Bug 14286 - kernel BUG at fs/ext4/extents.c:2863
Summary: kernel BUG at fs/ext4/extents.c:2863
Status: RESOLVED CODE_FIX
Alias: None
Product: File System
Classification: Unclassified
Component: ext4 (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: Theodore Tso
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-10-01 05:40 UTC by R.Nageswara Sastry
Modified: 2009-12-14 15:39 UTC (History)
1 user (show)

See Also:
Kernel Version: 2.6.32-rc1, 2.6.31
Subsystem:
Regression: No
Bisected commit-id:


Attachments
fsfuzzer image to recreate the kernel stack trace in tar gzipped format (797.67 KB, application/octet-stream)
2009-10-01 05:47 UTC, R.Nageswara Sastry
Details
fsfuzzer ext4 base image (710.99 KB, application/octet-stream)
2009-10-01 05:50 UTC, R.Nageswara Sastry
Details
Patch to fix this problem (1.54 KB, patch)
2009-12-14 15:39 UTC, Theodore Tso
Details | Diff

Description R.Nageswara Sastry 2009-10-01 05:40:59 UTC
While working with fsfuzz encountered the following kernel stack traces.

Environment: 2.6.32-rc1 and 2.6.31 (kernel BUG at fs/ext4/extents.c:2833)
Architecture: s390


------------[ cut here ]------------
kernel BUG at fs/ext4/extents.c:2863!
illegal operation: 0001 [#1] SMP
Modules linked in: cbc md5 aes_s390 aes_generic ecb ecryptfs ext4 jbd2 crc16 autofs4 lockd sunrpc ipv6 loop qeth_l2 qeth qdio vmur ccwgroup dm_round_robin dm_multipath scsi_dh sd_mod scsi_mod multipath dm_snapshot dm_zero dm_mirror dm_region_hash dm_log dm_mod dasd_fba_mod dasd_eckd_mod dasd_mod ext3 jbd
CPU: 0 Not tainted 2.6.32-rc2 #1
Process fstest (pid: 5755, task: 0000000024a48038, ksp: 0000000011afbe20)
Krnl PSW : 0704000180000000 000003e00200f3f4 (ext4_ext_get_blocks+0x240/0x10cc [ext4])
           R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:0 CC:0 PM:0 EA:3
Krnl GPRS: 0000000000000000 0000000000000000 0000000000002400 0000000000000000
           000000001416c000 000000000c8da000 000000002b539370 0000000000000000
           000000002b5390f0 000000002b5390f0 0000000011afba90 000000002b539040
           000003e001fe3000 000003e002023198 000003e00200f388 0000000011afb6c8
Krnl Code: 000003e00200f3e8: a71100ff           tmll    %r1,255
           000003e00200f3ec: a7740006           brc     7,3e00200f3f8
           000003e00200f3f0: a7f40001           brc     15,3e00200f3f2
          >000003e00200f3f4: a7f40000           brc     15,3e00200f3f4
           000003e00200f3f8: e3b040100004       lg      %r11,16(%r4)
           000003e00200f3fe: b90200bb           ltgr    %r11,%r11
           000003e00200f402: a78404ea           brc     8,3e00200fdd6
           000003e00200f406: 5810b000           l       %r1,0(%r11)
Call Trace:
([<000003e00200f388>] ext4_ext_get_blocks+0x1d4/0x10cc [ext4])
 [<000003e001fed31e>] ext4_get_blocks+0xba/0x3c0 [ext4]
 [<000003e001fee9d8>] ext4_get_block+0xcc/0x114 [ext4]
 [<00000000001449ba>] do_mpage_readpage+0x1fa/0x688
 [<0000000000144f7a>] mpage_readpages+0xae/0x100
 [<00000000000d49f8>] __do_page_cache_readahead+0x160/0x1f4
 [<00000000000d4acc>] ra_submit+0x40/0x54
 [<00000000000d4f94>] page_cache_sync_readahead+0x40/0x50
 [<00000000000cc334>] generic_file_aio_read+0x284/0x6a4
 [<000000000010ed34>] do_sync_read+0xd0/0x118
 [<000000000010fad0>] vfs_read+0xa8/0x174
 [<000000000010fc92>] SyS_read+0x56/0x84
 [<0000000000027f5a>] sysc_tracego+0xe/0x14
 [<0000004e53f12cc4>] 0x4e53f12cc4
Last Breaking-Event-Address:
 [<000003e00200f3f0>] ext4_ext_get_blocks+0x23c/0x10cc [ext4]

---[ end trace 7a3a53bbf5dda9be ]---

Related code:

   2858         /*
   2859          * consistent leaf must not be empty;
   2860          * this situation is possible, though, _during_ tree modification;
   2861          * this is why assert can't be put in ext4_ext_find_extent()
   2862          */
   2863         BUG_ON(path[depth].p_ext == NULL && depth != 0);
   2864         eh = path[depth].p_hdr;
   2865
Comment 1 R.Nageswara Sastry 2009-10-01 05:47:31 UTC
Created attachment 23213 [details]
fsfuzzer image to recreate the kernel stack trace in tar gzipped format
Comment 2 R.Nageswara Sastry 2009-10-01 05:50:50 UTC
Created attachment 23214 [details]
fsfuzzer ext4 base image
Comment 3 R.Nageswara Sastry 2009-10-01 05:58:01 UTC
unzip the above file(s) 
ext4.364.img.tar.gz
ext4.base.tar.gz 

And download the fsfuzzer from URL 
http://www.risesecurity.org/files/fsfuzzer-0.7.3.tar.gz

Untar it
cd fsfuzzer-0.7.3
./configure
make

cp ext4.364.img to fsfuzzer-0.7.3/cfs
cp ext4.base to fsfuzzer-0.7.3/fs
and run the file named run_test in dir fsfuzzer-0.7.3
./run_test ext4 364

Check the dmesg.

Thanks!!
Comment 4 R.Nageswara Sastry 2009-10-16 12:30:09 UTC
Any updates!!
Comment 5 Theodore Tso 2009-12-14 15:39:32 UTC
Created attachment 24181 [details]
Patch to fix this problem

Surbhi Palande has supplied the following patch to address this issue

Note You need to log in before you can comment on or make changes to this bug.