Bug 811773

Summary: [abrt] kernel: kernel BUG at fs/btrfs/volumes.c:2518!
Product: [Fedora] Fedora Reporter: Matt Hooper <matthew.hooper>
Component: kernelAssignee: Zach Brown <zab>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 19CC: gansalmon, itamar, jforbes, jonathan, kernel-maint, madhu.chinakonda, sweil
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Unspecified   
Whiteboard: abrt_hash:3cb0701a72f23a1104cc64c399f3434d4a37634e
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-05-16 02:26:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Matt Hooper 2012-04-11 23:48:55 UTC 
libreport version: 2.0.8
abrt_version:   2.0.7
cmdline:        BOOT_IMAGE=/vmlinuz-3.4.0-0.rc1.git3.1.fc18.i686 root=UUID=5e11c88f-cba6-4c77-87be-13e83bb61c6c ro rd.md=0 rd.lvm=0 rd.dm=0 quiet SYSFONT=latarcyrheb-sun16 rhgb KEYTABLE=uk rd.luks=0 LANG=en_US.UTF-8 nouveau.modeset=0 rd.driver.blacklist=nouveau
comment:        Either the result of a btrfs filesystem balance or device delete command
kernel:         3.4.0-0.rc1.git3.1.fc18.i686
reason:         kernel BUG at fs/btrfs/volumes.c:2518!
time:           Sun 08 Apr 2012 09:20:52 PM BST

backtrace:
:kernel BUG at fs/btrfs/volumes.c:2518!
:invalid opcode: 0000 [#1] SMP 
:Modules linked in: be2iscsi iscsi_boot_sysfs bnx2i cnic uio cxgb4i cxgb4 cxgb3i libcxgbi cxgb3 mdio ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi fcoe libfcoe scsi_transport_iscsi libfc 8021q scsi_transport_fc scsi_tgt garp stp llc ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter nf_conntrack_ipv4 nf_defrag_ipv4 ip6_tables w83627hf xt_state nf_conntrack hwmon_vid snd_via82xx_modem snd_via82xx ppdev gameport snd_ac97_codec ac97_bus snd_seq snd_pcm parport_pc parport snd_mpu401_uart microcode snd_rawmidi i2c_viapro snd_timer snd_seq_device snd soundcore k8temp skge snd_page_alloc i2c_core uinput btrfs zlib_deflate libcrc32c ata_generic pata_acpi sata_via sata_promise pata_via [last unloaded: scsi_wait_scan]
:Pid: 1156, comm: btrfs-balance Not tainted 3.4.0-0.rc1.git3.1.fc18.i686 #1 To Be Filled By O.E.M. To Be Filled By O.E.M./A8V Deluxe
:EIP: 0060:[<f7dad397>] EFLAGS: 00010282 CPU: 1
:EIP is at btrfs_balance+0xe77/0xec0 [btrfs]
:EAX: fffffffb EBX: f22fb5c0 ECX: f7d56ac0 EDX: 00000000
:ESI: 00100000 EDI: 00000000 EBP: e9535f74 ESP: e9535ec4
: DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
:CR0: 8005003b CR2: b77fa000 CR3: 299b0000 CR4: 000007d0
:DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
:DR6: ffff0ff0 DR7: 00000400
:Process btrfs-balance (pid: 1156, ti=e9534000 task=e9529580 task.ti=e9534000)
:Stack:
: 00000003 e9535f2d c04a111b e9535f60 00000246 e9b31568 c0b483e7 00000058
: 000b4edc e9b31568 e9b30000 eaa9dae0 00000000 00000000 00000003 00000246
: 0000000f 00000000 0000002f e9535f1e e99e56e0 00000006 205b0000 38382020
:Call Trace:
: [<c04a111b>] ? trace_hardirqs_on+0xb/0x10
: [<f7da74bc>] ? set_balance_control+0x3c/0x50 [btrfs]
: [<c09cd9e2>] ? printk+0x30/0x32
: [<f7dad445>] balance_kthread+0x65/0xa0 [btrfs]
: [<f7dad3e0>] ? btrfs_balance+0xec0/0xec0 [btrfs]
: [<c045fddd>] kthread+0x7d/0x90
: [<c045fd60>] ? kthread_worker_fn+0x170/0x170
: [<c09e1102>] kernel_thread_helper+0x6/0x10
:Code: 00 83 ea 02 83 c7 02 e9 e8 fe ff ff c6 07 00 8b 7d 80 66 ba ff 03 83 c7 01 e9 ca fe ff ff 31 db e9 6c fe ff ff 0f 0b 0f 0b 0f 0b <0f> 0b 0f 0b 0f 0b 8b b5 68 ff ff ff c7 04 24 dc 59 de f7 89 74 
:EIP: [<f7dad397>] btrfs_balance+0xe77/0xec0 [btrfs] SS:ESP 0068:e9535ec4

