Bug 12686 - kernel oops __ticket_spin_lock
Summary: kernel oops __ticket_spin_lock
Alias: None
Product: File System
Classification: Unclassified
Component: ext4 (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: fs_ext4@kernel-bugs.osdl.org
Depends on:
Reported: 2009-02-11 02:54 UTC by David Maciejak
Modified: 2009-05-19 19:08 UTC (History)
1 user (show)

See Also:
Kernel Version: 2.6.29-rc4
Tree: Mainline
Regression: No

kern.log extract (10.06 KB, application/octet-stream)
2009-02-11 02:55 UTC, David Maciejak
gzip ext4 poc (586.18 KB, application/x-gzip)
2009-02-11 02:55 UTC, David Maciejak

Description David Maciejak 2009-02-11 02:54:08 UTC
Latest working kernel version: NA
Earliest failing kernel version: NA
Distribution: Ubuntu
Hardware Environment: Dell Optiplex 740
Software Environment: NA


playing around with crafted ext4 fs raised a kernel oops (see attached extract from kern.log)

Steps to reproduce:
*gunzip the poc enclosed
*mount -t ext4 ext4.poc.img /media/here -o loop
*touch /media/here/test


David Maciejak
Fortinet's FortiGuard Global Security Research Team
Comment 1 David Maciejak 2009-02-11 02:55:11 UTC
Created attachment 20189 [details]
kern.log extract
Comment 2 David Maciejak 2009-02-11 02:55:41 UTC
Created attachment 20190 [details]
gzip ext4 poc
Comment 3 Theodore Tso 2009-05-19 19:08:39 UTC
I can't reproduce this on a recent kernel.  Even after removing the bogus indirect and triple indirect block which causes modern kernels to refuse to mount the filesystem, it still doesn't crash, even after giving all of the ext4_claim_inode() errors caused by the very large s_first_ino value.   So it looks like this problem is no longer an issue on 2.6.30-rc6 kernels.

Note You need to log in before you can comment on or make changes to this bug.