On Thu, Jan 25, 2018 at 11:02:54AM -0700, Liu Bo wrote:
> I got these from running generic/475,
>
> WARNING: CPU: 0 PID: 26384 at fs/btrfs/inode.c:3326 btrfs_orphan_commit_root+0x1ac/0x2b0 [btrfs]
> BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
> IP: btrfs_block_rsv_release+0x1c/0x70 [btrfs]
> Call Trace:
> btrfs_orphan_release_metadata+0x9f/0x200 [btrfs]
> btrfs_orphan_del+0x10d/0x170 [btrfs]
> btrfs_setattr+0x500/0x640 [btrfs]
> notify_change+0x7ae/0x870
> do_truncate+0xca/0x130
> vfs_truncate+0x2ee/0x3d0
> do_sys_truncate+0xaf/0xf0
> SyS_truncate+0xe/0x10
> entry_SYSCALL_64_fastpath+0x1f/0x96
>
> The race is between btrfs_orphan_commit_root and btrfs_orphan_del,
> t1 t2
> btrfs_orphan_commit_root btrfs_orphan_del
> spin_lock
> check (&root->orphan_inodes)
> root->orphan_block_rsv = NULL;
> spin_unlock
> atomic_dec(&root->orphan_inodes);
> access root->orphan_block_rsv
>
> Accessing root->orphan_block_rsv must be done before decreasing
> root->orphan_inodes.
>
> cc: <stable@xxxxxxxxxxxxxxx> v3.12+
> Fixes: 703c88e03524 ("Btrfs: fix tracking of orphan inode count")
> Signed-off-by: Liu Bo <bo.li.liu@xxxxxxxxxx>
Reviewed-by: Josef Bacik <jbacik@xxxxxx>
Thanks,
Josef
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
