Bug#995425: linux-image-amd64: kernel BUG at fs/ext4/ext4_extents.h:199! (fast_commit feature)

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#995425: linux-image-amd64: kernel BUG at fs/ext4/ext4_extents.h:199! (fast_commit feature)
From: Nelson G <ledufff@hotmail.com>
Date: Thu, 30 Sep 2021 20:26:38 -0500
Message-id: <[🔎] CO6PR22MB24816D552D8B6C8F02FB549DB1AB9@CO6PR22MB2481.namprd22.prod.outlook.com>
Reply-to: Nelson G <ledufff@hotmail.com>, 995425@bugs.debian.org

Package: linux-image-amd64
Version: 5.10.46-5
Severity: normal

Hello,

There's a bug for the ext4 filesystem, when the fast_commit flag is enabled and
you use fallocate or any other task that allocates space.


You can easily reproduce this bug on a VM or raw hardware by doing the
following:

1° You'll need a drive formatted with ext4 of course.
2° Enable fast_commit in that drive:  tune2fs -O fast_commit /dev/yourdrive
3° mount 'yourdrive', and inside 'yourdrive' try the following: fallocate -l
2000MB file




You'll see a similar output in dmesg/jourald:


[  263.841804] kernel BUG at fs/ext4/ext4_extents.h:199!
[  263.841821] invalid opcode: 0000 [#1] SMP NOPTI
[  263.841827] CPU: 0 PID: 1283 Comm: fallocate Not tainted 5.10.0-8-amd64 #1
Debian 5.10.46-4
[  263.841830] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
1.14.0-2 04/01/2014
[  263.841864] RIP: 0010:ext4_fc_write_inode_data+0x19e/0x1b0 [ext4]
[  263.841868] Code: 7f 00 00 74 25 66 81 ca 00 80 66 89 54 24 30 e9 62 ff ff
ff 4c 89 ff e8 00 8a d6 c6 31 c0 eb 84 b8 83 ff ff ff e9 7a ff ff ff <0f> 0b e8
4b e1 d5 c6 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00
[  263.841871] RSP: 0018:ffffc3eb8125fd88 EFLAGS: 00010246
[  263.841875] RAX: 0000000000000000 RBX: 000000000001f800 RCX:
0000000000028000
[  263.841878] RDX: 0000000000028000 RSI: 00000000001216f9 RDI:
00000000000359f0
[  263.841881] RBP: 00000000002540bf R08: ffffc3eb8125fe6c R09:
0000000000000f7c
[  263.841883] R10: ffff9fe2c1418c74 R11: ffffc3eb8125fc20 R12:
00000000002540be
[  263.841885] R13: ffffc3eb8125fe6c R14: ffff9fe2c37c8a80 R15:
ffff9fe2c37c8a08
[  263.841892] FS:  00007fe263bcb5c0(0000) GS:ffff9fe33dc00000(0000)
knlGS:0000000000000000
[  263.841895] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  263.841897] CR2: 00007fe263ae9e60 CR3: 00000000050b6000 CR4:
00000000003506f0
[  263.841903] Call Trace:
[  263.841936]  ext4_fc_commit+0x652/0x930 [ext4]
[  263.841961]  ext4_sync_file+0xd4/0x350 [ext4]
[  263.841981]  __x64_sys_fsync+0x34/0x60
[  263.842017]  do_syscall_64+0x33/0x80
[  263.842041]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  263.842055] RIP: 0033:0x7fe263afaa93
[  263.842059] Code: 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f
1f 44 00 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 4a 00 00 00 0f 05 <48> 3d 00
f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8
[  263.842062] RSP: 002b:00007fff4b3c4af8 EFLAGS: 00000246 ORIG_RAX:
000000000000004a
[  263.842065] RAX: ffffffffffffffda RBX: 0000558fd86a0660 RCX:
00007fe263afaa93
[  263.842068] RDX: 0000000000000000 RSI: 0000000000000000 RDI:
0000000000000003
[  263.842069] RBP: 0000000000000003 R08: 0000000000000000 R09:
0000000000000000
[  263.842076] R10: 00000002540be400 R11: 0000000000000246 R12:
00007fff4b3c4d28
[  263.842078] R13: 0000000000000000 R14: 0000000000000000 R15:
00000002540be400
[  263.842083] Modules linked in: uinput nft_fib_inet nft_fib_ipv4 nft_fib_ipv6
nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct
nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill ip_set
nf_tables nfnetlink snd_hda_codec_generic ledtrig_audio snd_hda_intel
snd_intel_dspcfg soundwire_intel soundwire_generic_allocation snd_soc_core
snd_compress soundwire_cadence snd_hda_codec amd_energy qxl snd_hda_core
drm_ttm_helper snd_hwdep lz4 zram serio_raw zsmalloc iTCO_wdt evdev
intel_pmc_bxt iTCO_vendor_support pcspkr soundwire_bus joydev ttm snd_pcm_oss
watchdog snd_mixer_oss virtio_balloon virtio_console drm_kms_helper snd_pcm cec
button snd_timer qemu_fw_cfg snd soundcore fuse drm configfs virtio_rng
rng_core ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 btrfs
blake2b_generic xor hid_generic usbhid raid6_pq libcrc32c crc32c_generic hid
crct10dif_pclmul crct10dif_common crc32_pclmul crc32c_intel ghash_clmulni_intel
ahci libahci libata aesni_intel libaes
[  263.842159]  scsi_mod crypto_simd psmouse cryptd glue_helper virtio_blk
virtio_net net_failover failover i2c_i801 xhci_pci i2c_smbus xhci_hcd lpc_ich
usbcore usb_common virtio_pci virtio_ring virtio
[  263.842186] ---[ end trace d31468378c3555b1 ]---
[  263.842214] RIP: 0010:ext4_fc_write_inode_data+0x19e/0x1b0 [ext4]
[  263.842218] Code: 7f 00 00 74 25 66 81 ca 00 80 66 89 54 24 30 e9 62 ff ff
ff 4c 89 ff e8 00 8a d6 c6 31 c0 eb 84 b8 83 ff ff ff e9 7a ff ff ff <0f> 0b e8
4b e1 d5 c6 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00
[  263.842221] RSP: 0018:ffffc3eb8125fd88 EFLAGS: 00010246
[  263.842224] RAX: 0000000000000000 RBX: 000000000001f800 RCX:
0000000000028000
[  263.842226] RDX: 0000000000028000 RSI: 00000000001216f9 RDI:
00000000000359f0
[  263.842228] RBP: 00000000002540bf R08: ffffc3eb8125fe6c R09:
0000000000000f7c
[  263.842230] R10: ffff9fe2c1418c74 R11: ffffc3eb8125fc20 R12:
00000000002540be
[  263.842232] R13: ffffc3eb8125fe6c R14: ffff9fe2c37c8a80 R15:
ffff9fe2c37c8a08
[  263.842239] FS:  00007fe263bcb5c0(0000) GS:ffff9fe33dc00000(0000)
knlGS:0000000000000000
[  263.842241] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  263.842243] CR2: 00007fe263ae9e60 CR3: 00000000050b6000 CR4:
00000000003506f0


