Red Hat Bugzilla – Bug 720551
xfs_error_report() oops when passed-in mp is NULL
Last modified: 2012-02-20 22:44:46 EST
So something has gone wrong in xfs_bmbt_insert(), and it called XFS_WANT_CORRUPTED_GOTO, which calls XFS_ERROR_REPORT() with a NULL value for mp. Eventually this trickles down to xfs_cmn_err() which does: printk(KERN_ALERT "Filesystem %s: " fmt "\n", (mp)->m_fsname, ## args); but mp is null. m_fsname is offset 0x118, so: > > Unable to handle kernel NULL pointer dereference at 0000000000000118 RIP: is what we've hit. upstream we test for null mp on a similar path: if (mp && mp->m_fsname) { printk("%sXFS (%s): %pV\n", level, mp->m_fsname, vaf); but that's after a fairly significant logging rewrite, just testing for mp would be enough I think. commit a496b81bc57ff2dc2242dfc087b1a0a0582b1447 Author: Dave Chinner <dchinner@redhat.com> Date: Fri Dec 17 17:14:47 2010 -0500 [fs] xfs: remove cmn_err log buffer and lock looks like it introduced this, since it went from: -xfs_fs_vcmn_err(int level, xfs_mount_t *mp, char *fmt, va_list ap) -{ - if (mp != NULL) { ... - sprintf(newfmt, "Filesystem \"%s\": %s", mp->m_fsname, fmt); to +#define xfs_fs_cmn_err(lvl, mp, fmt, args...) \ + do { \ + printk(lvl "Filesystem %s: " fmt "\n", (mp)->m_fsname, ## args); \
This panic comes from xfstests 250(known issue on both rhel5 and rhel6), and I can reproduce it on -246 kernel, which doesn't contain patch "[fs] xfs: remove cmn_err log buffer and lock". I think this is the rhel5 counterpart for bug 626244.
From developers: The downside here is that some corruptions will oops when detected. That's a regression.
sent to rhkernel-list on 07/13/2011
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Under some circumstances, error reports within the XFS filesystem may dereference a NULL pointer and oops.
Patch(es) available in kernel-2.6.18-282.el5 You can download this test kernel (or newer) from http://people.redhat.com/jwilson/el5 Detailed testing feedback is always welcomed.
Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1 +1 @@ -Under some circumstances, error reports within the XFS filesystem may dereference a NULL pointer and oops.+Under some circumstances, error reports within the XFS file system could dereference a NULL pointer cause kernel panic. This update fixes the NULL pointer dereference, and kernel panic no longer occurs.
Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1 +1 @@ -Under some circumstances, error reports within the XFS file system could dereference a NULL pointer cause kernel panic. This update fixes the NULL pointer dereference, and kernel panic no longer occurs.+Under some circumstances, error reports within the XFS file system could dereference a NULL pointer causing a kernel panic. This update fixes the NULL pointer dereference, and the kernel panic no longer occurs.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2012-0150.html