From: Sasha Levin Date: Sun, 17 Jan 2021 21:27:10 +0000 (-0500) Subject: Fixes for 4.14 X-Git-Tag: v4.19.169~14 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b57dc941cebae61a80dc5f39f2355225bcbed87a;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.14 Signed-off-by: Sasha Levin --- diff --git a/queue-4.14/acpi-scan-add-stub-acpi_create_platform_device-for-c.patch b/queue-4.14/acpi-scan-add-stub-acpi_create_platform_device-for-c.patch new file mode 100644 index 00000000000..e2bfaee51d1 --- /dev/null +++ b/queue-4.14/acpi-scan-add-stub-acpi_create_platform_device-for-c.patch @@ -0,0 +1,41 @@ +From 32c5d35f6658f9eccf9d967e9b18d3947b9751d6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 31 Dec 2020 19:35:25 +0800 +Subject: ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI + +From: Shawn Guo + +[ Upstream commit ee61cfd955a64a58ed35cbcfc54068fcbd486945 ] + +It adds a stub acpi_create_platform_device() for !CONFIG_ACPI build, so +that caller doesn't have to deal with !CONFIG_ACPI build issue. + +Reported-by: kernel test robot +Signed-off-by: Shawn Guo +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Sasha Levin +--- + include/linux/acpi.h | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/include/linux/acpi.h b/include/linux/acpi.h +index 4bb3bca75004d..37f0b8515c1cf 100644 +--- a/include/linux/acpi.h ++++ b/include/linux/acpi.h +@@ -787,6 +787,13 @@ static inline int acpi_device_modalias(struct device *dev, + return -ENODEV; + } + ++static inline struct platform_device * ++acpi_create_platform_device(struct acpi_device *adev, ++ struct property_entry *properties) ++{ ++ return NULL; ++} ++ + static inline bool acpi_dma_supported(struct acpi_device *adev) + { + return false; +-- +2.27.0 + diff --git a/queue-4.14/arc-build-add-boot_targets-to-phony.patch b/queue-4.14/arc-build-add-boot_targets-to-phony.patch new file mode 100644 index 00000000000..b08300d0dad --- /dev/null +++ b/queue-4.14/arc-build-add-boot_targets-to-phony.patch @@ -0,0 +1,51 @@ +From d60a5a107ccfb4782791be3705cc37d928f5a3bb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 22 Nov 2020 04:36:54 +0900 +Subject: ARC: build: add boot_targets to PHONY + +From: Masahiro Yamada + +[ Upstream commit 0cfccb3c04934cdef42ae26042139f16e805b5f7 ] + +The top-level boot_targets (uImage and uImage.*) should be phony +targets. They just let Kbuild descend into arch/arc/boot/ and create +files there. + +If a file exists in the top directory with the same name, the boot +image will not be created. + +You can confirm it by the following steps: + + $ export CROSS_COMPILE= + $ make -s ARCH=arc defconfig all # vmlinux will be built + $ touch uImage.gz + $ make ARCH=arc uImage.gz + CALL scripts/atomic/check-atomics.sh + CALL scripts/checksyscalls.sh + CHK include/generated/compile.h + # arch/arc/boot/uImage.gz is not created + +Specify the targets as PHONY to fix this. + +Signed-off-by: Masahiro Yamada +Signed-off-by: Vineet Gupta +Signed-off-by: Sasha Levin +--- + arch/arc/Makefile | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/arc/Makefile b/arch/arc/Makefile +index 1146ca5fc349b..ef5e8ea042158 100644 +--- a/arch/arc/Makefile ++++ b/arch/arc/Makefile +@@ -101,6 +101,7 @@ boot := arch/arc/boot + + boot_targets := uImage uImage.bin uImage.gz uImage.lzma + ++PHONY += $(boot_targets) + $(boot_targets): vmlinux + $(Q)$(MAKE) $(build)=$(boot) $(boot)/$@ + +-- +2.27.0 + diff --git a/queue-4.14/arc-build-add-uimage.lzma-to-the-top-level-target.patch b/queue-4.14/arc-build-add-uimage.lzma-to-the-top-level-target.patch new file mode 100644 index 00000000000..064e440d5e1 --- /dev/null +++ b/queue-4.14/arc-build-add-uimage.lzma-to-the-top-level-target.patch @@ -0,0 +1,39 @@ +From 94f0c64f822d901ada42e7ce1386f57a377a0383 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 22 Nov 2020 04:36:53 +0900 +Subject: ARC: build: add uImage.lzma to the top-level target + +From: Masahiro Yamada + +[ Upstream commit f2712ec76a5433e5ec9def2bd52a95df1f96d050 ] + +arch/arc/boot/Makefile supports uImage.lzma, but you cannot do +'make uImage.lzma' because the corresponding target is missing +in arch/arc/Makefile. Add it. + +I also changed the assignment operator '+=' to ':=' since this is the +only place where we expect this variable to be set. + +Signed-off-by: Masahiro Yamada +Signed-off-by: Vineet Gupta +Signed-off-by: Sasha Levin +--- + arch/arc/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/arc/Makefile b/arch/arc/Makefile +index 98d31b701a97c..1146ca5fc349b 100644 +--- a/arch/arc/Makefile ++++ b/arch/arc/Makefile +@@ -99,7 +99,7 @@ libs-y += arch/arc/lib/ $(LIBGCC) + + boot := arch/arc/boot + +-boot_targets += uImage uImage.bin uImage.gz ++boot_targets := uImage uImage.bin uImage.gz uImage.lzma + + $(boot_targets): vmlinux + $(Q)$(MAKE) $(build)=$(boot) $(boot)/$@ +-- +2.27.0 + diff --git a/queue-4.14/arc-build-remove-non-existing-bootpimage-from-kbuild.patch b/queue-4.14/arc-build-remove-non-existing-bootpimage-from-kbuild.patch new file mode 100644 index 00000000000..128a7fb73d2 --- /dev/null +++ b/queue-4.14/arc-build-remove-non-existing-bootpimage-from-kbuild.patch @@ -0,0 +1,64 @@ +From 5b2fdc0c9b449ecec42078ac0e2b559efe7ee71d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 22 Nov 2020 04:36:52 +0900 +Subject: ARC: build: remove non-existing bootpImage from KBUILD_IMAGE + +From: Masahiro Yamada + +[ Upstream commit 9836720911cfec25d3fbdead1c438bf87e0f2841 ] + +The deb-pkg builds for ARCH=arc fail. + + $ export CROSS_COMPILE= + $ make -s ARCH=arc defconfig + $ make ARCH=arc bindeb-pkg + SORTTAB vmlinux + SYSMAP System.map + MODPOST Module.symvers + make KERNELRELEASE=5.10.0-rc4 ARCH=arc KBUILD_BUILD_VERSION=2 -f ./Makefile intdeb-pkg + sh ./scripts/package/builddeb + cp: cannot stat 'arch/arc/boot/bootpImage': No such file or directory + make[4]: *** [scripts/Makefile.package:87: intdeb-pkg] Error 1 + make[3]: *** [Makefile:1527: intdeb-pkg] Error 2 + make[2]: *** [debian/rules:13: binary-arch] Error 2 + dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2 + make[1]: *** [scripts/Makefile.package:83: bindeb-pkg] Error 2 + make: *** [Makefile:1527: bindeb-pkg] Error 2 + +The reason is obvious; arch/arc/Makefile sets $(boot)/bootpImage as +the