Bug 2984

Summary: fs/reiserfs/journal.c:519 - invalid operand
Product: File System Reporter: Jan Kundrat (dev)
Component: ReiserFSAssignee: ReiseFS developers team (reiserfs-devel)
Status: REJECTED INSUFFICIENT_DATA    
Severity: high CC: bunk
Priority: P2    
Hardware: i386   
OS: Linux   
Kernel Version: 2.6.6 vanilla Subsystem:
Regression: --- Bisected commit-id:

Description Jan Kundrat 2004-06-30 05:12:26 UTC 
Distribution: gentoo
Hardware Environment:
athlon-tbird/1200MHz, ECS K7VZA motherboard, 256MB of RAM, 2 IDE drives.
Software Environment:
Problem Description:

after issuing `make menuconfig`, during `make modules modules_install` 
in /usr/src/linux, make process complained about "unable to create 
directory .tmp_linux_1" (or something similar). after redoing the same step 
once again, similar result just after few commands. so I tried to `make clean`, 
but the "rm -f ..." process stood in state "D" as shown by ps. messages in 
syslog:
Jun 29 15:08:03 slon ------------[ cut here ]------------
Jun 29 15:08:03 slon kernel BUG at fs/reiserfs/journal.c:519!
Jun 29 15:08:03 slon invalid operand: 0000 [#1]
Jun 29 15:08:03 slon PREEMPT
Jun 29 15:08:03 slon CPU:    0
Jun 29 15:08:03 slon EIP:    0060:[<c019f524>]    Not tainted
Jun 29 15:08:03 slon EFLAGS: 00210282   (2.6.6)
Jun 29 15:08:03 slon EIP is at reiserfs_in_journal+0x114/0x1f0
Jun 29 15:08:03 slon eax: 00000000   ebx: d088d10c   ecx: cfe06400   edx: 
d08c6d40
Jun 29 15:08:03 slon esi: cf082d10   edi: 00002de6   ebp: 00002de6   esp: 
c5265bbc
Jun 29 15:08:03 slon ds: 007b   es: 007b   ss: 0068
Jun 29 15:08:03 slon Process as (pid: 23227, threadinfo=c5264000 task=c24085b0)
Jun 29 15:08:03 slon Stack: cf082d10 cfe06400 c0199f45 00002de6 d0846000 
cf2285bc cf228000 c017d0b1
Jun 29 15:08:03 slon cfe06400 00000000 00002de6 00000001 c5265c10 00002de6 
00000000 00000000
Jun 29 15:08:03 slon cf060f00 00000001 00002de6 cfe06400 00000004 00000000 
00000000 c5265c58
Jun 29 15:08:03 slon Call Trace:
Jun 29 15:08:03 slon [<c0199f45>] is_tree_node+0x65/0x70
Jun 29 15:08:03 slon [<c017d0b1>] scan_bitmap_block+0x3f1/0x490
Jun 29 15:08:03 slon [<c017d272>] scan_bitmap+0x122/0x220
Jun 29 15:08:03 slon [<c017dd1b>] reiserfs_allocate_blocknrs+0x1db/0x7b0
Jun 29 15:08:03 slon [<c018a121>] 
reiserfs_allocate_blocks_for_region+0x1d1/0x1470
Jun 29 15:08:03 slon [<c019af13>] search_for_position_by_key+0x1b3/0x3d0
Jun 29 15:08:03 slon [<c0199c51>] pathrelse+0x21/0x40
Jun 29 15:08:03 slon [<c018beb6>] 
reiserfs_prepare_file_region_for_write+0x366/0x970
Jun 29 15:08:03 slon [<c018ca1b>] reiserfs_file_write+0x55b/0x7c0
Jun 29 15:08:03 slon [<c013b8f4>] handle_mm_fault+0xd4/0x170
Jun 29 15:08:03 slon [<c010ff80>] do_page_fault+0x340/0x53c
Jun 29 15:08:03 slon [<c013cf3d>] do_mmap_pgoff+0x37d/0x6c0
Jun 29 15:08:03 slon [<c018c4c0>] reiserfs_file_write+0x0/0x7c0
Jun 29 15:08:03 slon [<c0149158>] vfs_write+0xb8/0x130
Jun 29 15:08:03 slon [<c0149282>] sys_write+0x42/0x70
Jun 29 15:08:03 slon [<c0103eb5>] sysenter_past_esp+0x52/0x71
Jun 29 15:08:03 slon
Jun 29 15:08:03 slon Code: 0f 0b 07 02 2a e2 2b c0 b8 01 00 00 00 eb a4 8b 4c 
24 20 39
Jun 29 15:08:03 slon ------------[ cut here ]------------
Jun 29 15:08:03 slon kernel BUG at fs/reiserfs/journal.c:519!
Jun 29 15:08:03 slon invalid operand: 0000 [#2]
Jun 29 15:08:03 slon PREEMPT
Jun 29 15:08:03 slon CPU:    0
Jun 29 15:08:03 slon EIP:    0060:[<c019f524>]    Not tainted
Jun 29 15:08:03 slon EFLAGS: 00210282   (2.6.6)
Jun 29 15:08:03 slon EIP is at reiserfs_in_journal+0x114/0x1f0
Jun 29 15:08:03 slon eax: 00000000   ebx: d088d10c   ecx: cfe06400   edx: 
d08c6d40
Jun 29 15:08:03 slon esi: cf082d10   edi: 00002de6   ebp: 00002de6   esp: 
caf83bbc
Jun 29 15:08:03 slon ds: 007b   es: 007b   ss: 0068
Jun 29 15:08:03 slon Process cc1 (pid: 23226, threadinfo=caf82000 task=c2408b30)
Jun 29 15:08:03 slon Stack: cf082d10 cfe06400 c0199f45 00002de6 d0846000 
cf2285bc cf228000 c017d0b1
Jun 29 15:08:03 slon cfe06400 00000000 00002de6 00000001 caf83c10 00002de6 
00000000 00000000
Jun 29 15:08:03 slon cf060f00 00000001 00002de6 cfe06400 00000005 00000000 
00000000 caf83c58
Jun 29 15:08:03 slon Call Trace:
Jun 29 15:08:03 slon [<c0199f45>] is_tree_node+0x65/0x70
Jun 29 15:08:03 slon [<c017d0b1>] scan_bitmap_block+0x3f1/0x490
Jun 29 15:08:03 slon [<c017d272>] scan_bitmap+0x122/0x220
Jun 29 15:08:03 slon [<c017dd1b>] reiserfs_allocate_blocknrs+0x1db/0x7b0
Jun 29 15:08:03 slon [<c018a121>] 
reiserfs_allocate_blocks_for_region+0x1d1/0x1470
Jun 29 15:08:03 slon [<c019af13>] search_for_position_by_key+0x1b3/0x3d0
Jun 29 15:08:03 slon [<c0199c51>] pathrelse+0x21/0x40
Jun 29 15:08:03 slon [<c018beb6>] 
reiserfs_prepare_file_region_for_write+0x366/0x970
Jun 29 15:08:03 slon [<c018ca1b>] reiserfs_file_write+0x55b/0x7c0
Jun 29 15:08:03 slon [<c0216326>] as_put_request+0x76/0xd0
Jun 29 15:08:03 slon [<c021105c>] end_that_request_last+0x5c/0xc0
Jun 29 15:08:03 slon [<c02251d9>] ide_end_request+0x99/0x150
Jun 29 15:08:03 slon [<c020d84f>] elv_queue_empty+0x1f/0x30
Jun 29 15:08:03 slon [<c022608d>] ide_do_request+0x5d/0x370
Jun 29 15:08:03 slon [<c022dc27>] ide_dma_intr+0x97/0xc0
Jun 29 15:08:03 slon [<c02268d4>] ide_intr+0x144/0x190
Jun 29 15:08:03 slon [<c018c4c0>] reiserfs_file_write+0x0/0x7c0
Jun 29 15:08:03 slon [<c0149158>] vfs_write+0xb8/0x130
Jun 29 15:08:03 slon [<c0149282>] sys_write+0x42/0x70
Jun 29 15:08:03 slon [<c0103eb5>] sysenter_past_esp+0x52/0x71
Jun 29 15:08:03 slon
Jun 29 15:08:03 slon Code: 0f 0b 07 02 2a e2 2b c0 b8 01 00 00 00 eb a4 8b 4c 
24 20 39
 

