From patchwork Fri Feb 16 19:51:38 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Dmitriy Gorokh X-Patchwork-Id: 10225591 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 6A6E6601E7 for ; Fri, 16 Feb 2018 19:51:51 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5B2F426CFC for ; Fri, 16 Feb 2018 19:51:51 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4FD2829158; Fri, 16 Feb 2018 19:51:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5BD7926CFC for ; Fri, 16 Feb 2018 19:51:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751036AbeBPTvt (ORCPT ); Fri, 16 Feb 2018 14:51:49 -0500 Received: from esa3.hgst.iphmx.com ([216.71.153.141]:6295 "EHLO esa3.hgst.iphmx.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750782AbeBPTvn (ORCPT ); Fri, 16 Feb 2018 14:51:43 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=wdc.com; i=@wdc.com; q=dns/txt; s=dkim.wdc.com; t=1518810703; x=1550346703; h=from:to:cc:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=QRZ501KM8mp6Ff0rq+R0mjoav2fGLSO/tw9pPpgw8X0=; b=qTxSz2yjlBySsRnm7HuqTOuyslNGs+4rLD69csvIne+pCbdb9a9V4fYX 2nJKUwKPjQ48m7uCzSe0JBt7Owxu3YACXVecwuGYx2n+b8bc8VK/KkEvT Tq6v53b5o6coNmb/r4zpF1BJPMMhzNfpRfOG3OhOXgkf8tCu68DI/VApX qIq4xRnQhhYvK1Gt3Q+k+ah2wHAkzfFem3EzSBAjz9ign0VBzhZV+RjUk 6+20K8cXwaHeycOsHiU2onSbO4sv9mZMtCv6yD5M6M7fYoTiVtYfN35zK jDDeVYRMlHN6LApEB7RMNlKQL4G5NnDJXmEPyJ1rFVGAu6JHJ9pmGEteF A==; X-IronPort-AV: E=Sophos;i="5.46,520,1511798400"; d="scan'208";a="72118125" Received: from mail-sn1nam01lp0113.outbound.protection.outlook.com (HELO NAM01-SN1-obe.outbound.protection.outlook.com) ([207.46.163.113]) by ob1.hgst.iphmx.com with ESMTP; 17 Feb 2018 03:51:42 +0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sharedspace.onmicrosoft.com; s=selector1-wdc-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=QRZ501KM8mp6Ff0rq+R0mjoav2fGLSO/tw9pPpgw8X0=; b=bA9k2mrd0jfxzO3TWBbuHvNC28HxJVZ6LGFGoluFvBrp3hqOf3CFKdi9uwwBVCT9kvf3rcke00+ARP/8nj1u5a0P5Ap3kCYTghgT4JDNM3xK1tckLMcbGwgsuJIBos21cNpx+Wk5/tZsszu1mOvmJr/6PLm0D+loC4Wjuou6idw= Received: from CO2PR04MB2183.namprd04.prod.outlook.com (10.166.93.153) by CO2PR04MB2213.namprd04.prod.outlook.com (10.166.94.9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.506.18; Fri, 16 Feb 2018 19:51:38 +0000 Received: from CO2PR04MB2183.namprd04.prod.outlook.com ([10.166.93.153]) by CO2PR04MB2183.namprd04.prod.outlook.com ([10.166.93.153]) with mapi id 15.20.0485.022; Fri, 16 Feb 2018 19:51:38 +0000 From: Dmitriy Gorokh To: "linux-btrfs@vger.kernel.org" CC: "stable@vger.kernel.org" Subject: [PATCH] Fix NULL pointer exception in find_bio_stripe() Thread-Topic: [PATCH] Fix NULL pointer exception in find_bio_stripe() Thread-Index: AQHTp1+O2fiATJ/Ceku0LiE6FWqaHA== Date: Fri, 16 Feb 2018 19:51:38 +0000 Message-ID: <4F831C76-2968-4A34-B7EF-2D8741A50529@wdc.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Dmitriy.Gorokh@wdc.com; x-originating-ip: [134.17.166.184] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; CO2PR04MB2213; 20:w5qs0YZhbvkM0ojPOmbrO/u7YRoiQ3xUy2NdYHwKbtXK8DxldbJHKHQ0QiUiSP7MH9AiouzWZNN7+bsOL/CvvEOt8u+2juz3Nnm0XZkR1u4LUvAD9f0CwFps4kHAzDASPdSwrh6FW8rSVWrkSUWomElto23pbb/Ro8v88MQPpO8= x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 14822684-b2d4-4d88-aa48-08d57576b17a