I had this bug twice already,  with gnome-disks (when backing up a whole disk
it allocates space similar to fallocate),  and today with a torrent client that
also allocates space.

I ended up disabling the fast_commit flag.  Since in both cases crashed my
system, and/or the partition failed to umount properly, so I had to run fsck
with a live media because it left the filesystem corrupted in both cases, thus
not possible to mount on boot :( (no data lost as far as I'm concerned).
The little vm had the same luck.





Have a nice day.





-- System Information:
Debian Release: 11.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads)
Locale: LANG=es_CO.UTF-8, LC_CTYPE=es_CO.UTF-8 (charmap=UTF-8),
LANGUAGE=es_CO:es
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages linux-image-amd64 depends on:
ii  linux-image-5.10.0-8-amd64  5.10.46-5

linux-image-amd64 recommends no packages.

linux-image-amd64 suggests no packages.

Reply to:

Follow-Ups:
- Processed: Re: Bug#995425: linux-image-amd64: kernel BUG at fs/ext4/ext4_extents.h:199! (fast_commit feature)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#995425: linux-image-amd64: kernel BUG at fs/ext4/ext4_extents.h:199! (fast_commit feature)
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Bug#995425: marked as done (linux-image-amd64: kernel BUG at fs/ext4/ext4_extents.h:199! (fast_commit feature))
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#995425: Possible to get fix to 5.10?
  - From: ng <ledufff@hotmail.com>

Next by Date: Processed: reassign 995425 to src:linux
Next by thread: Processed: Re: Bug#995425: linux-image-amd64: kernel BUG at fs/ext4/ext4_extents.h:199! (fast_commit feature)
Index(es):
- Date
- Thread