Yauhen Kharuzhy committed dfa441c 2016-03-18

btrfs: Fix kernel crashing at device autoreplace

Don't free block device at btrfs device closing because it is used after
for completing current transaction in btrfs_dev_replace_start_v2().

If bdev is closed at autoreplacing, kernel crashes:

[ 561.554135] NULL pointer dereference at 00000000000003c8
[ 561.567986] IP: [<ffffffff812a2c44>] generic_make_request_checks+0x34/0x500
[ 561.573242] PGD 0
[ 561.575359] Oops: 0000 [#2] SMP
[ 561.578847] Modules linked in: cpufreq_powersave cpufreq_stats cpufreq_userspace cpufreq_conservative softdog nfsd auth_rpcgss oid_registry nfs_acl nfs lockd grace fscache sunrpc ipmi_devintf ipmi_msghandler iosf_mbi crct10dif_pclmul cr
c32_pclmul iTCO_wdt sha256_ssse3 iTCO_vendor_support sha256_generic hmac drbg snd_pcm lpc_ich ansi_cprng mfd_core aesni_intel acpi_cpufreq snd_timer aes_x86_64 snd parport_pc soundcore lrw parport video gf128mul tpm_tis glue_helper 8250_fi
ntek tpm psmouse pcspkr serio_raw ac processor button ablk_helper battery evdev rng_core i2c_piix4 cryptd btrfs xor raid6_pq dm_mod raid1 md_mod sg sd_mod ahci libahci pcnet32 libata crc32c_intel scsi_mod mii
[ 561.630412] CPU: 0 PID: 4586 Comm: btrfs-casualty Tainted: G D 4.4.5-scst31x+ #13
[ 561.636041] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[ 561.641275] task: ffff880019862e40 ti: ffff88000a1a0000 task.ti: ffff88000a1a0000
[ 561.646371] RIP: 0010:[<ffffffff812a2c44>] [<ffffffff812a2c44>] generic_make_request_checks+0x34/0x500
[ 561.653545] RSP: 0018:ffff88000a1a3618 EFLAGS: 00010287
[ 561.656801] RAX: 0000000000000000 RBX: ffff880013aa6c68 RCX: 0000000000040880
[ 561.661239] RDX: 0000000000000080 RSI: ffff880019862e40 RDI: ffff88001b5b4140
[ 561.665810] RBP: 0000000000000080 R08: ffff88000a1a0000 R09: 0000000000000000
[ 561.670857] R10: 0000000000007000 R11: 0000000000000000 R12: 000000000000000c
[ 561.674779] R13: 0000000000000004 R14: ffff88001f0a9800 R15: 0000000000000010
[ 561.679094] FS: 0000000000000000(0000) GS:ffff88001fc00000(0000) knlGS:0000000000000000
[ 561.684455] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 561.688819] CR2: 00000000000003c8 CR3: 000000001c3f4000 CR4: 00000000000406f0
[ 561.694128] Stack:
[ 561.697150] ffff88001eecaf20 ffff88001c53c880 0000000000000001 0000000000000006
[ 561.706829] ffffffff812a6e74 ffff880013aa6c68 00000000ffffffff 000000000000000c
[ 561.713429] 0000000000000004 ffff88001f0a9800 0000000000000010 ffffffff812a51ae
[ 561.719481] Call Trace:
[ 561.721475] [<ffffffff812a6e74>] ? blk_queue_bio+0x2c4/0x3c0
[ 561.725273] [<ffffffff812a51ae>] ? generic_make_request+0x1e/0x1b0
[ 561.729969] [<ffffffff812a539f>] ? submit_bio+0x5f/0x130
[ 561.733833] [<ffffffffa01dfa39>] ? finish_rmw+0x3d9/0x540 [btrfs]
[ 561.737844] [<ffffffffa01dfc36>] ? full_stripe_write+0x96/0xa0 [btrfs]
[ 561.742264] [<ffffffffa01e0db7>] ? raid56_parity_write+0xe7/0x170 [btrfs]
