Bug 218720
Summary: | btrfs delalloc BUG: kernel NULL pointer dereference, address: 0000000000000208 in find_lock_delalloc_range on kernel 6.8.4 | ||
---|---|---|---|
Product: | File System | Reporter: | michal+kernel |
Component: | btrfs | Assignee: | BTRFS virtual assignee (fs_btrfs) |
Status: | NEW --- | ||
Severity: | normal | CC: | lucas.bocchi, regressions |
Priority: | P3 | ||
Hardware: | All | ||
OS: | Linux | ||
Kernel Version: | 6.8.4 | Subsystem: | |
Regression: | No | Bisected commit-id: | |
Attachments: |
Kernel config
Decoded backtrace for 6.8.6 kernel |
Created attachment 306151 [details]
Decoded backtrace for 6.8.6 kernel
Some info about fs: sudo btrfs filesystem show /dev/sda2 Label: none uuid: aa55857a-761f-41b9-9fcb-4a01efe7d8b2 Total devices 1 FS bytes used 12.59GiB devid 1 size 14.51GiB used 14.51GiB path /dev/sda2 sudo btrfs subvolume show / / Name: <FS_TREE> UUID: bac4b7fe-d1b6-45be-b02b-4567b21bc078 Parent UUID: - Received UUID: - Creation time: 2024-04-12 23:57:55 +0200 Subvolume ID: 5 Generation: 903 Gen at creation: 0 Parent ID: 0 Top level ID: 0 Flags: - Send transid: 0 Send time: 2024-04-12 23:57:55 +0200 Receive transid: 0 Receive time: - Snapshot(s): Quota group: n/a $ lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS sda 8:0 0 16G 0 disk ├─sda1 8:1 0 500M 0 part /boot/efi ├─sda2 8:2 0 14.5G 0 part / └─sda3 8:3 0 1G 0 part After change of resolving btrfs_fs_info based on inode from path via superblock (resolved to NULL) to path via btrfs_root there is dereference of NULLed root from btrfs_inode. Will be fixed with the next stable release, see https://lore.kernel.org/all/3b2d9a1c-37d2-47f4-b0b4-a9d6c34d2c7d@applied-asynchrony.com/ Same error Here on 6.8.6. Error crash machine and cause OOPS in kernel, hanging up the OS. [seg abr 15 09:50:00 2024] BUG: kernel NULL pointer dereference, address: 0000000000000208 [seg abr 15 09:50:00 2024] #PF: supervisor read access in kernel mode [seg abr 15 09:50:00 2024] #PF: error_code(0x0000) - not-present page [seg abr 15 09:50:00 2024] PGD 0 P4D 0 [seg abr 15 09:50:00 2024] Oops: 0000 [#1] PREEMPT SMP NOPTI [seg abr 15 09:50:00 2024] CPU: 3 PID: 404 Comm: modprobe Tainted: G W N 6.8.6 #1 [seg abr 15 09:50:00 2024] Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./H410M/ac, BIOS L1.32 04/01/2021 [seg abr 15 09:50:00 2024] RIP: 0010:find_lock_delalloc_range+0x42/0x2d0 [btrfs] [seg abr 15 09:50:00 2024] Code: 89 d4 55 53 bb 00 00 00 08 48 83 ec 30 4c 8b 39 48 89 4c 24 08 65 48 8b 04 25 28 00 00 00 48 89 44 24 28 48 8b 87 40 fe ff ff <48> 8b 90 08 02 00 00 49 8b 04 24 48 85 d2 74 07 48 8b 9a a0 0c 00 [seg abr 15 09:50:00 2024] RSP: 0018:ffffac060052f8b0 EFLAGS: 00010282 [seg abr 15 09:50:00 2024] RAX: 0000000000000000 RBX: 0000000008000000 RCX: ffffac060052f948 [seg abr 15 09:50:00 2024] RDX: ffffac060052f940 RSI: fffff94004769d40 RDI: ffff951a84c901c0 [seg abr 15 09:50:00 2024] RBP: fffff94004769d40 R08: 0000000000000000 R09: 0000000000000000 [seg abr 15 09:50:00 2024] R10: 0000000000000000 R11: 0000000000000c40 R12: ffffac060052f940 [seg abr 15 09:50:00 2024] R13: ffff951a84c901c0 R14: fffff94004769d40 R15: 0000000000000fff [seg abr 15 09:50:00 2024] FS: 