smolt_data:
:
:
:General
:=================================
:UUID: 7b7d539c-9095-48ea-9dcb-39b240fcd4a4
:OS: Fedora release 17 (Beefy Miracle)
:Default run level: Unknown
:Language: en_US.UTF-8
:Platform: i686
:BogoMIPS: 4405.66
:CPU Vendor: AuthenticAMD
:CPU Model: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
:CPU Stepping: 1
:CPU Family: 15
:CPU Model Num: 43
:Number of CPUs: 2
:CPU Speed: 2200
:System Memory: 3022
:System Swap: 2047
:Vendor: To Be Filled By O.E.M.
:System: To Be Filled By O.E.M. To Be Filled By O.E.M.
:Form factor: Desktop
:Kernel: 3.4.0-0.rc1.git3.1.fc18.i686
:SELinux Enabled: 1
:SELinux Policy: targeted
:SELinux Enforce: Enforcing
:MythTV Remote: Unknown
:MythTV Role: Unknown
:MythTV Theme: Unknown
:MythTV Plugin: 
:MythTV Tuner: -1
:
:
:Devices
:=================================
:(4358:12839:4163:33005) pci, None, PCI/ISA, A7V600/K8V-X/A8V Deluxe motherboard
:(4358:12548:4163:33005) pci, ehci_hcd, USB, A7V600/K8V-X/A8V Deluxe motherboard
:(4358:12344:4163:33005) pci, uhci_hcd, USB, A7V600/K8V-X/A8V Deluxe motherboard
:(4358:12344:4163:33005) pci, uhci_hcd, USB, A7V600/K8V-X/A8V Deluxe motherboard
:(4358:12344:4163:33005) pci, uhci_hcd, USB, A7V600/K8V-X/A8V Deluxe motherboard
:(4358:12344:4163:33005) pci, uhci_hcd, USB, A7V600/K8V-X/A8V Deluxe motherboard
:(4358:8834:0:0) pci, None, HOST/PCI, K8T800Pro Host Bridge
:(4358:12930:0:0) pci, None, HOST/PCI, K8T800Pro Host Bridge
:(4358:642:4163:32931) pci, agpgart-amd64, HOST/PCI, A8V Deluxe
:(4358:4738:0:0) pci, None, HOST/PCI, K8T800Pro Host Bridge
:(4358:29314:0:0) pci, None, HOST/PCI, K8T800Pro Host Bridge
:(4358:17026:0:0) pci, None, HOST/PCI, K8T800Pro Host Bridge
:(4358:45448:0:0) pci, None, PCI/PCI, VT8237 PCI bridge [K8T800/K8T890 South]
:(4130:4353:0:0) pci, None, HOST/PCI, K8 [Athlon64/Opteron] Address Map
:(4130:4352:0:0) pci, None, HOST/PCI, K8 [Athlon64/Opteron] HyperTransport Technology Configuration
:(4130:4355:0:0) pci, k8temp, HOST/PCI, K8 [Athlon64/Opteron] Miscellaneous Control
:(4130:4354:0:0) pci, None, HOST/PCI, K8 [Athlon64/Opteron] DRAM Controller
:(4358:12377:4163:33066) pci, snd_via82xx, MULTIMEDIA_AUDIO, A8V Deluxe motherboard (Realtek ALC850 codec)
:(4358:12392:0:0) pci, None, SIMPLE, AC'97 Modem Controller
:(4318:69:0:0) pci, None, VIDEO, NV40 [GeForce 6800 GT]
:(4523:17184:4163:33050) pci, skge, ETHERNET, Marvell 88E8001 Gigabit Ethernet Controller (Asus)
:(4186:13171:4163:33013) pci, sata_promise, RAID, K8V Deluxe/PC-DL Deluxe motherboard
:(4358:12617:4163:33005) pci, sata_via, RAID, A7V600/K8V Deluxe/K8V-X/A8V Deluxe motherboard
:(4358:1393:4163:33005) pci, pata_via, STORAGE, A7V600/K8V-X/A8V Deluxe motherboard
:
:
:Filesystem Information
:=================================
:device mtpt type bsize frsize blocks bfree bavail file ffree favail
:-------------------------------------------------------------------
:/dev/sdg4 / ext4 4096 4096 6845287 5847984 5779459 1720320 1623509 1623509
:/dev/sdg2 /home ext4 4096 4096 2613235 2532864 2401792 655360 655075 655075
:/dev/sdg1 /boot ext4 1024 1024 202770 119836 109596 51200 50966 50966
:/dev/sda WITHHELD btrfs 4096 4096 244655334 122879021 155887023 0 0 0
:
Comment 1 Josh Boyer 2012-04-12 01:10:28 UTC 
Josef, this looks like it's running a bleeding edge 3.4-git kernel.  Maybe worth looking at now
Comment 2 Josef Bacik 2012-04-12 13:43:20 UTC 
This is probably that use after free bug.  Can you try this patch and make sure it fixes the problem?

