From: Eric Biggers <ebiggers@google.com>
To: linux-f2fs-devel@lists.sourceforge.net
Cc: Jaegeuk Kim <jaegeuk@kernel.org>
Subject: f2fs crash when filling up small filesystem
Date: Sat, 26 Nov 2016 20:39:54 -0800 [thread overview]
Message-ID: <20161127043954.GB34163@google.com> (raw)
Hello,
While writing an encryption test, I found that f2fs crashes when filling up a
small (32MB) filesystem with data. It turned out that no special mkfs or mount
options are needed, just a small filesystem. The steps to reproduce are
roughly:
mkfs.f2fs /dev/vdd 65536
mount /dev/vdd /vdd
dd if=/dev/zero of=/vdd/file
sync
This produces several WARNs, then a NULL pointer dereference in
update_sit_entry(), shown below.
Let me know if more information is needed.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 20 at fs/f2fs/segment.c:1106 new_curseg+0x24c/0x34c
CPU: 0 PID: 20 Comm: kworker/u4:1 Not tainted 4.9.0-rc4-ext4-00064-g1d85fd5 #898
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Workqueue: writeback wb_workfn (flush-253:48)
ffffc900003bf3f0 ffffffff815629ac 0000000000000000 0000000000000000
ffffc900003bf430 ffffffff810dd9a3 0000045279d2da28 ffff880079d2da00
0000000000000008 0000000000000003 ffff880079d20000 0000000000000001
Call Trace:
[<ffffffff815629ac>] dump_stack+0x85/0xbe
[<ffffffff810dd9a3>] __warn+0xc5/0xe0
[<ffffffff810dda75>] warn_slowpath_null+0x1d/0x1f
[<ffffffff814cf4e2>] new_curseg+0x24c/0x34c
[<ffffffff814cf818>] allocate_segment_by_default+0x55/0x2f4
[<ffffffff814cfd12>] ? allocate_data_block+0x7e/0x307
[<ffffffff81875236>] ? mutex_lock_nested+0x329/0x34b
[<ffffffff814cff96>] allocate_data_block+0x302/0x307
[<ffffffff814d01be>] do_write_page+0x223/0x270
[<ffffffff814d0292>] write_node_page+0x20/0x22
[<ffffffff814c7089>] f2fs_write_node_page+0x2a0/0x3b1
[<ffffffff814c9a68>] sync_node_pages+0x326/0x5a3
[<ffffffff811215fd>] ? trace_hardirqs_on+0xd/0xf
[<ffffffff814bbdba>] ? write_checkpoint+0x28a/0x1160
[<ffffffff814bbdc9>] write_checkpoint+0x299/0x1160
[<ffffffff8112144b>] ? mark_held_locks+0x58/0x6e
[<ffffffff811215fd>] ? trace_hardirqs_on+0xd/0xf
[<ffffffff814bec7b>] f2fs_gc+0x2f4/0x505
[<ffffffff814bec7b>] ? f2fs_gc+0x2f4/0x505
[<ffffffff814cdda8>] ? f2fs_balance_fs+0x114/0x129
[<ffffffff814cddb2>] f2fs_balance_fs+0x11e/0x129
[<ffffffff814c52de>] f2fs_write_data_page+0x53c/0x5fa
[<ffffffff814c095f>] f2fs_write_cache_pages+0x267/0x388
[<ffffffff814c0c7e>] f2fs_write_data_pages+0x1fe/0x40c
[<ffffffff8111fdac>] ? __lock_is_held+0x38/0x50
[<ffffffff811bfae7>] do_writepages+0x21/0x2f
[<ffffffff812350c5>] __writeback_single_inode+0x15c/0x883
[<ffffffff81235c22>] writeback_sb_inodes+0x2e5/0x4d0
[<ffffffff81235e83>] __writeback_inodes_wb+0x76/0xad
[<ffffffff812360d9>] wb_writeback+0x21f/0x5d5
[<ffffffff812366d8>] wb_workfn+0x249/0x6a4
[<ffffffff8111fdac>] ? __lock_is_held+0x38/0x50
[<ffffffff810f6398>] process_one_work+0x327/0x669
[<ffffffff810f6229>] ? process_one_work+0x1b8/0x669
[<ffffffff810f69a0>] worker_thread+0x293/0x392
[<ffffffff810f670d>] ? process_scheduled_works+0x33/0x33
[<ffffffff810fc604>] kthread+0xf9/0x101
[<ffffffff810fc50b>] ? __kthread_create_on_node+0x181/0x181
[<ffffffff8187992a>] ret_from_fork+0x2a/0x40
---[ end trace 91a1217bf9eae6df ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 20 at fs/f2fs/segment.c:1145 new_curseg+0x2c3/0x34c
CPU: 0 PID: 20 Comm: kworker/u4:1 Tainted: G W 4.9.0-rc4-ext4-00064-g1d85fd5 #898
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Workqueue: writeback wb_workfn (flush-253:48)
ffffc900003bf3f0 ffffffff815629ac 0000000000000000 0000000000000000
ffffc900003bf430 ffffffff810dd9a3 0000047900000000 ffff880079d2da00
0000000000000008 0000000000000001 ffff880079d20000 0000000000000001
Call Trace:
[<ffffffff815629ac>] dump_stack+0x85/0xbe
[<ffffffff810dd9a3>] __warn+0xc5/0xe0
[<ffffffff810dda75>] warn_slowpath_null+0x1d/0x1f
[<ffffffff814cf559>] new_curseg+0x2c3/0x34c
[<ffffffff814cf818>] allocate_segment_by_default+0x55/0x2f4
[<ffffffff814cfd12>] ? allocate_data_block+0x7e/0x307
[<ffffffff81875236>] ? mutex_lock_nested+0x329/0x34b
[<ffffffff814cff96>] allocate_data_block+0x302/0x307
[<ffffffff814d01be>] do_write_page+0x223/0x270
[<ffffffff814d0292>] write_node_page+0x20/0x22
[<ffffffff814c7089>] f2fs_write_node_page+0x2a0/0x3b1
[<ffffffff814c9a68>] sync_node_pages+0x326/0x5a3
[<ffffffff811215fd>] ? trace_hardirqs_on+0xd/0xf
[<ffffffff814bbdba>] ? write_checkpoint+0x28a/0x1160
[<ffffffff814bbdc9>] write_checkpoint+0x299/0x1160
[<ffffffff8112144b>] ? mark_held_locks+0x58/0x6e
[<ffffffff811215fd>] ? trace_hardirqs_on+0xd/0xf
[<ffffffff814bec7b>] f2fs_gc+0x2f4/0x505
[<ffffffff814bec7b>] ? f2fs_gc+0x2f4/0x505
[<ffffffff814cdda8>] ? f2fs_balance_fs+0x114/0x129
[<ffffffff814cddb2>] f2fs_balance_fs+0x11e/0x129
[<ffffffff814c52de>] f2fs_write_data_page+0x53c/0x5fa
[<ffffffff814c095f>] f2fs_write_cache_pages+0x267/0x388
[<ffffffff814c0c7e>] f2fs_write_data_pages+0x1fe/0x40c
[<ffffffff8111fdac>] ? __lock_is_held+0x38/0x50
[<ffffffff811bfae7>] do_writepages+0x21/0x2f
[<ffffffff812350c5>] __writeback_single_inode+0x15c/0x883
[<ffffffff81235c22>] writeback_sb_inodes+0x2e5/0x4d0
[<ffffffff81235e83>] __writeback_inodes_wb+0x76/0xad
[<ffffffff812360d9>] wb_writeback+0x21f/0x5d5
[<ffffffff812366d8>] wb_workfn+0x249/0x6a4
[<ffffffff8111fdac>] ? __lock_is_held+0x38/0x50
[<ffffffff810f6398>] process_one_work+0x327/0x669
[<ffffffff810f6229>] ? process_one_work+0x1b8/0x669
[<ffffffff810f69a0>] worker_thread+0x293/0x392
[<ffffffff810f670d>] ? process_scheduled_works+0x33/0x33
[<ffffffff810fc604>] kthread+0xf9/0x101
[<ffffffff810fc50b>] ? __kthread_create_on_node+0x181/0x181
[<ffffffff8187992a>] ret_from_fork+0x2a/0x40
---[ end trace 91a1217bf9eae6e0 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 20 at fs/f2fs/segment.c:2155 flush_sit_entries+0x45d/0x75e
CPU: 0 PID: 20 Comm: kworker/u4:1 Tainted: G W 4.9.0-rc4-ext4-00064-g1d85fd5 #898
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Workqueue: writeback wb_workfn (flush-253:48)
ffffc900003bf638 ffffffff815629ac 0000000000000000 0000000000000000
ffffc900003bf678 ffffffff810dd9a3 0000086b82e80460 ffff88007a92c370
0000000000000000 ffff88007a8f92f0 0000000000000008 ffff880079d20000
Call Trace:
[<ffffffff815629ac>] dump_stack+0x85/0xbe
[<ffffffff810dd9a3>] __warn+0xc5/0xe0
