Bug 1038526

Summary: btrfs crashes with quota enabled
Product: [Fedora] Fedora Reporter: Volodymyr <vgulch>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 19CC: gansalmon, itamar, jonathan, kernel-maint, madhu.chinakonda, myroslav, slavikvin
Target Milestone: ---Flags: jforbes: needinfo?
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-03-10 14:38:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Volodymyr 2013-12-05 09:37:30 UTC 
Description of problem:
I have a /data partition formatted with btrfs.
Its a subvolume with quota enabled
My skype and firefox profiles are there
When i start skype kernel crashes raise in logfile
Skype is dead and /data are not accessible anymore
Same thing happens when i try to use firefox.



Version-Release number of selected component (if applicable):
kernel-PAE-3.11.8-200.fc19.i686

How reproducible:
enable quota on partition with skype or firefox profile
and try to start skype or firefox
Steps to Reproduce:
1. enable quota on btrfs
btrfs quota enable /data/
btrfs qgroup limit 40G /data/
2. start skype


Actual results:
1. skype hangs
2. unusable filesystem
2. kernel crashes
Dec  4 11:44:12 clerihew kernel: [613271.565361] BUG: unable to handle kernel NULL pointer dereference at   (null)
Dec  4 11:44:12 clerihew kernel: [613271.565558] IP: [<c069f447>] __list_del_entry+0x7/0xe0
Dec  4 11:44:12 clerihew kernel: [613271.565747] *pdpt = 0000000020ce6001 *pde = 0000000000000000 
Dec  4 11:44:12 clerihew kernel: [613271.565978] Oops: 0000 [#1] SMP 
Dec  4 11:44:12 clerihew kernel: [613271.566172] Modules linked in: dm_crypt nf_conntrack_netbios_ns nf_conntrack_broadcast ipt_MASQUERADE ip6t_REJECT xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_
nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable
_raw rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache rfcomm bnep btrfs zlib_deflate raid6_pq libcrc32c xor snd_hda_codec_hdmi snd_hda_codec_via snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm snd_page_alloc snd_timer sn
d btusb bluetooth kvm_amd kvm soundcore serio_raw microcode k10temp uinput nfsd auth_rpcgss forcedeth rfkill i2c_nforce2 asus_atk0110 acpi_cpufreq mperf nfs_acl lockd vboxvideo(OF) sunrpc nouveau i2c_algo_bit mxm_wmi drm_kms_helper ttm drm
 i2c_core ata_generic pata_acpi pata_amd video wmi [last unloaded: iptable_raw]
Dec  4 11:44:12 clerihew kernel: [613271.568512] CPU: 1 PID: 31631 Comm: btrfs-endio-wri Tainted: GF          O 3.11.8-200.fc19.i686.PAE #1
Dec  4 11:44:12 clerihew kernel: [613271.568853] Hardware name: System manufacturer System Product Name/M3N78-VM, BIOS 1102    05/12/2009
Dec  4 11:44:12 clerihew kernel: [613271.569206] task: f73c2bc0 ti: defe0000 task.ti: defe0000
Dec  4 11:44:12 clerihew kernel: [613271.569565] EIP: 0060:[<c069f447>] EFLAGS: 00010286 CPU: 1
Dec  4 11:44:12 clerihew kernel: [613271.569933] EIP is at __list_del_entry+0x7/0xe0
Dec  4 11:44:12 clerihew kernel: [613271.570306] EAX: 00000000 EBX: 00000000 ECX: 00256da2 EDX: 00256da1
Dec  4 11:44:12 clerihew kernel: [613271.570687] ESI: defe1d04 EDI: 00000000 EBP: defe1c90 ESP: defe1c78
