11 02:55 UTC, David Maciejak 		Details
gzip ext4 poc (586.18 KB, application/x-gzip)
2009-02-11 02:55 UTC, David Maciejak 		Details
Add an attachment (proposed patch, testcase, etc.)

Description David Maciejak 2009-02-11 02:54:08 UTC 
Latest working kernel version: NA
Earliest failing kernel version: NA
Distribution: Ubuntu
Hardware Environment: Dell Optiplex 740
Software Environment: NA

Hi,

playing around with crafted ext4 fs raised a kernel oops (see attached extract from kern.log)

Steps to reproduce:
*gunzip the poc enclosed
*mount -t ext4 ext4.poc.img /media/here -o loop
*touch /media/here/test

Regards,

David Maciejak
Fortinet's FortiGuard Global Security Research Team
Comment 1 David Maciejak 2009-02-11 02:55:11 UTC 
Created attachment 20189 [details]
kern.log extract
Comment 2 David Maciejak 2009-02-11 02:55:41 UTC 
Created attachment 20190 [details]
gzip ext4 poc
Comment 3 Theodore Tso 2009-05-19 19:08:39 UTC 
I can't reproduce this on a recent kernel.  Even after removing the bogus indirect and triple indirect block which causes modern kernels to refuse to mount the filesystem, it still doesn't crash, even after giving all of the ext4_claim_inode() errors caused by the very large s_first_ino value.   So it looks like this problem is no longer an issue on 2.6.30-rc6 kernels.
Note You need to log in before you can comment on or make changes to this bug.