Bug 1294521

Summary: [abrt] BUG: unable to handle kernel NULL pointer dereference at 0000000000000334 [btrfs]
Product: [Fedora] Fedora Reporter: Fabio Massaioli <fabio>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 23CC: fabio, gansalmon, itamar, jonathan, kernel-maint, madhu.chinakonda, mchehab
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/fb767531b632d1190e90533d3b7357cff3e1b3bc
Whiteboard: abrt_hash:735da7ea23ba80919c626dc108cbc02ad1e545c3;VARIANT_ID=workstation;
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-09-25 19:33:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: dmesg none

Description Fabio Massaioli 2015-12-28 17:43:47 UTC 
Description of problem:
I had the following setup:
1GB btrfs image stored in tmpfs, bound to a loop device and mounted, accessed through an overlayfs mount with two different subvolumes as lowerdir and upperdir, the former read-only, the latter writable. The workdir was also a directory in the btrfs mount, in the root subvolume.

When I tried to change a file with vi, the system crashed.

Additional info:
reporter:       libreport-2.6.3
BUG: unable to handle kernel NULL pointer dereference at 0000000000000334
IP: [<ffffffffa0c594bc>] btrfs_sync_file+0xcc/0x350 [btrfs]
PGD 0 
Oops: 0002 [#1] SMP 
Modules linked in: btrfs xor raid6_pq nls_utf8 hfsplus hfs isofs loop xt_CHECKSUM tun veth ipt_MASQUERADE nf_nat_masquerade_ipv4 xt_addrtype br_netfilter overlay rfcomm fuse ccm nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_filter ebtable_nat ebtable_broute bridge ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_raw ip6table_mangle ip6table_security ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_raw iptable_mangle iptable_security bnep vfat fat uvcvideo videobuf2_vmalloc videobuf2_core iTCO_wdt iTCO_vendor_support snd_hda_codec_realtek arc4 videobuf2_memops acer_wmi ath9k sparse_keymap v4l2_common ath9k_common intel_rapl ath9k_hw iosf_mbi
 snd_hda_codec_hdmi snd_hda_codec_generic snd_soc_rt5640 ath3k btusb btrtl videodev ath snd_soc_rl6231 x86_pkg_temp_thermal btbcm mac80211 coretemp snd_hda_intel snd_hda_codec snd_soc_core kvm_intel media btintel snd_hda_core snd_hwdep snd_compress bluetooth cfg80211 snd_pcm_dmaengine kvm crct10dif_pclmul crc32_pclmul ac97_bus crc32c_intel snd_seq snd_seq_device rfkill snd_pcm snd_timer joydev snd mei_me mei dw_dmac shpchp dw_dmac_core lpc_ich i2c_designware_platform snd_soc_sst_acpi soundcore soc_button_array i2c_designware_core i2c_i801 wmi nfsd auth_rpcgss nfs_acl lockd grace sunrpc binfmt_misc amdkfd amd_iommu_v2 radeon i915 8021q garp stp llc mrp ttm i2c_algo_bit drm_kms_helper serio_raw drm tg3 sdhci_pci ptp pps_core sdhci_acpi sdhci mmc_core video i2c_hid
CPU: 2 PID: 11227 Comm: vi Not tainted 4.2.8-300.fc23.x86_64 #1
Hardware name: Acer Aspire E1-572G/EA50_HW   , BIOS V2.14 01/15/2014
task: ffff880219abd880 ti: ffff8801e182c000 task.ti: ffff8801e182c000
RIP: 0010:[<ffffffffa0c594bc>]  [<ffffffffa0c594bc>] btrfs_sync_file+0xcc/0x350 [btrfs]
RSP: 0018:ffff8801e182fe28  EFLAGS: 00010292
RAX: ffff880219abd880 RBX: ffff8801a91b3b00 RCX: 0000000000000000
RDX: 0000000080000000 RSI: 0000000000000000 RDI: ffff88022a5b6660
RBP: ffff8801e182feb8 R08: 0000000000000001 R09: 0000000000000f00
R10: 0000000000000000 R11: 0000000000000246 R12: ffff88022a5b6660
R13: ffff88022a5b65b8 R14: 0000000000000000 R15: 0000000000000000
FS:  00007f98e5a8a800(0000) GS:ffff88025f280000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000334 CR3: 0000000214cfa000 CR4: 00000000001426e0
Stack:
 ffff8801a91b3b10 0000000200000001 8000000000000000 ffff88024c175000
 7fffffffffffffff 0000000000000000 ffff8801a91b3b10 0000000000000000
 0000000000000000 ffff880230a23000 0000000000001000 00000000d289e66e
Call Trace:
 [<ffffffff8124fd39>] vfs_fsync_range+0x49/0xa0
 [<ffffffff8124fded>] do_fsync+0x3d/0x70
 [<ffffffff8121df42>] ? SyS_lseek+0x92/0xb0
 [<ffffffff81250090>] SyS_fsync+0x10/0x20
 [<ffffffff8177a2ae>] entry_SYSCALL_64_fastpath+0x12/0x71
Code: 8b 0e 48 85 c9 75 e8 eb 9e 48 8b 45 90 4c 8b 75 98 4d 8d a5 a8 00 00 00 4c 89 e7 4c 29 f0 48 83 c0 01 48 89 45 80 e8 c4 ea b1 e0 <f0> 41 ff 87 34 03 00 00 49 8b 85 70 ff ff ff 48 c1 e8 07 83 e0 
RIP  [<ffffffffa0c594bc>] btrfs_sync_file+0xcc/0x350 [btrfs]
 RSP <ffff8801e182fe28>
CR2: 0000000000000334
Comment 1 Fabio Massaioli 2015-12-28 17:44:01 UTC 
Created attachment 1110049 [details]
File: dmesg
Comment 2 Fabio Massaioli 2015-12-28 21:45:53 UTC 
Probably related: https://bugzilla.kernel.org/show_bug.cgi?id=101951
Comment 3 Laura Abbott 2016-09-23 19:48:04 UTC 
*********** MASS BUG UPDATE **************
 
We apologize for the inconvenience.  There is a large number of bugs to go through and several of them have gone stale.  Due to this, we are doing a mass bug update across all of the Fedora 23 kernel bugs.
 
Fedora 23 has now been rebased to 4.7.4-100.fc23.  Please test this kernel update (or newer) and let us know if you issue has been resolved or if it is still present with the newer kernel.
 
If you have moved on to Fedora 24 or 25, and are still experiencing this issue, please change the version to Fedora 24 or 25.
 
If you experience different issues, please open a new bug report for those.
Comment 4 Fabio Massaioli 2016-09-24 09:01:06 UTC 
This bug should be fixed in kernel versions >= 4.6 (see commit de17e793b104d690e1d007dfc5cb6b4f649598ca https://github.com/torvalds/linux/commit/de17e793b104d690e1d007dfc5cb6b4f649598ca).
I do not use fedora anymore so I can't test.
Comment 5 Josh Boyer 2016-09-25 19:33:16 UTC 
Thank you.