Dec  4 11:44:12 clerihew kernel: [613271.571081]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Dec  4 11:44:12 clerihew kernel: [613271.571485] CR0: 8005003b CR2: 00000000 CR3: 20d9a000 CR4: 000007f0
Dec  4 11:44:12 clerihew kernel: [613271.571903] Stack:
Dec  4 11:44:12 clerihew kernel: [613271.572325]  00256da2 f53763c0 fcf37580 f3e9e9a0 defe1d04 00000000 defe1c9c c069f52b
Dec  4 11:44:12 clerihew kernel: [613271.572815]  00000000 defe1d4c fcfb8a5f 00000000 00000000 defe1cf8 00000050 259c9000
Dec  4 11:44:12 clerihew kernel: [613271.573320]  00000000 00000001 00000001 f2306c00 00000000 00000103 00000000 ffffffff
Dec  4 11:44:12 clerihew kernel: [613271.573835] Call Trace:
Dec  4 11:44:12 clerihew kernel: [613271.574386]  [<fcf37580>] ? btrfs_free_path+0x20/0x30 [btrfs]
Dec  4 11:44:12 clerihew kernel: [613271.574888]  [<c069f52b>] list_del+0xb/0x20
Dec  4 11:44:12 clerihew kernel: [613271.575486]  [<fcfb8a5f>] find_parent_nodes+0x3bf/0x1080 [btrfs]
Dec  4 11:44:12 clerihew kernel: [613271.576070]  [<fcfb97d2>] btrfs_find_all_roots+0xb2/0x110 [btrfs]
Dec  4 11:44:12 clerihew kernel: [613271.576661]  [<fcfbd95d>] btrfs_qgroup_account_ref+0x15d/0x610 [btrfs]
Dec  4 11:44:12 clerihew kernel: [613271.577243]  [<fcf41b6b>] ? block_rsv_release_bytes+0x15b/0x260 [btrfs]
Dec  4 11:44:12 clerihew kernel: [613271.577869]  [<fcf45d1d>] btrfs_delayed_refs_qgroup_accounting+0x7d/0xe0 [btrfs]
Dec  4 11:44:12 clerihew kernel: [613271.578496]  [<fcf47cbc>] ? btrfs_block_rsv_release+0x4c/0x60 [btrfs]
Dec  4 11:44:12 clerihew kernel: [613271.579150]  [<fcf5e342>] __btrfs_end_transaction+0x52/0x300 [btrfs]
Dec  4 11:44:12 clerihew kernel: [613271.579796]  [<fcf5e5ff>] btrfs_end_transaction+0xf/0x20 [btrfs]
Dec  4 11:44:12 clerihew kernel: [613271.580462]  [<fcf6a6be>] btrfs_finish_ordered_io+0xfe/0xae0 [btrfs]
Dec  4 11:44:12 clerihew kernel: [613271.581098]  [<c047e5e8>] ? ttwu_do_wakeup+0x18/0x100
Dec  4 11:44:12 clerihew kernel: [613271.581779]  [<c047e791>] ? ttwu_do_activate.constprop.87+0x51/0x60
Dec  4 11:44:12 clerihew kernel: [613271.582475]  [<c04804af>] ? wake_up_process+0x1f/0x40
Dec  4 11:44:12 clerihew kernel: [613271.583226]  [<fcf8e0d2>] ? btrfs_queue_worker+0x182/0x2a0 [btrfs]
Dec  4 11:44:12 clerihew kernel: [613271.583936]  [<fcf6b2c0>] finish_ordered_fn+0x10/0x20 [btrfs]
Dec  4 11:44:12 clerihew kernel: [613271.584670]  [<fcf8e2e5>] worker_loop+0xf5/0x450 [btrfs]
Dec  4 11:44:12 clerihew kernel: [613271.585413]  [<fcf8e1f0>] ? btrfs_queue_worker+0x2a0/0x2a0 [btrfs]
Dec  4 11:44:12 clerihew kernel: [613271.586115]  [<c0471704>] kthread+0x94/0xa0
Dec  4 11:44:12 clerihew kernel: [613271.586873]  [<c099fcf7>] ret_from_kernel_thread+0x1b/0x28
Dec  4 11:44:12 clerihew kernel: [613271.587636]  [<c0471670>] ? insert_kthread_work+0x30/0x30
Dec  4 11:44:12 clerihew kernel: [613271.588384] Code: e9 1d b6 c0 89 45 f0 89 55 f4 89 4d f8 e8 92 55 db ff 8b 45 f0 8b 55 f4 8b 4d f8 e9 2c ff ff ff 8d 74 26 00 55 89 e5 53 83 ec 14 <8b> 08 8b 50 04 81 f9 00 01 10 00 74 24 81 fa 00 02 20
 00 0f 84
Dec  4 11:44:12 clerihew kernel: [613271.589957] EIP: [<c069f447>] __list_del_entry+0x7/0xe0 SS:ESP 0068:defe1c78
Dec  4 11:44:12 clerihew kernel: [613271.590720] CR2: 0000000000000000