[<ffffffff810dda75>] warn_slowpath_null+0x1d/0x1f
[<ffffffff814d192b>] flush_sit_entries+0x45d/0x75e
[<ffffffff814bc01d>] write_checkpoint+0x4ed/0x1160
[<ffffffff811215fd>] ? trace_hardirqs_on+0xd/0xf
[<ffffffff814bec7b>] f2fs_gc+0x2f4/0x505
[<ffffffff814bec7b>] ? f2fs_gc+0x2f4/0x505
[<ffffffff814cdda8>] ? f2fs_balance_fs+0x114/0x129
[<ffffffff814cddb2>] f2fs_balance_fs+0x11e/0x129
[<ffffffff814c52de>] f2fs_write_data_page+0x53c/0x5fa
[<ffffffff814c095f>] f2fs_write_cache_pages+0x267/0x388
[<ffffffff814c0c7e>] f2fs_write_data_pages+0x1fe/0x40c
[<ffffffff8111fdac>] ? __lock_is_held+0x38/0x50
[<ffffffff811bfae7>] do_writepages+0x21/0x2f
[<ffffffff812350c5>] __writeback_single_inode+0x15c/0x883
[<ffffffff81235c22>] writeback_sb_inodes+0x2e5/0x4d0
[<ffffffff81235e83>] __writeback_inodes_wb+0x76/0xad
[<ffffffff812360d9>] wb_writeback+0x21f/0x5d5
[<ffffffff812366d8>] wb_workfn+0x249/0x6a4
[<ffffffff8111fdac>] ? __lock_is_held+0x38/0x50
[<ffffffff810f6398>] process_one_work+0x327/0x669
[<ffffffff810f6229>] ? process_one_work+0x1b8/0x669
[<ffffffff810f69a0>] worker_thread+0x293/0x392
[<ffffffff810f670d>] ? process_scheduled_works+0x33/0x33
[<ffffffff810fc604>] kthread+0xf9/0x101
[<ffffffff810fc50b>] ? __kthread_create_on_node+0x181/0x181
[<ffffffff8187992a>] ret_from_fork+0x2a/0x40
---[ end trace 91a1217bf9eae6e1 ]---
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<ffffffff814cca85>] update_sit_entry+0x10f/0x2a0
PGD 7a919067 PUD 0
Oops: 0000 [#1] SMP
CPU: 0 PID: 20 Comm: kworker/u4:1 Tainted: G W 4.9.0-rc4-ext4-00064-g1d85fd5 #898
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Workqueue: writeback wb_workfn (flush-253:48)
task: ffff88007c9c8540 task.stack: ffffc900003bc000
RIP: 0010:[<ffffffff814cca85>] [<ffffffff814cca85>] update_sit_entry+0x10f/0x2a0
RSP: 0000:ffffc900003bf580 EFLAGS: 00010202
RAX: 0000000000000000 RBX: ffff88007a8f9340 RCX: 0000000000000007
RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000200
RBP: ffffc900003bf5c0 R08: 0000000000000001 R09: 0000000000000000
R10: ffff88007a8ae4a0 R11: 000000000001b548 R12: 0000000000000000
R13: ffff880079d20000 R14: 00000000ffffffff R15: 0000000000000080
FS: 0000000000000000(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000007a988000 CR4: 00000000000006f0
Stack:
ffffc900003bf5e8 0000000000000246 0000000800000001 ffff880079d20000
0000000000002000 0000000000001601 0000000000000000 ffff88007a8ae400
ffffc900003bf5e8 ffffffff814ce898 ffff88007aafa4a0 0000000000000004
Call Trace:
[<ffffffff814ce898>] refresh_sit_entry+0x24/0xad
[<ffffffff814cfeb5>] allocate_data_block+0x221/0x307
[<ffffffff814d01be>] do_write_page+0x223/0x270
[<ffffffff814d0292>] write_node_page+0x20/0x22
[<ffffffff814c7089>] f2fs_write_node_page+0x2a0/0x3b1
[<ffffffff814c9183>] move_node_page+0xa8/0x101
[<ffffffff814be2a9>] do_garbage_collect+0x43e/0xb1c
[<ffffffff81876b71>] ? __mutex_unlock_slowpath+0x156/0x175
[<ffffffff81876b9e>] ? mutex_unlock+0xe/0x10
[<ffffffff814becab>] f2fs_gc+0x324/0x505
[<ffffffff814cdda8>] ? f2fs_balance_fs+0x114/0x129
[<ffffffff814cddb2>] f2fs_balance_fs+0x11e/0x129
[<ffffffff814c52de>] f2fs_write_data_page+0x53c/0x5fa
[<ffffffff814c095f>] f2fs_write_cache_pages+0x267/0x388
