Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Warnings in extract_ordered_extent #53

Open
kdave opened this issue Jun 30, 2021 · 2 comments
Open

Warnings in extract_ordered_extent #53

kdave opened this issue Jun 30, 2021 · 2 comments

Comments

@kdave
Copy link

kdave commented Jun 30, 2021 

 2307         ordered_end = ordered->disk_bytenr + ordered->disk_num_bytes;                                                                                                                                          
 2308         /* bio must be in one ordered extent */                                                                                                                                                                
 2309         if (WARN_ON_ONCE(start < ordered->disk_bytenr || end > ordered_end)) {                                                                                                                                 
 2310                 ret = -EINVAL;                                                                                                                                                                                 
 2311                 goto out;                                                                                                                                                                                      
 2312         }

[ 6444.124025] ------------[ cut here ]------------
[ 6444.128759] WARNING: CPU: 4 PID: 21771 at fs/btrfs/inode.c:2309 extract_ordered_extent+0x6c/0x1c0 [btrfs]
[ 6444.138883] Modules linked in: btrfs iscsi_target_mod tcm_loop target_core_pscsi target_core_file target_core_iblock auth_rpcgss nfsv4 dns_resolver nfs lockd target_core_user uio target_core_mod grace sunrpc i2
c_algo_bit drm_ttm_helper ttm fscache drm_kms_helper netfs syscopyarea sysfillrect sysimgblt fb_sys_fops drm af_packet bridge stp llc blake2b_generic libcrc32c xor zstd_decompress zstd_compress tpm_infineon tpm_ti
s tpm_tis_core tpm iscsi_ibft iscsi_boot_sysfs tg3 libphy xxhash raid6_pq acpi_cpufreq i2c_piix4 mptctl k10temp serio_raw button ext4 mbcache jbd2 ohci_pci ata_generic mptsas ehci_pci ohci_hcd scsi_transport_sas m
ptscsih ehci_hcd mptbase usbcore sata_svw pata_serverworks sg scsi_dh_rdac scsi_dh_emc scsi_dh_alua [last unloaded: btrfs]
[ 6444.138985] CPU: 4 PID: 21771 Comm: kworker/u16:9 Not tainted 5.13.0-git+ #779
[ 6444.138990] Hardware name: empty empty/S3993, BIOS PAQEX0-3 02/24/2008
[ 6444.138995] Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs]
[ 6444.219702] RIP: 0010:extract_ordered_extent+0x6c/0x1c0 [btrfs]
[ 6444.232928] Code: 20 0f 85 2d 01 00 00 48 3b 55 10 0f 85 33 01 00 00 48 8b 45 08 48 c1 e3 09 4a 8d 0c 2b 48 01 c2 48 39 d1 77 05 48 39 d8 76 31 <0f> 0b 41 bf ea ff ff ff 45 31 f6 4c 89 f7 e8 51 8f 01 00 48 89 e
