On Fri, Aug 10, 2018 at 05:09:14PM -0700, Darrick J. Wong wrote: > On Mon, Jun 18, 2018 at 08:06:37PM +0000, Xu, Wen wrote: > > Hi, > > > > Here is an issue triggered in xfs_alloc_get_freelist() when writing a corrupted v5 image. > > Just out of curiosity, can you still reproduce this? I tried just now > on 4.19 for-next and couldn't get the kernel to crash. This was the "discard delalloc extent and try to do an extent conversion with a transaction in xfs_bunmapi()" problem that was fixed in the middle of the bufferhead removal patch series. > > [ 930.655513] BUG: KASAN: null-ptr-deref in xfs_alloc_get_freelist+0x115/0x350 > > [ 930.658644] dump_stack+0x7b/0xb5 > > [ 930.658653] kasan_report+0x10c/0x390 > > [ 930.658663] __asan_load8+0x54/0x90 > > [ 930.658668] xfs_alloc_get_freelist+0x115/0x350 > > [ 930.658689] xfs_alloc_fix_freelist+0x35b/0x830 > > [ 930.658740] xfs_alloc_vextent+0x215/0x990 > > [ 930.658746] xfs_bmap_extents_to_btree+0x30d/0x940 > > [ 930.658775] __xfs_bunmapi+0x11d5/0x1430 > > [ 930.658837] xfs_bunmapi+0x2c/0x60 > > [ 930.658844] xfs_bmap_punch_delalloc_range+0x170/0x240 > > [ 930.658876] xfs_aops_discard_page+0x178/0x1d0 > > [ 930.658881] xfs_do_writepage+0x90c/0x9d0 > > [ 930.658916] write_cache_pages+0x3cd/0x770 i.e. this error path no longer calls xfs_bunmapi(). Cheers, Dave. -- Dave Chinner david@xxxxxxxxxxxxx