[ 561.746696] [<ffffffffa019af98>] ? btrfs_map_bio+0x108/0x310 [btrfs]
[ 561.751207] [<ffffffffa01715f2>] ? btrfs_submit_bio_hook+0xe2/0x190 [btrfs]
[ 561.755938] [<ffffffffa018ab28>] ? submit_one_bio+0x68/0x90 [btrfs]
[ 561.760058] [<ffffffffa018f21f>] ? submit_extent_page+0x12f/0x270 [btrfs]
[ 561.764420] [<ffffffffa018ef90>] ? end_extent_writepage+0x70/0x70 [btrfs]
[ 561.769453] [<ffffffffa018fa26>] ? __extent_writepage_io+0x4b6/0x500 [btrfs]
[ 561.774594] [<ffffffffa018ef90>] ? end_extent_writepage+0x70/0x70 [btrfs]
[ 561.778786] [<ffffffffa018fc72>] ? __extent_writepage+0x202/0x310 [btrfs]
[ 561.783075] [<ffffffffa018ffe1>] ? extent_write_cache_pages.isra.31.constprop.51+0x261/0x330 [btrfs]
[ 561.789645] [<ffffffffa019117d>] ? extent_writepages+0x4d/0x60 [btrfs]
[ 561.794073] [<ffffffffa0173b40>] ? btrfs_real_readdir+0x550/0x550 [btrfs]
[ 561.797999] [<ffffffff8115c8b7>] ? __filemap_fdatawrite_range+0xa7/0xe0
[ 561.802257] [<ffffffffa0184e8b>] ? btrfs_fdatawrite_range+0x1b/0x50 [btrfs]
[ 561.806818] [<ffffffffa01b12aa>] ? __btrfs_write_out_cache.isra.25+0x3ea/0x430 [btrfs]
[ 561.812801] [<ffffffffa01b2551>] ? btrfs_write_out_cache+0x91/0xe0 [btrfs]
[ 561.817386] [<ffffffffa015bdbb>] ? btrfs_write_dirty_block_groups+0x22b/0x290 [btrfs]
[ 561.839307] [<ffffffffa01e2b98>] ? commit_cowonly_roots+0x1fb/0x285 [btrfs]
[ 561.843830] [<ffffffffa016f9a7>] ? btrfs_commit_transaction+0x537/0xa20 [btrfs]
[ 561.848913] [<ffffffffa016ff25>] ? start_transaction+0x95/0x4b0 [btrfs]
[ 561.853960] [<ffffffffa01ddbf0>] ? btrfs_dev_replace_start_v2+0x210/0x2b0 [btrfs]
[ 561.859248] [<ffffffffa01ddcc0>] ? btrfs_auto_replace_start+0x30/0x70 [btrfs]
[ 561.863766] [<ffffffffa0166b68>] ? casualty_kthread+0xa8/0xd0 [btrfs]
[ 561.867711] [<ffffffffa0166ac0>] ? btrfs_destroy_pinned_extent+0xa0/0xa0 [btrfs]
[ 561.873250] [<ffffffff8108f4ad>] ? kthread+0xbd/0xe0
[ 561.876838] [<ffffffff8108f3f0>] ? kthread_create_on_node+0x170/0x170
[ 561.880873] [<ffffffff8155948f>] ? ret_from_fork+0x3f/0x70
[ 561.883891] [<ffffffff8108f3f0>] ? kthread_create_on_node+0x170/0x170
[ 561.887379] Code: 41 55 41 54 55 53 48 89 fb 48 83 ec 28 8b 6f 28 e8 42 2e 2b 00 48 8b 7b 08 c1 ed 09 85 ed 0f 85 f9 01 00 00 48 8b 87 98 00 00 00 <4c> 8b a0 c8 03 00 00 4d 85 e4 0f 84 69 03 00 00 8b 43 28 c1 e8
[ 561.913113] RIP [<ffffffff812a2c44>] generic_make_request_checks+0x34/0x500
[ 561.917541] RSP <ffff88000a1a3618>
[ 561.920073] CR2: 00000000000003c8
[ 561.922302] BUG: unable to handle kernel paging request[ 561.932884] ---[ end trace dd5a118c1c9b4003 ]---

Also fix a sleep-in-RCU warning in btrfs_get_spare_device():

rcu_read_lock();
*path = kstrdup(device->name->str, GFP_NOFS); <- GFP_ATOMIC
rcu_read_unlock();

Signed-off-by: Yauhen Kharuzhy <yauhen.kharuzhy@zavadatar.com>

Commit status
Participants
Parent commits a888e6f
Branches 4.4.5+hotspare-without_degradable_check

Raw commit View raw commit

Comments (0)

Files changed (1)

— —
M fs/btrfs/volumes.c