[<ffffffff814c0c7e>] f2fs_write_data_pages+0x1fe/0x40c
[<ffffffff8111fdac>] ? __lock_is_held+0x38/0x50
[<ffffffff811bfae7>] do_writepages+0x21/0x2f
[<ffffffff812350c5>] __writeback_single_inode+0x15c/0x883
[<ffffffff81235c22>] writeback_sb_inodes+0x2e5/0x4d0
[<ffffffff81235e83>] __writeback_inodes_wb+0x76/0xad
[<ffffffff812360d9>] wb_writeback+0x21f/0x5d5
[<ffffffff812366d8>] wb_workfn+0x249/0x6a4
[<ffffffff8111fdac>] ? __lock_is_held+0x38/0x50
[<ffffffff810f6398>] process_one_work+0x327/0x669
[<ffffffff810f6229>] ? process_one_work+0x1b8/0x669
[<ffffffff810f69a0>] worker_thread+0x293/0x392
[<ffffffff810f670d>] ? process_scheduled_works+0x33/0x33
[<ffffffff810fc604>] kthread+0xf9/0x101
[<ffffffff810fc50b>] ? __kthread_create_on_node+0x181/0x181
[<ffffffff8187992a>] ret_from_fork+0x2a/0x40
Code: 8b 09 48 89 81 e8 00 00 00 48 8b 73 08 0f 8e 96 00 00 00 44 89 e0 44 89 f1 41 bf 01 00 00 00 c1 e8 03 83 e1 07 48 01 c6 41 d3 e7 <0f> be 0e 40 88 cf 44 09 ff 44 85 f9 40 88 3e 74 1f be 6d 03 00
RIP [<ffffffff814cca85>] update_sit_entry+0x10f/0x2a0
RSP <ffffc900003bf580>
CR2: 0000000000000000
---[ end trace 91a1217bf9eae6e2 ]---
BUG: sleeping function called from invalid context at ./include/linux/sched.h:3109
in_atomic(): 0, irqs_disabled(): 1, pid: 20, name: kworker/u4:1
INFO: lockdep is turned off.
irq event stamp: 222342
hardirqs last enabled at (222341): [<ffffffff81875236>] mutex_lock_nested+0x329/0x34b
hardirqs last disabled at (222342): [<ffffffff8187aa79>] error_entry+0x69/0xc0
softirqs last enabled at (218088): [<ffffffff8187c54c>] __do_softirq+0x3b4/0x4be
softirqs last disabled at (218071): [<ffffffff810e38d0>] irq_exit+0x69/0xb9
CPU: 0 PID: 20 Comm: kworker/u4:1 Tainted: G D W 4.9.0-rc4-ext4-00064-g1d85fd5 #898
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Workqueue: 0xffff88007c9c8540 ( )
ffffc900003bfe60 ffffffff815629ac ffff88007c9c8540 0000000000000c25
ffffc900003bfe88 ffffffff8110ca0c ffffffff81be5c64 0000000000000c25
0000000000000000 ffffc900003bfeb0 ffffffff8110ca98 ffff88007c9c8540
Call Trace:
[<ffffffff815629ac>] dump_stack+0x85/0xbe
[<ffffffff8110ca0c>] ___might_sleep+0x201/0x214
[<ffffffff8110ca98>] __might_sleep+0x79/0x80
[<ffffffff810ed593>] exit_signals+0x26/0x20d
[<ffffffff810e229c>] do_exit+0x130/0x9ff
[<ffffffff8187aca7>] rewind_stack_do_exit+0x17/0x20
QEMU: Terminated
WARNING: CPU: 0 PID: 20 at fs/f2fs/segment.c:1106 new_curseg+0x24c/0x34c
WARNING: CPU: 0 PID: 20 at fs/f2fs/segment.c:1145 new_curseg+0x2c3/0x34c
WARNING: CPU: 0 PID: 20 at fs/f2fs/segment.c:2155 flush_sit_entries+0x45d/0x75e
------------------------------------------------------------------------------
next reply other threads:[~2016-11-27 4:40 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-27 4:39 Eric Biggers [this message]
[not found] ` <20161128223052.GB4624@jaegeuk>
2016-11-28 23:41 ` f2fs crash when filling up small filesystem Eric Biggers
2016-11-29 0:26 ` Jaegeuk Kim
2016-12-05 19:30 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161127043954.GB34163@google.com \
--to=ebiggers@google.com \
--cc=jaegeuk@kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.