Veni, vidi, vici :-)
I made some testings on the machine and I could reproduce the problem
by using debugfs. Basically, the problem is due to a filesystem corruption
which is badly handled in the kernel code and which is not checked by e2fsck.
Suppose that the size recorded in a directory inode is corrupted and
is bigger than the real size of the directory, the kernel code tries to read
unexistant data blocks and the ``should never happen'' condition becomes true.
E2fsck does not check for this kind of corruption.
IMO, the solution is to fix both the kernel code and e2fsck: the kernel
should not panic in this case (it should report the error and try to continue),
and e2fsck should test for this sort of errors (i.e. check that the size of a
directory is a multiple of the block size and that directories do not contain
any hole).
Ted, do you agree?
Remy