Bug 214565
Summary: | kernel NULL pointer dereference, Oops: 0000 [#1] SMP DEBUG_PAGEALLOC at btrfs-delalloc btrfs_work_helper | ||
---|---|---|---|
Product: | File System | Reporter: | Erhard F. (erhard_f) |
Component: | btrfs | Assignee: | BTRFS virtual assignee (fs_btrfs) |
Status: | RESOLVED CODE_FIX | ||
Severity: | normal | CC: | dsterba |
Priority: | P1 | ||
Hardware: | i386 | ||
OS: | Linux | ||
Kernel Version: | 5.15-rc3 | Subsystem: | |
Regression: | No | Bisected commit-id: | |
Attachments: |
dmesg (kernel 5.15-rc3, Shuttle XPC FS51, Pentium 4)
kernel .config (kernel 5.15-rc3, Shuttle XPC FS51, Pentium 4) dmesg (kernel 5.15-rc6, Shuttle XPC FS51, Pentium 4) kernel .config (kernel 5.15-rc6, Shuttle XPC FS51, Pentium 4) dmesg (kernel 5.15-rc7, Shuttle XPC FS51, Pentium 4) kernel .config (kernel 5.15-rc7, Shuttle XPC FS51, Pentium 4) |
Created attachment 299011 [details]
kernel .config (kernel 5.15-rc3, Shuttle XPC FS51, Pentium 4)
Created attachment 299243 [details]
dmesg (kernel 5.15-rc6, Shuttle XPC FS51, Pentium 4)
v5.15-rc6 still affected.
[...]
BUG: kernel NULL pointer dereference, address: 00000000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
*pde = 00000000
Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
CPU: 0 PID: 667 Comm: kworker/u4:1 Not tainted 5.15.0-rc6-Pentium4 #2
Hardware name: /FS51, BIOS 6.00 PG 12/02/2003
Workqueue: btrfs-delalloc btrfs_work_helper
EIP: ZSTD_compressStream+0x252/0x2f2
Code: c7 02 00 00 00 75 73 89 c1 c1 e9 02 f3 a5 eb c0 f6 c1 01 0f 85 87 00 00 00 f7 c7 02 00 00 00 0f 85 91 00 00 00 89 d1 c1 e9 02 <f3> a5 e9 53 fe ff ff c7 43 30 00 00 00 00 c7 43 2c 00 00 00 00 c7
EAX: 00000200 EBX: cb200008 ECX: 00000080 EDX: 00000200
ESI: 00000000 EDI: cb2027b8 EBP: c11cbdc0 ESP: c11cbd70
DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010202
CR0: 80050033 CR2: 00000000 CR3: 0b0f0000 CR4: 000006d0
Call Trace:
zstd_compress_pages+0x12c/0x305
btrfs_compress_pages+0xa0/0xc5
compress_file_range+0x222/0x4e1
async_cow_start+0xe/0x26
btrfs_work_helper+0x156/0x2ea
? submit_compressed_extents+0x404/0x404
process_one_work+0x252/0x3c9
worker_thread+0x166/0x1fd
kthread+0xd7/0xd9
? drain_workqueue+0xfb/0xfb
? set_kthread_struct+0x32/0x32
ret_from_fork+0x1c/0x28
Modules linked in: ghash_generic gf128mul gcm ccm algif_aead des_generic libdes ctr cbc ecb algif_skcipher hmac aes_generic libaes cmac sha512_generic sha1_generic md5 md4 algif_hash af_alg input_leds hid_generic usbhid hid rt2500pci eeprom_93cx6 rt2x00pci rt2x00mmio rt2x00lib led_class mac80211 evdev libarc4 radeon cfg80211 hwmon i2c_algo_bit drm_ttm_helper ttm snd_intel8x0 rfkill sr_mod ohci_pci cdrom firewire_ohci drm_kms_helper snd_ac97_codec firewire_core syscopyarea ac97_bus sysfillrect crc_itu_t sysimgblt snd_pcm ohci_hcd fb_sys_fops ehci_pci ehci_hcd snd_timer usbcore i2c_sis96x snd usb_common soundcore thermal fan 8250 8250_base serial_core button drm drm_panel_orientation_quirks backlight fuse configfs
