[PATCH] btrfs: tracepoints: fix sleep while in atomic context in btrfs_sync

Linux Btrfs filesystem development
 help / color / mirror / Atom feed

* [PATCH] btrfs: tracepoints: fix sleep while in atomic context in btrfs_sync_file()
@ 2026-04-28 16:05 fdmanana
  2026-04-30 15:08 ` Boris Burkov
  0 siblings, 1 reply; 2+ messages in thread
From: fdmanana @ 2026-04-28 16:05 UTC (permalink / raw)
  To: linux-btrfs

From: Filipe Manana <fdmanana@suse.com>

The trace event btrfs_sync_file() can be called in an atomic context and
its call to dput(), which is needed due to the call to dget_parent(), can
sleep, triggering a kernel splat.

This can be reproduced by enabling the trace event and running btrfs/056
from fstests for example. The splat shown in dmesg is the following:

   [84853.995109] BUG: sleeping function called from invalid context at fs/dcache.c:970
   [84853.996457] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 32773, name: xfs_io
   [84853.997858] preempt_count: 2, expected: 0
   [84853.998647] RCU nest depth: 0, expected: 0
   [84853.999403] Preemption disabled at:
   [84853.999404] [<0000000000000000>] 0x0
   [84854.000708] CPU: 0 UID: 0 PID: 32773 Comm: xfs_io Tainted: G        W           7.1.0-rc1-btrfs-next-232+ #1 PREEMPT(full)
   [84854.000710] Tainted: [W]=WARN
   [84854.000711] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014
   [84854.000712] Call Trace:
   [84854.000714]  <TASK>
   [84854.000716]  dump_stack_lvl+0x56/0x80
   [84854.000719]  __might_resched.cold+0xd6/0x10f
   [84854.000722]  dput.part.0+0x24/0x110
   [84854.000728]  trace_event_raw_event_btrfs_sync_file+0x75/0x140 [btrfs]
   [84854.000809]  btrfs_sync_file+0x1ed/0x530 [btrfs]
   [84854.000887]  ? __handle_mm_fault+0x8ae/0xed0
   [84854.000889]  btrfs_do_write_iter+0x172/0x210 [btrfs]
   [84854.000951]  vfs_write+0x21f/0x450
   [84854.000954]  __x64_sys_pwrite64+0x8d/0xc0
   [84854.000956]  ? do_user_addr_fault+0x20c/0x670
   [84854.000959]  do_syscall_64+0x60/0xf20
   [84854.000962]  ? clear_bhb_loop+0x60/0xb0
   [84854.000964]  entry_SYSCALL_64_after_hwframe+0x76/0x7e

So stop using dget_parent() and dput() and access the parent dentry
directly as dentry->d_parent. This is also what ext4 is doing in
its equivalent trace event ext4_sync_file_enter().

Fixes: a85b46db143f ("btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file()")
Signed-off-by: Filipe Manana <fdmanana@suse.com>
---
 include/trace/events/btrfs.h | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/include/trace/events/btrfs.h b/include/trace/events/btrfs.h
index 8ad7a2d76c1d..ec1df8b94517 100644
--- a/include/trace/events/btrfs.h
+++ b/include/trace/events/btrfs.h
@@ -771,10 +771,8 @@ TRACE_EVENT(btrfs_sync_file,
 	TP_fast_assign(
 		struct dentry *dentry = file_dentry(file);
 		struct inode *inode = file_inode(file);
-		struct dentry *parent = dget_parent(dentry);
-		struct inode *parent_inode = d_inode(parent);
+		struct inode *parent_inode = d_inode(dentry->d_parent);
 
-		dput(parent);
 		TP_fast_assign_fsid(btrfs_sb(inode->i_sb));
 		__entry->ino		= btrfs_ino(BTRFS_I(inode));
 		__entry->parent		= btrfs_ino(BTRFS_I(parent_inode));
-- 
2.47.2


