Kernel Panic wrt btrfs while sbuild/schroot

This change was made by a bot.

Did this issue start happening after an update/upgrade? Was there a prior kernel version where you were not having this particular problem?

Would it be possible for you to test the latest upstream kernel? Refer to https://wiki.ubuntu.com/KernelMainlineBuilds . Please test the latest v4.4 kernel[0].

If this bug is fixed in the mainline kernel, please add the following tag 'kernel-fixed-upstream'.

If the mainline kernel does not fix this bug, please add the tag: 'kernel-bug-exists-upstream'.

Once testing of the upstream kernel is complete, please mark this bug as "Confirmed".

Thanks in advance.

[0] http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.4-rc8-wily

I tried with the upstream v4.4-wily kernel.

kick@kick-gs60:~/work/merges/freeipmi$ uname -a
Linux kick-gs60 4.4.0-040400-generic #201601101930 SMP Mon Jan 11 00:32:41 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

I couldn't re-use my previous schroot (couldn't mount with overlayfs). I've created a new one with --type=btrfs-snapshot.

My latop didn't freeze, but I still got traces in the syslog:

[ 458.091294] BUG: unable to handle kernel NULL pointer dereference at 0000000000000334
[ 458.091320] IP: [<ffffffffc0346fac>] btrfs_sync_file+0xcc/0x350 [btrfs]
[ 458.091363] PGD 3e8de9067 PUD 3e8de8067 PMD 0
[ 458.091374] Oops: 0002 [#1] SMP
[ 458.091383] Modules linked in: overlay drbg ansi_cprng ctr ccm rfcomm nvram msr xt_multiport ipt_REJECT nf_reject_ipv4 ebtable_filter ebtables ip6table_filter ip6_tables xt_addrtype xt_conntrack xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack xt_tcpudp bridge stp llc iptable_filter ip_tables x_tables binfmt_misc bnep uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_core btusb btrtl v4l2_common btbcm btintel videodev bluetooth media arc4 nls_iso8859_1 intel_rapl iwlmvm x86_pkg_temp_thermal intel_powerclamp coretemp msi_wmi sparse_keymap crct10dif_pclmul snd_hda_codec_realtek crc32_pclmul snd_hda_codec_hdmi snd_hda_codec_generic aesni_intel aes_x86_64 mac80211 lrw gf128mul glue_helper ablk_helper
[ 458.091575] cryptd snd_hda_intel input_leds snd_hda_codec iwlwifi snd_hda_core snd_hwdep joydev snd_seq_midi snd_seq_midi_event serio_raw snd_pcm snd_rawmidi snd_seq snd_seq_device snd_timer lpc_ich cfg80211 mei_me snd mei soundcore ie31200_edac shpchp edac_core mac_hid kvm_intel kvm irqbypass parport_pc ppdev lp parport autofs4 btrfs xor raid6_pq dm_mirror dm_region_hash dm_log bcache hid_generic usbhid hid i915 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops psmouse drm ahci alx libahci mdio wmi video fjes
[ 458.091711] CPU: 1 PID: 5615 Comm: debconf-set-sel Not tainted 4.4.0-040400-generic #201601101930
[ 458.091731] Hardware name: Micro-Star International Co., Ltd. GS60 2PE Ghost Pro/MS-16H2, BIOS E16H2IMS.112 05/05/2015
[ 458.091755] task: ffff8803e1013700 ti: ffff8803e8d38000 task.ti: ffff8803e8d38000
[ 458.091771] RIP: 0010:[<ffffffffc0346fac>] [<ffffffffc0346fac>] btrfs_sync_file+0xcc/0x350 [btrfs]
[ 458.091804] RSP: 0018:ffff8803e8d3be48 EFLAGS: 00010246
[ 458.091815] RAX: ffff8803e1013700 RBX: ffff8803af242700 RCX: 0000000000000000
[ 458.091831] RDX: 0000000080000000 RSI: 0000000000000000 RDI: ffff880409d9c988
[ 458.091846] RBP: ffff8803e8d3bec8 R08: 0000000000000001 R09: 00000000021f5338
[ 458.091861] R10: 000000000000009c R11: 0000000000000246 R12: ffff880409d9c988
[ 458.091876] R13: ffff880409d9c8e0 R14: 0000000000000000 R15: 0000000000000000
[ 458.091892] FS: 00007f31a0444700(0000) GS:ffff88041fa40000(0000) knlGS:0000000000000000
[ 458.091910] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 458.091922] CR2: 0000000000000334 CR3: 00000003e8f05000 CR4: 00000000001406e0
[ 458.091937] Stack:
[ 458.091942] 00000000027bf270 0000000100000000 8000...

output of lsblk:
http://paste.ubuntu.com/14468218/

Did this issue start happening after an update/upgrade? Was there a kernel version where you were not having this particular problem? This will help determine if the problem you are seeing is the result of a regression, and when this regression was introduced. If this is a regression, we can perform a kernel bisect to identify the commit that introduced the problem.