default image, but there is no rule to build it. + +Remove the meaningless KBUILD_IMAGE assignment so it will fallback +to the default vmlinux. With this change, you can build the deb package. + +I removed the 'bootpImage' target as well. At best, it provides +'make bootpImage' as an alias of 'make vmlinux', but I do not see +much sense in doing so. + +Signed-off-by: Masahiro Yamada +Signed-off-by: Vineet Gupta +Signed-off-by: Sasha Levin +--- + arch/arc/Makefile | 6 ------ + 1 file changed, 6 deletions(-) + +diff --git a/arch/arc/Makefile b/arch/arc/Makefile +index 2917f56f0ea43..98d31b701a97c 100644 +--- a/arch/arc/Makefile ++++ b/arch/arc/Makefile +@@ -99,12 +99,6 @@ libs-y += arch/arc/lib/ $(LIBGCC) + + boot := arch/arc/boot + +-#default target for make without any arguments. +-KBUILD_IMAGE := $(boot)/bootpImage +- +-all: bootpImage +-bootpImage: vmlinux +- + boot_targets += uImage uImage.bin uImage.gz + + $(boot_targets): vmlinux +-- +2.27.0 + diff --git a/queue-4.14/arch-arc-add-copy_user_page-to-asm-page.h-to-fix-bui.patch b/queue-4.14/arch-arc-add-copy_user_page-to-asm-page.h-to-fix-bui.patch new file mode 100644 index 00000000000..3423d41cd53 --- /dev/null +++ b/queue-4.14/arch-arc-add-copy_user_page-to-asm-page.h-to-fix-bui.patch @@ -0,0 +1,51 @@ +From 25084fed4a9495eaec70553616d597a9718227ae Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 4 Jan 2021 19:44:53 -0800 +Subject: arch/arc: add copy_user_page() to to fix build error on + ARC + +From: Randy Dunlap + +[ Upstream commit 8a48c0a3360bf2bf4f40c980d0ec216e770e58ee ] + +fs/dax.c uses copy_user_page() but ARC does not provide that interface, +resulting in a build error. + +Provide copy_user_page() in . + +../fs/dax.c: In function 'copy_cow_page_dax': +../fs/dax.c:702:2: error: implicit declaration of function 'copy_user_page'; did you mean 'copy_to_user_page'? [-Werror=implicit-function-declaration] + +Reported-by: kernel test robot +Signed-off-by: Randy Dunlap +Cc: Vineet Gupta +Cc: linux-snps-arc@lists.infradead.org +Cc: Dan Williams +#Acked-by: Vineet Gupta # v1 +Cc: Andrew Morton +Cc: Matthew Wilcox +Cc: Jan Kara +Cc: linux-fsdevel@vger.kernel.org +Cc: linux-nvdimm@lists.01.org +#Reviewed-by: Ira Weiny # v2 +Signed-off-by: Vineet Gupta +Signed-off-by: Sasha Levin +--- + arch/arc/include/asm/page.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/arc/include/asm/page.h b/arch/arc/include/asm/page.h +index 09ddddf71cc50..a70fef79c4055 100644 +--- a/arch/arc/include/asm/page.h ++++ b/arch/arc/include/asm/page.h +@@ -13,6 +13,7 @@ + #ifndef __ASSEMBLY__ + + #define clear_page(paddr) memset((paddr), 0, PAGE_SIZE) ++#define copy_user_page(to, from, vaddr, pg) copy_page(to, from) + #define copy_page(to, from) memcpy((to), (from), PAGE_SIZE) + + struct vm_area_struct; +-- +2.27.0 + diff --git a/queue-4.14/arm-picoxcell-fix-missing-interrupt-parent-propertie.patch b/queue-4.14/arm-picoxcell-fix-missing-interrupt-parent-propertie.patch new file mode 100644 index 00000000000..316e36d989d --- /dev/null +++ b/queue-4.14/arm-picoxcell-fix-missing-interrupt-parent-propertie.patch @@ -0,0 +1,66 @@ +From 22aa7a1e98313e8f3c51025b63a4858547374991 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 30 Dec 2020 16:20:05 +0100 +Subject: ARM: picoxcell: fix missing interrupt-parent properties + +From: Arnd Bergmann + +[ Upstream commit bac717171971176b78c72d15a8b6961764ab197f ] + +dtc points out that the interrupts for some devices are not parsable: + +picoxcell-pc3x2.dtsi:45.19-49.5: Warning (interrupts_property): /paxi/gem@30000: Missing interrupt-parent +picoxcell-pc3x2.dtsi:51.21-55.5: Warning (interrupts_property): /paxi/dmac@40000: Missing interrupt-parent +picoxcell-pc3x2.dtsi:57.21-61.5: Warning (interrupts_property): /paxi/dmac@50000: Missing interrupt-parent +picoxcell-pc3x2.dtsi:233.21-237.5: Warning (interrupts_property): /rwid-axi/axi2pico@c0000000: Missing interrupt-parent + +There are two VIC instances, so it's not clear which one needs to be +used. I found the BSP sources that reference VIC0, so use that: + +https://github.com/r1mikey/meta-picoxcell/blob/master/recipes-kernel/linux/linux-picochip-3.0/0001-picoxcell-support-for-Picochip-picoXcell-SoC.patch + +Acked-by: Jamie Iles +Link: https://lore.kernel.org/r/20201230152010.3914962-1-arnd@kernel.org' +Signed-off-by: Arnd Bergmann +Signed-off-by: Sasha Levin +--- + arch/arm/boot/dts/picoxcell-pc3x2.dtsi | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/arch/arm/boot/dts/picoxcell-pc3x2.dtsi b/arch/arm/boot/dts/picoxcell-pc3x2.dtsi +index 533919e96eaee..f22a6b4363177 100644 +--- a/arch/arm/boot/dts/picoxcell-pc3x2.dtsi ++++ b/arch/arm/boot/dts/picoxcell-pc3x2.dtsi +@@ -54,18 +54,21 @@ + emac: gem@30000 { + compatible = "cadence,gem"; + reg = <0x30000 0x10000>; ++ interrupt-parent = <&vic0>; + interrupts = <31>; + }; + + dmac1: dmac@40000 { + compatible = "snps,dw-dmac"; + reg = <0x40000 0x10000>; ++ interrupt-parent = <&vic0>; + interrupts = <25>; + }; + + dmac2: dmac@50000 { + compatible = "snps,dw-dmac"; + reg = <0x50000 0x10000>; ++ interrupt-parent = <&vic0>; + interrupts = <26>; + }; + +@@ -243,6 +246,7 @@ + axi2pico@c0000000 { + compatible = "picochip,axi2pico-pc3x2"; + reg = <0xc0000000 0x10000>; ++ interrupt-parent = <&vic0>; + interrupts = <13 14 15 16 17 18 19 20 21>; + }; + }; +-- +2.27.0 + diff --git a/queue-4.14/btrfs-fix-transaction-leak-and-crash-after-ro-remoun.patch b/queue-4.14/btrfs-fix-transaction-leak-and-crash-after-ro-remoun.patch new file mode 100644 index 00000000000..8fe683c9ce3 --- /dev/null +++ b/queue-4.14/btrfs-fix-transaction-leak-and-crash-after-ro-remoun.patch @@ -0,0 +1,685 @@ +From 28072ed0dd919778c2636cc9d59cb55941e01c9b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 14 Dec 2020 10:10:45 +0000 +Subject: btrfs: fix transaction leak and crash after RO remount caused by + qgroup rescan + +From: Filipe Manana + +[ Upstream commit cb13eea3b49055bd78e6ddf39defd6340f7379fc ] + +If we remount a filesystem in RO mode while the qgroup rescan worker is +running, we can end up having it still running after the remount is done, +and at unmount time we may end up with an open transaction that ends up +never getting committed. If that happens we end up with several