From patchwork Tue Apr 5 17:42:03 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 688381 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id p35HnVcG013529 for ; Tue, 5 Apr 2011 17:49:32 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753809Ab1DERt3 (ORCPT ); Tue, 5 Apr 2011 13:49:29 -0400 Received: from mx1.redhat.com ([209.132.183.28]:29881 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752734Ab1DERt2 (ORCPT ); Tue, 5 Apr 2011 13:49:28 -0400 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p35HnOpV017851 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 5 Apr 2011 13:49:25 -0400 Received: from dhcp231-156.rdu.redhat.com (dhcp231-156.rdu.redhat.com [10.11.231.156]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id p35HnOIW021020; Tue, 5 Apr 2011 13:49:24 -0400 Date: Tue, 5 Apr 2011 13:42:03 -0400 From: Josef Bacik To: Johannes Hirte Cc: Josef Bacik , linux-btrfs@vger.kernel.org Subject: Re: BUG: unable to handle kernel NULL pointer dereference at (null) Message-ID: <20110405174202.GA484@dhcp231-156.rdu.redhat.com> References: <201104051938.14319.johannes.hirte@fem.tu-ilmenau.de> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <201104051938.14319.johannes.hirte@fem.tu-ilmenau.de> User-Agent: Mutt/1.5.19 (2009-01-05) X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 Sender: linux-btrfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.6 (demeter1.kernel.org [140.211.167.41]); Tue, 05 Apr 2011 17:49:32 +0000 (UTC) On Tue, Apr 05, 2011 at 07:38:13PM +0200, Johannes Hirte wrote: > With the latest btrfs changes, I got this Oops when doing rm on a large > directory: > > BUG: unable to handle kernel NULL pointer dereference at (null) > IP: [] kunmap+0x46/0x46 > *pdpt = 0000000034a85001 *pde = 0000000000000000 > Oops: 0000 [#1] PREEMPT SMP > last sysfs file: /sys/devices/virtual/vtconsole/vtcon1/uevent > Modules linked in: snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device > snd_pcm_oss snd_mixer_oss fuse dm_crypt dm_mod usbhid snd_intel8x0 > snd_ac97_codec ac97_bus snd_pcm snd_timer sr_mod cdrom sg snd fschmd e1000 > uhci_hcd snd_page_alloc i2c_i801 [last unloaded: microcode] > > Pid: 1156, comm: btrfs-transacti Tainted: G W 2.6.39-rc1-00262- > gc53813f #20 FUJITSU SIEMENS SCENIC P / SCENICO P/D1561 > EIP: 0060:[] EFLAGS: 00010296 CPU: 1 > EIP is at kmap+0x0/0x38 > EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 00000010 > ESI: f5bc6400 EDI: f3c75520 EBP: f3c755f0 ESP: f58f9e10 > DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 > Process btrfs-transacti (pid: 1156, ti=f58f8000 task=f6516f40 > task.ti=f58f8000) > Stack: > c1186d15 ffc22000 f58f9ec0 00000010 f3c75610 00000000 f5885780 f52339e8 > 00000009 f5bc6400 00010000 00000000 f6415800 f3c75638 000008bb f5bc63c0 > f58857b4 f60b68a0 00000040 f52338e8 ffc22000 00000000 00000008 00000010 > Call Trace: > [] ? btrfs_write_out_cache+0x60c/0xa3c > [] ? btrfs_write_dirty_block_groups+0x400/0x494 > [] ? commit_cowonly_roots+0xa9/0x180 > [] ? btrfs_commit_transaction+0x2ee/0x59c > [] ? wake_up_bit+0x16/0x16 > [] ? transaction_kthread+0x149/0x1d6 > [] ? complete+0x28/0x36 > [] ? btrfs_congested_fn+0x5d/0x5d > [] ? kthread+0x63/0x68 > [] ? kthread_worker_fn+0xeb/0xeb > [] ? kernel_thread_helper+0x6/0xd > Code: 8d 8a 00 e4 54 c1 2b 8a 8c e7 54 c1 81 f9 00 08 00 00 74 11 81 f9 00 0c > 00 00 75 0e 83 3d 10 2f 60 c1 02 75 05 e9 5e a3 04 00 c3 <8b> 10 c1 ea 1e c1 > e2 0a 8d 8a 00 e4 54 c1 2b 8a 8c e7 54 c1 81 > EIP: [] kmap+0x0/0x38 SS:ESP 0068:f58f9e10 > CR2: 0000000000000000 > ---[ end trace c8511126ee91dfdf ]--- > > This is the second Oops. On the first one I wasn't able to catch the backtrace, > but IIRC the bug happend on kmap not kunmap the first time. > Yeah I think I know what this is but I need somebody to verify it for me. Can you run with this patch and let me know what happens? Thanks, Josef --- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/fs/btrfs/free-space-cache.c b/fs/btrfs/free-space-cache.c index 74bc432..5e6f4b3 100644 --- a/fs/btrfs/free-space-cache.c +++ b/fs/btrfs/free-space-cache.c @@ -624,6 +624,7 @@ int btrfs_write_out_cache(struct btrfs_root *root, next_page = false; + BUG_ON(index > last_index); if (index == 0) { start_offset = first_page_offset; offset = start_offset; @@ -732,6 +733,7 @@ int btrfs_write_out_cache(struct btrfs_root *root, struct btrfs_free_space *entry = list_entry(pos, struct btrfs_free_space, list); + BUG_ON(index > last_index); page = find_get_page(inode->i_mapping, index); addr = kmap(page);