f
[ 6444.232934] RSP: 0018:ffffae1f8bffb5d0 EFLAGS: 00010206
[ 6444.232938] RAX: 0000000336fa7000 RBX: 0000000336fa7000 RCX: 0000000336fb7000
[ 6444.232941] RDX: 0000000336fab000 RSI: ffffffffc0c59dd0 RDI: ffffffff8599529d
[ 6444.232943] RBP: ffffa0550a4f07c8 R08: 0000000000000000 R09: 0000000000000000
[ 6444.280747] R10: ffffffffc0c59d36 R11: 0000000000000000 R12: ffffa056654bde40
[ 6444.280751] R13: 0000000000010000 R14: 0000000000000000 R15: ffffa05637810000
[ 6444.280754] FS:  0000000000000000(0000) GS:ffffa05727600000(0000) knlGS:0000000000000000
[ 6444.280757] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 6444.280759] CR2: 00007f4e75d7b080 CR3: 0000000110015000 CR4: 00000000000006e0
[ 6444.316578] Call Trace:
[ 6444.316585]  btrfs_submit_data_bio+0x18a/0x220 [btrfs]
[ 6444.324371]  submit_one_bio+0x44/0x70 [btrfs]
[ 6444.328914]  submit_extent_page+0x18e/0x2e0 [btrfs]
[ 6444.333975]  ? end_extent_writepage+0xe0/0xe0 [btrfs]
[ 6444.339222]  __extent_writepage_io+0x2ba/0x4a0 [btrfs]
[ 6444.339307]  ? end_extent_writepage+0xe0/0xe0 [btrfs]
[ 6444.339395]  __extent_writepage+0x13b/0x3e0 [btrfs]
[ 6444.339486]  extent_write_locked_range+0xf2/0x210 [btrfs]
[ 6444.360519]  run_delalloc_zoned+0x68/0x80 [btrfs]
[ 6444.360598]  btrfs_run_delalloc_range+0x12a/0x2d0 [btrfs]
[ 6444.371106]  writepage_delalloc+0xae/0x160 [btrfs]
[ 6444.371200]  __extent_writepage+0x108/0x3e0 [btrfs]
[ 6444.381101]  extent_write_cache_pages+0x26c/0x450 [btrfs]
[ 6444.381193]  extent_writepages+0x54/0xc0 [btrfs]
[ 6444.391413]  do_writepages+0x35/0xd0
[ 6444.391424]  ? lock_acquire+0xa0/0x150
[ 6444.391430]  ? writeback_single_inode+0x20/0x150
[ 6444.391437]  __writeback_single_inode+0x61/0x400
[ 6444.408329]  writeback_single_inode+0xae/0x150
[ 6444.408335]  start_delalloc_inodes+0x182/0x450 [btrfs]
[ 6444.418126]  ? trace_hardirqs_on+0x1b/0xf0
[ 6444.418131]  ? lock_acquire+0xa0/0x150
[ 6444.426174]  btrfs_start_delalloc_roots+0x194/0x2a0 [btrfs]
[ 6444.426259]  shrink_delalloc+0x10a/0x1f0 [btrfs]
[ 6444.436670]  flush_space+0x1bf/0x2f0 [btrfs]
[ 6444.436767]  btrfs_async_reclaim_data_space+0xb2/0x150 [btrfs]
[ 6444.447063]  process_one_work+0x262/0x600
[ 6444.447074]  worker_thread+0x4c/0x320
[ 6444.455018]  ? process_one_work+0x600/0x600
[ 6444.455024]  kthread+0x135/0x160
[ 6444.455029]  ? set_kthread_struct+0x40/0x40
[ 6444.466977]  ret_from_fork+0x1f/0x30
[ 6444.466989] irq event stamp: 0
[ 6444.473856] hardirqs last  enabled at (0): [<0000000000000000>] 0x0
[ 6444.473861] hardirqs last disabled at (0): [<ffffffff8508030a>] copy_process+0x8da/0x1860
[ 6444.473868] softirqs last  enabled at (0): [<ffffffff8508030a>] copy_process+0x8da/0x1860
[ 6444.496808] softirqs last disabled at (0): [<0000000000000000>] 0x0
[ 6444.496812] ---[ end trace dceb253e2621ce4f ]---
@kdave
Copy link
Author

