lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 13 Aug 2008 16:10:04 -0400
From:	Theodore Tso <>
Subject: Re: Oops with ext4 from 2.6.27-rc3

On Wed, Aug 13, 2008 at 08:28:18PM +0200, wrote:
> After mounting the partitions and logging in it took half a minute to hang
> the system (or at least freeze all applications that access the fs). The
> log contains the following:
> kernel BUG at fs/ext4/mballoc.c:3963!

This means that we tried to truncate/delete a file while there were
still blocks on i_prealloc_list.  I think I see the problem.  And the
reason why we haven't noticed it is that it only shows up if you have
an indirect block-based file, and you truncate it when you have
previously been writing to it (so i_prealloc_list is not empty).

The problem is that we call ext4_discard_reservation() too late, after
we've started calling ext4_free_branches(), which calls
ext4_free_blocks(), which ultimately calls
ext4_mb_return_to_preallocation(), which is what is BUG-checking.

Can you reproduce the bug?  Things are a little busy on my end, so I
don't have time to try to create a reproducer and test the patch, at
least not for a day or so.  The following patch passes the "It Builds,
Ship It!" test, but not much else.  :-) 

If you could report (a) whether or not you can reproduce the failure,
and (b) whether this patch fixes things, I would be most grateful.

Thanks, regards,

							- Ted

commit b86b40e630893e74d3259f129060cfcb115f7fb9
Author: Theodore Ts'o <>
Date:   Wed Aug 13 16:07:32 2008 -0400

    ext4: Fix potential truncate BUG due to i_prealloc_list being non-empty
    We need to call ext4_discard_reservation() earlier in ext4_truncate(),
    to avoid a BUG() in ext4_mb_return_to_preallocation(), which is called
    (ultimately) by ext4_free_blocks().  So we must ditch the blocks on
    i_prealloc_list before we start freeing the data blocks.
    Signed-off-by: "Theodore Ts'o" <>

diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 368ec6b..7f7b0c5 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -3512,6 +3512,9 @@ void ext4_truncate(struct inode *inode)
 	 * modify the block allocation tree.
+	ext4_discard_reservation(inode);
 	 * The orphan list entry will now protect us from any crash which
 	 * occurs before the truncate completes, so it is now safe to propagate
@@ -3581,8 +3584,6 @@ do_indirects:
-	ext4_discard_reservation(inode);
 	inode->i_mtime = inode->i_ctime = ext4_current_time(inode);
 	ext4_mark_inode_dirty(handle, inode);
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists