[Btrfs-users] [bugreport] btrfs 0.11

Jeff Mahoney jeffm at suse.com
Sat Jan 19 13:16:57 PST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gabor MICSKO wrote:
> On Sun, 2008-01-20 at 03:03 +0800, Yan Zheng wrote:
>> 2008/1/20, Gabor MICSKO <gmicsko at gmail.com>:
>>> Hi,
>>>
>>> uname -a: Linux btrfstest 2.6.24-4-generic #1 SMP Mon Jan 14 17:30:39
>>> UTC 2008 i686 GNU/Linux
>>>
>>> btrfs version: 0.11
>>>
>>> fs: /dev/sda5 on /mnt type btrfs (rw)
>>>
>>>
>>> root at btrfstest:/tmp# dd if=/dev/zero of=foobar bs=1024 count=100000
>>> 100000+0 records in
>>> 100000+0 records out
>>> 102400000 bytes (102 MB) copied, 15.5326 seconds, 6.6 MB/s
>>> root at btrfstest:/tmp# cp foobar /mnt/
>>> Segmentation fault
>>> root at btrfstest:/tmp# cat /proc/kmsg
>>> <1>[45260.686155] BUG: unable to handle kernel NULL pointer dereference
>>> at virtual address 00000014
>>> <1>[45260.689084] printing eip: c0164ce1 *pde = 00000000
>>> <0>[45260.696988] Oops: 0000 [#1] SMP
>>> <4>[45260.699886] Modules linked in: sbs sbshc video output dock battery
>>> btrfs libcrc32c lp loop ipv6 snd_ens1371 gameport snd_ac97_codec
>>> ac97_bus snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss
>>> snd_seq_midi snd_rawmidi parport_pc parport snd_seq_midi_event snd_seq
>>> evdev container snd_timer snd_seq_device serio_raw snd ac power_supply
>>> soundcore snd_page_alloc psmouse button i2c_piix4 i2c_core pcspkr shpchp
>>> pci_hotplug intel_agp agpgart ext3 jbd mbcache sg sr_mod cdrom sd_mod
>>> ata_generic floppy ata_piix pata_acpi pcnet32 mii libata BusLogic
>>> scsi_mod thermal processor fan fuse
>>> <4>[45260.760017]
>>> <4>[45260.761431] Pid: 4510, comm: cp Not tainted (2.6.24-4-generic #1)
>>> <4>[45260.762595] EIP: 0060:[<c0164ce1>] EFLAGS: 00010206 CPU: 0
>>> <4>[45260.765053] EIP is at should_remove_suid+0x1/0x50
>>> <4>[45260.766213] EAX: 00000008 EBX: df252a18 ECX: ffffffff EDX:
>>> df8c2300
>>> <4>[45260.767372] ESI: 00001000 EDI: 00001000 EBP: 00001000 ESP:
>>> df491ec8
>>> <4>[45260.768540]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
>>> <0>[45260.774702] Process cp (pid: 4510, ti=df490000 task=df8e50e0
>>> task.ti=df490000)
>>> <0>[45260.775943] Stack: df252a18 c0164d3c 00000000 00001000 e0ac10b7
>>> 00000000 00000000 00000000
>>> <0>[45260.783051]        00000001 ffffffff df8c2f00 bfed6000 df8c2300
>>> 00000000 00000000 00000000
>>> <0>[45260.797161]        ffffffea df253558 dfa95000 df8e50e0 c0141ac0
>>> df491f1c df491f1c 00001000
>>> <0>[45260.803967] Call Trace:
>>> <0>[45260.806749]  [<c0164d3c>] remove_suid+0xc/0x50
>>> <0>[45260.808843]  [<e0ac10b7>] btrfs_file_write+0x187/0x7c0 [btrfs]
>>> <0>[45260.815565]  [<c0141ac0>] autoremove_wake_function+0x0/0x40
>>> <0>[45260.817299]  [<e0ac0f30>] btrfs_file_write+0x0/0x7c0 [btrfs]
>>> <0>[45260.819050]  [<c0189919>] vfs_write+0xb9/0x170
>>> <0>[45260.820691]  [<c018a051>] sys_write+0x41/0x70
>>> <0>[45260.822306]  [<c01053a2>] sysenter_past_esp+0x6b/0xa9
>>> <0>[45260.824497]  =======================
>>> <0>[45260.825628] Code: eb d2 90 8d b4 26 00 00 00 00 53 80 ce 02 83 ec
>>> 30 89 c3 89 14 24 8b 13 89 e1 8b 40 04 e8 58 92 03 00 83 c4 30 5b c3 8d
>>> 76 00 53 <8b> 40 0c 0f b7 50 6a 89 d0 25 00 08 00 00 83 f8 01 19 db 81
>>> e2
>>> <0>[45260.896130] EIP: [<c0164ce1>] should_remove_suid+0x1/0x50 SS:ESP
>>> 0068:df491ec8
>>> <4>[45260.900627] ---[ end trace fc3d3ba8484238ec ]---
>>>
>>>
>>> --
>>> Gabor MICSKO <gmicsko at gmail.com>
>>>
>>>
>> Maybe it's due to the apparmor stuff.  Is there any warning when
>> compiling btrfs ?
> 
> Yes, i've got the following warning:
> 
> /usr/src/btrfs-0.11/file.c: In function ‘btrfs_file_write’:
> /usr/src/btrfs-0.11/file.c:722: warning: passing argument 1 of
> ‘remove_suid’ from incompatible pointer type

Yeah, that'd do it. I include the following patch in openSUSE's
btrfs package.

- -Jeff

diff -rup a/source/file.c b/source/file.c
- --- a/file.c	2007-06-12 11:36:58.000000000 -0400
+++ b/file.c	2007-06-12 14:06:53.000000000 -0400
@@ -482,7 +482,7 @@ static ssize_t btrfs_file_write(struct f
 		goto out;
 	if (count == 0)
 		goto out;
- -	err = remove_suid(file->f_path.dentry);
+	err = remove_suid(&file->f_path);
 	if (err)
 		goto out;
 	file_update_time(file);


- -- 
Jeff Mahoney
SUSE Labs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFHkmjILPWxlyuTD7IRAr4wAJ9wSStu7coZcGd0Z5AvkGS5Bcp7JACfXn58
Vzv0yKpGadw+O/Nj1UxVLrY=
=4yL7
-----END PGP SIGNATURE-----

More information about the Btrfs-users mailing list