kdave commented Jun 30, 2021 

 2295         /* We cannot split once end_bio'd ordered extent */                                                                                                                                                                                                                 
 2296         if (WARN_ON_ONCE(ordered->bytes_left != ordered->disk_num_bytes)) {                                                                                                                                                                                                 
 2297                 ret = -EINVAL;                                                                                                                                                                                                                                              
 2298                 goto out;                                                                                                                                                                                                                                                   
 2299         } 

[ 6444.497011] ------------[ cut here ]------------
[ 6444.512646] WARNING: CPU: 4 PID: 21771 at fs/btrfs/inode.c:2296 extract_ordered_extent+0x176/0x1c0 [btrfs]
[ 6444.512728] Modules linked in: btrfs iscsi_target_mod tcm_loop target_core_pscsi target_core_file target_core_iblock auth_rpcgss nfsv4 dns_resolver nfs lockd target_core_user uio target_core_mod grace sunrpc i2c_algo_bit drm_ttm_helper ttm fscache drm_kms_helper netfs syscopyarea sysfillrect sysimgblt fb_sys_fops drm af_packet bridge stp llc blake2b_generic libcrc32c xor zstd_decompress zstd_compress tpm_infineon tpm_tis tpm_tis_core tpm iscsi_ibft iscsi_boot_sysfs tg3 libphy xxhash raid6_pq acpi_cpufreq i2c_piix4 mptctl k10temp serio_raw button ext4 mbcache jbd2 ohci_pci ata_generic mptsas ehci_pci ohci_hcd scsi_transport_sas mptscsih ehci_hcd mptbase usbcore sata_svw pata_serverworks sg scsi_dh_rdac scsi_dh_emc scsi_dh_alua [last unloaded: btrfs]
[ 6444.522656] CPU: 4 PID: 21771 Comm: kworker/u16:9 Tainted: G        W         5.13.0-git+ #779
[ 6444.522660] Hardware name: empty empty/S3993, BIOS PAQEX0-3 02/24/2008
[ 6444.522663] Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs]
[ 6444.522759] RIP: 0010:extract_ordered_extent+0x176/0x1c0 [btrfs]
[ 6444.522835] Code: 80 8e 01 00 e9 22 ff ff ff 45 31 ff 45 31 f6 e9 17 ff ff ff 0f 0b 48 83 c4 08 b8 0a 00 00 00 5b 5d 41 5c 41 5d 41 5e 41 5f c3 <0f> 0b 41 bf ea ff ff ff 45 31 f6 e9 f1 fe ff ff 0f 0b 41 bf ea ff
[ 6444.522839] RSP: 0018:ffffae1f8bffb5d0 EFLAGS: 00010206
[ 6444.522843] RAX: ffffa0550a4f64c8 RBX: 00000000019b7dc0 RCX: 0000000000000001
[ 6444.522845] RDX: 0000000000032000 RSI: ffffffffc0c59dd0 RDI: ffffffff8599529d
[ 6444.522847] RBP: ffffa0550a4f64c8 R08: 0000000000000000 R09: 0000000000000000
[ 6444.522850] R10: ffffffffc0c59d36 R11: 0000000000000000 R12: ffffa056654bde40
[ 6444.522852] R13: 0000000000010000 R14: 0000000000000000 R15: ffffa05637810000
[ 6444.522854] FS:  0000000000000000(0000) GS:ffffa05727600000(0000) knlGS:0000000000000000
[ 6444.522857] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 6444.522859] CR2: 00007f4e75d7b080 CR3: 000000010d935000 CR4: 00000000000006e0
[ 6444.522862] Call Trace:
[ 6444.522866]  btrfs_submit_data_bio+0x18a/0x220 [btrfs]
[ 6444.522945]  submit_one_bio+0x44/0x70 [btrfs]
[ 6444.712877]  submit_extent_page+0x18e/0x2e0 [btrfs]
[ 6444.717997]  ? end_extent_writepage+0xe0/0xe0 [btrfs]
[ 6444.718083]  __extent_writepage_io+0x2ba/0x4a0 [btrfs]
[ 6444.728524]  ? end_extent_writepage+0xe0/0xe0 [btrfs]
[ 6444.728626]  __extent_writepage+0x13b/0x3e0 [btrfs]
[ 6444.738924]  extent_write_locked_range+0xf2/0x210 [btrfs]
[ 6444.744564]  run_delalloc_zoned+0x68/0x80 [btrfs]
[ 6444.749536]  btrfs_run_delalloc_range+0x12a/0x2d0 [btrfs]
[ 6444.755138]  writepage_delalloc+0xae/0x160 [btrfs]
[ 6444.755226]  __extent_writepage+0x108/0x3e0 [btrfs]
[ 6444.765222]  extent_write_cache_pages+0x26c/0x450 [btrfs]
[ 6444.770877]  extent_writepages+0x54/0xc0 [btrfs]
[ 6444.770963]  do_writepages+0x35/0xd0
[ 6444.779479]  ? lock_acquire+0xa0/0x150
[ 6444.783360]  ? writeback_single_inode+0x20/0x150
[ 6444.783367]  __writeback_single_inode+0x61/0x400
[ 6444.783373]  writeback_single_inode+0xae/0x150
[ 6444.797524]  start_delalloc_inodes+0x182/0x450 [btrfs]
[ 6444.797623]  ? trace_hardirqs_on+0x1b/0xf0
[ 6444.807188]  ? lock_acquire+0xa0/0x150
[ 6444.807194]  btrfs_start_delalloc_roots+0x194/0x2a0 [btrfs]
[ 6444.816706]  shrink_delalloc+0x10a/0x1f0 [btrfs]
[ 6444.816839]  flush_space+0x1bf/0x2f0 [btrfs]
[ 6444.816936]  btrfs_async_reclaim_data_space+0xb2/0x150 [btrfs]
[ 6444.817033]  process_one_work+0x262/0x600
[ 6444.817042]  worker_thread+0x4c/0x320
[ 6444.817046]  ? process_one_work+0x600/0x600
[ 6444.817051]  kthread+0x135/0x160
[ 6444.817056]  ? set_kthread_struct+0x40/0x40
[ 6444.817061]  ret_from_fork+0x1f/0x30
[ 6444.817071] irq event stamp: 0
[ 6444.817073] hardirqs last  enabled at (0): [<0000000000000000>] 0x0
[ 6444.817077] hardirqs last disabled at (0): [<ffffffff8508030a>] copy_process+0x8da/0x1860
[ 6444.817083] softirqs last  enabled at (0): [<ffffffff8508030a>] copy_process+0x8da/0x1860
[ 6444.817087] softirqs last disabled at (0): [<0000000000000000>] 0x0
[ 6444.817090] ---[ end trace dceb253e2621ce50 ]---