http://www.spinics.net/lists/linux-btrfs/msg15862.html
Comment 3 Justin M. Forbes 2012-04-12 21:34:29 UTC 
That patch is in current rawhide kernels. Any of the rc2 kernels should be good
Comment 4 Matt Hooper 2012-04-16 22:32:54 UTC 
Mounted btrfs file system and it continued a perviously aborted (due to an oops) balance operation

Package: kernel
OS Release: Fedora release 17 (Beefy Miracle)
Comment 5 Matt Hooper 2012-04-16 22:37:19 UTC 
Afraid I managed to get it to happen again with 3.4.0-0.rc2.git3.1.fc18.i686


kernel BUG at fs/btrfs/volumes.c:2518!
invalid opcode: 0000 [#1] SMP 
Modules linked in: be2iscsi iscsi_boot_sysfs bnx2i cnic uio cxgb4i cxgb4 cxgb3i libcxgbi cxgb3 mdio 8021q garp stp llc ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip6t_REJECT nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter w83627hf hwmon_vid ip6_tables nouveau ppdev ttm snd_via82xx_modem parport_pc snd_via82xx parport drm_kms_helper snd_seq gameport snd_ac97_codec ac97_bus drm snd_pcm mxm_wmi snd_mpu401_uart video snd_rawmidi snd_timer wmi snd_seq_device i2c_viapro snd i2c_core soundcore snd_page_alloc skge k8temp microcode btrfs zlib_deflate libcrc32c ata_generic pata_acpi sata_promise sata_via pata_via [last unloaded: scsi_wait_scan]
Pid: 1192, comm: btrfs-balance Not tainted 3.4.0-0.rc2.git3.1.fc18.i686 #1 To Be Filled By O.E.M. To Be Filled By O.E.M./A8V Deluxe
EIP: 0060:[<f7db2397>] EFLAGS: 00010282 CPU: 1
EIP is at btrfs_balance+0xe77/0xec0 [btrfs]
EAX: fffffffb EBX: f1822040 ECX: f7d5bac0 EDX: 00000000
ESI: 00100000 EDI: 00000000 EBP: e9ce7f74 ESP: e9ce7ec4
 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
CR0: 8005003b CR2: b731c000 CR3: 29281000 CR4: 000007d0
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: ffff0ff0 DR7: 00000400
Process btrfs-balance (pid: 1192, ti=e9ce6000 task=e9ced600 task.ti=e9ce6000)
Stack:
 00000003 e9ce7f2d c04a118b e9ce7f60 00000246 ea0b9568 c0b492ef 00000072
 00080694 ea0b9568 ea0b8000 ea9eeb00 00000000 00000000 00000003 00000246
 0000000f 00000000 0000002f e9ce7f1e ea9c4e30 00000006 205b0000 34313120
Call Trace:
 [<c04a118b>] ? trace_hardirqs_on+0xb/0x10
 [<f7dac4bc>] ? set_balance_control+0x3c/0x50 [btrfs]
 [<c09cdef5>] ? printk+0x30/0x32
 [<f7db2445>] balance_kthread+0x65/0xa0 [btrfs]
 [<f7db23e0>] ? btrfs_balance+0xec0/0xec0 [btrfs]
 [<c045fe0d>] kthread+0x7d/0x90
 [<c045fd90>] ? kthread_worker_fn+0x170/0x170
 [<c09e1642>] kernel_thread_helper+0x6/0x10
Code: 00 83 ea 02 83 c7 02 e9 e8 fe ff ff c6 07 00 8b 7d 80 66 ba ff 03 83 c7 01 e9 ca fe ff ff 31 db e9 6c fe ff ff 0f 0b 0f 0b 0f 0b <0f> 0b 0f 0b 0f 0b 8b b5 68 ff ff ff c7 04 24 dc a9 de f7 89 74 
EIP: [<f7db2397>] btrfs_balance+0xe77/0xec0 [btrfs] SS:ESP 0068:e9ce7ec4
Comment 6 Fedora End Of Life 2013-04-03 18:05:42 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.

(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19
Comment 7 Dave Jones 2013-05-15 18:53:08 UTC 
over a year with no progress..

Matt, is this still reproducible for you ?
Comment 8 Matt Hooper 2013-05-15 22:46:04 UTC 
The system that reported the issues and its test btrfs volumes were decommissioned some time ago so I can't try the same volume but with an up to date kernel to try and reproduce.

Given how much has changed since this bug was raised and the fact I haven't seen issues like this on other systems using newer kernels I'm happy for this to be closed.