Bug 12435

Summary: kernel BUG at fs/btrfs/extent-tree.c:3106 when filling a loop-mounted image
Product: File System Reporter: Alex Riesen (raa.lkml)
Component: OtherAssignee: fs_other
Status: REJECTED DOCUMENTED    
Severity: normal CC: akpm, eugeneteo
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: v2.6.29-rc1 Subsystem:
Regression: --- Bisected commit-id:
Attachments: Dmesg of that run before the crash
kernel .config

Description Alex Riesen 2009-01-11 15:15:20 UTC 
Latest working kernel version: unknown
Earliest failing kernel version: v2.6.29-rc1
Distribution: Ubuntu 8.10
Hardware Environment: Dell XPS M1330, 64bit
Software Environment: btrfs-progs 6a63d4911471b8eabdf6c69c9d219c2d6aaa66e2,
the btrfs image loop-mounted.
Problem Description:

I tried to copy some jpg files into the image until it fills fully up.
It is not the first stack trace, but the previous was a known WARN_ON
libata code. Should be harmless.

kernel BUG at fs/btrfs/extent-tree.c:3106!
invalid opcode: 0000 [#1] PREEMPT SMP 
last sysfs file: /sys/devices/pci0000:00/0000:00:1c.1/0000:0c:00.0/net/wlan0/statistics/collisions
CPU 0 
Modules linked in: btrfs zlib_deflate crc32c libcrc32c squashfs zlib_inflate ext4 jbd2 crc16 loop binfmt_misc cpufreq_userspace iptable_filter dm_crypt dm_mod sbp2 serio_raw ohci1394 uvcvideo ieee1394 videodev v4l1_compat v4l2_compat_ioctl32 video
Pid: 342, comm: pdflush Tainted: G        W  2.6.29-rc1-t #155
RIP: 0010:[<ffffffffa06cdf67>]  [<ffffffffa06cdf67>] __btrfs_reserve_extent+0x29c/0x2b1 [btrfs]
RSP: 0018:ffff88007e8cb7e0  EFLAGS: 00010246
RAX: ffff88006909fc00 RBX: ffff88006909fc00 RCX: 0000000000000001
RDX: 0000000000000001 RSI: 0000000000000001 RDI: 0000000000000001
RBP: ffff88007e8cb850 R08: 0000000000001000 R09: 0000000000000001
R10: 0000000000000000 R11: 000000000000000a R12: ffff88006909fc30
R13: ffff880075df1648 R14: 0000000000001000 R15: ffff880075df1698
FS:  0000000000000000(0000) GS:ffffffff810b8040(0000) knlGS:0000000000000000
CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 00007f4fbf452000 CR3: 00000000784b0000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process pdflush (pid: 342, threadinfo ffff88007e8ca000, task ffff88007e8d0000)
Stack:
 0000000007c00000 ffff88007e8cb930 0000000000000000 0000000000000000
 ffff880000000001 0000000007c00000 0000000000000000 0000000000001000
 ffff880075df1648 ffff88007e8cb930 ffff88006071ea50 ffff880075c89000
Call Trace:
 [<ffffffffa06cdfb0>] btrfs_reserve_extent+0x34/0x59 [btrfs]
 [<ffffffffa06e1ac4>] cow_file_range+0x1d7/0x358 [btrfs]
 [<ffffffff802602b3>] ? trace_hardirqs_on+0xd/0xf
 [<ffffffffa06e232d>] run_delalloc_range+0xa0/0x30c [btrfs]
 [<ffffffffa06f3752>] ? test_range_bit+0xf7/0x106 [btrfs]
 [<ffffffffa06f665b>] ? find_lock_delalloc_range+0x11b/0x16f [btrfs]
 [<ffffffffa06f6efc>] __extent_writepage+0x1ea/0x7a4 [btrfs]
 [<ffffffff802602b3>] ? trace_hardirqs_on+0xd/0xf
 [<ffffffff8029420b>] ? __dec_zone_state+0x16/0x8d
 [<ffffffffa06f473b>] extent_write_cache_pages+0x1ce/0x2f2 [btrfs]
 [<ffffffffa06f2f92>] ? flush_write_bio+0x0/0x32 [btrfs]
 [<ffffffffa06f6d12>] ? __extent_writepage+0x0/0x7a4 [btrfs]
 [<ffffffffa06f48a1>] extent_writepages+0x42/0x64 [btrfs]
 [<ffffffffa06e004b>] ? btrfs_get_extent+0x0/0x857 [btrfs]
 [<ffffffffa06dfed7>] btrfs_writepages+0x28/0x2a [btrfs]
 [<ffffffff8028a4fd>] do_writepages+0x30/0x40
 [<ffffffff802c8db8>] __writeback_single_inode+0x19c/0x3ad
 [<ffffffff802c9481>] generic_sync_sb_inodes+0x296/0x43a
 [<ffffffff802c982a>] writeback_inodes+0xa2/0xfa
 [<ffffffff8028ab1b>] background_writeout+0x97/0xd0
 [<ffffffff8028b28f>] pdflush+0x185/0x238
 [<ffffffff802602b3>] ? trace_hardirqs_on+0xd/0xf
 [<ffffffff8028aa84>] ? background_writeout+0x0/0xd0
 [<ffffffff8028b10a>] ? pdflush+0x0/0x238
 [<ffffffff8028b10a>] ? pdflush+0x0/0x238
 [<ffffffff802505db>] kthread+0x4e/0x7b
 [<ffffffff8020c97a>] child_rip+0xa/0x20
 [<ffffffff80234f52>] ? finish_task_switch+0x0/0xc2
 [<ffffffff8020c340>] ? restore_args+0x0/0x30
 [<ffffffff8025058d>] ? kthread+0x0/0x7b
 [<ffffffff8020c970>] ? child_rip+0x0/0x20
Code: 89 f6 48 89 df e8 89 6f 03 00 4c 89 e7 e8 40 e4 ef df 4d 8b 6d 00 49 8b 45 00 4c 3b 6d d0 0f 18 08 75 9e 4c 89 ff e8 2c 60 b8 df <0f> 0b eb fe 48 83 c4 48 31 c0 5b 41 5c 41 5d 41 5e 41 5f c9 c3 
RIP  [<ffffffffa06cdf67>] __btrfs_reserve_extent+0x29c/0x2b1 [btrfs]
 RSP <ffff88007e8cb7e0>

Steps to reproduce:
Probably:
- Create a 300Mb image file
- Mount it
- Fill it up until end-of-space
Comment 1 Alex Riesen 2009-01-11 15:16:08 UTC 
Created attachment 19752 [details]
Dmesg of that run before the crash
Comment 2 Alex Riesen 2009-01-11 15:16:37 UTC 
Created attachment 19753 [details]
kernel .config
Comment 3 Andrew Morton 2009-01-11 15:35:49 UTC 
btrfs goes BUG on ENOSPC.  I think it's a feature :)
Comment 4 Matthew Wilcox 2009-01-11 16:15:22 UTC 
http://btrfs.wiki.kernel.org/index.php/Development_timeline

I think that's called "Working as designed" ;-)