Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 454942 - RHEL5.2: ext3 panic in dx_probe
Summary: RHEL5.2: ext3 panic in dx_probe
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.2
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Josef Bacik
QA Contact: Red Hat Kernel QE team
Depends On:
TreeView+ depends on / blocked
Reported: 2008-07-10 22:14 UTC by Jarod Wilson
Modified: 2009-09-02 08:24 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-09-02 08:24:44 UTC
Target Upstream Version:

Attachments (Terms of Use)
4M ext3 fs image that triggered panic (deleted)
2008-07-10 22:14 UTC, Jarod Wilson
no flags Details
patch to fix the problem. (deleted)
2008-08-07 14:47 UTC, Josef Bacik
no flags Details | Diff

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:1243 normal SHIPPED_LIVE Important: Red Hat Enterprise Linux 5.4 kernel security and bug fix update 2009-09-01 08:53:34 UTC

Description Jarod Wilson 2008-07-10 22:14:34 UTC
While beating on ecryptfs with fsfuzzer (which I've set up to overlay ecryptfs
atop ext3), I hit the following panic, which appears to be in the ext3 code:

crash> bt
PID: 9184   TASK: ffff810020b11820  CPU: 1   COMMAND: "fstest"
 #0 [ffff81002008f9d0] crash_kexec at ffffffff800aaaa2
 #1 [ffff81002008fa90] __die at ffffffff800650af
 #2 [ffff81002008fad0] die at ffffffff8006b7d1
 #3 [ffff81002008fb00] do_invalid_op at ffffffff8006bd91
 #4 [ffff81002008fbc0] error_exit at ffffffff8005dde9
    [exception RIP: dx_probe+331]
    RIP: ffffffff880531d9  RSP: ffff81002008fc78  RFLAGS: 00010282
    RAX: 0000000000000081  RBX: ffff8100219b0418  RCX: ffffffff80450560
    RDX: 00000000ffffffff  RSI: 0000000000000000  RDI: ffffffff802ed9dc
    RBP: 0000000000000000   R8: 00000000000000a0   R9: 0000000000000020
    R10: 00000000ffffffff  R11: 0000000000000000  R12: 0000000000000000
    R13: ffff81001f9deb50  R14: ffff810020610110  R15: ffff81002008fd24
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 #5 [ffff81002008fc70] dx_probe at ffffffff880531d9
 #6 [ffff81002008fcc0] ext3_htree_fill_tree at ffffffff880545da
 #7 [ffff81002008fd60] ext3_readdir at ffffffff8804ce35
 #8 [ffff81002008fe40] vfs_readdir at ffffffff80034df6
 #9 [ffff81002008fe80] ecryptfs_readdir at ffffffff8855e3fb
#10 [ffff81002008fef0] vfs_readdir at ffffffff80034df6
#11 [ffff81002008ff30] sys_getdents at ffffffff8003869f
#12 [ffff81002008ff80] tracesys at ffffffff8005d28d (via system_call)
    RIP: 000000354e49499b  RSP: 00007fffd0f6d5e0  RFLAGS: 00000202
    RAX: ffffffffffffffda  RBX: ffffffff8005d28d  RCX: ffffffffffffffff
    RDX: 0000000000001000  RSI: 0000000012653f38  RDI: 0000000000000005
    RBP: 0000000000000000   R8: 0000000012653f38   R9: 0000000000000004
    R10: 0000000000000003  R11: 0000000000000202  R12: 0000000000000005
    R13: ffffffffffffffb0  R14: 0000000012653f00  R15: 00007fffd0f6e6b0
    ORIG_RAX: 000000000000004e  CS: 0033  SS: 002b

vmcore available upon request, attaching the image file that produced the panic
when fsfuzzer's fstest was examining it.

Comment 1 Jarod Wilson 2008-07-10 22:14:35 UTC
Created attachment 311520 [details]
4M ext3 fs image that triggered panic

Comment 2 Jarod Wilson 2008-07-10 22:15:20 UTC
Oops, that wasn't supposed to be private...

Comment 3 Jarod Wilson 2008-07-10 22:29:04 UTC
And neither was the dependency. Ugh. That's what I get for being lazy and
cloning instead of just starting a new bug...

Comment 4 Eric Sandeen 2008-07-29 22:11:56 UTC
Josef, any desire to look into this one to put another notch in your fsfuzzer
belt?  ;)

Comment 5 Josef Bacik 2008-07-30 19:18:57 UTC
can I get the core, my box isn't cooperating with me.

Comment 9 Josef Bacik 2008-08-07 14:47:24 UTC
Created attachment 313698 [details]
patch to fix the problem.

Here's a patch thats fixes the assert that happens due to the corrupt dirents.  Tested and verified the problem is fixed.

Comment 10 RHEL Product and Program Management 2009-02-16 15:24:17 UTC
Updating PM score.

Comment 11 Josef Bacik 2009-04-20 19:40:54 UTC
posted 4/20.

Comment 12 Don Zickus 2009-04-27 15:57:49 UTC
in kernel-2.6.18-141.el5
You can download this test kernel from

Please do NOT transition this bugzilla state to VERIFIED until our QE team
has sent specific instructions indicating when to do so.  However feel free
to provide a comment indicating that this fix has been verified.

Comment 16 errata-xmlrpc 2009-09-02 08:24:44 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.