CR2: 0000000000000000
---[ end trace 1a07bf2f52d5fbb2 ]---
EIP: ZSTD_compressStream+0x252/0x2f2
Code: c7 02 00 00 00 75 73 89 c1 c1 e9 02 f3 a5 eb c0 f6 c1 01 0f 85 87 00 00 00 f7 c7 02 00 00 00 0f 85 91 00 00 00 89 d1 c1 e9 02 <f3> a5 e9 53 fe ff ff c7 43 30 00 00 00 00 c7 43 2c 00 00 00 00 c7
EAX: 00000200 EBX: cb200008 ECX: 00000080 EDX: 00000200
ESI: 00000000 EDI: cb2027b8 EBP: c11cbdc0 ESP: c11cbd70
DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010202
CR0: 80050033 CR2: 00000000 CR3: 0b0f0000 CR4: 000006d0
BUG: kernel NULL pointer dereference, address: 00000000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
*pde = 00000000
Oops: 0000 [#2] SMP DEBUG_PAGEALLOC
CPU: 1 PID: 652 Comm: kworker/u4:0 Tainted: G D 5.15.0-rc6-Pentium4 #2
Hardware name: /FS51, BIOS 6.00 PG 12/02/2003
Workqueue: btrfs-delalloc btrfs_work_helper
EIP: ZSTD_compressStream+0x252/0x2f2
Code: c7 02 00 00 00 75 73 89 c1 c1 e9 02 f3 a5 eb c0 f6 c1 01 0f 85 87 00 00 00 f7 c7 02 00 00 00 0f 85 91 00 00 00 89 d1 c1 e9 02 <f3> a5 e9 53 fe ff ff c7 43 30 00 00 00 00 c7 43 2c 00 00 00 00 c7
EAX: 00000200 EBX: c4000008 ECX: 00000080 EDX: 00000200
ESI: 00000000 EDI: c40027b8 EBP: c8f59dc0 ESP: c8f59d70
DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010202
CR0: 80050033 CR2: 00000000 CR3: 0b0f0000 CR4: 000006d0
Call Trace:
zstd_compress_pages+0x12c/0x305
btrfs_compress_pages+0xa0/0xc5
compress_file_range+0x222/0x4e1
? __delete_object+0x32/0x39
async_cow_start+0xe/0x26
btrfs_work_helper+0x156/0x2ea
? process_one_work+0x17a/0x3c9
? submit_compressed_extents+0x404/0x404
process_one_work+0x252/0x3c9
worker_thread+0x166/0x1fd
kthread+0xd7/0xd9
? drain_workqueue+0xfb/0xfb
? set_kthread_struct+0x32/0x32
ret_from_fork+0x1c/0x28
Modules linked in: ghash_generic gf128mul gcm ccm algif_aead des_generic libdes ctr cbc ecb algif_skcipher hmac aes_generic libaes cmac sha512_generic sha1_generic md5 md4 algif_hash af_alg input_leds hid_generic usbhid hid rt2500pci eeprom_93cx6 rt2x00pci rt2x00mmio rt2x00lib led_class mac80211 evdev libarc4 radeon cfg80211 hwmon i2c_algo_bit drm_ttm_helper ttm snd_intel8x0 rfkill sr_mod ohci_pci cdrom firewire_ohci drm_kms_helper snd_ac97_codec firewire_core syscopyarea ac97_bus sysfillrect crc_itu_t sysimgblt snd_pcm ohci_hcd fb_sys_fops ehci_pci ehci_hcd snd_timer usbcore i2c_sis96x snd usb_common soundcore thermal fan 8250 8250_base serial_core button drm drm_panel_orientation_quirks backlight fuse configfs
CR2: 0000000000000000
---[ end trace 1a07bf2f52d5fbb3 ]---
Created attachment 299245 [details]
kernel .config (kernel 5.15-rc6, Shuttle XPC FS51, Pentium 4)
Created attachment 299349 [details]
dmesg (kernel 5.15-rc7, Shuttle XPC FS51, Pentium 4)
Found out the bug occurs at boot only when booting from a btrfs root with compression enabled. However when booting from a ext4 root you get the crash later, as soon as btrfs compression is involved.
"[TEST/cli] 015-defrag-compress" triggers the bug on this machine:
[...]
