From: Fengguang Wu <fengguang.wu@intel.com>
To: Theodore Ts'o <tytso@mit.edu>, Marti Raudsepp <marti@juffo.org>,
Kernel hackers <linux-kernel@vger.kernel.org>,
ext4 hackers <linux-ext4@vger.kernel.org>,
maze@google.com
Subject: Re: NULL pointer dereference in ext4_ext_remove_space on 3.5.1
Date: Thu, 16 Aug 2012 19:10:51 +0800 [thread overview]
Message-ID: <20120816111051.GA16036@localhost> (raw)
In-Reply-To: <20120816024654.GB3781@thunk.org>
> --- a/fs/ext4/extents.c
> +++ b/fs/ext4/extents.c
> @@ -2432,6 +2432,10 @@ ext4_ext_rm_leaf(handle_t *handle, struct inode *inode,
>
> /* the header must be checked already in ext4_ext_remove_space() */
> ext_debug("truncate since %u in leaf to %u\n", start, end);
> + if (!path[depth].p_hdr && !path[depth].p_bh) {
> + EXT4_ERROR_INODE(inode, "depth %d", depth);
> + BUG_ON(1);
> + }
> if (!path[depth].p_hdr)
> path[depth].p_hdr = ext_block_hdr(path[depth].p_bh);
> eh = path[depth].p_hdr;
> @@ -2730,6 +2734,10 @@ cont:
> /* this is index block */
> if (!path[i].p_hdr) {
> ext_debug("initialize header\n");
> + if (!path[i].p_hdr && !path[i].p_bh) {
> + EXT4_ERROR_INODE(inode, "i=%d", i);
> + BUG_ON(1);
> + }
> path[i].p_hdr = ext_block_hdr(path[i].p_bh);
> }
>
Here is the dmesg. BTW, it seems 3.5.0 don't have this issue.
[ 640.266836] EXT4-fs error (device md0): ext4_ext_remove_space:2694: inode #12: comm rm: i=1
[ 640.275701] ------------[ cut here ]------------
[ 640.276684] kernel BUG at /c/wfg/tip/fs/ext4/extents.c:2695!
[ 640.276684] invalid opcode: 0000 [#1] SMP
[ 640.276684] Modules linked in:
[ 640.276684] CPU 7
[ 640.276684] Pid: 4079, comm: rm Not tainted 3.6.0-rc1+ #3 Supermicro X7DW3/X7DWN
[ 640.276684] RIP: 0010:[<ffffffff811f8980>] [<ffffffff811f8980>] ext4_ext_remove_space+0x86e/0xbee
[ 640.276684] RSP: 0018:ffff88021e749cb8 EFLAGS: 00010287
[ 640.276684] RAX: ffff880221072000 RBX: ffff88020fc680d0 RCX: 0000000000000092
[ 640.276684] RDX: 0000000000003c3c RSI: 0000000000000092 RDI: ffff880221073800
[ 640.276684] RBP: ffff88021e749d98 R08: ffffffff81f6ea88 R09: 0000000000000000
[ 640.276684] R10: ffffffff81f19a30 R11: 0000000000000647 R12: ffff880222385840
[ 640.276684] R13: 0000000000000001 R14: 0000000000000001 R15: ffff880222385870
[ 640.276684] FS: 00007f4461203700(0000) GS:ffff88022f5c0000(0000) knlGS:0000000000000000
[ 640.276684] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 640.276684] CR2: 00007f4460cf761d CR3: 000000022115c000 CR4: 00000000000007e0
[ 640.276684] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 640.276684] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 640.276684] Process rm (pid: 4079, threadinfo ffff88021e748000, task ffff8802236d2e80)
[ 640.276684] Stack:
[ 640.276684] ffffffff819caec0 ffff880220901390 ffff88020fc680d0 ffff880220901390
[ 640.276684] ffff88020fc25750 0000000000790000 ffff88021e749d38 ffffffff811d6b05
[ 640.276684] 8000880200000000 ffff88020fc68000 ffff880221072000 ffff8802223858a0
[ 640.276684] Call Trace:
[ 640.276684] [<ffffffff811d6b05>] ? ext4_mark_iloc_dirty+0x47a/0x557
[ 640.276684] [<ffffffff811fa6ab>] ext4_ext_truncate+0xd8/0x176