@kdave kdave changed the title Warning Warnings in extract_ordered_extent Jun 30, 2021
@kdave
Copy link
Author

kdave commented Jun 30, 2021

This is perhaps related to the patch "btrfs: properly split extent_map for REQ_OP_ZONE_APPEND" that has been posted but was not applied for the test run.

naota pushed a commit that referenced this issue Apr 9, 2024
@gregkh
usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd()
b63f904 
When unregister pd capabilitie in tcpm, KASAN will capture below double
-free issue. The root cause is the same capabilitiy will be kfreed twice,
the first time is kfreed by pd_capabilities_release() and the second time
is explicitly kfreed by tcpm_port_unregister_pd().

[    3.988059] BUG: KASAN: double-free in tcpm_port_unregister_pd+0x1a4/0x3dc
[    3.995001] Free of addr ffff0008164d3000 by task kworker/u16:0/10
[    4.001206]
[    4.002712] CPU: 2 PID: 10 Comm: kworker/u16:0 Not tainted 6.8.0-rc5-next-20240220-05616-g52728c567a55 #53
[    4.012402] Hardware name: Freescale i.MX8QXP MEK (DT)
[    4.017569] Workqueue: events_unbound deferred_probe_work_func
[    4.023456] Call trace:
[    4.025920]  dump_backtrace+0x94/0xec
[    4.029629]  show_stack+0x18/0x24
[    4.032974]  dump_stack_lvl+0x78/0x90
[    4.036675]  print_report+0xfc/0x5c0
[    4.040289]  kasan_report_invalid_free+0xa0/0xc0
[    4.044937]  __kasan_slab_free+0x124/0x154
[    4.049072]  kfree+0xb4/0x1e8
[    4.052069]  tcpm_port_unregister_pd+0x1a4/0x3dc
[    4.056725]  tcpm_register_port+0x1dd0/0x2558
[    4.061121]  tcpci_register_port+0x420/0x71c
[    4.065430]  tcpci_probe+0x118/0x2e0

To fix the issue, this will remove kree() from tcpm_port_unregister_pd().

Fixes: cd099cd ("usb: typec: tcpm: Support multiple capabilities")
cc: stable@vger.kernel.org
Suggested-by: Aisheng Dong <aisheng.dong@nxp.com>
Signed-off-by: Xu Yang <xu.yang_2@nxp.com>
Acked-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Link: https://lore.kernel.org/r/20240311065219.777037-1-xu.yang_2@nxp.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kdave