• Filipe Manana's avatar
    Btrfs: fix fs mapping extent map leak · 495e64f4
    Filipe Manana authored
    On chunk allocation error (label "error_del_extent"), after adding the
    extent map to the tree and to the pending chunks list, we would leave
    decrementing the extent map's refcount by 2 instead of 3 (our allocation
    + tree reference + list reference).
    
    Also, on chunk/block group removal, if the block group was on the list
    pending_chunks we weren't decrementing the respective list reference.
    
    Detected by 'rmmod btrfs':
    
    [20770.105881] kmem_cache_destroy btrfs_extent_map: Slab cache still has objects
    [20770.106127] CPU: 2 PID: 11093 Comm: rmmod Tainted: G        W    L 3.17.0-rc5-btrfs-next-1+ #1
    [20770.106128] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.7.5-0-ge51488c-20140602_164612-nilsson.home.kraxel.org 04/01/2014
    [20770.106130]  0000000000000000 ffff8800ba867eb8 ffffffff813e7a13 ffff8800a2e11040
    [20770.106132]  ffff8800ba867ed0 ffffffff81105d0c 0000000000000000 ffff8800ba867ee0
    [20770.106134]  ffffffffa035d65e ffff8800ba867ef0 ffffffffa03b0654 ffff8800ba867f78
    [20770.106136] Call Trace:
    [20770.106142]  [<ffffffff813e7a13>] dump_stack+0x45/0x56
    [20770.106145]  [<ffffffff81105d0c>] kmem_cache_destroy+0x4b/0x90
    [20770.106164]  [<ffffffffa035d65e>] extent_map_exit+0x1a/0x1c [btrfs]
    [20770.106176]  [<ffffffffa03b0654>] exit_btrfs_fs+0x27/0x9d3 [btrfs]
    [20770.106179]  [<ffffffff8109dc97>] SyS_delete_module+0x153/0x1c4
    [20770.106182]  [<ffffffff8121261b>] ? trace_hardirqs_on_thunk+0x3a/0x3c
    [20770.106184]  [<ffffffff813ebf52>] system_call_fastpath+0x16/0x1b
    
    This applies on top (depends on) of my previous patch titled:
    "Btrfs: fix race between fs trimming and block group remove/allocation"
    
    But the issue in fact was already present before that change, it only
    became easier to hit after Josef's 3.18 patch that added automatic
    removal of empty block groups.
    Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
    Signed-off-by: default avatarChris Mason <clm@fb.com>
    495e64f4
extent-tree.c 261 KB