On 2020/7/16 上午8:15, Qu Wenruo wrote: > > > On 2020/7/15 下午9:49, Chris Down wrote: >> Hi Wenruo, >> >> While testing my pending patches on top of linux-next, I encountered a >> bug that seems related to this patch during btrfs unmount. Specifically, >> a null pointer dereference in kobject_del inside btrfs_sysfs_del_qgroups >> from close_ctree. >> >> The fix may be as simple as checking if the kobject is initialised, >> although perhaps it should always be initialised in this case, so I'll >> leave you to work out what the real issue is :-) > > Thank you very much for the report. > > May I ask if the qgroup is enabled? Or qgroup is not enabled at all? BTW, after checking the code, it looks a little strange to me. Firstly, both kobject_del and kobject_put() has extra check on NULL pointers, thus if fs_info->qgroups_kobj is NULL, it should do nothing and exit. Secondly, the fs_info->qgroup_kobj is initialized to zero, by kvzalloc() in btrfs_mount_root(). Thus unless we modified it manually, it should always be NULL. And for the locations modifying qgroups_kobj, it's either allocating it, in btrfs_sysfs_add_qgroups(), or removing it and set it back to NULL in btrfs_sysfs_del_qgroups(). Thus this looks pretty weird. Would you please provide the full call trace (especially the address causing the NULL pointer deref) and the reproducer (if possible)? Thanks, Qu > > Thanks, > Qu >> >> >> RIP: kobject_del+0x1/0x20 >> >> [...] >> >> Call Trace: >> btrfs_sysfs_del_qgroups+0xa5/0xe0 >> close_ctree+0x1cd/0x2c0 >> generic_shutdown_super+0x6c/0x100 >> kill_anon_super+0x14/0x30 >> btrfs_kill_super+0x12/0x20 >> deactivate_locked_super+0x36/0x90 >> cleanup_mnt+0x12d/0x190 >> task_work_run+0x5c/0x90 >> __prepare_exit_to_usermode+0x164/0x170 >> [...] >> >> Thanks, >> >> Chris >
Attachment:
signature.asc
Description: OpenPGP digital signature