00007f0a73d57040(0000) GS:ffff9521bf980000(0000) knlGS:0000000000000000 [seg abr 15 09:50:00 2024] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [seg abr 15 09:50:00 2024] CR2: 0000000000000208 CR3: 00000001148b8005 CR4: 00000000003706f0 [seg abr 15 09:50:00 2024] Call Trace: [seg abr 15 09:50:00 2024] <TASK> [seg abr 15 09:50:00 2024] ? __die+0x23/0x70 [seg abr 15 09:50:00 2024] ? page_fault_oops+0x159/0x460 [seg abr 15 09:50:00 2024] ? exc_page_fault+0x7e/0x180 [seg abr 15 09:50:00 2024] ? asm_exc_page_fault+0x26/0x30 [seg abr 15 09:50:00 2024] ? find_lock_delalloc_range+0x42/0x2d0 [btrfs] [seg abr 15 09:50:00 2024] btrfs_test_extent_io+0x117/0x12e0 [btrfs] [seg abr 15 09:50:00 2024] btrfs_run_sanity_tests+0x8e/0x150 [btrfs] [seg abr 15 09:50:00 2024] init_btrfs_fs+0x1f/0xb0 [btrfs] [seg abr 15 09:50:00 2024] ? __pfx_init_btrfs_fs+0x10/0x10 [btrfs] [seg abr 15 09:50:00 2024] do_one_initcall+0x45/0x220 [seg abr 15 09:50:00 2024] do_init_module+0x60/0x230 [seg abr 15 09:50:00 2024] init_module_from_file+0x86/0xc0 [seg abr 15 09:50:00 2024] idempotent_init_module+0x109/0x2a0 [seg abr 15 09:50:00 2024] __x64_sys_finit_module+0x5e/0xb0 [seg abr 15 09:50:00 2024] do_syscall_64+0x84/0x1a0 [seg abr 15 09:50:00 2024] ? apparmor_file_permission+0x81/0x1a0 [seg abr 15 09:50:00 2024] ? vfs_read+0x27f/0x350 [seg abr 15 09:50:00 2024] ? vfs_read+0x27f/0x350 [seg abr 15 09:50:00 2024] ? rseq_get_rseq_cs+0x1d/0x270 [seg abr 15 09:50:00 2024] ? __rseq_handle_notify_resume+0x8a/0x2c0 [seg abr 15 09:50:00 2024] ? restore_fpregs_from_fpstate+0x46/0xb0 [seg abr 15 09:50:00 2024] ? switch_fpu_return+0x50/0xe0 [seg abr 15 09:50:00 2024] ? syscall_exit_to_user_mode+0x88/0x210 [seg abr 15 09:50:00 2024] ? do_syscall_64+0x90/0x1a0 [seg abr 15 09:50:00 2024] ? rseq_syscall+0x4b/0x90 [seg abr 15 09:50:00 2024] ? rseq_get_rseq_cs+0x1d/0x270 [seg abr 15 09:50:00 2024] ? syscall_exit_to_user_mode_prepare+0x21/0x1c0 [seg abr 15 09:50:00 2024] ? syscall_exit_to_user_mode+0x88/0x210 [seg abr 15 09:50:00 2024] ? do_syscall_64+0x90/0x1a0 [seg abr 15 09:50:00 2024] ? syscall_exit_to_user_mode_prepare+0x21/0x1c0 [seg abr 15 09:50:00 2024] ? syscall_exit_to_user_mode+0x88/0x210 [seg abr 15 09:50:00 2024] ? do_syscall_64+0x90/0x1a0 [seg abr 15 09:50:00 2024] ? tick_sched_handle+0x21/0x60 [seg abr 15 09:50:00 2024] ? rseq_get_rseq_cs+0x1d/0x270 [seg abr 15 09:50:00 2024] ? rseq_syscall+0x4b/0x90 [seg abr 15 09:50:00 2024] ? syscall_exit_to_user_mode_prepare+0x21/0x1c0 [seg abr 15 09:50:00 2024] ? syscall_exit_to_user_mode+0x88/0x210 [seg abr 15 09:50:00 2024] ? do_syscall_64+0x90/0x1a0 [seg abr 15 09:50:00 2024] entry_SYSCALL_64_after_hwframe+0x78/0x80 [seg abr 15 09:50:00 2024] RIP: 0033:0x7f0a7371f059 [seg abr 15 09:50:00 2024] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8f 1d 0d 00 f7 d8 64 89 01 48 [seg abr 15 09:50:00 2024] RSP: 002b:00007ffdedb7e908 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [seg abr 15 09:50:00 2024] RAX: ffffffffffffffda RBX: 000056432917de00 RCX: 00007f0a7371f059 [seg abr 15 09:50:00 2024] RDX: 0000000000000000 RSI: 000056432845998b RDI: 0000000000000004 [seg abr 15 09:50:00 2024] RBP: 0000000000000000 R08: 0000000000000060 R09: 0000564329181840 [seg abr 15 09:50:00 2024] R10: 