Re: [PATCH] btrfs: tracepoints: fix sleep while in atomic context in btrfs_sync_file()

[Boris Burkov <boris@bur.io>]

On Tue, Apr 28, 2026 at 05:05:43PM +0100, Filipe Manana wrote:
> The trace event btrfs_sync_file() can be called in an atomic context and
> its call to dput(), which is needed due to the call to dget_parent(), can
> sleep, triggering a kernel splat.
> 
> This can be reproduced by enabling the trace event and running btrfs/056
> from fstests for example. The splat shown in dmesg is the following:
> 
>    [84853.995109] BUG: sleeping function called from invalid context at fs/dcache.c:970
>    [84853.996457] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 32773, name: xfs_io
>    [84853.997858] preempt_count: 2, expected: 0
>    [84853.998647] RCU nest depth: 0, expected: 0
>    [84853.999403] Preemption disabled at:
>    [84853.999404] [<0000000000000000>] 0x0
>    [84854.000708] CPU: 0 UID: 0 PID: 32773 Comm: xfs_io Tainted: G        W           7.1.0-rc1-btrfs-next-232+ #1 PREEMPT(full)
>    [84854.000710] Tainted: [W]=WARN
>    [84854.000711] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014
>    [84854.000712] Call Trace:
>    [84854.000714]  <TASK>
>    [84854.000716]  dump_stack_lvl+0x56/0x80
>    [84854.000719]  __might_resched.cold+0xd6/0x10f
>    [84854.000722]  dput.part.0+0x24/0x110
>    [84854.000728]  trace_event_raw_event_btrfs_sync_file+0x75/0x140 [btrfs]
>    [84854.000809]  btrfs_sync_file+0x1ed/0x530 [btrfs]
>    [84854.000887]  ? __handle_mm_fault+0x8ae/0xed0
>    [84854.000889]  btrfs_do_write_iter+0x172/0x210 [btrfs]
>    [84854.000951]  vfs_write+0x21f/0x450
>    [84854.000954]  __x64_sys_pwrite64+0x8d/0xc0
>    [84854.000956]  ? do_user_addr_fault+0x20c/0x670
>    [84854.000959]  do_syscall_64+0x60/0xf20
>    [84854.000962]  ? clear_bhb_loop+0x60/0xb0
>    [84854.000964]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
> 
> So stop using dget_parent() and dput() and access the parent dentry
> directly as dentry->d_parent. This is also what ext4 is doing in
> its equivalent trace event ext4_sync_file_enter().
> 
> Fixes: a85b46db143f ("btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file()")

Looks good, thanks.
Reviewed-by: Boris Burkov <boris@bur.io>

> Signed-off-by: Filipe Manana <fdmanana@suse.com>
> ---
>  include/trace/events/btrfs.h | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/include/trace/events/btrfs.h b/include/trace/events/btrfs.h
> index 8ad7a2d76c1d..ec1df8b94517 100644
> --- a/include/trace/events/btrfs.h
> +++ b/include/trace/events/btrfs.h
> @@ -771,10 +771,8 @@ TRACE_EVENT(btrfs_sync_file,
>  	TP_fast_assign(
>  		struct dentry *dentry = file_dentry(file);
>  		struct inode *inode = file_inode(file);
> -		struct dentry *parent = dget_parent(dentry);
> -		struct inode *parent_inode = d_inode(parent);
> +		struct inode *parent_inode = d_inode(dentry->d_parent);
>  
> -		dput(parent);
>  		TP_fast_assign_fsid(btrfs_sb(inode->i_sb));
>  		__entry->ino		= btrfs_ino(BTRFS_I(inode));
>  		__entry->parent		= btrfs_ino(BTRFS_I(parent_inode));
> -- 
> 2.47.2