Hi,
On Sun, 2004-11-21 at 19:09, Andreas Dilger wrote:
> > This is easily reproduced with a sample ext3 fs image containing an
> > inode whose direct and indirect blocks refer to a block bitmap block.
> > Allocating new blocks and then deleting that inode will BUG() with:
>
> Shouldn't we have already ext3_error'd when we tried to delete the
> bitmap block? Not that this fix isn't a good one, I'm just trying to
> determine if there is something wrong with our error handling there.
There is --- if there wasn't, I wouldn't be able to reproduce the oops
on demand. :-)
The trouble is that ext3_free_branches() calls ext3_forget() and
ext3_free_blocks() in that order. The ordering is fairly important: we
don't ever want to get the revoke bits in the bh out-of-sync with what's
in the bitmaps. (Ordering wrt the journal is far less important because
those are committed atomically.)
And while ext3_free_blocks() has the check for freeing blocks in the
system zone, ext3_forget() does not. So we assert-fail on the initial
attempt to forget a b_committed_data bh before we get to the system-zone
check.
Cheers,
Stephen