memory +leaks and can crash when hardware acceleration is unavailable for crc32c. +Possibly it can lead to other nasty surprises too, due to use-after-free +issues. + +The following steps explain how the problem happens. + +1) We have a filesystem mounted in RW mode and the qgroup rescan worker is + running; + +2) We remount the filesystem in RO mode, and never stop/pause the rescan + worker, so after the remount the rescan worker is still running. The + important detail here is that the rescan task is still running after + the remount operation committed any ongoing transaction through its + call to btrfs_commit_super(); + +3) The rescan is still running, and after the remount completed, the + rescan worker started a transaction, after it finished iterating all + leaves of the extent tree, to update the qgroup status item in the + quotas tree. It does not commit the transaction, it only releases its + handle on the transaction; + +4) A filesystem unmount operation starts shortly after; + +5) The unmount task, at close_ctree(), stops the transaction kthread, + which had not had a chance to commit the open transaction since it was + sleeping and the commit interval (default of 30 seconds) has not yet + elapsed since the last time it committed a transaction; + +6) So after stopping the transaction kthread we still have the transaction + used to update the qgroup status item open. At close_ctree(), when the + filesystem is in RO mode and no transaction abort happened (or the + filesystem is in error mode), we do not expect to have any transaction + open, so we do not call btrfs_commit_super(); + +7) We then proceed to destroy the work queues, free the roots and block + groups, etc. After that we drop the last reference on the btree inode + by calling iput() on it. Since there are dirty pages for the btree + inode, corresponding to the COWed extent buffer for the quotas btree, + btree_write_cache_pages() is invoked to flush those dirty pages. This + results in creating a bio and submitting it, which makes us end up at + btrfs_submit_metadata_bio(); + +8) At btrfs_submit_metadata_bio() we end up at the if-then-else branch + that calls btrfs_wq_submit_bio(), because check_async_write() returned + a value of 1. This value of 1 is because we did not have hardware + acceleration available for crc32c, so BTRFS_FS_CSUM_IMPL_FAST was not + set in fs_info->flags; + +9) Then at btrfs_wq_submit_bio() we call btrfs_queue_work() against the + workqueue at fs_info->workers, which was already freed before by the + call to btrfs_stop_all_workers() at close_ctree(). This results in an + invalid memory access due to a use-after-free, leading to a crash. + +When this happens, before the crash there are several warnings triggered, +since we have reserved metadata space in a block group, the delayed refs +reservation, etc: + + ------------[ cut here ]------------ + WARNING: CPU: 4 PID: 1729896 at fs/btrfs/block-group.c:125 btrfs_put_block_group+0x63/0xa0 [btrfs] + Modules linked in: btrfs dm_snapshot dm_thin_pool (...) + CPU: 4 PID: 1729896 Comm: umount Tainted: G B W 5.10.0-rc4-btrfs-next-73 #1 + Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 + RIP: 0010:btrfs_put_block_group+0x63/0xa0 [btrfs] + Code: f0 01 00 00 48 39 c2 75 (...) + RSP: 0018:ffffb270826bbdd8 EFLAGS: 00010206 + RAX: 0000000000000001 RBX: ffff947ed73e4000 RCX: ffff947ebc8b29c8 + RDX: 0000000000000001 RSI: ffffffffc0b150a0 RDI: ffff947ebc8b2800 + RBP: ffff947ebc8b2800 R08: 0000000000000000 R09: 0000000000000000 + R10: 0000000000000000 R11: 0000000000000001 R12: ffff947ed73e4110 + R13: ffff947ed73e4160 R14: ffff947ebc8b2988 R15: dead000000000100 + FS: 00007f15edfea840(0000) GS:ffff9481ad600000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 00007f37e2893320 CR3: 0000000138f68001 CR4: 00000000003706e0 + DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 + DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 + Call Trace: + btrfs_free_block_groups+0x17f/0x2f0 [btrfs] + close_ctree+0x2ba/0x2fa [btrfs] + generic_shutdown_super+0x6c/0x100 + kill_anon_super+0x14/0x30 + btrfs_kill_super+0x12/0x20 [btrfs] + deactivate_locked_super+0x31/0x70 + cleanup_mnt+0x100/0x160 + task_work_run+0x68/0xb0 + exit_to_user_mode_prepare+0x1bb/0x1c0 + syscall_exit_to_user_mode+0x4b/0x260 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + RIP: 0033:0x7f15ee221ee7 + Code: ff 0b 00 f7 d8 64 89 01 48 (...) + RSP: 002b:00007ffe9470f0f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 + RAX: 0000000000000000 RBX: 00007f15ee347264 RCX: 00007f15ee221ee7 + RDX: ffffffffffffff78 RSI: 0000000000000000 RDI: 000056169701d000 + RBP: 0000561697018a30 R08: 0000000000000000 R09: 00007f15ee2e2be0 + R10: 000056169701efe0 R11: 0000000000000246 R12: 0000000000000000 + R13: 000056169701d000 R14: 0000561697018b40 R15: 0000561697018c60 + irq event stamp: 0 + hardirqs last enabled at (0): [<0000000000000000>] 0x0 + hardirqs last disabled at (0): [] copy_process+0x8a0/0x1d70 + softirqs last enabled at (0): [] copy_process+0x8a0/0x1d70 + softirqs last disabled at (0): [<0000000000000000>] 0x0 + ---[ end trace dd74718fef1ed5c6 ]--- + ------------[ cut here ]------------ + WARNING: CPU: 2 PID: 1729896 at fs/btrfs/block-rsv.c:459 btrfs_release_global_block_rsv+0x70/0xc0 [btrfs] + Modules linked in: btrfs dm_snapshot dm_thin_pool (...) + CPU: 2 PID: 1729896 Comm: umount Tainted: G B W 5.10.0-rc4-btrfs-next-73 #1 + Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 + RIP: 0010:btrfs_release_global_block_rsv+0x70/0xc0 [btrfs] + Code: 48 83 bb b0 03 00 00 00 (...) + RSP: 0018:ffffb270826bbdd8 EFLAGS: 00010206 + RAX: 000000000033c000 RBX: ffff947ed73e4000 RCX: 0000000000000000 + RDX: 0000000000000001 RSI: ffffffffc0b0d8c1 RDI: 00000000ffffffff + RBP: ffff947ebc8b7000 R08: 0000000000000001 R09: 0000000000000000 + R10: 0000000000000000 R11: 0000000000000001 R12: ffff947ed73e4110 + R13: ffff947ed73e5278 R14: dead000000000122 R15: dead000000000100 + FS: 00007f15edfea840(0000) GS:ffff9481aca00000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 0000561a79f76e20 CR3: 0000000138f68006 CR4: 00000000003706e0 + DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 + DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 + Call Trace: + btrfs_free_block_groups+0x24c/0x2f0 [btrfs] + close_ctree+0x2ba/0x2fa [btrfs] + generic_shutdown_super+0x6c/0x100 + kill_anon_super+0x14/0x30 + btrfs_kill_super+0x12/0x20 [btrfs] + deactivate_locked_super+0x31/0x70 + cleanup_mnt+0x100/0x160 + task_work_run+0x68/0xb0 + exit_to_user_mode_prepare+0x1bb/0x1c0 + syscall_exit_to_user_mode+0x4b/0x260 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + RIP: 0033:0x7f15ee221ee7 + Code: ff 0b 00 f7 d8 64 89 01 (...) + RSP: 002b:00007ffe9470f0f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 + RAX: 0000000000000000 RBX: 00007f15ee347264 RCX: 00007f15ee221ee7 + RDX: ffffffffffffff78 RSI: 0000000000000000 RDI: 000056169701d000 + RBP: 0000561697018a30 R08: 0000000000000000 R09: 00007f15ee2e2be0 + R10: 000056169701efe0 R11: 0000000000000246 R12: 0000000000000000 + R13: 000056169701d000 R14: 0000561697018b40 R15: 0000561697018c60 + irq event stamp: 0 + hardirqs last enabled at (0): [<0000000000000000>] 0x0 + hardirqs last disabled at (0): [] copy_process+0x8a0/0x1d70 + softirqs last enabled at (0): [] copy_process+0x8a0/0x1d70 + softirqs last disabled at (0): [<0000000000000000>] 0x0 + ---[ end trace dd74718fef1ed5c7 ]--- + ------------[ cut here ]------------ + WARNING: CPU: 2 PID: 1729896 at fs/btrfs/block-group.c:3377 btrfs_free_block_groups+0x25d/0x2f0 [btrfs] + Modules linked in: btrfs dm_snapshot dm_thin_pool (...) + CPU: 5 PID: 1729896 Comm: umount Tainted: G B W 5.10.0-rc4-btrfs-next-73 #1 + Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 + RIP: 0010:btrfs_free_block_groups+0x25d/0x2f0 [btrfs] + Code: ad de 49 be 22 01 00 (...) + RSP: 0018:ffffb270826bbde8 EFLAGS: 00010206 + RAX: ffff947ebeae1d08 RBX: ffff947ed73e4000 RCX: 0000000000000000 + RDX: 0000000000000001 RSI: ffff947e9d823ae8 RDI: 0000000000000246 + RBP: ffff947ebeae1d08 R08: 0000000000000000 R09: 0000000000000000 + R10: 0000000000000000 R11: 0000000000000001 R12: ffff947ebeae1c00 + R13: ffff947ed73e5278 R14: dead000000000122 R15: dead000000000100 + FS: 00007f15edfea840(0000) GS:ffff9481ad200000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 00007f1475d98ea8 CR3: 0000000138f68005 CR4: 00000000003706e0 + DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 + DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 + Call Trace: + close_ctree+0x2ba/0x2fa [btrfs] + generic_shutdown_super+0x6c/0x100 + kill_anon_super+0x14/0x30 + btrfs_kill_super+0x12/0x20 [btrfs] + deactivate_locked_super+0x31/0x70 + cleanup_mnt+0x100/0x160 + task_work_run+0x68/0xb0 + exit_to_user_mode_prepare+0x1bb/0x1c0 + syscall_exit_to_user_mode+0x4b/0x260 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + RIP: 0033:0x7f15ee221ee7 + Code: ff 0b 00 f7 d8 64 89 (...) + RSP: 002b:00007ffe9470f0f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 + RAX: 0000000000000000 RBX: 00007f15ee347264 RCX: 00007f15ee221ee7 + RDX: ffffffffffffff78 RSI: 0000000000000000 RDI: 000056169701d000 + RBP: 0000561697018a30 R08: 0000000000000000 R09: 00007f15ee2e2be0 + R10: 000056169701efe0 R11: 0000000000000246 R12: 0000000000000000 + R13: 000056169701d000 R14: 0000561697018b40 R15: 0000561697018c60 + irq event stamp: 0 + hardirqs last enabled at (0): [<0000000000000000>] 0x0 + hardirqs last disabled at (0): [] copy_process+0x8a0/0x1d70 + softirqs last enabled at (0): [] copy_process+0x8a0/0x1d70 + softirqs last disabled at (0): [<0000000000000000>] 0x0 + ---[ end trace dd74718fef1ed5c8 ]--- + BTRFS info (device sdc): space_info 4 has 268238848 free, is not full + BTRFS info (device sdc): space_info total=268435456, used=114688, pinned=0, reserved=16384, may_use=0, readonly=65536 + BTRFS info (device sdc): global_block_rsv: size 0 reserved 0 + BTRFS info (device sdc): trans_block_rsv: size 0 reserved 0 + BTRFS info (device sdc): chunk_block_rsv: size 0 reserved 0 + BTRFS info (device sdc): delayed_block_rsv: size 0 reserved 0 + BTRFS info (device sdc): delayed_refs_rsv: size 524288 reserved 0 + +And the crash, which only happens when we do not have crc32c hardware +acceleration, produces the following trace immediately after those +warnings: + + stack segment: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI + CPU: 2 PID: 1749129 Comm: umount Tainted: G B W 5.10.0-rc4-btrfs-next-73 #1 + Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 + RIP: 0010:btrfs_queue_work+0x36/0x190 [btrfs] + Code: 54 55 53 48 89 f3 (...) + RSP: 0018:ffffb27082443ae8 EFLAGS: 00010282 + RAX: 0000000000000004 RBX: ffff94810ee9ad90 RCX: 0000000000000000 + RDX: 0000000000000001 RSI: ffff94810ee9ad90 RDI: ffff947ed8ee75a0 + RBP: a56b6b6b6b6b6b6b R08: 0000000000000000 R09: 0000000000000000 + R10: 0000000000000007 R11: 0000000000000001 R12: ffff947fa9b435a8 + R13: ffff94810ee9ad90 R14: 0000000000000000 R15: ffff947e93dc0000 + FS: 00007f3cfe974840(0000) GS:ffff9481ac600000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 00007f1b42995a70 CR3: 0000000127638003 CR4: 00000000003706e0 + DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 + DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 + Call Trace: + btrfs_wq_submit_bio+0xb3/0xd0 [btrfs] + btrfs_submit_metadata_bio+0x44/0xc0 [btrfs] + submit_one_bio+0x61/0x70 [btrfs] + btree_write_cache_pages+0x414/0x450 [btrfs] + ? kobject_put+0x9a/0x1d0 + ? trace_hardirqs_on+0x1b/0xf0 + ? _raw_spin_unlock_irqrestore+0x3c/0x60 + ? free_debug_processing+0x1e1/0x2b0 + do_writepages+0x43/0xe0 + ? lock_acquired+0x199/0x490 + __writeback_single_inode+0x59/0x650 + writeback_single_inode+0xaf/0x120 + write_inode_now+0x94/0xd0 + iput+0x187/0x2b0 + close_ctree+0x2c6/0x2fa [btrfs] + generic_shutdown_super+0x6c/0x100 + kill_anon_super+0x14/0x30 + btrfs_kill_super+0x12/0x20 [btrfs] + deactivate_locked_super+0x31/0x70 + cleanup_mnt+0x100/0x160 + task_work_run+0x68/0xb0 + exit_to_user_mode_prepare+0x1bb/0x1c0 + syscall_exit_to_user_mode+0x4b/0x260 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + RIP: 0033:0x7f3cfebabee7 + Code: ff 0b 00 f7 d8 64 89 01 (...) + RSP: 002b:00007ffc9c9a05f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 + RAX: 0000000000000000 RBX: 00007f3cfecd1264 RCX: 00007f3cfebabee7 + RDX: ffffffffffffff78 RSI: 0000000000000000 RDI: 0000562b6b478000 + RBP: 0000562b6b473a30 R08: 0000000000000000 R09: 