[lvc-project] [PATCH 6.6 0/4] fix kernel crash for xfs/235 test

Fedor Pchelkin pchelkin at ispras.ru
Sat Mar 22 17:34:11 MSK 2025 

Incomplete backport of series "xfs: log intent item recovery should
reconstruct defer work state" [1] leads to a kernel crash during the
xfs/235 test execution on top of 6.6.y stable.

Tested (briefly) with my local xfstests setup. Additional testing would
be much appreciated.

[1]: https://lore.kernel.org/linux-xfs/170191741007.1195961.10092536809136830257.stg-ugh@frogsfrogsfrogs/

 XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_trans_cancel+0x4d9/0x610 (fs/xfs/xfs_trans.c:1097).  Shutting down filesystem.
 XFS (loop1): Please unmount the filesystem and rectify the problem(s)
 general protection fault, probably for non-canonical address 0xdffffc000000000c: 0000 [#1] PREEMPT SMP KASAN NOPTI
 KASAN: null-ptr-deref in range [0x0000000000000060-0x0000000000000067]
 CPU: 1 PID: 2011 Comm: mount Not tainted 6.6.84-rc2+ #12
 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014
 RIP: 0010:xlog_recover_cancel_intents+0xad/0x1b0
 Call Trace:
  <TASK>
  xlog_recover_finish+0x7f6/0x9a0
  xfs_log_mount_finish+0x386/0x650
  xfs_mountfs+0x1405/0x1fb0
  xfs_fs_fill_super+0x11d6/0x1ca0
  get_tree_bdev+0x3b4/0x650
  vfs_get_tree+0x92/0x370
  path_mount+0x13b9/0x1f10
  __x64_sys_mount+0x286/0x310
  do_syscall_64+0x39/0x90
  entry_SYSCALL_64_after_hwframe+0x78/0xe2
  </TASK>
 Modules linked in:
 ---[ end trace 0000000000000000 ]---
 RIP: 0010:xlog_recover_cancel_intents+0xad/0x1b0


Link to the original bug report [2].

[2]: https://lore.kernel.org/stable/6pxyzwujo52p4bp2otliyssjcvsfydd6ju32eusdlyhzhpjh4q@eze6eh7rtidg/

Found by Linux Verification Center (linuxtesting.org).

Darrick J. Wong (4):
  xfs: recreate work items when recovering intent items
  xfs: dump the recovered xattri log item if corruption happens
  xfs: use xfs_defer_finish_one to finish recovered work items
  xfs: move ->iop_recover to xfs_defer_op_type

 fs/xfs/libxfs/xfs_defer.c       |  22 ++++-
 fs/xfs/libxfs/xfs_defer.h       |  14 +++
 fs/xfs/libxfs/xfs_log_recover.h |   4 +-
 fs/xfs/xfs_attr_item.c          | 115 ++++++++++++------------
 fs/xfs/xfs_bmap_item.c          |  92 ++++++++++---------
 fs/xfs/xfs_extfree_item.c       | 117 +++++++++++--------------
 fs/xfs/xfs_log_recover.c        |  37 ++++----
 fs/xfs/xfs_refcount_item.c      | 127 +++++++++------------------
 fs/xfs/xfs_rmap_item.c          | 151 ++++++++++++++++----------------
 fs/xfs/xfs_trans.h              |   4 -
 10 files changed, 326 insertions(+), 357 deletions(-)

-- 
2.49.0

More information about the lvc-project mailing list