[next-20250506][btrfs] Kernel OOPS while btrfs/001 TC

Venkat Rao Bagalkote venkat88 at linux.ibm.com
Thu May 8 01:35:42 AEST 2025 

On 07/05/25 2:14 pm, Venkat Rao Bagalkote wrote:
> Hello,
>
>
> I am observing kernel OOPS, while running btrfs/001 TC, from xfstests 
> suite.
>
>
> This issue is introduced in next-20250506. This issue is not seen on 
> next-20250505 kernel.
>
>
> Steps to repro:
>
>
> 1. git clone git://git.kernel.org/pub/scm/fs/xfs/xfstests-dev.git
> 2. cd xfstests-dev/
> 3. mkdir /mnt/loop-device /mnt/test /mnt/scratch
> 4. for i in $(seq 0 5); do fallocate -o 0 -l 5GiB 
> /mnt/loop-device/file-$i.img; done
> 5. for i in $(seq 0 5); do losetup /dev/loop$i 
> /mnt/loop-device/file-$i.img; done
> 6. mkfs.btrfs -f -s 65536 -n 65536 /dev/loop0; mkfs.btrfs -f 
> /dev/loop1; mkfs.btrfs -f /dev/loop2; mkfs.btrfs -f /dev/loop3; 
> mkfs.btrfs -f /dev/loop4; mkfs.btrfs -f /dev/loop5
> 8. vi local.config
> 9. make
> 10. ./check tools/btrfs/001
>
>
> local.config contents:
>
>
> export RECREATE_TEST_DEV=true
> export TEST_DEV=/dev/loop0
> export TEST_DIR=/mnt/test
> export SCRATCH_DEV_POOL="/dev/loop1 /dev/loop2 /dev/loop3 /dev/loop4 
> /dev/loop5"
> export SCRATCH_MNT=/mnt/scratch
> export MKFS_OPTIONS="-f -s 4096 -n 4096"
> export FSTYP=btrfs
> export MOUNT_OPTIONS=""
>
>
> Crash:
>
>
> [  953.799060] Btrfs loaded, zoned=yes, fsverity=no
> [  968.070858] BTRFS: device fsid 3813dc53-a2f3-4342-b44e-c9349f17f991 
> devid 1 transid 8 /dev/loop0 (7:0) scanned by mount (25422)
> [  968.072561] BTRFS info (device loop0): first mount of filesystem 
> 3813dc53-a2f3-4342-b44e-c9349f17f991
> [  968.072584] BTRFS info (device loop0): using crc32c 
> (crc32c-powerpc) checksum algorithm
> [  968.072594] BTRFS info (device loop0): forcing free space tree for 
> sector size 4096 with page size 65536
> [  968.072599] BTRFS info (device loop0): using free-space-tree
> [  968.073867] BTRFS info (device loop0): checking UUID tree
> [  968.074000] Kernel attempted to read user page (68) - exploit 
> attempt? (uid: 0)
> [  968.074009] BUG: Kernel NULL pointer dereference on read at 0x00000068
> [  968.074013] Faulting instruction address: 0xc00800000f7fb5e0
> [  968.074019] Oops: Kernel access of bad area, sig: 11 [#1]
> [  968.074022] LE PAGE_SIZE=64K MMU=Radix  SMP NR_CPUS=8192 NUMA pSeries
> [  968.074028] Modules linked in: btrfs blake2b_generic xor raid6_pq 
> zstd_compress loop dm_mod nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 
> nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject 
> nft_ct sunrpc nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 
> nf_defrag_ipv4 bonding tls rfkill ip_set nf_tables nfnetlink 
> pseries_rng vmx_crypto fuse ext4 crc16 mbcache jbd2 sd_mod sg ibmvscsi 
> scsi_transport_srp ibmveth
> [  968.074074] CPU: 0 UID: 0 PID: 25422 Comm: mount Kdump: loaded Not 
> tainted 6.15.0-rc5-next-20250506 #1 VOLUNTARY
>
> [  968.074087] NIP:  c00800000f7fb5e0 LR: c00800000f7fb3b4 CTR: 
> c00000000047862c
> [  968.074091] REGS: c000000154747920 TRAP: 0300   Not tainted 
> (6.15.0-rc5-next-20250506)
> [  968.074096] MSR:  800000000280b033 
> <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 24022882  XER: 00000000
> [  968.074109] CFAR: c00800000f7fb650 DAR: 0000000000000068 DSISR: 