BUG: kernel NULL pointer dereference, address: 00000005
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
*pde = 00000000
Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
CPU: 0 PID: 20288 Comm: kworker/u4:0 Not tainted 5.15.0-rc7-Pentium4 #7
Hardware name: /FS51, BIOS 6.00 PG 12/02/2003
Workqueue: btrfs-delalloc btrfs_work_helper [btrfs]
EIP: lzo1x_1_do_compress+0x40/0xe41 [lzo_compress]
Code: 45 d8 b8 04 00 00 00 89 55 e0 29 d8 0f 42 c6 8d 7c 01 01 8b 45 08 39 d7 0f 83 48 04 00 00 89 4d d4 89 fa 89 5d e8 80 7d 1c 00 <8b> 3a 74 08 85 ff 0f 84 b9 02 00 00 89 d6 8b 55 14 69 df 9d 42 24
EAX: c4e02000 EBX: 00000000 ECX: 00000000 EDX: 00000005
ESI: 00000000 EDI: 00000005 EBP: e61b5d68 ESP: e61b5d3c
DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010246
CR0: 80050033 CR2: 00000005 CR3: 2f4b5000 CR4: 000006d0
Call Trace:
? trace_lock_release+0x38/0xe3
lzogeneric1x_1_compress+0x9f/0x183 [lzo_compress]
lzo1x_1_compress+0x16/0x1e [lzo_compress]
lzo_compress_pages+0xb8/0x381 [btrfs]
? btrfs_get_workspace+0x67/0x199 [btrfs]
btrfs_compress_pages+0xa3/0xdb [btrfs]
compress_file_range+0x36e/0x643 [btrfs]
? async_cow_start+0x24/0x24 [btrfs]
async_cow_start+0x10/0x24 [btrfs]
btrfs_work_helper+0xd1/0x227 [btrfs]
process_one_work+0x1a6/0x32b
worker_thread+0x1e2/0x328
kthread+0x107/0x113
? pr_cont_work+0x43/0x43
? kthread_unuse_mm+0x89/0x89
ret_from_fork+0x1c/0x28
Modules linked in: loop auth_rpcgss nfsv4 dns_resolver nfs lockd grace sunrpc ghash_generic gf128mul gcm ccm algif_aead des_generic libdes ctr cbc ecb algif_skcipher aes_generic libaes cmac sha512_generic sha1_generic md5 md4 input_leds hid_generic usbhid hid rt2500pci rt2x00pci rt2x00mmio rt2x00lib eeprom_93cx6 led_class mac80211 libarc4 evdev btrfs xor raid6_pq lzo_decompress lzo_compress zlib_deflate zlib_inflate ohci_pci radeon cfg80211 snd_intel8x0 snd_ac97_codec ac97_bus ohci_hcd ehci_pci snd_pcm ehci_hcd hwmon drm_ttm_helper rfkill ttm usbcore snd_timer i2c_algo_bit snd drm_kms_helper firewire_ohci firewire_core usb_common sr_mod soundcore cdrom crc_itu_t sysimgblt sysfillrect syscopyarea fb_sys_fops thermal fan 8250 8250_base serial_core i2c_sis96x button drm drm_panel_orientation_quirks backlight fuse configfs
CR2: 0000000000000005
---[ end trace dd4f925e97e6a0bd ]---
BUG: kernel NULL pointer dereference, address: 00000005
EIP: lzo1x_1_do_compress+0x40/0xe41 [lzo_compress]
#PF: supervisor read access in kernel mode
Code: 45 d8 b8 04 00 00 00 89 55 e0 29 d8 0f 42 c6 8d 7c 01 01 8b 45 08 39 d7 0f 83 48 04 00 00 89 4d d4 89 fa 89 5d e8 80 7d 1c 00 <8b> 3a 74 08 85 ff 0f 84 b9 02 00 00 89 d6 8b 55 14 69 df 9d 42 24
#PF: error_code(0x0000) - not-present page
EAX: c4e02000 EBX: 00000000 ECX: 00000000 EDX: 00000005
*pde = 00000000
ESI: 00000000 EDI: 00000005 EBP: e61b5d68 ESP: e61b5d3c
DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010246
Oops: 0000 [#2] SMP DEBUG_PAGEALLOC
CR0: 80050033 CR2: 00000005 CR3: 2f4b5000 CR4: 000006d0
CPU: 1 PID: 7492 Comm: kworker/u4:10 Tainted: G D 5.15.0-rc7-Pentium4 #7
Hardware name: /FS51, BIOS 6.00 PG 12/02/2003
Workqueue: btrfs-delalloc btrfs_work_helper [btrfs]
EIP: lzo1x_1_do_compress+0x40/0xe41 [lzo_compress]