so I tried to reboot (ctrl+alt+del in console, also `reboot`), but init was 
unable to kill that "rm -f some-files" process, so it ended up also with "D" 
status. my kernel configuration is in 
http://jak.kvalitne.cz/pub/dev/amd1200/reiserfs-bug/config.2.6.6

anyway, I had to reboot with reset button, reiserfsck came up, replayed journal 
& made some cleaning up AND TOLD EVERYTHING IS OK, but I wasn't satisfied, 
rebooted into plain shell and issued `reiserfsck /dev/hda6`, it said I had to 
run `reiserfsck --rebuild-tree`, I tried the same with `reiserfsck --fix-
fixable` (just to make sure), and than `reiserfsck --rebuild-tree /dev/hda6`. 
It had fixed some errors.
Result: my /usr (reiserfs, /dev/hda6) partition has been broken, portage tree 
(database of available packages, easily reconstructable by one command) has 
been destroyed (it contains several thousand small files - 1kB is size or so), 
I mean a _lot_ of these fiels had been put into /usr/lost+found, as something 
which looks like some compiled kernel modules (it has ELF header and contains 
stuff about network, like something about ARP,... - and it's not iptables 
package). No actual data loss occured (at least I hope so).
I'm not the only person encountering this behaviour, see 
http://bugs.gentoo.org/show_bug.cgi?id=49814 for similar report but with SMP 
kernel.

Steps to reproduce:
Comment 1 Dick Middleton 2004-07-10 13:21:52 UTC 
I got same error attempting to write immediately after resizing following
increasing lvm partition size.  I use lvm and software raid.  kernel is Debian
sid varient of 2.6.6.
Comment 2 Vitaly Fertman 2005-08-09 07:36:03 UTC 
is the problem still present?
Comment 3 Adrian Bunk 2005-12-21 18:48:49 UTC 
Since there was no answer to the question whether this issue is still present in
more recent kernels, I'm assuming it's already fixed.