0000000000000038 R11: 0000000000000246 R12: 000056432845998b [seg abr 15 09:50:00 2024] R13: 0000000000040000 R14: 000056432917e020 R15: 0000000000000000 [seg abr 15 09:50:00 2024] </TASK> [seg abr 15 09:50:00 2024] Modules linked in: btrfs(+) x86_pkg_temp_thermal intel_powerclamp snd_pcm_oss snd_mixer_oss iwlwifi crct10dif_pclmul polyval_clmulni snd_pcm snd_timer ice(+) polyval_generic f2fs blake2b_generic gf128mul snd xor ghash_clmulni_intel sha512_ssse3 cfg80211 sha512_generic sha256_ssse3 sha1_ssse3 crc32_generic crc32_pclmul lz4hc_compress raid6_pq lz4_compress aesni_intel libcrc32c crypto_simd nvme cryptd soundcore gnss sg iTCO_wdt rfkill xhci_pci mei_hdcp rapl iTCO_vendor_support xhci_pci_renesas mei_me tiny_power_button xhci_hcd intel_cstate pcspkr wmi_bmof i2c_i801 usbcore intel_uncore e1000e i2c_smbus usb_common igc button acpi_tad acpi_pad mei nvme_fabrics dm_mod nvme_core efi_pstore loop nct6775 nct6775_core hwmon_vid nvme_auth coretemp fuse nfnetlink efivarfs ip_tables x_tables autofs4 ext4 crc32c_generic crc16 mbcache jbd2 sd_mod t10_pi crc64_rocksoft crc64 evdev i915 cec rc_core i2c_algo_bit drm_buddy ttm drm_display_helper drm_kms_helper ahci libahci libata crc32c_intel drm rtc_cmos scsi_mod [seg abr 15 09:50:00 2024] scsi_common video wmi [seg abr 15 09:50:00 2024] CR2: 0000000000000208 [seg abr 15 09:50:00 2024] ---[ end trace 0000000000000000 ]--- [seg abr 15 09:50:00 2024] RIP: 0010:find_lock_delalloc_range+0x42/0x2d0 [btrfs] [seg abr 15 09:50:00 2024] Code: 89 d4 55 53 bb 00 00 00 08 48 83 ec 30 4c 8b 39 48 89 4c 24 08 65 48 8b 04 25 28 00 00 00 48 89 44 24 28 48 8b 87 40 fe ff ff <48> 8b 90 08 02 00 00 49 8b 04 24 48 85 d2 74 07 48 8b 9a a0 0c 00 [seg abr 15 09:50:00 2024] RSP: 0018:ffffac060052f8b0 EFLAGS: 00010282 [seg abr 15 09:50:00 2024] RAX: 0000000000000000 RBX: 0000000008000000 RCX: ffffac060052f948 [seg abr 15 09:50:00 2024] RDX: ffffac060052f940 RSI: fffff94004769d40 RDI: ffff951a84c901c0 [seg abr 15 09:50:00 2024] RBP: fffff94004769d40 R08: 0000000000000000 R09: 0000000000000000 [seg abr 15 09:50:00 2024] R10: 0000000000000000 R11: 0000000000000c40 R12: ffffac060052f940 [seg abr 15 09:50:00 2024] R13: ffff951a84c901c0 R14: fffff94004769d40 R15: 0000000000000fff [seg abr 15 09:50:00 2024] FS: 00007f0a73d57040(0000) GS:ffff9521bf980000(0000) knlGS:0000000000000000 [seg abr 15 09:50:00 2024] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [seg abr 15 09:50:00 2024] CR2: 0000000000000208 CR3: 00000001148b8006 CR4: 00000000003706f0 |
Created attachment 306141 [details] Kernel config [ 2.163982][ T1] BTRFS: selftest: running find delalloc tests [ 2.189610][ T1] BUG: kernel NULL pointer dereference, address: 0000000000000208 [ 2.191307][ T1] #PF: supervisor read access in kernel mode [ 2.192656][ T1] #PF: error_code(0x0000) - not-present page [ 2.194019][ T1] PGD 0 P4D 0 [ 2.194828][ T1] Oops: 0000 [#1] PREEMPT SMP [ 2.195893][ T1] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G T 6.8.4-gentoo #1 abb0330f21b742a99b9fd652457bd3b25faa28dd [ 2.198582][ T1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 4.2023.08-4 02/15/2024 [ 2.200501][ T1] RIP: 0010:find_lock_delalloc_range+0x39/0x2d0 [ 2.201918][ T1] Code: 89 d4 55 