00007f3cfec6cbe0 + R10: 0000562b6b479fe0 R11: 0000000000000246 R12: 0000000000000000 + R13: 0000562b6b478000 R14: 0000562b6b473b40 R15: 0000562b6b473c60 + Modules linked in: btrfs dm_snapshot dm_thin_pool (...) + ---[ end trace dd74718fef1ed5cc ]--- + +Finally when we remove the btrfs module (rmmod btrfs), there are several +warnings about objects that were allocated from our slabs but were never +freed, consequence of the transaction that was never committed and got +leaked: + + ============================================================================= + BUG btrfs_delayed_ref_head (Tainted: G B W ): Objects remaining in btrfs_delayed_ref_head on __kmem_cache_shutdown() + ----------------------------------------------------------------------------- + + INFO: Slab 0x0000000094c2ae56 objects=24 used=2 fp=0x000000002bfa2521 flags=0x17fffc000010200 + CPU: 5 PID: 1729921 Comm: rmmod Tainted: G B W 5.10.0-rc4-btrfs-next-73 #1 + Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 + Call Trace: + dump_stack+0x8d/0xb5 + slab_err+0xb7/0xdc + ? lock_acquired+0x199/0x490 + __kmem_cache_shutdown+0x1ac/0x3c0 + ? lock_release+0x20e/0x4c0 + kmem_cache_destroy+0x55/0x120 + btrfs_delayed_ref_exit+0x11/0x35 [btrfs] + exit_btrfs_fs+0xa/0x59 [btrfs] + __x64_sys_delete_module+0x194/0x260 + ? fpregs_assert_state_consistent+0x1e/0x40 + ? exit_to_user_mode_prepare+0x55/0x1c0 + ? trace_hardirqs_on+0x1b/0xf0 + do_syscall_64+0x33/0x80 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + RIP: 0033:0x7f693e305897 + Code: 73 01 c3 48 8b 0d f9 f5 (...) + RSP: 002b:00007ffcf73eb508 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0 + RAX: ffffffffffffffda RBX: 0000559df504f760 RCX: 00007f693e305897 + RDX: 000000000000000a RSI: 0000000000000800 RDI: 0000559df504f7c8 + RBP: 00007ffcf73eb568 R08: 0000000000000000 R09: 0000000000000000 + R10: 00007f693e378ac0 R11: 0000000000000206 R12: 00007ffcf73eb740 + R13: 00007ffcf73ec5a6 R14: 0000559df504f2a0 R15: 0000559df504f760 + INFO: Object 0x0000000050cbdd61 @offset=12104 + INFO: Allocated in btrfs_add_delayed_tree_ref+0xbb/0x480 [btrfs] age=1894 cpu=6 pid=1729873 + __slab_alloc.isra.0+0x109/0x1c0 + kmem_cache_alloc+0x7bb/0x830 + btrfs_add_delayed_tree_ref+0xbb/0x480 [btrfs] + btrfs_free_tree_block+0x128/0x360 [btrfs] + __btrfs_cow_block+0x489/0x5f0 [btrfs] + btrfs_cow_block+0xf7/0x220 [btrfs] + btrfs_search_slot+0x62a/0xc40 [btrfs] + btrfs_del_orphan_item+0x65/0xd0 [btrfs] + btrfs_find_orphan_roots+0x1bf/0x200 [btrfs] + open_ctree+0x125a/0x18a0 [btrfs] + btrfs_mount_root.cold+0x13/0xed [btrfs] + legacy_get_tree+0x30/0x60 + vfs_get_tree+0x28/0xe0 + fc_mount+0xe/0x40 + vfs_kern_mount.part.0+0x71/0x90 + btrfs_mount+0x13b/0x3e0 [btrfs] + INFO: Freed in __btrfs_run_delayed_refs+0x1117/0x1290 [btrfs] age=4292 cpu=2 pid=1729526 + kmem_cache_free+0x34c/0x3c0 + __btrfs_run_delayed_refs+0x1117/0x1290 [btrfs] + btrfs_run_delayed_refs+0x81/0x210 [btrfs] + commit_cowonly_roots+0xfb/0x300 [btrfs] + btrfs_commit_transaction+0x367/0xc40 [btrfs] + sync_filesystem+0x74/0x90 + generic_shutdown_super+0x22/0x100 + kill_anon_super+0x14/0x30 + btrfs_kill_super+0x12/0x20 [btrfs] + deactivate_locked_super+0x31/0x70 + cleanup_mnt+0x100/0x160 + task_work_run+0x68/0xb0 + exit_to_user_mode_prepare+0x1bb/0x1c0 + syscall_exit_to_user_mode+0x4b/0x260 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + INFO: Object 0x0000000086e9b0ff @offset=12776 + INFO: Allocated in btrfs_add_delayed_tree_ref+0xbb/0x480 [btrfs] age=1900 cpu=6 pid=1729873 + __slab_alloc.isra.0+0x109/0x1c0 + kmem_cache_alloc+0x7bb/0x830 + btrfs_add_delayed_tree_ref+0xbb/0x480 [btrfs] + btrfs_alloc_tree_block+0x2bf/0x360 [btrfs] + alloc_tree_block_no_bg_flush+0x4f/0x60 [btrfs] + __btrfs_cow_block+0x12d/0x5f0 [btrfs] + btrfs_cow_block+0xf7/0x220 [btrfs] + btrfs_search_slot+0x62a/0xc40 [btrfs] + btrfs_del_orphan_item+0x65/0xd0 [btrfs] + btrfs_find_orphan_roots+0x1bf/0x200 [btrfs] + open_ctree+0x125a/0x18a0 [btrfs] + btrfs_mount_root.cold+0x13/0xed [btrfs] + legacy_get_tree+0x30/0x60 + vfs_get_tree+0x28/0xe0 + fc_mount+0xe/0x40 + vfs_kern_mount.part.0+0x71/0x90 + INFO: Freed in __btrfs_run_delayed_refs+0x1117/0x1290 [btrfs] age=3141 cpu=6 pid=1729803 + kmem_cache_free+0x34c/0x3c0 + __btrfs_run_delayed_refs+0x1117/0x1290 [btrfs] + btrfs_run_delayed_refs+0x81/0x210 [btrfs] + btrfs_write_dirty_block_groups+0x17d/0x3d0 [btrfs] + commit_cowonly_roots+0x248/0x300 [btrfs] + btrfs_commit_transaction+0x367/0xc40 [btrfs] + close_ctree+0x113/0x2fa [btrfs] + generic_shutdown_super+0x6c/0x100 + kill_anon_super+0x14/0x30 + btrfs_kill_super+0x12/0x20 [btrfs] + deactivate_locked_super+0x31/0x70 + cleanup_mnt+0x100/0x160 + task_work_run+0x68/0xb0 + exit_to_user_mode_prepare+0x1bb/0x1c0 + syscall_exit_to_user_mode+0x4b/0x260 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + kmem_cache_destroy btrfs_delayed_ref_head: Slab cache still has objects + CPU: 5 PID: 1729921 Comm: rmmod Tainted: G B W 5.10.0-rc4-btrfs-next-73 #1 + Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 + Call Trace: + dump_stack+0x8d/0xb5 + kmem_cache_destroy+0x119/0x120 + btrfs_delayed_ref_exit+0x11/0x35 [btrfs] + exit_btrfs_fs+0xa/0x59 [btrfs] + __x64_sys_delete_module+0x194/0x260 + ? fpregs_assert_state_consistent+0x1e/0x40 + ? exit_to_user_mode_prepare+0x55/0x1c0 + ? trace_hardirqs_on+0x1b/0xf0 + do_syscall_64+0x33/0x80 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + RIP: 0033:0x7f693e305897 + Code: 73 01 c3 48 8b 0d f9 f5 0b (...) + RSP: 002b:00007ffcf73eb508 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0 + RAX: ffffffffffffffda RBX: 0000559df504f760 RCX: 00007f693e305897 + RDX: 000000000000000a RSI: 0000000000000800 RDI: 0000559df504f7c8 + RBP: 00007ffcf73eb568 R08: 0000000000000000 R09: 0000000000000000 + R10: 00007f693e378ac0 R11: 0000000000000206 R12: 00007ffcf73eb740 + R13: 00007ffcf73ec5a6 R14: 0000559df504f2a0 R15: 0000559df504f760 + ============================================================================= + BUG btrfs_delayed_tree_ref (Tainted: G B W ): Objects remaining in btrfs_delayed_tree_ref on __kmem_cache_shutdown() + ----------------------------------------------------------------------------- + + INFO: Slab 0x0000000011f78dc0 objects=37 used=2 fp=0x0000000032d55d91 