Hottest Free Downloads - DownloadPipe.com Over 197,000 downloads! Bookmark Now!
DownloadPipe.com - New Downloads Every Minute
 SEARCH:
FAQFAQ    SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

PROBLEM: crash if reiserfs partition has regular file name..

  
   Linux (Home) -> Kernel RSS
Next:  Linus Torvalds on "single-issue people"  
Author Message
Eugene Kapun

External


Since: Jul 04, 2009
Posts: 1



(Msg. 1) Posted: Sat Jul 04, 2009 12:25 am
Post subject: PROBLEM: crash if reiserfs partition has regular file named .reiserfs_priv in it's root directory
Archived from groups: linux>kernel (more info?)
Reiserfs crashes if regular file .reiserfs_priv exists in root directory
of reiserfs partitions. This is reproducible on different builds of
2.6.29, 2.6.30 and 2.6.31 kernel. On 2.6.29 and older 2.6.30 kernels,
crash will occur only if CONFIG_REISERFS_XATTR=y.

How to reproduce:
1. Create reiserfs partition.
2. On older kernel compiled with CONFIG_REISERFS_XATTR=n create file
..reiserfs_priv in partition root.
3. Mount this partition on newer kernel. Older kernels compiled with
CONFIG_REISERFS_XATTR=y will crash too, but only when trying to delete
some file/directory.
4. Oops.

Software versions:
Gnu C 4.4.0
Gnu make 3.81
binutils 2.19.51.20090622
util-linux 2.15.1-rc1
mount support
module-init-tools 3.8
e2fsprogs 1.41.5
reiserfsprogs 3.6.21
pcmciautils 014
Linux C Library 2.9
Dynamic linker (ldd) 2.9
Procps 3.2.8
Net-tools 1.60
Kbd 1.15
Sh-utils 7.4
wireless-tools 29
Modules Loaded usb_storage tun binfmt_misc ppdev kqemu sbp2 lp
parport snd_hda_codec_realtek snd_hda_intel snd_hda_codec joydev
snd_pcm_oss snd_mixer_oss snd_pcm arc4 snd_seq_dummy snd_seq_oss ecb
snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq ath5k pcmcia
snd_timer snd_seq_device mac80211 nsc_ircc uvcvideo ath yenta_socket
rsrc_nonstatic snd soundcore videodev sdhci_pci psmouse irda acer_wmi
pcmcia_core snd_page_alloc v4l1_compat v4l2_compat_ioctl32 tifm_7xx1
tifm_core iTCO_wdt iTCO_vendor_support sdhci serio_raw pcspkr cfg80211
crc_ccitt led_class ohci1394 ieee1394 tg3 usbhid fbcon tileblit font
bitblit softcursor i915 drm i2c_algo_bit video output intel_agp