Expected results:
working skype and firefox
working btrfs filesystem

Additional info:
When i disable btrfs quota system works as expected
Comment 1 Volodymyr 2013-12-05 13:30:18 UTC 
one more try on clean machine with F19 and 3.11.6-200.fc19.i686.PAE kernel
- create btrfs partition
- enable quota
- create subvolume
- mount subvolume
- started clean skype profile on btrfs

There were no errors until i called another skype account
Behavor is the same. Here is another call trace

Dec  5 15:23:02 patina kernel: [ 1282.630100] BUG: unable to handle kernel NULL pointer dereference at   (null)
Dec  5 15:23:02 patina kernel: [ 1282.630376] IP: [<c069f5b7>] __list_del_entry+0x7/0xe0
Dec  5 15:23:02 patina kernel: [ 1282.630641] *pdpt = 000000002f5d5001 *pde = 0000000000000000 
Dec  5 15:23:02 patina kernel: [ 1282.630910] Oops: 0000 [#1] SMP 
Dec  5 15:23:02 patina kernel: [ 1282.631187] Modules linked in: rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache nf_conntrack_netbios_ns nf_conntrack_broadcast ipt_MASQUERADE ip6t_REJECT xt_conntrack bnep bluetooth rfkill ebtable_nat ebtabl
e_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf
_nat nf_conntrack iptable_mangle iptable_security iptable_raw btrfs zlib_deflate raid6_pq libcrc32c xor snd_hda_codec_hdmi kvm_amd kvm snd_hda_codec_via snd_hda_intel microcode snd_hda_codec snd_hwdep snd_seq snd_seq_device forcedeth nfsd 
snd_pcm snd_page_alloc snd_timer snd auth_rpcgss soundcore serio_raw k10temp i2c_nforce2 asus_atk0110 acpi_cpufreq mperf nfs_acl lockd sunrpc uinput nouveau mxm_wmi i2c_algo_bit drm_kms_helper ttm ata_generic pata_amd drm pata_acpi i2c_cor
e video wmi
Dec  5 15:23:02 patina kernel: [ 1282.633514] CPU: 1 PID: 410 Comm: btrfs-endio-wri Not tainted 3.11.6-200.fc19.i686.PAE #1
Dec  5 15:23:02 patina kernel: [ 1282.633931] Hardware name: System manufacturer System Product Name/M3N78-VM, BIOS 1102    05/12/2009
Dec  5 15:23:02 patina kernel: [ 1282.634361] task: f601fa80 ti: f177e000 task.ti: f177e000
Dec  5 15:23:02 patina kernel: [ 1282.634799] EIP: 0060:[<c069f5b7>] EFLAGS: 00010286 CPU: 1
Dec  5 15:23:02 patina kernel: [ 1282.635248] EIP is at __list_del_entry+0x7/0xe0
Dec  5 15:23:02 patina kernel: [ 1282.635703] EAX: 00000000 EBX: 00000000 ECX: 000042df EDX: 000042de
Dec  5 15:23:02 patina kernel: [ 1282.636169] ESI: f177fd04 EDI: 00000000 EBP: f177fc90 ESP: f177fc78
Dec  5 15:23:02 patina kernel: [ 1282.636647]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Dec  5 15:23:02 patina kernel: [ 1282.637132] CR0: 8005003b CR2: 00000000 CR3: 2f5d4000 CR4: 000007f0
Dec  5 15:23:02 patina kernel: [ 1282.637634] Stack:
Dec  5 15:23:02 patina kernel: [ 1282.638139]  000042df f40de400 fc97d590 f66201c0 f177fd04 00000000 f177fc9c c069f69b
Dec  5 15:23:02 patina kernel: [ 1282.638689]  00000000 f177fd4c fc9feb4f 00000000 00000000 f177fcf8 00000050 03e99000
Dec  5 15:23:02 patina kernel: [ 1282.639253]  00000000 00000001 00000001 f17d5800 00000000 00000101 00000000 ffffffff
Dec  5 15:23:02 patina kernel: [ 1282.639826] Call Trace:
Dec  5 15:23:02 patina kernel: [ 1282.640431]  [<fc97d590>] ? btrfs_free_path+0x20/0x30 [btrfs]
Dec  5 15:23:02 patina kernel: [ 1282.641016]  [<c069f69b>] list_del+0xb/0x20