[ 640.276684] [<ffffffff811d6de8>] ? ext4_mark_inode_dirty+0x17e/0x1c0
[ 640.276684] [<ffffffff811d4934>] ext4_truncate+0x7a/0xca
[ 640.276684] [<ffffffff811d8aa2>] ext4_evict_inode+0x2e9/0x422
[ 640.276684] [<ffffffff81163e17>] evict+0xae/0x163
[ 640.276684] [<ffffffff811640c4>] iput+0x1bb/0x1c3
[ 640.276684] [<ffffffff8115a2ca>] do_unlinkat+0x102/0x157
[ 640.276684] [<ffffffff813d550e>] ? trace_hardirqs_on_thunk+0x3a/0x3c
[ 640.276684] [<ffffffff8115bf97>] sys_unlinkat+0x22/0x2d
[ 640.276684] [<ffffffff81985229>] system_call_fastpath+0x16/0x1b
[ 640.276684] Code: 75 33 49 8b 47 28 48 85 c0 75 22 45 89 e9 49 c7 c0 ce e8 d2 81 31 c9 ba 86 0a 00 00 48 c7 c6 80 fb 9c 81 48 89 df e8 eb 6c ff ff <0f> 0b 48 8b 40 28 49 89 47 20 49 8b 47 18 48 85 c0 75 1f 49 8b
[ 640.276684] RIP [<ffffffff811f8980>] ext4_ext_remove_space+0x86e/0xbee
[ 640.276684] RSP <ffff88021e749cb8>
[ 640.530999] ---[ end trace e00762202fd8e8a0 ]---
Thanks,
Fengguang
next prev parent reply other threads:[~2012-08-16 11:36 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-15 18:33 NULL pointer dereference in ext4_ext_remove_space on 3.5.1 Marti Raudsepp
2012-08-16 2:46 ` Theodore Ts'o
2012-08-16 11:10 ` Fengguang Wu [this message]
2012-08-16 15:25 ` Theodore Ts'o
2012-08-16 20:21 ` Maciej Żenczykowski
2012-08-16 20:21 ` Maciej Żenczykowski
2012-08-16 21:19 ` Theodore Ts'o
2012-08-16 21:19 ` Theodore Ts'o
2012-08-16 21:40 ` Maciej Żenczykowski
2012-08-16 22:26 ` Theodore Ts'o
2012-08-16 22:44 ` Maciej Żenczykowski
2012-08-17 6:01 ` Fengguang Wu
2012-08-17 13:15 ` Theodore Ts'o
2012-08-17 13:22 ` Fengguang Wu
2012-08-17 13:50 ` [PATCH] ext4: fix kernel BUG on large-scale rm -rf commands Theodore Ts'o
2012-08-17 17:48 ` NULL pointer dereference in ext4_ext_remove_space on 3.5.1 Christoph Hellwig
2012-08-17 20:34 ` Theodore Ts'o
2012-08-17 20:34 ` Theodore Ts'o
2012-08-17 21:05 ` Christoph Hellwig
2012-08-17 21:05 ` Christoph Hellwig
2012-08-17 22:55 ` Dave Chinner
2012-08-17 22:55 ` Dave Chinner
2012-08-17 23:11 ` Theodore Ts'o
2012-08-17 23:11 ` Theodore Ts'o
2012-08-17 6:09 ` ext4 write performance regression in 3.6-rc1 Fengguang Wu
2012-08-17 13:40 ` Theodore Ts'o
2012-08-17 14:13 ` Fengguang Wu
2012-08-17 14:25 ` ext4 write performance regression in 3.6-rc1 on RAID0/5 Fengguang Wu
[not found] ` <20120817151318.GA2341@localhost>
2012-08-17 15:37 ` Theodore Ts'o
2012-08-17 20:44 ` NeilBrown
2012-08-21 9:42 ` Fengguang Wu
2012-08-21 12:07 ` Fengguang Wu
[not found] ` <20120822035702.GF2570@yliu-dev.sh.intel.com>
2012-08-22 4:07 ` Shaohua Li
2012-08-22 5:39 ` Yuanhan Liu
2012-08-22 6:00 ` NeilBrown
2012-08-22 6:31 ` Yuanhan Liu
2012-08-22 7:14 ` Andreas Dilger
2012-08-22 20:47 ` Dan Williams
2012-08-22 21:59 ` NeilBrown
2012-09-17 12:21 ` NULL pointer dereference in ext4_ext_remove_space on 3.5.1 Dmitry Monakhov
2012-09-17 13:52 ` Theodore Ts'o
2012-09-17 14:48 ` Dmitry Monakhov
2012-08-16 9:00 ` Fengguang Wu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120816111051.GA16036@localhost \
--to=fengguang.wu@intel.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marti@juffo.org \
--cc=maze@google.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.