dmesg output:
[ 95.335301] REISERFS (device sdb): found reiserfs format "3.6" with
standard journal
[ 95.336228] REISERFS (device sdb): using ordered data mode
[ 95.360648] REISERFS (device sdb): journal params: device sdb, size
8192, journal first block 18, max trans len 1024, max batch 900, max
commit age 30, max trans age 30
[ 95.364551] REISERFS (device sdb): checking transaction log (sdb)
[ 95.394471] REISERFS (device sdb): Using r5 hash to sort names
[ 95.397182] BUG: unable to handle kernel NULL pointer dereference at
(null)
[ 95.397803] IP: [<(null)>] (null)
[ 95.398043] PGD 1d9f067 PUD 3a36067 PMD 0
[ 95.398324] Oops: 0010 [#1] SMP
[ 95.398645] last sysfs file: /sys/kernel/uevent_seqnum
[ 95.398846] CPU 0
[ 95.398965] Modules linked in: reiserfs ppdev virtio_balloon psmouse
serio_raw pcspkr parport_pc i2c_piix4 parport ne2k_pci 8390 virtio_pci
virtio_ring floppy virtio fbcon tileblit font bitblit softcursor i915
drm i2c_algo_bit video output intel_agp
[ 95.399985] Pid: 1917, comm: mount Not tainted
2.6.31-rc1-git10-generic-vanilla #1
[ 95.400169] RIP: 0010:[<0000000000000000>] [<(null)>] (null)
[ 95.400169] RSP: 0018:ffff880003a9dbc0 EFLAGS: 00000286
[ 95.400169] RAX: ffffffffa0167180 RBX: ffff88000386d600 RCX:
0000000000000000
[ 95.400169] RDX: 0000000000000000 RSI: ffff88000386d600 RDI:
ffff8800039e2350
[ 95.400169] RBP: ffff880003a9dc08 R08: ffff8800019a2d73 R09:
00000000000000c0
[ 95.400169] R10: ffde61db876d5807 R11: 0000000000000000 R12:
ffff880003a9dc28
[ 95.400169] R13: ffff8800039e2350 R14: fffffffffffffff4 R15:
0000000000000000
[ 95.400169] FS: 00007f11d793b7d0(0000) GS:ffff880001991000(0000)
knlGS:0000000000000000
[ 95.400169] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 95.400169] CR2: 0000000000000000 CR3: 0000000002995000 CR4:
00000000000006b0
[ 95.400169] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 95.400169] DR3: 0000000000000000 DR6: 0000000000000000 DR7:
0000000000000000
[ 95.400169] Process mount (pid: 1917, threadinfo ffff880003a9c000,
task ffff880000cb2d60)
[ 95.400169] Stack:
[ 95.400169] ffffffff8111901a ffff880003a9dc18 ffffffff8111901a
0000000000000001
[ 95.400169] <0> ffff880000804540 ffffffffa016cfd0 0000000000000000
0000000000000000
[ 95.400169] <0> ffff880003386000 ffff880003a9dc48 ffffffff811192e7
ffff880003a9dc58
[ 95.400169] Call Trace:
[ 95.400169] [<ffffffff8111901a>] ? __lookup_hash+0xfa/0x150
[ 95.400169] [<ffffffff8111901a>] ? __lookup_hash+0xfa/0x150
[ 95.400169] [<ffffffff811192e7>] lookup_one_len+0xc7/0x110
[ 95.400169] [<ffffffff811192e7>] ? lookup_one_len+0xc7/0x110
[ 95.400169] [<ffffffffa016530c>] reiserfs_xattr_init+0x1dc/0x260
[reiserfs]
[ 95.400169] [<ffffffffa0150da7>] reiserfs_fill_super+0x8c7/0xc00
[reiserfs]
[ 95.400169] [<ffffffff8111132f>] get_sb_bdev+0x16f/0x1b0
[ 95.400169] [<ffffffffa01504e0>] ? reiserfs_fill_super+0x0/0xc00
[reiserfs]
[ 95.400169] [<ffffffff8110959b>] ? __alloc_percpu+0xb/0x10
[ 95.400169] [<ffffffffa014d653>] get_super_block+0x13/0x20 [reiserfs]
[ 95.400169] [<ffffffff81110e06>] vfs_kern_mount+0x76/0x180
[ 95.400169] [<ffffffff81110f7d>] do_kern_mount+0x4d/0x120
[ 95.400169] [<ffffffff8112929f>] do_mount+0x2ff/0x880
[ 95.400169] [<ffffffff811298af>] sys_mount+0x8f/0xe0
[ 95.400169] [<ffffffff81011ec2>] system_call_fastpath+0x16/0x1b
[ 95.400169] Code: Bad RIP value.
[ 95.400169] RIP [<(null)>] (null)
[ 95.400169] RSP <ffff880003a9dbc0>
[ 95.400169] CR2: 0000000000000000
[ 95.426324] ---[ end trace 5768429dcc99b425 ]---

BTW, it will be good if any special treatment of .reiserfs_priv could be
disabled by mount option.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo.DeleteThis@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Back to top
Login to vote
Display posts from previous:   
Related Topics:
modprobe bug for aliases with regular expressions - Recently it's been pointed out to me that the modprobe functionality with aliases doesn't quite work properly for some USB modules. Specifically, the usb-storage driver has a lot of aliases with regular expressions for the bcd ranges. Here's an example....

[PATCH]:x86_64: Change assembly to use regular cpuid_count.. - Minor cleanup patch: Replacing the asm statement with cpuid_count macro(which already provides the same functionality). Signed-off-by: Rohit Seth <rohitseth@google.com> arch/x86_64/kernel/setup.c | 7 ++----- 1 files changed, 2 insertions(+...

reproducible reiserfs bug with kernel 2.6.17 - Hi, Probably I stumbled on a reiserfs race condition bug. I get an infinite loop of messages like "ReiserFS: md1: warning: vs-13060: reiserfs_update_sd: stat data of object [3 29 0x0 SD] (nlink == 1) not found (pos 1)" at a certain time when ...

[PATCH] reiserfs: fix up case where indent misreads the code - indent(1) doesn't know how to handle the "do not compile" error. It results in the item_ops array declaration being indented a tab stop in when it should not be. This patch replaces it with a #error that describes why it's failing. Signed-of...

[PATCH 02/04] reiserfs: clean up bitmap block buffer head .. - Similar to the SB_JOURNAL cleanup that was accepted a while ago, this patch uses a temporary variable for buffer head references from the bitmap info array. This makes the code much more readable in some areas. It also uses proper reference..
       Linux (Home) -> Kernel All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Categories:
 Windows Forums
 Game Forums
  Linux Forums
 Mac Forums
 PDA Forums
 Mobile Forums
  Top  |  Store  |  RSS Feeds RSS  |  Data Feeds  |  Advertise  |  Submit  |  Bookmark  |  Newsletter  |  Contact