Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp446318ybb; Sat, 28 Mar 2020 02:47:30 -0700 (PDT) X-Google-Smtp-Source: ADFU+vtXSfgpxJeSfkiZNtpn1CNWp/hY+xTmTnuET4Qv/cYIfLQYJZ2dOmpUKPfuuEmvy/EPZqvH X-Received: by 2002:a54:4f8b:: with SMTP id g11mr26254oiy.101.1585388850337; Sat, 28 Mar 2020 02:47:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585388850; cv=none; d=google.com; s=arc-20160816; b=zxo+6j9Z7PnvWSvZK44/W838wGJ0fuRgPY58n7lTH34OC6ZnZ5U2Kx2nJircQrv3J5 dHpMCBnyKCy4qj2ymux7oW4TrOphXN2x2IIPso87RwAuMX2KVq/7ffXqZLYO1/xQu0jn 4kXiXMF6d6X8veqI3cxgi9LoW0rg0+0o5WVVcVfVPUaD3QW6sUR9YRnS3j9jceThZFKA B38cQ7YcMgW3fjapNZDPSdt3CpdAG+ZsJ/EAc5x+cyqRv58kD/ddRQr8yiTnUMXP+Smw Y8ryCUobiwzAEfXrbDLY1zITUfX/jXxsrPCBssa0EKFleYD210UVEaqtnoXHzZtxUmrz zZpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:from:subject:to:message-id:date; bh=ZxlrJxlpf+3BoXHH/j79y9LHSv/qfYCmD0GR3Fnp1qo=; b=1H2vI66OGcfLu0nlwjCRegLRkLWhKFZ+frT2sosAOEoe3pojFESIiJHcrxAG2AYKI6 NGnt+1nx8BzNV/kdkIsZT06W4DiOYZhA5v5GnSJA1OYR3Ujmdn4hLwz66b0WoCz1Iasa 3bxq+Xf9EpUVEIzjOCmE/0Kv4u62cxkggi5gfyEjFuJ9qZjYOD7HmPRKR9voe/Si0uWB RW1IG44DtUZxCDwj/5KkdVNxW4JgJ1+wkWO8w6aMZ9DQVnrpIUXXroCMJnq0WE4I1wwT 3WYQ9bKFNyLEEdHBhqShnBgNQ1zcNAoCQr6bZ0e4XZednyBDkYUezmgqX0O3FJNhZNFL lXiw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=dti.ne.jp Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e24si3393035oti.10.2020.03.28.02.47.17; Sat, 28 Mar 2020 02:47:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=dti.ne.jp Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726224AbgC1Jpm (ORCPT + 99 others); Sat, 28 Mar 2020 05:45:42 -0400 Received: from gw.cm.dream.jp ([59.157.128.2]:51635 "EHLO vsmtp01.cm.dti.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725937AbgC1Jpm (ORCPT ); Sat, 28 Mar 2020 05:45:42 -0400 X-Greylist: delayed 1121 seconds by postgrey-1.27 at vger.kernel.org; Sat, 28 Mar 2020 05:45:37 EDT Received: from localhost (KD124210025232.ppp-bb.dion.ne.jp [124.210.25.232]) by vsmtp01.cm.dti.ne.jp (3.11v) with ESMTP AUTH id 02S9Qf22018705;Sat, 28 Mar 2020 18:26:53 +0900 (JST) Date: Sat, 28 Mar 2020 18:26:40 +0900 (JST) Message-Id: <20200328.182640.1933740379722138264.hermes@ceres.dti.ne.jp> To: linux-nilfs@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: BUG: unable to handle kernel NULL pointer dereference at 00000000000000a8 in nilfs_segctor_do_construct From: ARAI Shun-ichi In-Reply-To: <874kuapb2s.fsf@logand.com> References: <87immckp07.fsf@logand.com> <87v9p2tkut.fsf@logand.com> <874kuapb2s.fsf@logand.com> X-Mailer: Mew version 6.8 on Emacs 26.3 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In Msg <874kuapb2s.fsf@logand.com>; Subject "Re: BUG: unable to handle kernel NULL pointer dereference at 00000000000000a8 in nilfs_segctor_do_construct": > Tomas Hlavaty writes: >>>> 2) Can you mount the corrupted(?) partition from a recent version of >>>> kernel ? > > I tried the following Linux kernel versions: > > - v4.19 > - v5.4 > - v5.5.11 > > and still get the crash Ryusuke Konishi pointed out: In Msg ; Subject "Re: BUG: kernel NULL pointer dereference, address: 00000000000000a8": > As the result of bisection, it turned out that commit > f4bdb2697ccc9cecf1a9de86905c309ad901da4c on 5.3.y > ("mm/filemap.c: don't initiate writeback if mapping has no dirty pages") > triggers the crash. This commit modifies __filemap_fdatawrite_range() as follows. [before] if (!mapping_cap_writeback_dirty(mapping)) return 0; [after] if (!mapping_cap_writeback_dirty(mapping) || !mapping_tagged(mapping, PAGECACHE_TAG_DIRTY)) return 0; I did simple test with this code (Kernel 5.5.13). [test] if (!mapping_cap_writeback_dirty(mapping) || mapping_tagged(mapping, PAGECACHE_TAG_WRITEBACK)) return 0; It does not cause crash by the test (without long-term operation). So, I think that it may be related to PAGECACHE_TAG_TOWRITE. One possible(?) scenario is: 0. some write operation 1. sync (WB_SYNC_ALL) 2. tagged "PAGECACHE_TAG_TOWRITE" 3. __filemap_fdatawrite_range() is called and returns successfully (but no-op) 4. some data is/are free-ed (because of 3.) 5. crash at test/setting writeback for free-ed data nilfs_segctor_do_construct() nilfs_segctor_prepare_write() set_page_writeback() How about this?