| Message ID | 20180220144625.8909-1-anand.jain@oracle.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Tue, Feb 20, 2018 at 10:46:25PM +0800, Anand Jain wrote: > The replace target device can be missing in which case we don't > allocate a missing btrfs_device when mounted with the -o degraded. > So check the device before access. > > BUG: unable to handle kernel NULL pointer dereference at 00000000000000b0 Please don't use uncommon acronyms, NPD is quite confusing, null pointer deref should be fine. > IP: btrfs_destroy_dev_replace_tgtdev+0x43/0xf0 [btrfs] > Call Trace: > btrfs_dev_replace_cancel+0x15f/0x180 [btrfs] > btrfs_ioctl+0x2216/0x2590 [btrfs] > do_vfs_ioctl+0x625/0x650 > SyS_ioctl+0x4e/0x80 > do_syscall_64+0x5d/0x160 > entry_SYSCALL64_slow_path+0x25/0x25 Do you have a reproducer for that? -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c index dbaa6880a15e..87f975143c05 100644 --- a/fs/btrfs/dev-replace.c +++ b/fs/btrfs/dev-replace.c @@ -312,7 +312,7 @@ void btrfs_after_dev_replace_commit(struct btrfs_fs_info *fs_info) static char* btrfs_dev_name(struct btrfs_device *device) { - if (test_bit(BTRFS_DEV_STATE_MISSING, &device->dev_state)) + if (!device || test_bit(BTRFS_DEV_STATE_MISSING, &device->dev_state)) return "<missing disk>"; else return rcu_str_deref(device->name);
The replace target device can be missing in which case we don't allocate a missing btrfs_device when mounted with the -o degraded. So check the device before access. BUG: unable to handle kernel NULL pointer dereference at 00000000000000b0 IP: btrfs_destroy_dev_replace_tgtdev+0x43/0xf0 [btrfs] Call Trace: btrfs_dev_replace_cancel+0x15f/0x180 [btrfs] btrfs_ioctl+0x2216/0x2590 [btrfs] do_vfs_ioctl+0x625/0x650 SyS_ioctl+0x4e/0x80 do_syscall_64+0x5d/0x160 entry_SYSCALL64_slow_path+0x25/0x25 Signed-off-by: Anand Jain <anand.jain@oracle.com> --- fs/btrfs/dev-replace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)