x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603307)(7153060)(7193020); SRVR:CO2PR04MB2213; x-ms-traffictypediagnostic: CO2PR04MB2213: wdcipoutbound: EOP-TRUE x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(788757137089); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(3231101)(944501161)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041288)(20161123558120)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(6072148)(201708071742011); SRVR:CO2PR04MB2213; BCL:0; PCL:0; RULEID:; SRVR:CO2PR04MB2213; x-forefront-prvs: 0585417D7B x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(366004)(396003)(346002)(39380400002)(39860400002)(199004)(189003)(51234002)(6436002)(2501003)(33656002)(77096007)(3280700002)(14454004)(6486002)(66066001)(5640700003)(36756003)(3846002)(3660700001)(6116002)(68736007)(45080400002)(102836004)(6506007)(2900100001)(305945005)(72206003)(82746002)(97736004)(7736002)(59450400001)(53936002)(575784001)(6916009)(86362001)(6512007)(186003)(8936002)(83716003)(8676002)(81156014)(81166006)(4326008)(99286004)(106356001)(2351001)(450100002)(316002)(2906002)(105586002)(1857600001)(25786009)(478600001)(26005)(5660300001); DIR:OUT; SFP:1102; SCL:1; SRVR:CO2PR04MB2213; H:CO2PR04MB2183.namprd04.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; x-microsoft-antispam-message-info: 4EBbdd9UwJkGvSLYfOJgLHtT/s+Hf/HtJNtvyJsFL5nRCHRA+1wT5daTvUJfz3EtrZv7YgskU32b3YcXFqZajg== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-ID: <18277E1D86004E428E433DD7DA3AEDA2@namprd04.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: wdc.com X-MS-Exchange-CrossTenant-Network-Message-Id: 14822684-b2d4-4d88-aa48-08d57576b17a X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Feb 2018 19:51:38.5115 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b61c8803-16f3-4c35-9b17-6f65f441df86 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO2PR04MB2213 Sender: linux-btrfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On detaching of a disk which is a part of a RAID6 filesystem, the following kernel OOPS may happen: [63122.680461] BTRFS error (device sdo): bdev /dev/sdo errs: wr 0, rd 0, flush 1, corrupt 0, gen 0 [63122.719584] BTRFS warning (device sdo): lost page write due to IO error on /dev/sdo [63122.719587] BTRFS error (device sdo): bdev /dev/sdo errs: wr 1, rd 0, flush 1, corrupt 0, gen 0 [63122.803516] BTRFS warning (device sdo): lost page write due to IO error on /dev/sdo [63122.803519] BTRFS error (device sdo): bdev /dev/sdo errs: wr 2, rd 0, flush 1, corrupt 0, gen 0 [63122.863902] BTRFS critical (device sdo): fatal error on device /dev/sdo [63122.935338] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080 [63122.946554] IP: fail_bio_stripe+0x58/0xa0 [btrfs] [63122.958185] PGD 9ecda067 P4D 9ecda067 PUD b2b37067 PMD 0 [63122.971202] Oops: 0000 [#1] SMP [63122.990786] Modules linked in: libcrc32c dlm configfs cpufreq_userspace cpufreq_powersave cpufreq_conservative softdog nfsd auth_rpcgss nfs_acl nfs lockd grace fscache sunrpc bonding ipmi_devintf ipmi_msghandler joydev snd_intel8x0 snd_ac97_codec snd_pcm snd_timer snd psmouse evdev parport_pc soundcore serio_raw battery pcspkr video ac97_bus ac parport ohci_pci ohci_hcd i2c_piix4 button crc32c_generic crc32c_intel btrfs xor zstd_decompress zstd_compress xxhash raid6_pq dm_mod dax raid1 md_mod hid_generic usbhid hid xhci_pci xhci_hcd ehci_pci