From: Qu Wenruo <quwenruo.btrfs@gmx.com>
To: Chris Down <chris@chrisdown.name>, Qu Wenruo <wqu@suse.com>
Cc: linux-btrfs@vger.kernel.org, kernel-team@fb.com
Subject: Re: [PATCH v2 2/2] btrfs: qgroup: add sysfs interface for debug
Date: Thu, 16 Jul 2020 08:27:20 +0800 [thread overview]
Message-ID: <e6cc556e-c830-fa28-486f-e23d520fe98e@gmx.com> (raw)
In-Reply-To: <e973ae45-c746-95b7-d176-180d47ecb2e2@gmx.com>
[-- Attachment #1.1: Type: text/plain, Size: 1995 bytes --]
On 2020/7/16 上午8:15, Qu Wenruo wrote:
>
>
> On 2020/7/15 下午9:49, Chris Down wrote:
>> Hi Wenruo,
>>
>> While testing my pending patches on top of linux-next, I encountered a
>> bug that seems related to this patch during btrfs unmount. Specifically,
>> a null pointer dereference in kobject_del inside btrfs_sysfs_del_qgroups
>> from close_ctree.
>>
>> The fix may be as simple as checking if the kobject is initialised,
>> although perhaps it should always be initialised in this case, so I'll
>> leave you to work out what the real issue is :-)
>
> Thank you very much for the report.
>
> May I ask if the qgroup is enabled? Or qgroup is not enabled at all?
BTW, after checking the code, it looks a little strange to me.
Firstly, both kobject_del and kobject_put() has extra check on NULL
pointers, thus if fs_info->qgroups_kobj is NULL, it should do nothing
and exit.
Secondly, the fs_info->qgroup_kobj is initialized to zero, by kvzalloc()
in btrfs_mount_root().
Thus unless we modified it manually, it should always be NULL.
And for the locations modifying qgroups_kobj, it's either allocating it,
in btrfs_sysfs_add_qgroups(), or removing it and set it back to NULL in
btrfs_sysfs_del_qgroups().
Thus this looks pretty weird.
Would you please provide the full call trace (especially the address
causing the NULL pointer deref) and the reproducer (if possible)?
Thanks,
Qu
>
> Thanks,
> Qu
>>
>>
>> RIP: kobject_del+0x1/0x20
>>
>> [...]
>>
>> Call Trace:
>> btrfs_sysfs_del_qgroups+0xa5/0xe0
>> close_ctree+0x1cd/0x2c0
>> generic_shutdown_super+0x6c/0x100
>> kill_anon_super+0x14/0x30
>> btrfs_kill_super+0x12/0x20
>> deactivate_locked_super+0x36/0x90
>> cleanup_mnt+0x12d/0x190
>> task_work_run+0x5c/0x90
>> __prepare_exit_to_usermode+0x164/0x170
>> [...]
>>
>> Thanks,
>>
>> Chris
>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2020-07-16 0:27 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-28 5:07 [PATCH v2 0/2] btrfs: add sysfs interface for qgroup Qu Wenruo
2020-06-28 5:07 ` [PATCH v2 1/2] btrfs: use __u16 for the return value of btrfs_qgroup_level() Qu Wenruo
2020-06-28 5:07 ` [PATCH v2 2/2] btrfs: qgroup: add sysfs interface for debug Qu Wenruo
2020-06-29 21:30 ` David Sterba
2020-06-29 23:17 ` Qu Wenruo
2020-06-30 8:07 ` David Sterba
2020-06-30 14:27 ` David Sterba
2020-06-30 16:57 ` David Sterba
2020-07-01 0:06 ` Qu Wenruo
2020-07-15 13:49 ` Chris Down
2020-07-16 0:15 ` Qu Wenruo
2020-07-16 0:25 ` Chris Down
2020-07-16 0:27 ` Qu Wenruo [this message]
[not found] ` <20200716004031.GC2140@chrisdown.name>
2020-07-16 1:51 ` Qu Wenruo
2020-07-16 6:21 ` Qu Wenruo
2020-07-16 8:41 ` Chris Down
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e6cc556e-c830-fa28-486f-e23d520fe98e@gmx.com \
--to=quwenruo.btrfs@gmx.com \
--cc=chris@chrisdown.name \
--cc=kernel-team@fb.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=wqu@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.