> 40000000 IRQMASK: 0
> [  968.074109] GPR00: c00800000f7fb3b4 c000000154747bc0 
> c0080000099da600 0000000000000000
> [  968.074109] GPR04: c000000008570c20 7fffffffffffffff 
> 0000000000000000 c0000000068e3a00
> [  968.074109] GPR08: 0000000000000000 0000000000000000 
> c0000000068e3a00 0000000000002000
> [  968.074109] GPR12: c00000000047862c c000000003020000 
> 0000000000000000 0000000000000000
> [  968.074109] GPR16: 0000000000000000 0000000000000000 
> 0000000000000000 0000000000000000
> [  968.074109] GPR20: 0000000000000000 0000000000000000 
> 0000000000000000 0000000000000000
> [  968.074109] GPR24: 0000000000000000 c000000015b00000 
> c00000007a38ac00 0000000000000020
> [  968.074109] GPR28: c000000008560a00 c00000006b1784c0 
> 0000000000000000 c000000063147980
> [  968.074163] NIP [c00800000f7fb5e0] 
> btrfs_get_tree_subvol+0x32c/0x544 [btrfs]
> [  968.074205] LR [c00800000f7fb3b4] btrfs_get_tree_subvol+0x100/0x544 
> [btrfs]
> [  968.074241] Call Trace:
> [  968.074244] [c000000154747bc0] [c00800000f7fb3b4] 
> btrfs_get_tree_subvol+0x100/0x544 [btrfs] (unreliable)
> [  968.074282] [c000000154747cb0] [c000000000630da4] 
> vfs_get_tree+0x48/0x15c
> [  968.074291] [c000000154747d30] [c00000000067675c] 
> do_new_mount+0x234/0x438
> [  968.074297] [c000000154747da0] [c000000000678298] 
> sys_mount+0x164/0x1b0
> [  968.074303] [c000000154747e10] [c000000000033338] 
> system_call_exception+0x138/0x330
> [  968.074311] [c000000154747e50] [c00000000000d05c] 
> system_call_vectored_common+0x15c/0x2ec
> [  968.074319] ---- interrupt: 3000 at 0x7fff89d4edf4
> [  968.074323] NIP:  00007fff89d4edf4 LR: 00007fff89d4edf4 CTR: 
> 0000000000000000
> [  968.074328] REGS: c000000154747e80 TRAP: 3000   Not tainted 
> (6.15.0-rc5-next-20250506)
> [  968.074333] MSR:  800000000280f033 
> <SF,VEC,VSX,EE,PR,FP,ME,IR,DR,RI,LE>  CR: 44022804  XER: 00000000
> [  968.074345] IRQMASK: 0
> [  968.074345] GPR00: 0000000000000015 00007fffc25e41b0 
> 00007fff89e37d00 000000015e810710
> [  968.074345] GPR04: 000000015e810730 000000015e8106f0 
> 0000000000000000 000000015e810690
> [  968.074345] GPR08: 000000015e8106f0 0000000000000000 
> 0000000000000000 0000000000000000
> [  968.074345] GPR12: 0000000000000000 00007fff8a03c140 
> 0000000000000000 0000000000000000
> [  968.074345] GPR16: 0000000000000000 0000000000000000 
> 0000000000000000 0000000125d1f298
> [  968.074345] GPR20: 0000000000000000 0000000000000000 
> 000000015e810530 000000015e810730
> [  968.074345] GPR24: 00007fff89f38e68 00007fff89f38e78 
> 00007fff89f3dfe8 00007fff89f60240
> [  968.074345] GPR28: 000000015e8106f0 0000000000000000 
> 000000015e810710 0000000000100000
> [  968.074396] NIP [00007fff89d4edf4] 0x7fff89d4edf4
> [  968.074399] LR [00007fff89d4edf4] 0x7fff89d4edf4
> [  968.074403] ---- interrupt: 3000
> [  968.074406] Code: 4bffeffd 3920f000 7c234840 7c7e1b78 41810144 
> 7c7a1b78 4bfffe30 60000000 813f0088 71290001 41820068 e93d0040 
> <e8690068> 38630070 481416e1 e8410018
> [  968.074425] ---[ end trace 0000000000000000 ]---
> [  968.076694] pstore: backend (nvram) writing error (-1)
> [  968.076698]
>
>

Git bisect is pointing first bad commit: 
[25efcff06654aa283be379420e8b1f8d344c2f78] btrfs_get_tree_subvol(): 
switch from fc_mount() to vfs_create_mount().