flags=0x17fffc000010200 + CPU: 3 PID: 1729921 Comm: rmmod Tainted: G B W 5.10.0-rc4-btrfs-next-73 #1 + Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 + Call Trace: + dump_stack+0x8d/0xb5 + slab_err+0xb7/0xdc + ? lock_acquired+0x199/0x490 + __kmem_cache_shutdown+0x1ac/0x3c0 + ? lock_release+0x20e/0x4c0 + kmem_cache_destroy+0x55/0x120 + btrfs_delayed_ref_exit+0x1d/0x35 [btrfs] + exit_btrfs_fs+0xa/0x59 [btrfs] + __x64_sys_delete_module+0x194/0x260 + ? fpregs_assert_state_consistent+0x1e/0x40 + ? exit_to_user_mode_prepare+0x55/0x1c0 + ? trace_hardirqs_on+0x1b/0xf0 + do_syscall_64+0x33/0x80 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + RIP: 0033:0x7f693e305897 + Code: 73 01 c3 48 8b 0d f9 f5 (...) + RSP: 002b:00007ffcf73eb508 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0 + RAX: ffffffffffffffda RBX: 0000559df504f760 RCX: 00007f693e305897 + RDX: 000000000000000a RSI: 0000000000000800 RDI: 0000559df504f7c8 + RBP: 00007ffcf73eb568 R08: 0000000000000000 R09: 0000000000000000 + R10: 00007f693e378ac0 R11: 0000000000000206 R12: 00007ffcf73eb740 + R13: 00007ffcf73ec5a6 R14: 0000559df504f2a0 R15: 0000559df504f760 + INFO: Object 0x000000001a340018 @offset=4408 + INFO: Allocated in btrfs_add_delayed_tree_ref+0x9e/0x480 [btrfs] age=1917 cpu=6 pid=1729873 + __slab_alloc.isra.0+0x109/0x1c0 + kmem_cache_alloc+0x7bb/0x830 + btrfs_add_delayed_tree_ref+0x9e/0x480 [btrfs] + btrfs_free_tree_block+0x128/0x360 [btrfs] + __btrfs_cow_block+0x489/0x5f0 [btrfs] + btrfs_cow_block+0xf7/0x220 [btrfs] + btrfs_search_slot+0x62a/0xc40 [btrfs] + btrfs_del_orphan_item+0x65/0xd0 [btrfs] + btrfs_find_orphan_roots+0x1bf/0x200 [btrfs] + open_ctree+0x125a/0x18a0 [btrfs] + btrfs_mount_root.cold+0x13/0xed [btrfs] + legacy_get_tree+0x30/0x60 + vfs_get_tree+0x28/0xe0 + fc_mount+0xe/0x40 + vfs_kern_mount.part.0+0x71/0x90 + btrfs_mount+0x13b/0x3e0 [btrfs] + INFO: Freed in __btrfs_run_delayed_refs+0x63d/0x1290 [btrfs] age=4167 cpu=4 pid=1729795 + kmem_cache_free+0x34c/0x3c0 + __btrfs_run_delayed_refs+0x63d/0x1290 [btrfs] + btrfs_run_delayed_refs+0x81/0x210 [btrfs] + btrfs_commit_transaction+0x60/0xc40 [btrfs] + create_subvol+0x56a/0x990 [btrfs] + btrfs_mksubvol+0x3fb/0x4a0 [btrfs] + __btrfs_ioctl_snap_create+0x119/0x1a0 [btrfs] + btrfs_ioctl_snap_create+0x58/0x80 [btrfs] + btrfs_ioctl+0x1a92/0x36f0 [btrfs] + __x64_sys_ioctl+0x83/0xb0 + do_syscall_64+0x33/0x80 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + INFO: Object 0x000000002b46292a @offset=13648 + INFO: Allocated in btrfs_add_delayed_tree_ref+0x9e/0x480 [btrfs] age=1923 cpu=6 pid=1729873 + __slab_alloc.isra.0+0x109/0x1c0 + kmem_cache_alloc+0x7bb/0x830 + btrfs_add_delayed_tree_ref+0x9e/0x480 [btrfs] + btrfs_alloc_tree_block+0x2bf/0x360 [btrfs] + alloc_tree_block_no_bg_flush+0x4f/0x60 [btrfs] + __btrfs_cow_block+0x12d/0x5f0 [btrfs] + btrfs_cow_block+0xf7/0x220 [btrfs] + btrfs_search_slot+0x62a/0xc40 [btrfs] + btrfs_del_orphan_item+0x65/0xd0 [btrfs] + btrfs_find_orphan_roots+0x1bf/0x200 [btrfs] + open_ctree+0x125a/0x18a0 [btrfs] + btrfs_mount_root.cold+0x13/0xed [btrfs] + legacy_get_tree+0x30/0x60 + vfs_get_tree+0x28/0xe0 + fc_mount+0xe/0x40 + vfs_kern_mount.part.0+0x71/0x90 + INFO: Freed in __btrfs_run_delayed_refs+0x63d/0x1290 [btrfs] age=3164 cpu=6 pid=1729803 + kmem_cache_free+0x34c/0x3c0 + __btrfs_run_delayed_refs+0x63d/0x1290 [btrfs] + btrfs_run_delayed_refs+0x81/0x210 [btrfs] + commit_cowonly_roots+0xfb/0x300 [btrfs] + btrfs_commit_transaction+0x367/0xc40 [btrfs] + close_ctree+0x113/0x2fa [btrfs] + generic_shutdown_super+0x6c/0x100 + kill_anon_super+0x14/0x30 + btrfs_kill_super+0x12/0x20 [btrfs] + deactivate_locked_super+0x31/0x70 + cleanup_mnt+0x100/0x160 + task_work_run+0x68/0xb0 + exit_to_user_mode_prepare+0x1bb/0x1c0 + syscall_exit_to_user_mode+0x4b/0x260 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + kmem_cache_destroy btrfs_delayed_tree_ref: Slab cache still has objects + CPU: 5 PID: 1729921 Comm: rmmod Tainted: G B W 5.10.0-rc4-btrfs-next-73 #1 + Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 + Call Trace: + dump_stack+0x8d/0xb5 + kmem_cache_destroy+0x119/0x120 + btrfs_delayed_ref_exit+0x1d/0x35 [btrfs] + exit_btrfs_fs+0xa/0x59 [btrfs] + __x64_sys_delete_module+0x194/0x260 + ? fpregs_assert_state_consistent+0x1e/0x40 + ? exit_to_user_mode_prepare+0x55/0x1c0 + ? trace_hardirqs_on+0x1b/0xf0 + do_syscall_64+0x33/0x80 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + RIP: 0033:0x7f693e305897 + Code: 73 01 c3 48 8b 0d f9 f5 (...) + RSP: 002b:00007ffcf73eb508 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0 + RAX: ffffffffffffffda RBX: 0000559df504f760 RCX: 00007f693e305897 + RDX: 000000000000000a RSI: 0000000000000800 RDI: 0000559df504f7c8 + RBP: 00007ffcf73eb568 R08: 0000000000000000 R09: 0000000000000000 + R10: 00007f693e378ac0 R11: 0000000000000206 R12: 00007ffcf73eb740 + R13: 00007ffcf73ec5a6 R14: 0000559df504f2a0 R15: 0000559df504f760 + ============================================================================= + BUG btrfs_delayed_extent_op (Tainted: G B W ): Objects remaining in btrfs_delayed_extent_op on __kmem_cache_shutdown() + ----------------------------------------------------------------------------- + + INFO: Slab 0x00000000f145ce2f objects=22 used=1 fp=0x00000000af0f92cf flags=0x17fffc000010200 + CPU: 5 PID: 1729921 Comm: rmmod Tainted: G B W 5.10.0-rc4-btrfs-next-73 #1 + Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 + Call Trace: + dump_stack+0x8d/0xb5 + slab_err+0xb7/0xdc + ? lock_acquired+0x199/0x490 + __kmem_cache_shutdown+0x1ac/0x3c0 + ? __mutex_unlock_slowpath+0x45/0x2a0 + kmem_cache_destroy+0x55/0x120 + exit_btrfs_fs+0xa/0x59 [btrfs] + __x64_sys_delete_module+0x194/0x260 + ? fpregs_assert_state_consistent+0x1e/0x40 + ? exit_to_user_mode_prepare+0x55/0x1c0 + ? trace_hardirqs_on+0x1b/0xf0 + do_syscall_64+0x33/0x80 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + RIP: 0033:0x7f693e305897 + Code: 73 01 c3 48 8b 0d f9 f5 (...) + RSP: 002b:00007ffcf73eb508 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0 + RAX: ffffffffffffffda RBX: 0000559df504f760 RCX: 00007f693e305897 + RDX: 000000000000000a RSI: 0000000000000800 RDI: 0000559df504f7c8 + RBP: 00007ffcf73eb568 R08: 0000000000000000 R09: 0000000000000000 + R10: 00007f693e378ac0 