ehci_hcd usbcore sg sd_mod sr_mod cdrom ata_generic ahci libahci ata_piix libata e1000 scsi_mod [last unloaded: scst] [63123.006760] CPU: 0 PID: 3979 Comm: kworker/u8:9 Tainted: G W 4.14.2-16-scst34x+ #8 [63123.007091] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [63123.007402] Workqueue: btrfs-worker btrfs_worker_helper [btrfs] [63123.007595] task: ffff880036ea4040 task.stack: ffffc90006384000 [63123.007796] RIP: 0010:fail_bio_stripe+0x58/0xa0 [btrfs] [63123.007968] RSP: 0018:ffffc90006387ad8 EFLAGS: 00010287 [63123.008140] RAX: 0000000000000002 RBX: ffff88004beaa0b8 RCX: ffff8800b2bd5690 [63123.008359] RDX: 0000000000000000 RSI: ffff88007bb43500 RDI: ffff88004beaa000 [63123.008621] RBP: ffffc90006387ae8 R08: 0000000099100000 R09: ffff8800b2bd5600 [63123.008840] R10: 0000000000000004 R11: 0000000000010000 R12: ffff88007bb43500 [63123.009059] R13: 00000000fffffffb R14: ffff880036fc5180 R15: 0000000000000004 [63123.009278] FS: 0000000000000000(0000) GS:ffff8800b7000000(0000) knlGS:0000000000000000 [63123.009564] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [63123.009748] CR2: 0000000000000080 CR3: 00000000b0866000 CR4: 00000000000406f0 [63123.009969] Call Trace: [63123.010085] raid_write_end_io+0x7e/0x80 [btrfs] [63123.010251] bio_endio+0xa1/0x120 [63123.010378] generic_make_request+0x218/0x270 [63123.010921] submit_bio+0x66/0x130 [63123.011073] finish_rmw+0x3fc/0x5b0 [btrfs] [63123.011245] full_stripe_write+0x96/0xc0 [btrfs] [63123.011428] raid56_parity_write+0x117/0x170 [btrfs] [63123.011604] btrfs_map_bio+0x2ec/0x320 [btrfs] [63123.011759] ? ___cache_free+0x1c5/0x300 [63123.011909] __btrfs_submit_bio_done+0x26/0x50 [btrfs] [63123.012087] run_one_async_done+0x9c/0xc0 [btrfs] [63123.012257] normal_work_helper+0x19e/0x300 [btrfs] [63123.012429] btrfs_worker_helper+0x12/0x20 [btrfs] [63123.012656] process_one_work+0x14d/0x350 [63123.012888] worker_thread+0x4d/0x3a0 [63123.013026] ? _raw_spin_unlock_irqrestore+0x15/0x20 [63123.013192] kthread+0x109/0x140 [63123.013315] ? process_scheduled_works+0x40/0x40 [63123.013472] ? kthread_stop+0x110/0x110 [63123.013610] ret_from_fork+0x25/0x30 [63123.013741] Code: 7e 43 31 c0 48 63 d0 48 8d 14 52 49 8d 4c d1 60 48 8b 51 08 49 39 d0 72 1f 4c 63 1b 4c 01 da 49 39 d0 73 14 48 8b 11 48 8b 52 68 <48> 8b 8a 80 00 00 00 48 39 4e 08 74 14 83 c0 01 44 39 d0 75 c4 [63123.014469] RIP: fail_bio_stripe+0x58/0xa0 [btrfs] RSP: ffffc90006387ad8 [63123.014678] CR2: 0000000000000080 [63123.016590] ---[ end trace a295ea7259c17880 ]— This is reproducible in a cycle, where a series of writes is followed by SCSI device delete command. The test may take up to few minutes. Fixes: commit 74d46992e0d9dee7f1f376de0d56d31614c8a17a ("block: replace bi_bdev with a gendisk pointer and partitions index") Reviewed-by: Liu Bo --- fs/btrfs/raid56.c | 1 + 1 file changed, 1 insertion(+) -- 2.14.2 diff --git a/fs/btrfs/raid56.c b/fs/btrfs/raid56.c index dec0907dfb8a..fcfc20de2df3 100644 --- a/fs/btrfs/raid56.c +++ b/fs/btrfs/raid56.c @@ -1370,6 +1370,7 @@ static int find_bio_stripe(struct btrfs_raid_bio *rbio, stripe_start = stripe->physical; if (physical >= stripe_start && physical < stripe_start + rbio->stripe_len && + stripe->dev->bdev && bio->bi_disk == stripe->dev->bdev->bd_disk && bio->bi_partno == stripe->dev->bdev->bd_partno) { return i;