Bug 1415505

Summary: [abrt] BUG: unable to handle kernel NULL pointer dereference at 0000000000000570
Product: [Fedora] Fedora Reporter: georg
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 25CC: cz172638, gansalmon, ichavero, itamar, jonathan, kernel-maint, madhu.chinakonda, mchehab
Target Milestone: ---Flags: jforbes: needinfo?
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/5cd329025ee4b313975d4f1bbe5c7ca8aefa3006
Whiteboard: abrt_hash:5d6883179e4cafde30828bd0433b82f83bcb7e65;VARIANT_ID=workstation;
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-04-28 17:19:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: dmesg none

Description georg 2017-01-22 20:08:31 UTC 
Description of problem:
First
 i used fedora live to try to repair. this problem was not initially cased by fedora 25 with this kernel. However it does also occur in fedora.

With a CentOS PC i did a balance on a btrfs raid5. this crashed and the  fs was mounted ro. this is a know bug so far, not with the nullpointer though
look a little bit around and decided to  reboot. After reboot centOS kernal Paniced after about 30 sec of loginscreen available with nullpointer exception
wanted to fix it on fedora live. crashed on booting  fedora which was trying to mount the btrfs raid5

additional information, most liklz not important
added a hdd to a btrfs raid5 which was full. rebalance with mconvert.. dconv... failed due to full device. made some space bz deleting a snapshot and started full rebalance without filter
after about 20 percent where done the process crashed. did find the fs mounted read only the next moring. made some investigation like checking aif balance still running (no),  how fare balance got (about 20 percent estimated) any dmesg infos (nothing unusuall) and then rebooted as a not important package got installed. just in case.

Probably not reproducable on another system then mine. As is suspect that the btrfs raid5 structure has on my disks are causing the problem and the write process crashed right at a critical moment. which may be hard to reproduce