R11: 0000000000000206 R12: 00007ffcf73eb740 + R13: 00007ffcf73ec5a6 R14: 0000559df504f2a0 R15: 0000559df504f760 + INFO: Object 0x000000004cf95ea8 @offset=6264 + INFO: Allocated in btrfs_alloc_tree_block+0x1e0/0x360 [btrfs] age=1931 cpu=6 pid=1729873 + __slab_alloc.isra.0+0x109/0x1c0 + kmem_cache_alloc+0x7bb/0x830 + btrfs_alloc_tree_block+0x1e0/0x360 [btrfs] + alloc_tree_block_no_bg_flush+0x4f/0x60 [btrfs] + __btrfs_cow_block+0x12d/0x5f0 [btrfs] + btrfs_cow_block+0xf7/0x220 [btrfs] + btrfs_search_slot+0x62a/0xc40 [btrfs] + btrfs_del_orphan_item+0x65/0xd0 [btrfs] + btrfs_find_orphan_roots+0x1bf/0x200 [btrfs] + open_ctree+0x125a/0x18a0 [btrfs] + btrfs_mount_root.cold+0x13/0xed [btrfs] + legacy_get_tree+0x30/0x60 + vfs_get_tree+0x28/0xe0 + fc_mount+0xe/0x40 + vfs_kern_mount.part.0+0x71/0x90 + btrfs_mount+0x13b/0x3e0 [btrfs] + INFO: Freed in __btrfs_run_delayed_refs+0xabd/0x1290 [btrfs] age=3173 cpu=6 pid=1729803 + kmem_cache_free+0x34c/0x3c0 + __btrfs_run_delayed_refs+0xabd/0x1290 [btrfs] + btrfs_run_delayed_refs+0x81/0x210 [btrfs] + commit_cowonly_roots+0xfb/0x300 [btrfs] + btrfs_commit_transaction+0x367/0xc40 [btrfs] + close_ctree+0x113/0x2fa [btrfs] + generic_shutdown_super+0x6c/0x100 + kill_anon_super+0x14/0x30 + btrfs_kill_super+0x12/0x20 [btrfs] + deactivate_locked_super+0x31/0x70 + cleanup_mnt+0x100/0x160 + task_work_run+0x68/0xb0 + exit_to_user_mode_prepare+0x1bb/0x1c0 + syscall_exit_to_user_mode+0x4b/0x260 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + kmem_cache_destroy btrfs_delayed_extent_op: Slab cache still has objects + CPU: 3 PID: 1729921 Comm: rmmod Tainted: G B W 5.10.0-rc4-btrfs-next-73 #1 + Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 + Call Trace: + dump_stack+0x8d/0xb5 + kmem_cache_destroy+0x119/0x120 + exit_btrfs_fs+0xa/0x59 [btrfs] + __x64_sys_delete_module+0x194/0x260 + ? fpregs_assert_state_consistent+0x1e/0x40 + ? exit_to_user_mode_prepare+0x55/0x1c0 + ? trace_hardirqs_on+0x1b/0xf0 + do_syscall_64+0x33/0x80 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + RIP: 0033:0x7f693e305897 + Code: 73 01 c3 48 8b 0d f9 (...) + RSP: 002b:00007ffcf73eb508 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0 + RAX: ffffffffffffffda RBX: 0000559df504f760 RCX: 00007f693e305897 + RDX: 000000000000000a RSI: 0000000000000800 RDI: 0000559df504f7c8 + RBP: 00007ffcf73eb568 R08: 0000000000000000 R09: 0000000000000000 + R10: 00007f693e378ac0 R11: 0000000000000206 R12: 00007ffcf73eb740 + R13: 00007ffcf73ec5a6 R14: 0000559df504f2a0 R15: 0000559df504f760 + BTRFS: state leak: start 30408704 end 30425087 state 1 in tree 1 refs 1 + +Fix this issue by having the remount path stop the qgroup rescan worker +when we are remounting RO and teach the rescan worker to stop when a +remount is in progress. If later a remount in RW mode happens, we are +already resuming the qgroup rescan worker through the call to +btrfs_qgroup_rescan_resume(), so we do not need to worry about that. + +Tested-by: Fabian Vogt +Reviewed-by: Josef Bacik +Signed-off-by: Filipe Manana +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Sasha Levin +--- + fs/btrfs/qgroup.c | 13 ++++++++++--- + fs/btrfs/super.c | 8 ++++++++ + 2 files changed, 18 insertions(+), 3 deletions(-) + +diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c +index 53f6bb5d0b72c..47c28983fd01f 100644 +--- a/fs/btrfs/qgroup.c ++++ b/fs/btrfs/qgroup.c +@@ -2614,6 +2614,12 @@ out: + return ret; + } + ++static bool rescan_should_stop(struct btrfs_fs_info *fs_info) ++{ ++ return btrfs_fs_closing(fs_info) || ++ test_bit(BTRFS_FS_STATE_REMOUNTING, &fs_info->fs_state); ++} ++ + static void btrfs_qgroup_rescan_worker(struct btrfs_work *work) + { + struct btrfs_fs_info *fs_info = container_of(work, struct btrfs_fs_info, +@@ -2622,13 +2628,14 @@ static void btrfs_qgroup_rescan_worker(struct btrfs_work *work) + struct btrfs_trans_handle *trans = NULL; + int err = -ENOMEM; + int ret = 0; ++ bool stopped = false; + + path = btrfs_alloc_path(); + if (!path) + goto out; + + err = 0; +- while (!err && !btrfs_fs_closing(fs_info)) { ++ while (!err && !(stopped = rescan_should_stop(fs_info))) { + trans = btrfs_start_transaction(fs_info->fs_root, 0); + if (IS_ERR(trans)) { + err = PTR_ERR(trans); +@@ -2671,7 +2678,7 @@ out: + } + + mutex_lock(&fs_info->qgroup_rescan_lock); +- if (!btrfs_fs_closing(fs_info)) ++ if (!stopped) + fs_info->qgroup_flags &= ~BTRFS_QGROUP_STATUS_FLAG_RESCAN; + if (trans) { + ret = update_qgroup_status_item(trans); +@@ -2690,7 +2697,7 @@ out: + + btrfs_end_transaction(trans); + +- if (btrfs_fs_closing(fs_info)) { ++ if (stopped) { + btrfs_info(fs_info, "qgroup scan paused"); + } else if (err >= 0) { + btrfs_info(fs_info, "qgroup scan completed%s", +diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c +index eb64d4b159e07..4edfd26594eda 100644 +--- a/fs/btrfs/super.c ++++ b/fs/btrfs/super.c +@@ -1784,6 +1784,14 @@ static int btrfs_remount(struct super_block *sb, int *flags, char *data) + btrfs_scrub_cancel(fs_info); + btrfs_pause_balance(fs_info); + ++ /* ++ * Pause the qgroup rescan worker if it is running. We don't want ++ * it to be still running after we are in RO mode, as after that, ++ * by the time we unmount, it might have left a transaction open, ++ * so we would leak the transaction and/or crash. ++ */ ++ btrfs_qgroup_wait_for_completion(fs_info, false); ++ + ret = btrfs_commit_super(fs_info); + if (ret) + goto restore; +-- +2.27.0 + diff --git a/queue-4.14/ethernet-ucc_geth-fix-definition-and-size-of-ucc_get.patch b/queue-4.14/ethernet-ucc_geth-fix-definition-and-size-of-ucc_get.patch new file mode 100644 index 00000000000..c00cadb93f8 --- /dev/null +++ b/queue-4.14/ethernet-ucc_geth-fix-definition-and-size-of-ucc_get.patch @@ -0,0 +1,64 @@ +From 21bf0ba1c216d0974a12b3db3ee95164e2881def Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 18 Dec 2020 11:55:37 +0100 +Subject: ethernet: ucc_geth: fix definition and size of + ucc_geth_tx_global_pram + +From: Rasmus Villemoes + +[ Upstream commit 887078de2a23689e29d6fa1b75d7cbc544c280be ] + +Table 8-53 in the QUICC Engine Reference manual shows definitions of +fields up to a size of 192 bytes, not just 128. But in table 8-111, +one does find the text + + Base Address of the Global Transmitter