Same bug that I already had with another laptop, it seems to be related to overlay and btrfs:

https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1496438

Happens also on coreos:
https://github.com/coreos/rkt/issues/1498

Kernel bug:
https://bugzilla.kernel.org/show_bug.cgi?id=101951

The failure occurs on an atomic_inc on root, when root is NULL

atomic_inc(&root->log_batch);

OK, bisectable, 3.13 good, 3.19 bad. Test is simple, build the following and run in a chroot on a btrfs system and it will trip the same bug.

#define _GNU_SOURCE
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>

int main(void)
{
        char buffer[1024] = { 0 };
        int fd;

        fd = open("test", O_CREAT | O_RDWR, 0777);
        if (fd < 0)
                return 1;

        (void)write(fd, buffer, sizeof(buffer));
        fsync(fd);
        (void)close(fd);

        return 0;
}

3.17 + a forward port of ubuntu utopic overlay fs - works fine, 3.18 with overlayfs has the problem, so now I've got a bisectable range to work on.

bisected: 4bacc9c9234c7c8eec44f5ed4e960d9f96fa0f01 is the first bad commit

commit 4bacc9c9234c7c8eec44f5ed4e960d9f96fa0f01
Author: David Howells <email address hidden>
Date: Thu Jun 18 14:32:31 2015 +0100

    overlayfs: Make f_path always point to the overlay and f_inode to the underlay

    Make file->f_path always point to the overlay dentry so that the path in
    /proc/pid/fd is correct and to ensure that label-based LSMs have access to the
    overlay as well as the underlay (path-based LSMs probably don't need it).

    Using my union testsuite to set things up, before the patch I see:

     [root@andromeda union-testsuite]# bash 5</mnt/a/foo107
     [root@andromeda union-testsuite]# ls -l /proc/$$/fd/
     ...
     lr-x------. 1 root root 64 Jun 5 14:38 5 -> /a/foo107
     [root@andromeda union-testsuite]# stat /mnt/a/foo107
     ...
     Device: 23h/35d Inode: 13381 Links: 1
     ...
     [root@andromeda union-testsuite]# stat -L /proc/$$/fd/5
     ...
     Device: 23h/35d Inode: 13381 Links: 1
     ...

    After the patch:

     [root@andromeda union-testsuite]# bash 5</mnt/a/foo107
     [root@andromeda union-testsuite]# ls -l /proc/$$/fd/
     ...
     lr-x------. 1 root root 64 Jun 5 14:22 5 -> /mnt/a/foo107
     [root@andromeda union-testsuite]# stat /mnt/a/foo107
     ...
     Device: 23h/35d Inode: 40346 Links: 1
     ...
     [root@andromeda union-testsuite]# stat -L /proc/$$/fd/5
     ...
     Device: 23h/35d Inode: 40346 Links: 1
     ...

    Note the change in where /proc/$$/fd/5 points to in the ls command. It was
    pointing to /a/foo107 (which doesn't exist) and now points to /mnt/a/foo107
    (which is correct).

    The inode accessed, however, is the lower layer. The union layer is on device
    25h/37d and the upper layer on 24h/36d.

    Signed-off-by: David Howells <email address hidden>
    Signed-off-by: Al Viro <email address hidden>

I believe the follow may be the fix we require. I'll discuss this with upstream

diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c
index 098bb8f..5e5df8b 100644
--- a/fs/btrfs/file.c
+++ b/fs/btrfs/file.c
@@ -1884,7 +1884,7 @@ static int start_ordered_ops(struct inode *inode, loff_t start, loff_t end)
 int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync)
 {
        struct dentry *dentry = file->f_path.dentry;
- struct inode *inode = d_inode(dentry);
+ struct inode *inode = file_inode(file);
        struct btrfs_root *root = BTRFS_I(inode)->root;
        struct btrfs_trans_handle *trans;
        struct btrfs_log_ctx ctx;

https://<email address hidden>/msg48131.html

I suggest a workaround for the moment, using aufs as the overlay to see if this helps.