Code: 45 d8 b8 04 00 00 00 89 55 e0 29 d8 0f 42 c6 8d 7c 01 01 8b 45 08 39 d7 0f 83 48 04 00 00 89 4d d4 89 fa 89 5d e8 80 7d 1c 00 <8b> 3a 74 08 85 ff 0f 84 b9 02 00 00 89 d6 8b 55 14 69 df 9d 42 24
EAX: e3f2a000 EBX: 00000000 ECX: 00000000 EDX: 00000005
ESI: 00000000 EDI: 00000005 EBP: eb773d68 ESP: eb773d3c
DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010246
CR0: 80050033 CR2: 00000005 CR3: 1ada6000 CR4: 000006d0
Call Trace:
? trace_lock_release+0x38/0xe3
lzogeneric1x_1_compress+0x9f/0x183 [lzo_compress]
lzo1x_1_compress+0x16/0x1e [lzo_compress]
lzo_compress_pages+0xb8/0x381 [btrfs]
? lzo_alloc_workspace+0x65/0x95 [btrfs]
? btrfs_get_workspace+0x10e/0x199 [btrfs]
btrfs_compress_pages+0xa3/0xdb [btrfs]
compress_file_range+0x36e/0x643 [btrfs]
? async_cow_start+0x24/0x24 [btrfs]
async_cow_start+0x10/0x24 [btrfs]
btrfs_work_helper+0xd1/0x227 [btrfs]
process_one_work+0x1a6/0x32b
worker_thread+0x1e2/0x328
kthread+0x107/0x113
? pr_cont_work+0x43/0x43
? kthread_unuse_mm+0x89/0x89
ret_from_fork+0x1c/0x28
Modules linked in: loop auth_rpcgss nfsv4 dns_resolver nfs lockd grace sunrpc ghash_generic gf128mul gcm ccm algif_aead des_generic libdes ctr cbc ecb algif_skcipher aes_generic libaes cmac sha512_generic sha1_generic md5 md4 input_leds hid_generic usbhid hid rt2500pci rt2x00pci rt2x00mmio rt2x00lib eeprom_93cx6 led_class mac80211 libarc4 evdev btrfs xor raid6_pq lzo_decompress lzo_compress zlib_deflate zlib_inflate ohci_pci radeon cfg80211 snd_intel8x0 snd_ac97_codec ac97_bus ohci_hcd ehci_pci snd_pcm ehci_hcd hwmon drm_ttm_helper rfkill ttm usbcore snd_timer i2c_algo_bit snd drm_kms_helper firewire_ohci firewire_core usb_common sr_mod soundcore cdrom crc_itu_t sysimgblt sysfillrect syscopyarea fb_sys_fops thermal fan 8250 8250_base serial_core i2c_sis96x button drm drm_panel_orientation_quirks backlight fuse configfs
CR2: 0000000000000005
---[ end trace dd4f925e97e6a0be ]---
EIP: lzo1x_1_do_compress+0x40/0xe41 [lzo_compress]
Code: 45 d8 b8 04 00 00 00 89 55 e0 29 d8 0f 42 c6 8d 7c 01 01 8b 45 08 39 d7 0f 83 48 04 00 00 89 4d d4 89 fa 89 5d e8 80 7d 1c 00 <8b> 3a 74 08 85 ff 0f 84 b9 02 00 00 89 d6 8b 55 14 69 df 9d 42 24
EAX: c4e02000 EBX: 00000000 ECX: 00000000 EDX: 00000005
ESI: 00000000 EDI: 00000005 EBP: e61b5d68 ESP: e61b5d3c
DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010246
CR0: 80050033 CR2: 00000005 CR3: 1ada6000 CR4: 000006d0
Created attachment 299351 [details]
kernel .config (kernel 5.15-rc7, Shuttle XPC FS51, Pentium 4)
This got fixed in 5.15, still with a pending fixup for lzo, please wait with updating or cherry pick commit 2cf3f8133bda2a0945cc4c70e681ecb25b52b913 (applies cleanly on 5.15). The fixes landed in 5.15.2, [TEST/cli] 015-defrag-compress passes fine now. Thanks! |
