From: Eric Sesterhenn <snakebyte@gmx.de>
To: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
Cc: linux-fsdevel@vger.kernel.org, jfs-discussion@lists.sourceforge.net
Subject: Re: Filesystem fuzzing
Date: Thu, 22 May 2008 22:29:23 +0200 [thread overview]
Message-ID: <20080522202923.GA4456@alice> (raw)
In-Reply-To: <1211384669.12399.16.camel@norville.austin.ibm.com>
* Dave Kleikamp (shaggy@linux.vnet.ibm.com) wrote:
> >
> > [52500.590030] ERROR: (device loop1): diRead: i_ino != di_number
> > [52500.590308] BUG: unable to handle kernel NULL pointer dereference at
> > 00000237
> > [52500.590518] IP: [<c019348a>] iput+0xa/0x50
> > [52500.590642] *pde = 00000000
> > [52500.590749] Oops: 0000 [#2] PREEMPT DEBUG_PAGEALLOC
> > [52500.590958] Modules linked in: nfsd exportfs
> > [52500.591155]
> > [52500.591220] Pid: 6938, comm: mount Tainted: G D (2.6.26-rc3
> > #26)
> > [52500.591304] EIP: 0060:[<c019348a>] EFLAGS: 00010282 CPU: 0
> > [52500.591356] EIP is at iput+0xa/0x50
> > [52500.591356] EAX: fffffffb EBX: fffffffb ECX: 00000001 EDX: 00000000
> > [52500.591356] ESI: c9811920 EDI: cbd5f780 EBP: cbc67e34 ESP: cbc67e30
> > [52500.591356] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
> > [52500.591356] Process mount (pid: 6938, ti=cbc67000 task=cbeb3f00
> > task.ti=cbc67000)
> > [52500.591356] Stack: fffffffb cbc67e5c c0316078 cbc67e4c fffffffb
> > 00000000 00000000 00000002
> > [52500.591356] 00000000 c9811920 00000000 cbc67ea0 c01827ff
> > cf415d40 c07b93c0 cf415d40
> > [52500.591356] c9811920 706f6f6c 00000031 c01971ed c07e4ddc
> > c01971ed 000000d0 cf32e6c0
> > [52500.591356] Call Trace:
> > [52500.591356] [<c0316078>] ? jfs_fill_super+0x268/0x2a0
> > [52500.591356] [<c01827ff>] ? get_sb_bdev+0xef/0x120
> > [52500.591356] [<c01971ed>] ? alloc_vfsmnt+0xdd/0x120
> > [52500.591356] [<c01971ed>] ? alloc_vfsmnt+0xdd/0x120
> > [52500.591356] [<c0314fd2>] ? jfs_get_sb+0x22/0x30
> > [52500.591356] [<c0315e10>] ? jfs_fill_super+0x0/0x2a0
> > [52500.591356] [<c018234a>] ? vfs_kern_mount+0x3a/0x90
> > [52500.591356] [<c01823f9>] ? do_kern_mount+0x39/0xd0
> > [52500.591356] [<c0198425>] ? do_new_mount+0x65/0x90
> > [52500.591356] [<c01985aa>] ? do_mount+0x15a/0x1b0
> > [52500.591356] [<c015fc7b>] ? __get_free_pages+0x1b/0x30
> > [52500.591356] [<c01962b8>] ? copy_mount_options+0x38/0x140
> > [52500.591356] [<c0188d47>] ? getname+0xa7/0xc0
> > [52500.591356] [<c019866f>] ? sys_mount+0x6f/0xb0
> > [52500.591356] [<c0103d7d>] ? sysenter_past_esp+0x6a/0xb1
> > [52500.591356] =======================
> > [52500.591356] Code: 4f fa ff 5d c3 8d b6 00 00 00 00 8d bf 00 00 00 00
> > 55 89 e5 e8 d8 88 46 00 31 c0 5d c3 8d 74 26 00 55 85 c0 89 e5 53 89 c3
> > 74 3d <83> b8 3c 02 00 00 40 74 37 8d 40 24 ba e0 ce 7a c0 e8 90 3c 1d
> > [52500.591356] EIP: [<c019348a>] iput+0xa/0x50 SS:ESP 0068:cbc67e30
> > [52500.599040] ---[ end trace 299f5ea1b691e69f ]---
> >
> > kerneloops.org also catched it, but the code is not disassembled
> > yet, http://kerneloops.org/raw.php?rawid=13020&msgid=
> > this is with linux-next from yesterday
> >
> > A copy of the image file is available here:
> > http://www.cccmz.de/~snakebyte/jfs.7.img.bz2
>
> Thanks. It's a bug in an error path that hadn't been caught before.
> This patch should fix it.
with this patch i cant reproduce this, i can confirm that this does
fix the issue
greetings, Eric
next prev parent reply other threads:[~2008-05-22 20:29 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-19 10:07 Filesystem fuzzing Eric Sesterhenn
2008-05-20 15:40 ` Dave Kleikamp
2008-05-21 8:26 ` Eric Sesterhenn
[not found] ` <20080521111627.GA14265@alice>
2008-05-21 15:10 ` Eric Sesterhenn
2008-05-21 16:19 ` Dave Kleikamp
2008-05-21 15:44 ` Dave Kleikamp
2008-05-22 20:29 ` Eric Sesterhenn [this message]
2008-05-21 17:21 ` Sunil Mushran
2008-05-21 18:49 ` Eric Sesterhenn
2008-05-27 8:00 ` Eric Sesterhenn
2008-05-27 8:01 ` [Ocfs2-devel] " Eric Sesterhenn
2008-05-27 8:29 ` Eric Sesterhenn
2008-05-27 8:29 ` [Ocfs2-devel] " Eric Sesterhenn
2008-05-28 2:29 ` Sunil Mushran
2008-05-28 2:29 ` Sunil Mushran
2008-05-29 13:17 ` Eric Sesterhenn
2008-05-29 13:18 ` [Ocfs2-devel] " Eric Sesterhenn
2008-05-29 14:56 ` Szabolcs Szakacsits
2008-05-30 7:51 ` Eric Sesterhenn
2008-05-30 19:58 ` Szabolcs Szakacsits
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080522202923.GA4456@alice \
--to=snakebyte@gmx.de \
--cc=jfs-discussion@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=shaggy@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.