[224259.453356] ------------[ cut here ]------------ [224259.453360] kernel BUG at /build/linux-eTBZpZ/linux-4.15.0/fs/btrfs/ctree.c:3233! [224259.453390] illegal operation: 0001 ilc:1 [#1] SMP [224259.453392] Modules linked in: vhost_net xt_nat macvtap tap veth macvlan ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo xt_addr type iptable_nat nf_nat_ipv4 nf_nat br_netfilter bridge vhost_vsock vmw_vsock_virtio_transport_common vhost vsock algif_skcipher af_alg xt_tcpudp xt_multiport aufs bonding 8 021q garp stp mrp llc overlay nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack libcrc32c scsi_dh_rdac scsi_dh_emc scsi_dh_alua ip6 table_filter ip6_tables qeth_l2 s390_trng qeth chsc_sch ccwgroup vfio_ccw eadm_sch iptable_filter sch_fq_codel zFPC_proc(OE) zFPC_diag(OE) vfio_ap vfio_mdev mdev vfio_iommu_ type1 vfio ip_tables x_tables ghash_s390 prng aes_s390 des_s390 des_generic sha512_s390 sha256_s390 sha1_s390 sha_common [224259.453415] crc32_vx_s390 btrfs xor zstd_compress raid6_pq dm_crypt virtio_blk dm_service_time dm_multipath zfcp scsi_transport_fc qdio dasd_eckd_mod dasd_mod zlib_defl ate [224259.453423] CPU: 6 PID: 57332 Comm: qemu-system-s39 Tainted: G OE 4.15.0-109-generic #110-Ubuntu [224259.453423] Hardware name: IBM 3907 LR1 A00 (LPAR) [224259.453425] Krnl PSW : 00000000be9cb874 00000000ef3786e8 (btrfs_set_item_key_safe+0x152/0x1c0 [btrfs]) [224259.453492] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3 [224259.453493] Krnl GPRS: 0000000000000001 00000056bdc00000 0000000000000000 0000000cbf93795d [224259.453493] 000003ff0000006c 0000000000631468 000000136a230000 0000000cbf937826 [224259.453494] 00000007ee281d88 0000000cbf93795d 00000007000000a1 00000013188a58c0 [224259.453495] 00000012eb889701 00000056bdb00000 000003ff801780a8 0000000cbf937780 [224259.453503] Krnl Code: 000003ff801780a2: c0e5fffff857 brasl %r14,000003ff80177150 000003ff801780a8: ec22ff92007e cij %r2,0,2,000003ff80177fcc #000003ff801780ae: a7f40001 brc 15,000003ff801780b0 >000003ff801780b2: ec2affff00d8 ahik %r2,%r10,-1 000003ff801780b8: b9140022 lgfr %r2,%r2 000003ff801780bc: eb120001000d sllg %r1,%r2,1 000003ff801780c2: b9080012 agr %r1,%r2 000003ff801780c6: eb110003000d sllg %r1,%r1,3 [224259.453514] Call Trace: [224259.453527] ([<000003ff8017807c>] btrfs_set_item_key_safe+0x11c/0x1c0 [btrfs]) [224259.453544] [<000003ff801c3322>] __btrfs_drop_extents+0xb5a/0xda8 [btrfs] [224259.453561] [<000003ff801f98a4>] btrfs_log_changed_extents+0x35c/0xaf0 [btrfs] [224259.453577] [<000003ff801faa26>] btrfs_log_inode+0x9ee/0x1080 [btrfs] [224259.453594] [<000003ff801fb384>] btrfs_log_inode_parent+0x224/0xa10 [btrfs] [224259.453611] [<000003ff801fcea8>] btrfs_log_dentry_safe+0x80/0xa8 [btrfs] [224259.453627] [<000003ff801c5ea2>] btrfs_sync_file+0x392/0x550 [btrfs] [224259.453634] [<00000000003cce5e>] do_fsync+0x5e/0x90 [224259.453636] [<00000000003cd15a>] SyS_fdatasync+0x32/0x48 [224259.453640] [<00000000008fd314>] system_call+0xd8/0x2c8 [224259.453640] Last Breaking-Event-Address: [224259.453652] [<000003ff801780ae>] btrfs_set_item_key_safe+0x14e/0x1c0 [btrfs] [224259.453653] [224259.453654] Kernel panic - not syncing: Fatal exception: panic_on_oops