Modify the chroot config and set the union-type to aufs:

union-type=aufs

you may see an error like:

"aufs au_xino_create:778:mount[3600]: xino doesn't support /tmp/.aufs.xino(btrfs)"

this is caused by the fact that btrfs cannot store aufs xino files. aufs tries to store these files alongside the rw layer. If that fails, it tries to store them in /tmp/.aufs.xino, however, if this is btrfs it will fail. So the workaround for that is to mount /tmp as something other than btrfs, e.g. tmpfs

Thanks Colin!

2016-02-16 19:20 GMT+01:00 Colin Ian King <email address hidden>:

> I suggest a workaround for the moment, using aufs as the overlay to see
> if this helps.
>
> Modify the chroot config and set the union-type to aufs:
>
> union-type=aufs
>
> you may see an error like:
>
> "aufs au_xino_create:778:mount[3600]: xino doesn't support
> /tmp/.aufs.xino(btrfs)"
>
> this is caused by the fact that btrfs cannot store aufs xino files.
> aufs tries to store these files alongside the rw layer. If that fails,
> it tries to store them in /tmp/.aufs.xino, however, if this is btrfs it
> will fail. So the workaround for that is to mount /tmp as something
> other than btrfs, e.g. tmpfs
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1532145
>
> Title:
> Kernel Panic wrt btrfs while sbuild/schroot
>
> Status in Linux:
> Unknown
> Status in linux package in Ubuntu:
> In Progress
>
> Bug description:
> I'm running ubuntu Wily amd64 on a MSI Ghost Pro laptop.
>
> I'm running btrfs on top of a bcached dmraid setup(intel software
> raid0).
>
> I can't use sbuild, cause it crashes.
>
> I tried to use a schroot env, and when updating it I got it to crash
> also.
>
> All the keyboard/mouse/X11 are stalled, but I could ssh to it.
> Trying to restart lightdm service didn't help.
>
> I've got a kernel trace in the dmesg:
>
> [76610.550953] BUG: unable to handle kernel NULL pointer dereference at
> 0000000000000334
> [76610.550983] IP: [<ffffffffc032fe6c>] btrfs_sync_file+0xcc/0x360
> [btrfs]
> [76610.551025] PGD 160aaf067 PUD 161531067 PMD 0
> [76610.551039] Oops: 0002 [#1] SMP
> [76610.551050] Modules linked in: dm_crypt algif_skcipher af_alg drbg
> ansi_cprng ctr ccm rfcomm ipt_REJECT nf_reject_ipv4 nvram msr xt_multiport
> ebtable_filter ebtables ip6table_filter ip6_tables overlay bnep uvcvideo
> btusb videobuf2_vmalloc videobuf2_memops btrtl btbcm videobuf2_core btintel
> v4l2_common bluetooth videodev media xt_addrtype xt_conntrack xt_CHECKSUM
> iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat
> nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack xt_tcpudp
> bridge aufs stp llc iptable_filter ip_tables x_tables binfmt_misc arc4
> nls_iso8859_1 msi_wmi sparse_keymap intel_rapl iosf_mbi
> x86_pkg_temp_thermal snd_hda_codec_hdmi intel_powerclamp coretemp
> crct10dif_pclmul snd_hda_codec_realtek snd_hda_codec_generic crc32_pclmul
> aesni_intel aes_x86_64 lrw gf128mul
> [76610.551253] snd_hda_intel iwlmvm glue_helper snd_hda_codec
> ablk_helper mac80211 cryptd snd_hda_core snd_hwdep snd_pcm snd_seq_midi
> joydev input_leds snd_seq_midi_event snd_rawmidi serio_raw iwlwifi lpc_ich
> mei_me snd_seq mei cfg80211 snd_seq_device snd_timer snd ie31200_edac
> edac_core soundcore shpchp mac_hid kvm_intel kvm parport_pc ppdev lp
> parport autofs4 btrfs xor raid6_pq dm_mirror dm_region_hash dm_log uas
> usb_storage bcache hid_generic usbhid hid i915 i2c_algo_bit drm_kms_helper
> psmouse ahci drm alx libahci mdio wmi video
> [76610.551395] CPU: 1 PID: 32090 Comm: dpkg Not tainted 4.2.0-23-generic
> #28-Ubuntu
> [7...

Given that this is stuck waiting for upstream to figure out a way forward, which looks unlikely at the moment, plus we have a suitable workaround, I'm going to mark this as Won't Fix.