Dec  5 15:23:02 patina kernel: [ 1282.641659]  [<fc9feb4f>] find_parent_nodes+0x3bf/0x1080 [btrfs]
Dec  5 15:23:02 patina kernel: [ 1282.642312]  [<fc9ff8c2>] btrfs_find_all_roots+0xb2/0x110 [btrfs]
Dec  5 15:23:02 patina kernel: [ 1282.642973]  [<fca03a4d>] btrfs_qgroup_account_ref+0x15d/0x610 [btrfs]
Dec  5 15:23:02 patina kernel: [ 1282.643622]  [<fc987b7b>] ? block_rsv_release_bytes+0x15b/0x260 [btrfs]
Dec  5 15:23:02 patina kernel: [ 1282.644283]  [<fc98bd3d>] btrfs_delayed_refs_qgroup_accounting+0x7d/0xe0 [btrfs]
Dec  5 15:23:02 patina kernel: [ 1282.644954]  [<fc98dcec>] ? btrfs_block_rsv_release+0x4c/0x60 [btrfs]
Dec  5 15:23:02 patina kernel: [ 1282.645637]  [<fc9a4382>] __btrfs_end_transaction+0x52/0x300 [btrfs]
Dec  5 15:23:02 patina kernel: [ 1282.646333]  [<fc9a463f>] btrfs_end_transaction+0xf/0x20 [btrfs]
Dec  5 15:23:02 patina kernel: [ 1282.647037]  [<fc9b074e>] btrfs_finish_ordered_io+0xfe/0xad0 [btrfs]
Dec  5 15:23:02 patina kernel: [ 1282.647713]  [<c04600b2>] ? try_to_del_timer_sync+0x42/0x60
Dec  5 15:23:02 patina kernel: [ 1282.648393]  [<c0460119>] ? del_timer_sync+0x49/0x60
Dec  5 15:23:02 patina kernel: [ 1282.649081]  [<c045f1f0>] ? __internal_add_timer+0xc0/0xc0
Dec  5 15:23:02 patina kernel: [ 1282.649818]  [<fc9b1340>] finish_ordered_fn+0x10/0x20 [btrfs]
Dec  5 15:23:02 patina kernel: [ 1282.650566]  [<fc9d43b5>] worker_loop+0xf5/0x450 [btrfs]
Dec  5 15:23:02 patina kernel: [ 1282.651326]  [<fc9d42c0>] ? btrfs_queue_worker+0x2a0/0x2a0 [btrfs]
Dec  5 15:23:02 patina kernel: [ 1282.652054]  [<c04716c4>] kthread+0x94/0xa0
Dec  5 15:23:02 patina kernel: [ 1282.652787]  [<c09a01f7>] ret_from_kernel_thread+0x1b/0x28
Dec  5 15:23:02 patina kernel: [ 1282.653529]  [<c0471630>] ? insert_kthread_work+0x30/0x30
Dec  5 15:23:02 patina kernel: [ 1282.654274] Code: 01 1d b6 c0 89 45 f0 89 55 f4 89 4d f8 e8 f2 53 db ff 8b 45 f0 8b 55 f4 8b 4d f8 e9 2c ff ff ff 8d 74 26 00 55 89 e5 53 83 ec 14 <8b> 08 8b 50 04 81 f9 00 01 10 00 74 24 81 fa 00 02 20 00 0f 84
Dec  5 15:23:02 patina kernel: [ 1282.656031] EIP: [<c069f5b7>] __list_del_entry+0x7/0xe0 SS:ESP 0068:f177fc78
Dec  5 15:23:02 patina kernel: [ 1282.656890] CR2: 0000000000000000
Dec  5 15:23:02 patina kernel: [ 1282.661493] ---[ end trace d1f4bd91365e9aa3 ]---
Comment 2 Justin M. Forbes 2014-01-03 22:03:10 UTC 
*********** MASS BUG UPDATE **************

We apologize for the inconvenience.  There is a large number of bugs to go through and several of them have gone stale.  Due to this, we are doing a mass bug update across all of the Fedora 19 kernel bugs.

Fedora 19 has now been rebased to 3.12.6-200.fc19.  Please test this kernel update (or newer) and let us know if you issue has been resolved or if it is still present with the newer kernel.

If you have moved on to Fedora 20, and are still experiencing this issue, please change the version to Fedora 20.

If you experience different issues, please open a new bug report for those.
Comment 3 Justin M. Forbes 2014-03-10 14:38:09 UTC 
*********** MASS BUG UPDATE **************

This bug has been in a needinfo state for more than 1 month and is being closed with insufficient data due to inactivity. If this is still an issue with Fedora 19, please feel free to reopen the bug and provide the additional information requested.