Re: [Bug 11175] New: ext3 BUG in add_dirent_to_buf+0x6c/0x269

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Theodore Tso <tytso@MIT.EDU>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: linux-ext4@vger.kernel.org, bugme-daemon@bugzilla.kernel.org,
	kernel.bugzilla@asheesh.org
Subject: Re: [Bug 11175] New: ext3 BUG in add_dirent_to_buf+0x6c/0x269
Date: Tue, 29 Jul 2008 22:48:56 -0400	[thread overview]
Message-ID: <20080730024856.GE29748@mit.edu> (raw)
In-Reply-To: <20080729171207.d88728cf.akpm@linux-foundation.org>

Hmm... disassembling the code, it's pretty clear the problem is here
in do_split(), around line 1208:

	map = (struct dx_map_entry *) (data2 + blocksize);
	count = dx_make_map ((struct ext3_dir_entry_2 *) data1,
			     blocksize, hinfo, map);
	map -= count;
	dx_sort_map (map, count);
	/* Split the existing block in the middle, size-wise */
	size = 0;
	move = 0;
	for (i = count-1; i >= 0; i--) {
		/* is more than half of this entry in 2nd half of the block? */
		if (size + map[i].size/2 > blocksize/2)  <====
			break;
		size += map[i].size;
		move++;
	}

I suspect dx_make_map returned 0, and since i and count are an
unsigned int, things started to go downhill after i was assigned the
value of ((unsigned) -1).

How could this happen?  The only way thing I can think of is a
directory block with a large number of deleted directory entries that
were not coalesced for some reason.  That shouldn't happen normally,
but that's the only explanation I can think of why we might be trying
to split an directory block where dx_make_map() is returning 0.

Asheesh, are you willing to recompile a kernel with some debugging
code inserted?

						- Ted

next prev parent reply	other threads:[~2008-07-30  2:49 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <bug-11175-27@http.bugzilla.kernel.org/>
2008-07-30  0:12 ` [Bug 11175] New: ext3 BUG in add_dirent_to_buf+0x6c/0x269 Andrew Morton
2008-07-30  1:08   ` Asheesh Laroia
2008-07-30  2:48   ` Theodore Tso [this message]
2008-07-30  3:03     ` Eric Sandeen
2008-07-30  4:03       ` Theodore Tso
2008-07-30 15:01         ` Asheesh Laroia
2008-07-30 15:06           ` Eric Sandeen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080730024856.GE29748@mit.edu \
    --to=tytso@mit.edu \
    --cc=akpm@linux-foundation.org \
    --cc=bugme-daemon@bugzilla.kernel.org \
    --cc=kernel.bugzilla@asheesh.org \
    --cc=linux-ext4@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.