53 bb 00 00 00 08 48 83 ec 30 4c 8b 39 48 89 4c 24 08 65 48 8b 04 25 28 00 00 00 48 89 44 24 28 48 8b 87 40 fe ff ff <48> 8b 90 08 02 00 00 49 8b 04 24 48 85 d2 74 07 48 8b 9a a0 0c 00 [ 2.206076][ T1] RSP: 0000:ffffbb7980023d78 EFLAGS: 00010286 [ 2.207456][ T1] RAX: 0000000000000000 RBX: 0000000008000000 RCX: ffffbb7980023e08 [ 2.209222][ T1] RDX: ffffbb7980023e00 RSI: ffffdbbf84086fc0 RDI: ffff9c93005d01c0 [ 2.210955][ T1] RBP: ffffdbbf84086fc0 R08: 0000000000000000 R09: 0000000000000000 [ 2.212718][ T1] R10: 0000000000000006 R11: 0000000000000009 R12: ffffbb7980023e00 [ 2.214471][ T1] R13: ffff9c93005d01c0 R14: ffffdbbf84086fc0 R15: 0000000000000fff [ 2.216224][ T1] FS: 0000000000000000(0000) GS:ffff9c937bd00000(0000) knlGS:0000000000000000 [ 2.218197][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2.219720][ T1] CR2: 0000000000000208 CR3: 000000003fa44000 CR4: 00000000000406f0 [ 2.221510][ T1] Call Trace: [ 2.222367][ T1] <TASK> [ 2.223155][ T1] ? __die+0x1a/0x60 [ 2.224164][ T1] ? page_fault_oops+0x17c/0x490 [ 2.225371][ T1] ? exc_page_fault+0x63/0x120 [ 2.226521][ T1] ? asm_exc_page_fault+0x22/0x30 [ 2.227681][ T1] ? find_lock_delalloc_range+0x39/0x2d0 [ 2.228993][ T1] btrfs_test_extent_io+0x11f/0x12e0 [ 2.230214][ T1] btrfs_run_sanity_tests+0x85/0x140 [ 2.231452][ T1] init_btrfs_fs+0x13/0x90 [ 2.232510][ T1] ? btrfs_print_mod_info+0x20/0x20 [ 2.233768][ T1] do_one_initcall+0x4f/0x200 [ 2.234881][ T1] kernel_init_freeable+0x19b/0x2d0 [ 2.236087][ T1] ? rest_init+0xc0/0xc0 [ 2.237096][ T1] kernel_init+0x11/0x190 [ 2.238117][ T1] ret_from_fork+0x28/0x40 [ 2.239198][ T1] ? rest_init+0xc0/0xc0 [ 2.240238][ T1] ret_from_fork_asm+0x11/0x20 [ 2.241381][ T1] </TASK> [ 2.242137][ T1] Modules linked in: [ 2.243113][ T1] CR2: 0000000000000208 [ 2.244140][ T1] ---[ end trace 0000000000000000 ]--- [ 2.245411][ T1] RIP: 0010:find_lock_delalloc_range+0x39/0x2d0 [ 2.246800][ T1] Code: 89 d4 55 53 bb 00 00 00 08 48 83 ec 30 4c 8b 39 48 89 4c 24 08 65 48 8b 04 25 28 00 00 00 48 89 44 24 28 48 8b 87 40 fe ff ff <48> 8b 90 08 02 00 00 49 8b 04 24 48 85 d2 74 07 48 8b 9a a0 0c 00 [ 2.250895][ T1] RSP: 0000:ffffbb7980023d78 EFLAGS: 00010286 [ 2.252273][ T1] RAX: 0000000000000000 RBX: 0000000008000000 RCX: ffffbb7980023e08 [ 2.254009][ T1] RDX: ffffbb7980023e00 RSI: ffffdbbf84086fc0 RDI: ffff9c93005d01c0 [ 2.255771][ T1] RBP: ffffdbbf84086fc0 R08: 0000000000000000 R09: 0000000000000000 [ 2.257527][ T1] R10: 0000000000000006 R11: 0000000000000009 R12: ffffbb7980023e00 [ 2.259228][ T1] R13: ffff9c93005d01c0 R14: ffffdbbf84086fc0 R15: 0000000000000fff [ 2.260936][ T1] FS: 0000000000000000(0000) GS:ffff9c937bd00000(0000) knlGS:0000000000000000 [ 2.262847][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2.264300][ T1] CR2: 0000000000000208 CR3: 000000003fa44000 CR4: 00000000000406f0 [ 2.266014][ T1] note: swapper/0[1] exited with irqs disabled [ 2.267436][ C1] vkms_vblank_simulate: vblank timer overrun [ 2.268821][ T1] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009 [ 2.270880][ T1] Kernel Offset: 0x25c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 2.273453][ T1] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009 ]--- Working on 6.8.1, broken on 6.8.4