Re: xfs_vm_releasepage() causing BUG at free_buffer_head()

["Alex Lyakas" <alex@xxxxxxxxxxxxxxxxx>]

Hello Dave,

Grepping through my kernel source code, I see the following:
- direct users of b_assoc_buffers are nilfs2, reiserfs and jbd2. In my case, 
jbd2 is used by ext4. Looking at jbd2 usage, however, it looks like it 
handles this list correctly.
- the only other place where somebody can use the "b_assoc_buffers" link is 
by calling mark_buffer_dirty_inode(), which puts the bufferhead on 
"mapping->private_list" using the "b_assoc_buffers" link. There are several 
users of this API, but for my case the only relevant being again jbd2.
Therefore, I will ask on the ext4 community.

Thanks,
Alex.

-----Original Message----- 
From: Dave Chinner
Sent: Wednesday, July 20, 2016 2:11 AM
To: Alex Lyakas
Cc: xfs@xxxxxxxxxxx
Subject: Re: xfs_vm_releasepage() causing BUG at free_buffer_head()

On Mon, Jul 18, 2016 at 09:00:41PM +0300, Alex Lyakas wrote:
> Greetings XFS community,
>
> We have hit the following BUG [1].
>
> This is in free_buffer_head():
> BUG_ON(!list_empty(&bh->b_assoc_buffers));
XFS doesn't use the bh->b_assoc_buffers field at all, so nothing in
XFS should ever corrupt it. Do you have any extN filesystems active,
or any other filesystems/block devices that use bufferheads than
might have a use after free bug? e.g. a long time ago (circa
~2.6.16, IIRC) we had a bufferhead corruption problem detected in
XFS that was actually caused by a reiserfs use after free.

Cheers,

Dave.
--
Dave Chinner
david@xxxxxxxxxxxxx