Incomplete backport of series "xfs: log intent item recovery should reconstruct defer work state" [1] leads to a kernel crash during the xfs/235 test execution on top of 6.6.y stable.
Tested (briefly) with my local xfstests setup. Additional testing would be much appreciated.
[1]: https://lore.kernel.org/linux-xfs/170191741007.1195961.10092536809136830257....
XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_trans_cancel+0x4d9/0x610 (fs/xfs/xfs_trans.c:1097). Shutting down filesystem. XFS (loop1): Please unmount the filesystem and rectify the problem(s) general protection fault, probably for non-canonical address 0xdffffc000000000c: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000060-0x0000000000000067] CPU: 1 PID: 2011 Comm: mount Not tainted 6.6.84-rc2+ #12 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014 RIP: 0010:xlog_recover_cancel_intents+0xad/0x1b0 Call Trace: <TASK> xlog_recover_finish+0x7f6/0x9a0 xfs_log_mount_finish+0x386/0x650 xfs_mountfs+0x1405/0x1fb0 xfs_fs_fill_super+0x11d6/0x1ca0 get_tree_bdev+0x3b4/0x650 vfs_get_tree+0x92/0x370 path_mount+0x13b9/0x1f10 __x64_sys_mount+0x286/0x310 do_syscall_64+0x39/0x90 entry_SYSCALL_64_after_hwframe+0x78/0xe2 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:xlog_recover_cancel_intents+0xad/0x1b0
Link to the original bug report [2].
[2]: https://lore.kernel.org/stable/6pxyzwujo52p4bp2otliyssjcvsfydd6ju32eusdlyhzh...
Found by Linux Verification Center (linuxtesting.org).
Darrick J. Wong (4): xfs: recreate work items when recovering intent items xfs: dump the recovered xattri log item if corruption happens xfs: use xfs_defer_finish_one to finish recovered work items xfs: move ->iop_recover to xfs_defer_op_type
fs/xfs/libxfs/xfs_defer.c | 22 ++++- fs/xfs/libxfs/xfs_defer.h | 14 +++ fs/xfs/libxfs/xfs_log_recover.h | 4 +- fs/xfs/xfs_attr_item.c | 115 ++++++++++++------------ fs/xfs/xfs_bmap_item.c | 92 ++++++++++--------- fs/xfs/xfs_extfree_item.c | 117 +++++++++++-------------- fs/xfs/xfs_log_recover.c | 37 ++++---- fs/xfs/xfs_refcount_item.c | 127 +++++++++------------------ fs/xfs/xfs_rmap_item.c | 151 ++++++++++++++++---------------- fs/xfs/xfs_trans.h | 4 - 10 files changed, 326 insertions(+), 357 deletions(-)