Hello, On kernel 4.4.9 I've observed the following oops:
[3248626.755570] BUG: unable to handle kernel NULL pointer dereference at 000000000000035c [3248626.755839] IP: [<ffffffffa0901bcf>] btrfs_evict_inode+0x2f/0x610 [btrfs] [3248626.756079] PGD 1eaf8d067 PUD 4096a0067 PMD 0 [3248626.756383] Oops: 0000 [#1] SMP [3248626.756637] Modules linked in: <OMMITTED> [3248626.760475] CPU: 6 PID: 16899 Comm: rsync Tainted: P W O 4.4.9-clouder1 #20 [3248626.760647] Hardware name: Supermicro X9DRD-7LN4F(-JBOD)/X9DRD-EF/X9DRD-7LN4F, BIOS 3.0a 12/05/2013 [3248626.760932] task: ffff880338268000 ti: ffff8802a4f04000 task.ti: ffff8802a4f04000 [3248626.761102] RIP: 0010:[<ffffffffa0901bcf>] [<ffffffffa0901bcf>] btrfs_evict_inode+0x2f/0x610 [btrfs] [3248626.761447] RSP: 0018:ffff8802a4f07b88 EFLAGS: 00010286 [3248626.761613] RAX: 0000000000000000 RBX: ffff880011548fa0 RCX: 0000000000000034 [3248626.761784] RDX: ffff88047fffa780 RSI: 0000000000000735 RDI: ffff880011549150 [3248626.761954] RBP: ffff8802a4f07c28 R08: ffffea0009baa1d0 R09: 0000000000000000 [3248626.762127] R10: 0000000000000001 R11: 0000000000000001 R12: ffff880011549270 [3248626.762298] R13: ffffffffa0970e40 R14: ffffffffa0970e40 R15: ffff8802a4f07c88 [3248626.762469] FS: 00007f7dc9c3e700(0000) GS:ffff88047fcc0000(0000) knlGS:0000000000000000 [3248626.762642] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [3248626.762810] CR2: 000000000000035c CR3: 0000000103ca8000 CR4: 00000000000406e0 [3248626.762980] Stack: [3248626.763143] ffff8803cdee9870 0000000000000001 ffff8802a4f07c08 ffffffff811c95f9 [3248626.763495] ffff8800115491f0 0000000000000000 0000000000000000 ffff880011549150 [3248626.763846] ffff880338268000 ffffffff81095940 ffff8802a4f07bd8 ffff8802a4f07bd8 [3248626.764195] Call Trace: [3248626.764361] [<ffffffff811c95f9>] ? __inode_wait_for_writeback+0x69/0xc0 [3248626.764534] [<ffffffff81095940>] ? wake_atomic_t_function+0x40/0x40 [3248626.764707] [<ffffffff811bace6>] evict+0xc6/0x1c0 [3248626.764874] [<ffffffff811bb058>] iput+0x198/0x270 [3248626.765043] [<ffffffff811ba1da>] ? alloc_inode+0x3a/0x90 [3248626.765221] [<ffffffffa08fb2bc>] btrfs_new_inode+0x47c/0x610 [btrfs] [3248626.765400] [<ffffffffa08e4195>] ? btrfs_find_free_objectid+0x55/0x70 [btrfs] [3248626.765582] [<ffffffffa08e4f17>] ? btrfs_find_free_ino+0x117/0x130 [btrfs] [3248626.765764] [<ffffffffa08fdf1c>] btrfs_symlink+0xfc/0x3e0 [btrfs] [3248626.765931] [<ffffffff811ac48d>] vfs_symlink+0x9d/0xd0 [3248626.766094] [<ffffffff811ae425>] SyS_symlinkat+0xc5/0xf0 [3248626.766258] [<ffffffff811a9f46>] SyS_symlink+0x16/0x20 [3248626.766422] [<ffffffff81642ed7>] entry_SYSCALL_64_fastpath+0x12/0x6a [3248626.766586] Code: 41 57 41 56 41 55 41 54 53 48 83 ec 78 66 66 66 66 90 48 89 7d 98 48 89 fb 48 8b 87 50 fe ff ff 48 81 eb b0 01 00 00 48 89 45 88 <8b> 90 5c 03 00 00 8b 05 ad 53 08 00 89 55 84 89 45 c0 85 c0 0f [3248626.769978] RIP [<ffffffffa0901bcf>] btrfs_evict_inode+0x2f/0x610 [btrfs] [3248626.770205] RSP <ffff8802a4f07b88> [3248626.770366] CR2: 000000000000035c And right before it in the dmesg there were multiple errors like: BTRFS error (device loop9): bad fsid on block 502972416 The RIP points to: /home/projects/linux-stable/fs/btrfs/ctree.h: 3391 0xffffffffa0901bcf <btrfs_evict_inode+47>: mov 0x35c(%rax),%edx which is btrfs_calc_trunc_metadata_size. This corresponds to the root->nodesize lines. Essentially the root of the inode being passed is NULL as evident by the content of RAX. Furthermore the btrfs_inode->vfs_inode has its various fields set to default initialization values. Looking further into the call stack it seems that btrfs_new_inode fails in some of its steps and calls iput. Concretely I believe this is the culprit: ret = btrfs_set_inode_index(dir, index); if (ret) { btrfs_free_path(path); iput(inode); } In this case if btrfs_set_inode_index fails and we call iput then, btrfs_evict_inode is going to be called with uninitialized inode which in turn leads to the null pointer deref. The only bogus value both inode structures have is the index_cnt: 18446744073709551615 this is 2^64 I'm happy to provide further info if necessary to help fix this. Regards, Nikolay -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html