Bug #1902525 “btrfs subvolume list segmentation fault” : Bugs : btrfs-progs package : Ubuntu

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-11-04:

#1

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in btrfs-progs (Ubuntu):
status:	New → Confirmed

Revision history for this message

Andreas Schildbach (schildbach) wrote on 2020-11-04:

#2

I'm seeing this on fully-updated Ubuntu 20.04 LTS with stock kernel 5.4.0-52-generic.

Revision history for this message

David A. Sjøen (dabide) wrote on 2020-11-10:

#3

Download full text (9.2 KiB)

We are randomly getting the same segfault on two different servers, one with 18.04 and one with 20.04. Here is the strace output, if it helps:

xxx@yyy:~$ sudo strace btrfs subvolume list /mnt/btrfs
execve("/bin/btrfs", ["btrfs", "subvolume", "list", "/mnt/btrfs"], 0x7ffcd5a42ff8 /* 23 vars */) = 0
brk(NULL) = 0x5576268f3000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=26618, ...}) = 0
mmap(NULL, 26618, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f1d50e75000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libuuid.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@\26\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=27112, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1d50e73000
mmap(NULL, 2122112, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1d50a4e000
mprotect(0x7f1d50a54000, 2093056, PROT_NONE) = 0
mmap(0x7f1d50c53000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5000) = 0x7f1d50c53000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libblkid.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\230\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=311720, ...}) = 0
mmap(NULL, 2411776, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1d50801000
mprotect(0x7f1d50848000, 2097152, PROT_NONE) = 0
mmap(0x7f1d50a48000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x47000) = 0x7f1d50a48000
mmap(0x7f1d50a4d000, 3328, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f1d50a4d000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libz.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220\37\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=116960, ...}) = 0
mmap(NULL, 2212016, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1d505e4000
mprotect(0x7f1d50600000, 2093056, PROT_NONE) = 0
mmap(0x7f1d507ff000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b000) = 0x7f1d507ff000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/liblzo2.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000#\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=137256, ...}) = 0
mmap(NULL, 2232416, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1d503c2000
mprotect(0x7f1d503e3000, 2093056, PROT_NONE)...

We are randomly getting the same segfault on two different servers, one with 18.04 and one with 20.04. Here is the strace output, if it helps:

xxx@yyy:~$ sudo strace btrfs subvolume list /mnt/btrfs 
execve("/bin/btrfs", ["btrfs", "subvolume", "list", "/mnt/btrfs"], 0x7ffcd5a42ff8 /* 23 vars */) = 0
brk(NULL)                               = 0x5576268f3000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=26618, ...}) = 0
mmap(NULL, 26618, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f1d50e75000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libuuid.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@\26\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=27112, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1d50e73000
mmap(NULL, 2122112, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1d50a4e000
mprotect(0x7f1d50a54000, 2093056, PROT_NONE) = 0
mmap(0x7f1d50c53000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5000) = 0x7f1d50c53000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libblkid.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\230\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=311720, ...}) = 0
mmap(NULL, 2411776, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1d50801000
mprotect(0x7f1d50848000, 2097152, PROT_NONE) = 0
mmap(0x7f1d50a48000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x47000) = 0x7f1d50a48000
mmap(0x7f1d50a4d000, 3328, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f1d50a4d000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libz.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220\37\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=116960, ...}) = 0
mmap(NULL, 2212016, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1d505e4000
mprotect(0x7f1d50600000, 2093056, PROT_NONE) = 0
mmap(0x7f1d507ff000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b000) = 0x7f1d507ff000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/liblzo2.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000#\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=137256, ...}) = 0
mmap(NULL, 2232416, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1d503c2000
mprotect(0x7f1d503e3000, 2093056, PROT_NONE) = 0
mmap(0x7f1d505e2000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x20000) = 0x7f1d505e2000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libzstd.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\3604\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=501680, ...}) = 0
mmap(NULL, 2596912, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1d50147000
mprotect(0x7f1d501c1000, 2093056, PROT_NONE) = 0
mmap(0x7f1d503c0000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x79000) = 0x7f1d503c0000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000b\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=144976, ...}) = 0
mmap(NULL, 2221184, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1d4ff28000
mprotect(0x7f1d4ff42000, 2093056, PROT_NONE) = 0
mmap(0x7f1d50141000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19000) = 0x7f1d50141000
mmap(0x7f1d50143000, 13440, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f1d50143000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260\34\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=2030544, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1d50e71000
mmap(NULL, 4131552, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1d4fb37000
mprotect(0x7f1d4fd1e000, 2097152, PROT_NONE) = 0
mmap(0x7f1d4ff1e000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1e7000) = 0x7f1d4ff1e000
mmap(0x7f1d4ff24000, 15072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f1d4ff24000
close(3)                                = 0
mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1d50e6e000
arch_prctl(ARCH_SET_FS, 0x7f1d50e6e8c0) = 0
mprotect(0x7f1d4ff1e000, 16384, PROT_READ) = 0
mprotect(0x7f1d50141000, 4096, PROT_READ) = 0
mprotect(0x7f1d503c0000, 4096, PROT_READ) = 0
mprotect(0x7f1d505e2000, 4096, PROT_READ) = 0
mprotect(0x7f1d507ff000, 4096, PROT_READ) = 0
mprotect(0x7f1d50c53000, 4096, PROT_READ) = 0
mprotect(0x7f1d50a48000, 16384, PROT_READ) = 0
mprotect(0x557625ce2000, 20480, PROT_READ) = 0
mprotect(0x7f1d50e7c000, 4096, PROT_READ) = 0
munmap(0x7f1d50e75000, 26618)           = 0
set_tid_address(0x7f1d50e6eb90)         = 6908
set_robust_list(0x7f1d50e6eba0, 24)     = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7f1d4ff2dcb0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f1d4ff3a8a0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f1d4ff2dd50, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f1d4ff3a8a0}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
brk(NULL)                               = 0x5576268f3000
brk(0x557626914000)                     = 0x557626914000
statfs("/mnt/btrfs", {f_type=BTRFS_SUPER_MAGIC, f_bsize=4096, f_blocks=1048576000, f_bfree=813464493, f_bavail=813322881, f_files=0, f_ffree=0, f_fsid={val=[2961959219, 47240398]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_NOATIME}) = 0
stat("/mnt/btrfs", {st_mode=S_IFDIR|0755, st_size=52, ...}) = 0
stat("/mnt/btrfs", {st_mode=S_IFDIR|0755, st_size=52, ...}) = 0
openat(AT_FDCWD, "/mnt/btrfs", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0755, st_size=52, ...}) = 0
ioctl(3, BTRFS_IOC_INO_LOOKUP, {treeid=0, objectid=256 /* BTRFS_FIRST_FREE_OBJECTID */} => {treeid=5 /* BTRFS_FS_TREE_OBJECTID */, name=""}) = 0
ioctl(3, BTRFS_IOC_INO_LOOKUP, {treeid=0, objectid=256 /* BTRFS_FIRST_FREE_OBJECTID */} => {treeid=5 /* BTRFS_FS_TREE_OBJECTID */, name=""}) = 0
ioctl(3, BTRFS_IOC_TREE_SEARCH, {key={tree_id=1 /* BTRFS_ROOT_TREE_OBJECTID */, min_objectid=5 /* BTRFS_FS_TREE_OBJECTID */, max_offset=18446744073709551615 /* UINT64_MAX */, max_transid=18446744073709551615 /* UINT64_MAX */, min_type=132 /* BTRFS_ROOT_ITEM_KEY */, max_type=144 /* BTRFS_ROOT_BACKREF_KEY */, nr_items=4096}} => {key={nr_items=28}, buf=...}) = 0
ioctl(3, BTRFS_IOC_TREE_SEARCH, {key={tree_id=1 /* BTRFS_ROOT_TREE_OBJECTID */, min_objectid=257, min_offset=1364, max_offset=18446744073709551615 /* UINT64_MAX */, max_transid=18446744073709551615 /* UINT64_MAX */, min_type=156 /* BTRFS_ROOT_REF_KEY */, max_type=144 /* BTRFS_ROOT_BACKREF_KEY */, nr_items=4096}} => {key={nr_items=42}, buf=...}) = 0
ioctl(3, BTRFS_IOC_TREE_SEARCH, {key={tree_id=1 /* BTRFS_ROOT_TREE_OBJECTID */, min_objectid=257, min_offset=12704, max_offset=18446744073709551615 /* UINT64_MAX */, max_transid=18446744073709551615 /* UINT64_MAX */, min_type=156 /* BTRFS_ROOT_REF_KEY */, max_type=144 /* BTRFS_ROOT_BACKREF_KEY */, nr_items=4096}} => {key={nr_items=40}, buf=...}) = 0
ioctl(3, BTRFS_IOC_TREE_SEARCH, {key={tree_id=1 /* BTRFS_ROOT_TREE_OBJECTID */, min_objectid=257, min_offset=13004, max_offset=18446744073709551615 /* UINT64_MAX */, max_transid=18446744073709551615 /* UINT64_MAX */, min_type=156 /* BTRFS_ROOT_REF_KEY */, max_type=144 /* BTRFS_ROOT_BACKREF_KEY */, nr_items=4096}} => {key={nr_items=30}, buf=...}) = 0
ioctl(3, BTRFS_IOC_TREE_SEARCH, {key={tree_id=1 /* BTRFS_ROOT_TREE_OBJECTID */, min_objectid=353, min_offset=1, max_offset=18446744073709551615 /* UINT64_MAX */, max_transid=18446744073709551615 /* UINT64_MAX */, min_type=1 /* BTRFS_INODE_ITEM_KEY */, max_type=144 /* BTRFS_ROOT_BACKREF_KEY */, nr_items=4096}} => {key={nr_items=29}, buf=...}) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x7ffcc950b22b} ---
+++ killed by SIGSEGV (core dumped) +++
Segmentation fault

Ubuntu
btrfs-progs package

btrfs subvolume list segmentation fault

Bug Description

Other bug subscribers

Remote bug watches

Ubuntubtrfs-progs package

btrfs subvolume list segmentation fault

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
btrfs-progs package