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1902254 Title: Bionic: btrfs: kernel BUG at /build/linux- eTBZpZ/linux-4.15.0/fs/btrfs/ctree.c:3233! Status in linux package in Ubuntu: Fix Committed Status in linux source package in Bionic: In Progress Status in linux source package in Focal: In Progress Status in linux source package in Groovy: In Progress Bug description: [Impact] * Users of btrfs started hitting a kernel BUG() (below) after upgrade from 4.15.0-99.100 to 4.15.0-109.110, which has 55 btrfs changes. kernel BUG at /build/linux-eTBZpZ/linux-4.15.0/fs/btrfs/ctree.c:3233! ... Krnl PSW : 00000000be9cb874 00000000ef3786e8 (btrfs_set_item_key_safe+0x152/0x1c0 [btrfs]) ... [...] Call Trace: [...] btrfs_set_item_key_safe+0x11c/0x1c0 [btrfs]) [...] __btrfs_drop_extents+0xb5a/0xda8 [btrfs] [...] btrfs_log_changed_extents+0x35c/0xaf0 [btrfs] [...] btrfs_log_inode+0x9ee/0x1080 [btrfs] [...] btrfs_log_inode_parent+0x224/0xa10 [btrfs] [...] btrfs_log_dentry_safe+0x80/0xa8 [btrfs] [...] btrfs_sync_file+0x392/0x550 [btrfs] [...] do_fsync+0x5e/0x90 [...] SyS_fdatasync+0x32/0x48 [...] system_call+0xd8/0x2c8 $ git log --oneline Ubuntu-4.15.0-99.100..Ubuntu-4.15.0-109.110 -- fs/btrfs/ | wc -l 55 * The error happens at random moments, regardless of a particular activity/load. Workaround is to downgrade. [Fix] * This BUG()/function is addressed in patch 4/4 [1] of series 'btrfs: Enhanced runtime defence against fuzzed images' [2], after issues in the real world, not just crafted fs images: 'one internal report has hit one BUG_ON() with real world fs' kernel BUG at fs/btrfs/ctree.c:3188! ... RIP: 0010:btrfs_set_item_key_safe+0x16c/0x180 * The patch/set [3] is applied in v5.10-rc1 and Ubuntu Unstable: - d16c702fe4f2 btrfs: ctree: check key order before merging tree blocks - 07cce5cf3b48 btrfs: extent-tree: kill the BUG_ON() in insert_inline_extent_backref() - 1c2a07f598d5 btrfs: extent-tree: kill BUG_ON() in __btrfs_free_extent() - f98b6215d7d1 btrfs: extent_io: do extra check for extent buffer read write functions [Test Case] * There is working synthetic reproducer for this issue, which is hard to reproduce as reported in commit [4] that introduces debugging for the issue. * Regression tests with xfstests and stress-ng shows no regressions between un/patched kernels. [Other Info] * Trivial backports (only refreshing a few context lines) with 3 more dependency patches on Bionic and 1 on Focal. And Bionic needed one extra hunk to '#include' a header. Groovy all apply cleanly. [1] https://lore.kernel.org/linux-btrfs/20200819063550.62832-5-...@suse.com/ [2] https://lore.kernel.org/linux-btrfs/20200819063550.62832-1-...@suse.com/ [3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d16c702fe4f274bd77b47d3ab737eadcf24e0b93 [4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c15d41016dc886cc011e3854d855e219759ae68 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1902254/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