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] btrfs: tracepoints: fix sleep while in atomic context in btrfs_sync_file()
  2026-04-28 16:05 [PATCH] btrfs: tracepoints: fix sleep while in atomic context in btrfs_sync_file() fdmanana
@ 2026-04-30 15:08 ` Boris Burkov
  0 siblings, 0 replies; 2+ messages in thread
From: Boris Burkov @ 2026-04-30 15:08 UTC (permalink / raw)
  To: Filipe Manana; +Cc: linux-btrfs

On Tue, Apr 28, 2026 at 05:05:43PM +0100, Filipe Manana wrote:
> The trace event btrfs_sync_file() can be called in an atomic context and
> its call to dput(), which is needed due to the call to dget_parent(), can
> sleep, triggering a kernel splat.
> 
> This can be reproduced by enabling the trace event and running btrfs/056
> from fstests for example. The splat shown in dmesg is the following:
> 
>    [84853.995109] BUG: sleeping function called from invalid context at fs/dcache.c:970
>    [84853.996457] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 32773, name: xfs_io
>    [84853.997858] preempt_count: 2, expected: 0
>    [84853.998647] RCU nest depth: 0, expected: 0
>    [84853.999403] Preemption disabled at:
>    [84853.999404] [<0000000000000000>] 0x0
>    [84854.000708] CPU: 0 UID: 0 PID: 32773 Comm: xfs_io Tainted: G        W           7.1.0-rc1-btrfs-next-232+ #1 PREEMPT(full)
>    [84854.000710] Tainted: [W]=WARN
>    [84854.000711] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014
>    [84854.000712] Call Trace:
>    [84854.000714]  <TASK>
>    [84854.000716]  dump_stack_lvl+0x56/0x80
>    [84854.000719]  __might_resched.cold+0xd6/0x10f
>    [84854.000722]  dput.part.0+0x24/0x110
>    [84854.000728]  trace_event_raw_event_btrfs_sync_file+0x75/0x140 [btrfs]
>    [84854.000809]  btrfs_sync_file+0x1ed/0x530 [btrfs]
>    [84854.000887]  ? __handle_mm_fault+0x8ae/0xed0
>    [84854.000889]  btrfs_do_write_iter+0x172/0x210 [btrfs]
>    [84854.000951]  vfs_write+0x21f/0x450
>    [84854.000954]  __x64_sys_pwrite64+0x8d/0xc0
>    [84854.000956]  ? do_user_addr_fault+0x20c/0x670
>    [84854.000959]  do_syscall_64+0x60/0xf20
>    [84854.000962]  ? clear_bhb_loop+0x60/0xb0
>    [84854.000964]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
> 
> So stop using dget_parent() and dput() and access the parent dentry
> directly as dentry->d_parent. This is also what ext4 is doing in
> its equivalent trace event ext4_sync_file_enter().
> 
> Fixes: a85b46db143f ("btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file()")

Looks good, thanks.
Reviewed-by: Boris Burkov <boris@bur.io>

> Signed-off-by: Filipe Manana <fdmanana@suse.com>
> ---
>  include/trace/events/btrfs.h | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/include/trace/events/btrfs.h b/include/trace/events/btrfs.h
> index 8ad7a2d76c1d..ec1df8b94517 100644
> --- a/include/trace/events/btrfs.h
> +++ b/include/trace/events/btrfs.h
> @@ -771,10 +771,8 @@ TRACE_EVENT(btrfs_sync_file,
>  	TP_fast_assign(
>  		struct dentry *dentry = file_dentry(file);
>  		struct inode *inode = file_inode(file);
> -		struct dentry *parent = dget_parent(dentry);
> -		struct inode *parent_inode = d_inode(parent);
> +		struct inode *parent_inode = d_inode(dentry->d_parent);
>  
> -		dput(parent);
>  		TP_fast_assign_fsid(btrfs_sb(inode->i_sb));
>  		__entry->ino		= btrfs_ino(BTRFS_I(inode));
>  		__entry->parent		= btrfs_ino(BTRFS_I(parent_inode));
> -- 
> 2.47.2

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-04-30 15:08 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-28 16:05 [PATCH] btrfs: tracepoints: fix sleep while in atomic context in btrfs_sync_file() fdmanana
2026-04-30 15:08 ` Boris Burkov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox