Btrfs devel - Nov 2012 - btrfs crash - Null dereference - 3.7.0-rc5-00068-gc5e35d6

Hi,

my system suddenly crashed and gave me this dump:

http://imgur.com/oO6S0

I checked and there is not btrfs commit in linus'' tree since I compiled
this
kernel.

	Gustavo

On Mon, Nov 19, 2012 at 12:55:40AM -0200, Gustavo Padovan
wrote:
> Hi,
> 
> my system suddenly crashed and gave me this dump:
> 
> http://imgur.com/oO6S0
> 
> I checked and there is not btrfs commit in linus'' tree since I
compiled this
> kernel.
> 
Hi Gustavo,

It''s weird that NULL pointer oops happens here.

Since you own the kernel, you may also have debuginfo left,

can you please run
''gdb fs/btrfs/btrfs.ko'' and ''list
*block_rsv_release_bytes+0x21'' to
check which one is NULL pointer?

thanks,
liubo
> 	Gustavo
> --
> To unsubscribe from this list: send the line "unsubscribe
linux-btrfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs"
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Hi Liu,

* Liu Bo <bo.li.liu@oracle.com> [2012-11-19 18:32:23 +0800]:
> On Mon, Nov 19, 2012 at 12:55:40AM -0200, Gustavo Padovan wrote:
> > Hi,
> > 
> > my system suddenly crashed and gave me this dump:
> > 
> > http://imgur.com/oO6S0
> > 
> > I checked and there is not btrfs commit in linus'' tree since
I compiled this
> > kernel.
> > 
> 
> Hi Gustavo,
> 
> It''s weird that NULL pointer oops happens here.
> 
> Since you own the kernel, you may also have debuginfo left,
> 
> can you please run
> ''gdb fs/btrfs/btrfs.ko'' and ''list
*block_rsv_release_bytes+0x21'' to
> check which one is NULL pointer?

(gdb) list *block_rsv_release_bytes+0x21
0xffffffff811a83c1 is in block_rsv_release_bytes
(fs/btrfs/extent-tree.c:4065).
4060	
4061	static void block_rsv_release_bytes(struct btrfs_fs_info *fs_info,
4062					    struct btrfs_block_rsv *block_rsv,
4063					    struct btrfs_block_rsv *dest, u64
num_bytes)
4064	{
4065		struct btrfs_space_info *space_info = block_rsv->space_info;
4066	
4067		spin_lock(&block_rsv->lock);
4068		if (num_bytes == (u64)-1)
4069			num_bytes = block_rsv->size;
(gdb) 

Seems block_rsv is NULL here and looking to btrfs_block_rsv_release() it can
only be NULL at this point if global_rsv->full is true otherwise the crash
would happen there. I didn''t go any further than this.

	Gustavo
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs"
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

On Mon, Nov 19, 2012 at 11:07:52AM -0200, Gustavo Padovan
wrote:
> > can you please run
> > ''gdb fs/btrfs/btrfs.ko'' and ''list
*block_rsv_release_bytes+0x21'' to
> > check which one is NULL pointer?
> 
> 
> (gdb) list *block_rsv_release_bytes+0x21
> 0xffffffff811a83c1 is in block_rsv_release_bytes
> (fs/btrfs/extent-tree.c:4065).
> 4060	
> 4061	static void block_rsv_release_bytes(struct btrfs_fs_info *fs_info,
> 4062					    struct btrfs_block_rsv *block_rsv,
> 4063					    struct btrfs_block_rsv *dest, u64
> num_bytes)
> 4064	{
> 4065		struct btrfs_space_info *space_info = block_rsv->space_info;
> 4066	
> 4067		spin_lock(&block_rsv->lock);
> 4068		if (num_bytes == (u64)-1)
> 4069			num_bytes = block_rsv->size;
> (gdb) 
> 
> Seems block_rsv is NULL here and looking to btrfs_block_rsv_release() it
can
> only be NULL at this point if global_rsv->full is true otherwise the
crash
> would happen there. I didn''t go any further than this.
> 
> 	Gustavo
Can you check if the following commit is in your tree?

commit 321f0e70225abc792d74902a2bc4a60164265fd4
Author: Miao Xie <miaox@cn.fujitsu.com>

    Btrfs: fix wrong orphan count of the fs/file tree

diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 878116d..a6824bd 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -2228,7 +2228,7 @@ int btrfs_orphan_add(struct btrfs_trans_handle *trans,
struct inode *inode)
                        insert = 1;
 #endif
                insert = 1;
-               atomic_dec(&root->orphan_inodes);
+               atomic_inc(&root->orphan_inodes);
        }
 
        if (!test_and_set_bit(BTRFS_INODE_ORPHAN_META_RESERVED,

thanks,
liubo
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs"
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

* Liu Bo <bo.li.liu@oracle.com> [2012-11-19 23:27:53 +0800]:
> On Mon, Nov 19, 2012 at 11:07:52AM -0200, Gustavo Padovan wrote:
> > > can you please run
> > > ''gdb fs/btrfs/btrfs.ko'' and ''list
*block_rsv_release_bytes+0x21'' to
> > > check which one is NULL pointer?
> > 
> > 
> > (gdb) list *block_rsv_release_bytes+0x21
> > 0xffffffff811a83c1 is in block_rsv_release_bytes
> > (fs/btrfs/extent-tree.c:4065).
> > 4060	
> > 4061	static void block_rsv_release_bytes(struct btrfs_fs_info
*fs_info,
> > 4062					    struct btrfs_block_rsv *block_rsv,
> > 4063					    struct btrfs_block_rsv *dest, u64
> > num_bytes)
> > 4064	{
> > 4065		struct btrfs_space_info *space_info = block_rsv->space_info;
> > 4066	
> > 4067		spin_lock(&block_rsv->lock);
> > 4068		if (num_bytes == (u64)-1)
> > 4069			num_bytes = block_rsv->size;
> > (gdb) 
> > 
> > Seems block_rsv is NULL here and looking to btrfs_block_rsv_release()
it can
> > only be NULL at this point if global_rsv->full is true otherwise
the crash
> > would happen there. I didn''t go any further than this.
> > 
> > 	Gustavo
> 
> Can you check if the following commit is in your tree?
> 
> commit 321f0e70225abc792d74902a2bc4a60164265fd4
> Author: Miao Xie <miaox@cn.fujitsu.com>
> 
>     Btrfs: fix wrong orphan count of the fs/file tree
> 
> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
> index 878116d..a6824bd 100644
> --- a/fs/btrfs/inode.c
> +++ b/fs/btrfs/inode.c
> @@ -2228,7 +2228,7 @@ int btrfs_orphan_add(struct btrfs_trans_handle
*trans, struct inode *inode)
>                         insert = 1;
>  #endif
>                 insert = 1;
> -               atomic_dec(&root->orphan_inodes);
> +               atomic_inc(&root->orphan_inodes);
>         }
>  
>         if (!test_and_set_bit(BTRFS_INODE_ORPHAN_META_RESERVED,
Yes, it is. I''m using linus tree from last week, head at c5e35d6.

	Gustavo
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs"
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html