Created attachment 299009 [details] dmesg (kernel 5.15-rc3, Shuttle XPC FS51, Pentium 4) Got that at my first kernel v5.15-rc test drive on my Pentium 4 box. The machine boots up showing these stacktraces (continued in dmesg), but shows 100% CPU load at mate-system-monitor. It appeared to run fine otherwise but froze completely at shutting down via systemctl poweroff [...] BUG: kernel NULL pointer dereference, address: 00000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page *pde = 00000000 Oops: 0000 [#1] SMP DEBUG_PAGEALLOC CPU: 1 PID: 55 Comm: kworker/u4:2 Not tainted 5.15.0-rc3-Pentium4 #2 Hardware name: /FS51, BIOS 6.00 PG 12/02/2003 Workqueue: btrfs-delalloc btrfs_work_helper EIP: ZSTD_compressStream+0x252/0x2f2 Code: c7 02 00 00 00 75 73 89 c1 c1 e9 02 f3 a5 eb c0 f6 c1 01 0f 85 87 00 00 00 f7 c7 02 00 00 00 0f 85 91 00 00 00 89 d1 c1 e9 02 <f3> a5 e9 53 fe ff ff c7 43 30 00 00 00 00 c7 43 2c 00 00 00 00 c7 EAX: 00000200 EBX: c3e00008 ECX: 00000080 EDX: 00000200 ESI: 00000000 EDI: c3e027b8 EBP: c252bdc0 ESP: c252bd70 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010202 CR0: 80050033 CR2: 00000000 CR3: 04031000 CR4: 000006d0 Call Trace: zstd_compress_pages+0x12c/0x305 btrfs_compress_pages+0xa0/0xc5 compress_file_range+0x222/0x4e1 async_cow_start+0xe/0x26 btrfs_work_helper+0x156/0x2ea ? submit_compressed_extents+0x404/0x404 process_one_work+0x252/0x3c9 worker_thread+0x166/0x1fd kthread+0xd7/0xd9 ? drain_workqueue+0xfb/0xfb ? set_kthread_struct+0x32/0x32 ret_from_fork+0x1c/0x28 Modules linked in: CR2: 0000000000000000 ---[ end trace 2baef19f6d157d7e ]--- EIP: ZSTD_compressStream+0x252/0x2f2 Code: c7 02 00 00 00 75 73 89 c1 c1 e9 02 f3 a5 eb c0 f6 c1 01 0f 85 87 00 00 00 f7 c7 02 00 00 00 0f 85 91 00 00 00 89 d1 c1 e9 02 <f3> a5 e9 53 fe ff ff c7 43 30 00 00 00 00 c7 43 2c 00 00 00 00 c7 EAX: 00000200 EBX: c3e00008 ECX: 00000080 EDX: 00000200 ESI: 00000000 EDI: c3e027b8 EBP: c252bdc0 ESP: c252bd70 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010202 CR0: 80050033 CR2: 00000000 CR3: 04031000 CR4: 000006d0 BTRFS info (device sda4): devid 1 device path /dev/root changed to /dev/sda4 scanned by systemd-udevd (131) BTRFS: device label void_x86 devid 1 transid 17331 /dev/sda2 scanned by systemd-udevd (142) Adding 8388604k swap on /dev/sda3. Priority:-2 extents:1 across:8388604k FS BUG: kernel NULL pointer dereference, address: 00000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page *pde = 00000000 Oops: 0000 [#2] SMP DEBUG_PAGEALLOC CPU: 0 PID: 7 Comm: kworker/u4:0 Tainted: G D 5.15.0-rc3-Pentium4 #2 Hardware name: /FS51, BIOS 6.00 PG 12/02/2003 Workqueue: btrfs-delalloc btrfs_work_helper EIP: ZSTD_compressStream+0x252/0x2f2 Code: c7 02 00 00 00 75 73 89 c1 c1 e9 02 f3 a5 eb c0 f6 c1 01 0f 85 87 00 00 00 f7 c7 02 00 00 00 0f 85 91 00 00 00 89 d1 c1 e9 02 <f3> a5 e9 53 fe ff ff c7 43 30 00 00 00 00 c7 43 2c 00 00 00 00 c7 EAX: 000000cd EBX: c4900008 ECX: 00000033 EDX: 000000cd ESI: 00000000 EDI: c49027b8 EBP: c11c7dc0 ESP: c11c7d70 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010206 CR0: 80050033 CR2: 00000000 CR3: 059a3000 CR4: 000006d0 Call Trace: zstd_compress_pages+0x12c/0x305 btrfs_compress_pages+0xa0/0xc5 compress_file_range+0x222/0x4e1 async_cow_start+0xe/0x26 btrfs_work_helper+0x156/0x2ea ? process_one_work+0x17a/0x3c9 ? submit_compressed_extents+0x404/0x404 process_one_work+0x252/0x3c9 worker_thread+0x166/0x1fd kthread+0xd7/0xd9 ? drain_workqueue+0xfb/0xfb ? set_kthread_struct+0x32/0x32 ret_from_fork+0x1c/0x28 Modules linked in: CR2: 0000000000000000 ---[ end trace 2baef19f6d157d7f ]--- EIP: ZSTD_compressStream+0x252/0x2f2 [...]