[lvc-project] [PATCH 6.6 0/4] fix kernel crash for xfs/235 test

Thu Jun 11 21:39:03 MSK 2026

On Sat, Mar 22, 2025 at 05:34:11PM +0300, Fedor Pchelkin wrote:
> Incomplete backport of series "xfs: log intent item recovery should
> reconstruct defer work state" [1] leads to a kernel crash during the
> xfs/235 test execution on top of 6.6.y stable.
> 
> Tested (briefly) with my local xfstests setup. Additional testing would
> be much appreciated.

Any idea what happened to this series? It resolves an issue that I've
hit in a production environment FWIW.

Series is:

Tested-by: Hamza Mahfooz <hamzamahfooz at linux.microsoft.com>

> 
> [1]: https://lore.kernel.org/linux-xfs/170191741007.1195961.10092536809136830257.stg-ugh@frogsfrogsfrogs/
> 
>  XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_trans_cancel+0x4d9/0x610 (fs/xfs/xfs_trans.c:1097).  Shutting down filesystem.
>  XFS (loop1): Please unmount the filesystem and rectify the problem(s)
>  general protection fault, probably for non-canonical address 0xdffffc000000000c: 0000 [#1] PREEMPT SMP KASAN NOPTI
>  KASAN: null-ptr-deref in range [0x0000000000000060-0x0000000000000067]
>  CPU: 1 PID: 2011 Comm: mount Not tainted 6.6.84-rc2+ #12
>  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014
>  RIP: 0010:xlog_recover_cancel_intents+0xad/0x1b0
>  Call Trace:
>   <TASK>
>   xlog_recover_finish+0x7f6/0x9a0
>   xfs_log_mount_finish+0x386/0x650
>   xfs_mountfs+0x1405/0x1fb0
>   xfs_fs_fill_super+0x11d6/0x1ca0
>   get_tree_bdev+0x3b4/0x650
>   vfs_get_tree+0x92/0x370
>   path_mount+0x13b9/0x1f10
>   __x64_sys_mount+0x286/0x310
>   do_syscall_64+0x39/0x90
>   entry_SYSCALL_64_after_hwframe+0x78/0xe2
>   </TASK>
>  Modules linked in:
>  ---[ end trace 0000000000000000 ]---
>  RIP: 0010:xlog_recover_cancel_intents+0xad/0x1b0
> 
> 
> Link to the original bug report [2].
> 
> [2]: https://lore.kernel.org/stable/6pxyzwujo52p4bp2otliyssjcvsfydd6ju32eusdlyhzhpjh4q@eze6eh7rtidg/
> 
> Found by Linux Verification Center (linuxtesting.org).
> 
> Darrick J. Wong (4):
>   xfs: recreate work items when recovering intent items
>   xfs: dump the recovered xattri log item if corruption happens
>   xfs: use xfs_defer_finish_one to finish recovered work items
>   xfs: move ->iop_recover to xfs_defer_op_type
> 
>  fs/xfs/libxfs/xfs_defer.c       |  22 ++++-
>  fs/xfs/libxfs/xfs_defer.h       |  14 +++
>  fs/xfs/libxfs/xfs_log_recover.h |   4 +-
>  fs/xfs/xfs_attr_item.c          | 115 ++++++++++++------------
>  fs/xfs/xfs_bmap_item.c          |  92 ++++++++++---------
>  fs/xfs/xfs_extfree_item.c       | 117 +++++++++++--------------
>  fs/xfs/xfs_log_recover.c        |  37 ++++----
>  fs/xfs/xfs_refcount_item.c      | 127 +++++++++------------------
>  fs/xfs/xfs_rmap_item.c          | 151 ++++++++++++++++----------------
>  fs/xfs/xfs_trans.h              |   4 -
>  10 files changed, 326 insertions(+), 357 deletions(-)
> 
> -- 
> 2.49.0
> 