xfs
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

possible null pointer in xlog_iodone

from [Vlad Bespalov] [Permanent Link][Original]
To: xfs@xxxxxxxxxxx
Subject: possible null pointer in xlog_iodone
From: Vlad Bespalov <vlad.botanic@xxxxxxxxx>
Date: Fri, 14 Jun 2013 21:15:04 +0400
Delivered-to: xfs@xxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=W3dTEsetenuz7eh/zKwjXKyd19Z/JbETHBhwq4ajOXs=; b=rSDHc16tTvJH5gMOxZNEkEXBnuPkVY7hv21lY+0gYVlhVuPg1jOSQMHkT439TMVWXM b5eK5TBhPSZ1GljAVuW2uQ6i/iQcXNWQ8ozNxb6QvuiI6Plv6h79SABvgi9XG1KqQX/H tYtZF12oah2WfMaboclgcltcksUvPgIdKTZIUZL71pAOUjpTxC3FrfB6lX01MV25LFQU coNxRjiNmVeqlYfw6NVq8oKMw5c/YMAL4QtQDaFBaf8PXp6v7jTawFkv5NJDMsg6ye82 2cfYUAPWoRRwVOxJ61kLsjp1kyeAbCVwu6icvdmiTdZNbScVNVbK5RSO9+PNwM3dOQIm sGAA== 
i`m running an xfs filesystem over device going offline/online and
sometimes offline may be done in parallel with unmounting

at some point i got several crashes with null pointer panic in
xlog_iodone: xlog_t structure taken from input buffer is null

i wonder if the following call path combined with disk online/offline
handling could have led to this crash:

--------------
xfs_unmountfs()
    xfs_log_unmount_write(mp)
        xlog_state_release_iclog(log)
            xlog_sync(log, iclog = log->l_iclog)
            (bp=iclog->ic_bp)
                xlog_bdstrat(bp)
                (iclog->ic_state != XLOG_STATE_ERROR ? )
                    xfs_buf_iorequest(bp)
                        xfs_buf_ioend (called with scheduling (*) )
                        (queues  : bp->b_iodone_work,
                         callback: xlog_iodone)
    xfs_log_unmount(mp)
        xfs_trans_ail_destroy(mp);
        xlog_dealloc_log(mp->m_log); /*frees and nullifies all iclog->ic_log*/
-----------

(after we`ve cleaned up log structures we switch processes*)
    xlog_iodone(bp)
    {
        iclog = bp->private
        l = iclog->ic_log
        if (XFS_TEST_ERROR((XFS_BUF_GETERROR(bp)), l->l_mp,
                        XFS_ERRTAG_IODONE_IOERR, XFS_RANDOM_IODONE_IOERR))
        {

                    xfs_buf_ioerror_alert(bp, __func__);
                    XFS_BUF_STALE(bp);
/*l ?= NULL*/ xfs_force_shutdown(l->l_mp, SHUTDOWN_LOG_IO_ERROR);
        }
    }


Thanks for your time.
Best regards,
Vlad Bespalov.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  definitions for /proc/fs/xfs/stat, Mark Seger
Next by Date:  Re: [PATCH] xfsprogs: replace umode_t with xfs_mode_t, Michael L. Semon
Previous by Thread:  definitions for /proc/fs/xfs/stat, Mark Seger
Next by Thread:  Re: possible null pointer in xlog_iodone, Mark Tinguely
Indexes:  [Date] [Thread] [Top] [All Lists]