Upon reverting above commit, issue is not seen. Please help in fixing 
this issue.


Bisection log:


git bisect start
# status: waiting for both good and bad commits
# good: [92a09c47464d040866cf2b4cd052bc60555185fb] Linux 6.15-rc5
git bisect good 92a09c47464d040866cf2b4cd052bc60555185fb
# status: waiting for bad commit, 1 good commit known
# bad: [0a00723f4c2d0b273edd0737f236f103164a08eb] Add linux-next 
specific files for 20250506
git bisect bad 0a00723f4c2d0b273edd0737f236f103164a08eb
# bad: [d0a7045528df303c86ce87662728ea8ee136c7ef] Merge branch 
'nand/next' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux.git
git bisect bad d0a7045528df303c86ce87662728ea8ee136c7ef
# bad: [3acffb16ef28cc1979b42c235fed9c7bf653e815] Merge branch 'fs-next' 
of linux-next
git bisect bad 3acffb16ef28cc1979b42c235fed9c7bf653e815
# good: [59e921108839edbbcbce23475596fee455ec4129] Merge branch 'next' 
of git://git.kernel.org/pub/scm/linux/kernel/git/geert/renesas-devel.git
git bisect good 59e921108839edbbcbce23475596fee455ec4129
# bad: [28485805726d7960c1d5be4a45d59ea26652f6d2] Merge branch 'master' 
of https://github.com/Paragon-Software-Group/linux-ntfs3.git
git bisect bad 28485805726d7960c1d5be4a45d59ea26652f6d2
# bad: [255b0bb00ae27f2adcf054b71f29be50d2e34025] Merge branch 
'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux.git
git bisect bad 255b0bb00ae27f2adcf054b71f29be50d2e34025
# good: [456619c2c7107c700321664f79c4e89d19805063] btrfs: simplify 
getting and extracting previous transaction at clean_pinned_extents()
git bisect good 456619c2c7107c700321664f79c4e89d19805063
# good: [028156969e9f640e7eee0a98b19c731fd9862f14] bcachefs: 
bch2_io_failures_to_text()
git bisect good 028156969e9f640e7eee0a98b19c731fd9862f14
# good: [b3f59e3a42fd075d40a65dbcdf853302db4ba93f] bcachefs: Ensure 
proper write alignment
git bisect good b3f59e3a42fd075d40a65dbcdf853302db4ba93f
# good: [8209541b4998a1bcf99c7530e60ce6c9aefd87f8] btrfs: update 
lookup_root_entry to to use rb helper
git bisect good 8209541b4998a1bcf99c7530e60ce6c9aefd87f8
# good: [94fa56d94dbca52e07b0f0233257f502ca6d547a] btrfs: scrub: fix a 
wrong error type when metadata bytenr mismatches
git bisect good 94fa56d94dbca52e07b0f0233257f502ca6d547a
# bad: [c91d3cff2a3ce3fc0960d8e6bdb69be51f105d67] Merge branch 
'misc-next' into for-next-next-v6.15-20250505
git bisect bad c91d3cff2a3ce3fc0960d8e6bdb69be51f105d67
# bad: [25efcff06654aa283be379420e8b1f8d344c2f78] 
btrfs_get_tree_subvol(): switch from fc_mount() to vfs_create_mount()
git bisect bad 25efcff06654aa283be379420e8b1f8d344c2f78
# good: [4254b8e069c7fa48106be44f8fcf4cafc264bd14] btrfs: scrub: 
aggregate small bitmaps into a larger one
git bisect good 4254b8e069c7fa48106be44f8fcf4cafc264bd14
# first bad commit: [25efcff06654aa283be379420e8b1f8d344c2f78] 
btrfs_get_tree_subvol(): switch from fc_mount() to vfs_create_mount()


Regards,

Venkat.

>
> If you happent to fix this, please add below tag.
>
>
> Reported-by: Venkat Rao Bagalkote <venkat88 at linux.ibm.com>
>
>
> Regards,
>
> Venkat.
>

More information about the Linuxppc-dev mailing list