Parameter RAM Page. [...] + The user needs to allocate 128 bytes for this page. The address must + be aligned to the page size. + +I've checked both rev. 7 (11/2015) and rev. 9 (05/2018) of the manual; +they both have this inconsistency (and the table numbers are the +same). + +Adding a bit of debug printing, on my board the struct +ucc_geth_tx_global_pram is allocated at offset 0x880, while +the (opaque) ucc_geth_thread_data_tx gets allocated immediately +afterwards, at 0x900. So whatever the engine writes into the thread +data overlaps with the tail of the global tx pram (and devmem says +that something does get written during a simple ping). + +I haven't observed any failure that could be attributed to this, but +it seems to be the kind of thing that would be extremely hard to +debug. So extend the struct definition so that we do allocate 192 +bytes. + +Signed-off-by: Rasmus Villemoes +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/freescale/ucc_geth.h | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/freescale/ucc_geth.h b/drivers/net/ethernet/freescale/ucc_geth.h +index 5da19b440a6a8..bf25e49d4fe34 100644 +--- a/drivers/net/ethernet/freescale/ucc_geth.h ++++ b/drivers/net/ethernet/freescale/ucc_geth.h +@@ -580,7 +580,14 @@ struct ucc_geth_tx_global_pram { + u32 vtagtable[0x8]; /* 8 4-byte VLAN tags */ + u32 tqptr; /* a base pointer to the Tx Queues Memory + Region */ +- u8 res2[0x80 - 0x74]; ++ u8 res2[0x78 - 0x74]; ++ u64 snums_en; ++ u32 l2l3baseptr; /* top byte consists of a few other bit fields */ ++ ++ u16 mtu[8]; ++ u8 res3[0xa8 - 0x94]; ++ u32 wrrtablebase; /* top byte is reserved */ ++ u8 res4[0xc0 - 0xac]; + } __packed; + + /* structure representing Extended Filtering Global Parameters in PRAM */ +-- +2.27.0 + diff --git a/queue-4.14/misdn-dsp-select-config_bitreverse.patch b/queue-4.14/misdn-dsp-select-config_bitreverse.patch new file mode 100644 index 00000000000..1ac077d4966 --- /dev/null +++ b/queue-4.14/misdn-dsp-select-config_bitreverse.patch @@ -0,0 +1,37 @@ +From cf8b97e57e380497f3756d194320676ba4b5db02 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 3 Jan 2021 22:36:22 +0100 +Subject: misdn: dsp: select CONFIG_BITREVERSE + +From: Arnd Bergmann + +[ Upstream commit 51049bd903a81307f751babe15a1df8d197884e8 ] + +Without this, we run into a link error + +arm-linux-gnueabi-ld: drivers/isdn/mISDN/dsp_audio.o: in function `dsp_audio_generate_law_tables': +(.text+0x30c): undefined reference to `byte_rev_table' +arm-linux-gnueabi-ld: drivers/isdn/mISDN/dsp_audio.o:(.text+0x5e4): more undefined references to `byte_rev_table' follow + +Signed-off-by: Arnd Bergmann +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/isdn/mISDN/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/isdn/mISDN/Kconfig b/drivers/isdn/mISDN/Kconfig +index c0730d5c734d6..fb61181a5c4f7 100644 +--- a/drivers/isdn/mISDN/Kconfig ++++ b/drivers/isdn/mISDN/Kconfig +@@ -12,6 +12,7 @@ if MISDN != n + config MISDN_DSP + tristate "Digital Audio Processing of transparent data" + depends on MISDN ++ select BITREVERSE + help + Enable support for digital audio processing capability. + +-- +2.27.0 + diff --git a/queue-4.14/net-ethernet-fs_enet-add-missing-module_license.patch b/queue-4.14/net-ethernet-fs_enet-add-missing-module_license.patch new file mode 100644 index 00000000000..f28d50871d7 --- /dev/null +++ b/queue-4.14/net-ethernet-fs_enet-add-missing-module_license.patch @@ -0,0 +1,48 @@ +From 403c16442464e0a68778df14b6323a2f77c9dc75 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 5 Jan 2021 20:15:15 +1100 +Subject: net: ethernet: fs_enet: Add missing MODULE_LICENSE + +From: Michael Ellerman + +[ Upstream commit 445c6198fe7be03b7d38e66fe8d4b3187bc251d4 ] + +Since commit 1d6cd3929360 ("modpost: turn missing MODULE_LICENSE() +into error") the ppc32_allmodconfig build fails with: + + ERROR: modpost: missing MODULE_LICENSE() in drivers/net/ethernet/freescale/fs_enet/mii-fec.o + ERROR: modpost: missing MODULE_LICENSE() in drivers/net/ethernet/freescale/fs_enet/mii-bitbang.o + +Add the missing MODULE_LICENSEs to fix the build. Both files include a +copyright header indicating they are GPL v2. + +Signed-off-by: Michael Ellerman +Reviewed-by: Andrew Lunn +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/freescale/fs_enet/mii-bitbang.c | 1 + + drivers/net/ethernet/freescale/fs_enet/mii-fec.c | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/drivers/net/ethernet/freescale/fs_enet/mii-bitbang.c b/drivers/net/ethernet/freescale/fs_enet/mii-bitbang.c +index c8e5d889bd81f..21de56345503f 100644 +--- a/drivers/net/ethernet/freescale/fs_enet/mii-bitbang.c ++++ b/drivers/net/ethernet/freescale/fs_enet/mii-bitbang.c +@@ -223,3 +223,4 @@ static struct platform_driver fs_enet_bb_mdio_driver = { + }; + + module_platform_driver(fs_enet_bb_mdio_driver); ++MODULE_LICENSE("GPL"); +diff --git a/drivers/net/ethernet/freescale/fs_enet/mii-fec.c b/drivers/net/ethernet/freescale/fs_enet/mii-fec.c +index 1582d82483eca..4e6a9c5d8af55 100644 +--- a/drivers/net/ethernet/freescale/fs_enet/mii-fec.c ++++ b/drivers/net/ethernet/freescale/fs_enet/mii-fec.c +@@ -224,3 +224,4 @@ static struct platform_driver fs_enet_fec_mdio_driver = { + }; + + module_platform_driver(fs_enet_fec_mdio_driver); ++MODULE_LICENSE("GPL"); +-- +2.27.0 + diff --git a/queue-4.14/series b/queue-4.14/series index 7a1bcd2ceaf..b9ee9971205 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -7,3 +7,13 @@ mm-hugetlb-fix-potential-missing-huge-page-size-info.patch dm-snapshot-flush-merged-data-before-committing-metadata.patch r8152-add-lenovo-powered-usb-c-travel-hub.patch ext4-fix-bug-for-rename-with-rename_whiteout.patch +arc-build-remove-non-existing-bootpimage-from-kbuild.patch +arc-build-add-uimage.lzma-to-the-top-level-target.patch +arc-build-add-boot_targets-to-phony.patch +btrfs-fix-transaction-leak-and-crash-after-ro-remoun.patch +ethernet-ucc_geth-fix-definition-and-size-of-ucc_get.patch +arch-arc-add-copy_user_page-to-asm-page.h-to-fix-bui.patch +misdn-dsp-select-config_bitreverse.patch +net-ethernet-fs_enet-add-missing-module_license.patch +acpi-scan-add-stub-acpi_create_platform_device-for-c.patch +arm-picoxcell-fix-missing-interrupt-parent-propertie.patch