Additional info:
reporter:       libreport-2.8.0
BUG: unable to handle kernel NULL pointer dereference at 0000000000000570
IP: [<ffffffff9d80232c>] _raw_spin_lock+0xc/0x30
PGD 0 
Oops: 0002 [#1] SMP
Modules linked in: fuse nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_REJECT nf_reject_ipv6 ip6t_rpfilter xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw ebtable_filter ebtables ip6table_filter ip6_tables intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass snd_hda_codec_realtek snd_hda_codec_generic intel_cstate mei_wdt iTCO_wdt iTCO_vendor_support snd_hda_intel intel_uncore dcdbas intel_rapl_perf snd_hda_codec snd_hda_core i915 snd_hwdep snd_seq i2c_i801 snd_seq_device lpc_ich i2c_smbus i2c_algo_bit snd_pcm drm_kms_helper
 drm snd_timer video snd soundcore shpchp mei_me mei tpm_tis tpm_tis_core tpm nfsd auth_rpcgss nfs_acl lockd grace nls_utf8 isofs squashfs btrfs 8021q garp stp llc mrp xor raid6_pq crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel serio_raw e1000e ptp pps_core fjes uas usb_storage sunrpc scsi_transport_iscsi loop
CPU: 0 PID: 1723 Comm: mount Not tainted 4.8.6-300.fc25.x86_64 #1
Hardware name: Dell Inc. PowerEdge T20/0VD5HY, BIOS A06 01/27/2015
task: ffff984b95ef8000 task.stack: ffff984b95ee4000
RIP: 0010:[<ffffffff9d80232c>]  [<ffffffff9d80232c>] _raw_spin_lock+0xc/0x30
RSP: 0018:ffff984b95ee7a28  EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff984b95ee7a90 RCX: 0000000000000000
RDX: 0000000000000001 RSI: ffff984c1ea20600 RDI: 0000000000000570
RBP: ffff984b95ee7a48 R08: 0000000000020600 R09: ffffffffc035b3c6
R10: ffffea000276ba00 R11: 000000000000036a R12: ffff984b9daed800
R13: 0000000000000000 R14: ffff984b9daed800 R15: 0000000000000000
FS:  00007f1535672340(0000) GS:ffff984c1ea00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000570 CR3: 0000000095f24000 CR4: 00000000000406f0
Stack:
 ffffffffc03dbd2b ffff984b95ee7a90 ffff984b95e77800 ffff984b95ee7a90
 ffff984b95ee7a60 ffffffffc03dbe04 ffff984b95ec8620 ffff984b95ee7af8
 ffffffffc03e3703 ffffffffc0380d9c ffff984b93926078 ffff984b93926858
Call Trace:
 [<ffffffffc03dbd2b>] ? __del_reloc_root+0x2b/0xe0 [btrfs]
 [<ffffffffc03dbe04>] free_reloc_roots+0x24/0x30 [btrfs]
 [<ffffffffc03e3703>] btrfs_recover_relocation+0x2e3/0x460 [btrfs]
 [<ffffffffc0380d9c>] ? btrfs_cleanup_fs_roots+0x14c/0x180 [btrfs]
 [<ffffffffc0385065>] open_ctree+0x2045/0x2520 [btrfs]
 [<ffffffffc03584b2>] btrfs_mount+0xda2/0xef0 [btrfs]
 [<ffffffff9d3fbc3d>] ? find_next_zero_bit+0x1d/0x20
 [<ffffffff9d3fbc18>] ? find_next_bit+0x18/0x20
 [<ffffffff9d254cc8>] mount_fs+0x38/0x150
 [<ffffffff9d1e3b55>] ? __alloc_percpu+0x15/0x20
 [<ffffffff9d271ea7>] vfs_kern_mount+0x67/0x100
 [<ffffffffc03578b3>] btrfs_mount+0x1a3/0xef0 [btrfs]
 [<ffffffff9d3fbc3d>] ? find_next_zero_bit+0x1d/0x20
 [<ffffffff9d254cc8>] mount_fs+0x38/0x150
 [<ffffffff9d1e3b55>] ? __alloc_percpu+0x15/0x20
 [<ffffffff9d271ea7>] vfs_kern_mount+0x67/0x100
 [<ffffffff9d27435d>] do_mount+0x1dd/0xc50
 [<ffffffff9d24c1c5>] ? __check_object_size+0x105/0x1dc
 [<ffffffff9d1dde7f>] ? memdup_user+0x4f/0x70
 [<ffffffff9d2750d3>] SyS_mount+0x83/0xd0
 [<ffffffff9d802572>] entry_SYSCALL_64_fastpath+0x1a/0xa4
Code: c0 ba 01 00 00 00 f0 0f b1 17 85 c0 75 02 5d c3 89 c6 e8 98 b0 8e ff 5d c3 66 0f 1f 44 00 00 0f 1f 44 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 17 85 c0 75 01 c3 55 89 c6 48 89 e5 e8 70 b0 8e ff 5d 
RIP  [<ffffffff9d80232c>] _raw_spin_lock+0xc/0x30
 RSP <ffff984b95ee7a28>
CR2: 0000000000000570
Comment 1 georg 2017-01-22 20:08:42 UTC 
Created attachment 1243408 [details]
File: dmesg
Comment 2 Justin M. Forbes 2017-04-11 14:57:41 UTC 
*********** MASS BUG UPDATE **************

We apologize for the inconvenience.  There is a large number of bugs to go through and several of them have gone stale.  Due to this, we are doing a mass bug update across all of the Fedora 25 kernel bugs.

Fedora 25 has now been rebased to 4.10.9-200.fc25.  Please test this kernel update (or newer) and let us know if you issue has been resolved or if it is still present with the newer kernel.

If you have moved on to Fedora 26, and are still experiencing this issue, please change the version to Fedora 26.

If you experience different issues, please open a new bug report for those.
Comment 3 Justin M. Forbes 2017-04-28 17:19:19 UTC 
*********** MASS BUG UPDATE **************
This bug is being closed with INSUFFICIENT_DATA as there has not been a response in 2 weeks. If you are still experiencing this issue, please reopen and attach the 
relevant data from the latest kernel you are running and any data that might have been requested previously.