btrfs map_private_extent_buffer+0x12/0x150 NULL pointer dereference
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Confirmed
|
Medium
|
Unassigned |
Bug Description
While running a soak test I hit the following WARNING followed by a null pointer de-reference on btrfs inside a virtual machine.
$ uname -a
Linux server-7362 3.2.0-17-virtual #27-Ubuntu SMP Fri Feb 24 15:57:57 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
To repeat:
Start up a virtual machine
Create image:
dd if=/dev/zero of=image bs=1K count=280000
mkfs.btrfs image
gcc test.c -o test
sudo mount -o loop image /mnt
cd /mnt
~/test -d 120 foo
I can only get this to reproduce inside a virtual machine (such as an instance on the canonicloud). Seems like a race condition to me.
[ 4640.369358] Btrfs loaded
[ 4640.369487] device fsid 32c7ae64-
[ 4673.541599] ------------[ cut here ]------------
[ 4673.541620] WARNING: at /build/
[ 4673.541624] Hardware name: Bochs
[ 4673.541625] Modules linked in: btrfs zlib_deflate libcrc32c psmouse serio_raw virtio_balloon acpiphp floppy
[ 4673.541638] Pid: 21872, comm: test Not tainted 3.2.0-17-virtual #27-Ubuntu
[ 4673.541640] Call Trace:
[ 4673.541665] [<ffffffff81065
[ 4673.541670] [<ffffffff81065
[ 4673.541681] [<ffffffffa0067
[ 4673.541702] [<ffffffffa009b
[ 4673.541714] [<ffffffffa0068
[ 4673.541726] [<ffffffff8115e
[ 4673.541738] [<ffffffffa006b
[ 4673.541750] [<ffffffffa006b
[ 4673.541762] [<ffffffffa006c
[ 4673.541779] [<ffffffffa0096
[ 4673.541794] [<ffffffffa007c
[ 4673.541802] [<ffffffff81089
[ 4673.541819] [<ffffffffa008a
[ 4673.541834] [<ffffffff811a2
[ 4673.541839] [<ffffffff811a2
[ 4673.541844] [<ffffffff8165a
[ 4673.541847] ---[ end trace dfc590b622064b16 ]---
[ 4673.541850] btrfs unable to find ref byte nr 29360128 parent 0 root 5 owner 0 offset 0
[ 4673.543048] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 4673.544081] IP: [<ffffffffa009d
[ 4673.544081] PGD 1c6ef067 PUD 1c649067 PMD 0
[ 4673.544081] Oops: 0000 [#1] SMP
[ 4673.544081] CPU 0
[ 4673.544081] Modules linked in: btrfs zlib_deflate libcrc32c psmouse serio_raw virtio_balloon acpiphp floppy
[ 4673.544081]
[ 4673.544081] Pid: 21872, comm: test Tainted: G W 3.2.0-17-virtual #27-Ubuntu Bochs Bochs
[ 4673.544081] RIP: 0010:[<
[ 4673.544081] RSP: 0018:ffff88001c
[ 4673.544081] RAX: 0000000000000000 RBX: 0000000000000065 RCX: ffff88001ce2fb58
[ 4673.544081] RDX: 0000000000000004 RSI: 000000000000007a RDI: 0000000000000000
[ 4673.544081] RBP: ffff88001ce2fb48 R08: ffff88001ce2fb60 R09: ffff88001ce2fb68
[ 4673.544081] R10: 0000000000000000 R11: 0000000000000000 R12: 000000000000007a
[ 4673.544081] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000ffffffe4
[ 4673.544081] FS: 00007fbfcc84e70
[ 4673.544081] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 4673.544081] CR2: 0000000000000000 CR3: 000000001caf7000 CR4: 00000000000006f0
[ 4673.544081] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 4673.544081] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 4673.544081] Process test (pid: 21872, threadinfo ffff88001ce2e000, task ffff88001c9316c0)
[ 4673.544081] Stack:
[ 4673.544081] 0000000000001000 0000000000000065 000000000000007a 0000000000000000
[ 4673.544081] ffff88001ce2fb98 ffffffffa00927cc ffff88001ce2fba8 ffff88001ce2fb68
[ 4673.544081] 0000000000000005 0000000001c00000 0000000000000000 ffff88000475a090
[ 4673.544081] Call Trace:
[ 4673.544081] [<ffffffffa0092
[ 4673.544081] [<ffffffffa0067
[ 4673.544081] [<ffffffffa009b
[ 4673.544081] [<ffffffffa0068
[ 4673.544081] [<ffffffff8115e
[ 4673.544081] [<ffffffffa006b
[ 4673.544081] [<ffffffffa006b
[ 4673.544081] [<ffffffffa006c
[ 4673.544081] [<ffffffffa0096
[ 4673.544081] [<ffffffffa007c
[ 4673.544081] [<ffffffff81089
[ 4673.544081] [<ffffffffa008a
[ 4673.544081] [<ffffffff811a2
[ 4673.544081] [<ffffffff811a2
[ 4673.544081] [<ffffffff8165a
[ 4673.544081] Code: 83 c0 01 48 89 85 78 ff ff ff e9 c0 fc ff ff 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 55 41 54 53 48 83 ec 08 66 66 66 66 90 <4c> 8b 27 4d 89 cd 48 89 cb 41 81 e4 ff 0f 00 00 4a 8d 04 26 4c
[ 4673.544081] RIP [<ffffffffa009d
[ 4673.544081] RSP <ffff88001ce2fb28>
[ 4673.544081] CR2: 0000000000000000
[ 4673.574872] ---[ end trace dfc590b622064b17 ]---
Changed in linux (Ubuntu): | |
importance: | Undecided → Medium |
status: | Incomplete → Confirmed |
tags: | added: bot-stop-nagging |
Just to add, this is repeatable each time. I've throughly exercised it on different real H/W and not been able to trip it on H/W, just inside a virtual machine.