All of lore.kernel.org
 help / color / mirror / Atom feed
* [Bug 203217] New: kernel BUG at fs/f2fs/inode.c:707! and hangs
@ 2019-04-09 21:02 bugzilla-daemon
  2019-04-09 21:02 ` [Bug 203217] " bugzilla-daemon
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: bugzilla-daemon @ 2019-04-09 21:02 UTC (permalink / raw)
  To: linux-f2fs-devel

https://bugzilla.kernel.org/show_bug.cgi?id=203217

            Bug ID: 203217
           Summary: kernel BUG at fs/f2fs/inode.c:707! and hangs
           Product: File System
           Version: 2.5
    Kernel Version: 5.0.0
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: f2fs
          Assignee: filesystem_f2fs@kernel-bugs.kernel.org
          Reporter: jungyeon@gatech.edu
        Regression: No

Created attachment 282211
  --> https://bugzilla.kernel.org/attachment.cgi?id=282211&action=edit
The (compressed) crafted image which causes crash

- Overview
When mounting the attached crafted image and running program, I got this error.
Additionally, it hangs on sync after running the program.

The image is intentionally fuzzed from a normal f2fs image for testing and I
enabled option CONFIG_F2FS_CHECK_FS on.

- Reproduces
cc poc_test_05.c
mkdir test
mount -t f2fs tmp.img test
sudo ./a.out
sync

- Messages
[  202.860834] kernel BUG at fs/f2fs/inode.c:707!
[  202.861484] invalid opcode: 0000 [#1] SMP PTI
[  202.862065] CPU: 0 PID: 1932 Comm: a.out Tainted: G        W         5.0.0
#4
[  202.863079] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
Ubuntu-1.8.2-1ubuntu1 04/01/2014
[  202.864419] RIP: 0010:f2fs_evict_inode+0x33f/0x3a0
[  202.865097] Code: e8 d6 67 e5 ff 8b 43 48 85 c0 0f 84 2b fe ff ff e9 06 fe
ff ff 8b 73 40 ba 02 00 00 00 4c 89 e7 e8 f6 21 01 00 e9 11 fe ff ff <0f> 0b 48
89 df e8 c7 bc 00 00 48 8b 73 40 48 85 f6 0f 84 ca fd ff
[  202.867703] RSP: 0018:ffffb109c0da7b60 EFLAGS: 00010202
[  202.868445] RAX: 0000000000100602 RBX: ffff94a3aebbe640 RCX:
0000000000000000
[  202.869451] RDX: ffff94a3abdbb600 RSI: 0000000000000001 RDI:
ffff94a3aebbe640
[  202.870456] RBP: ffff94a3aebbe748 R08: ffff94a3b4c5d400 R09:
ffffffffb6741f99
[  202.871476] R10: ffffd6d908baf140 R11: ffff94a3abe6a500 R12:
ffff94a3b6325800
[  202.872480] R13: 0000000000000000 R14: 00000000fffffff2 R15:
ffffd6d908d8c1c0
[  202.873482] FS:  00007fe5ac087700(0000) GS:ffff94a3b7a00000(0000)
knlGS:0000000000000000
[  202.874628] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  202.875440] CR2: 00007ffff0c6e000 CR3: 0000000235e56004 CR4:
00000000001606f0
[  202.876453] Call Trace:
[  202.876817]  evict+0xba/0x180
[  202.877257]  f2fs_iget+0x598/0xdf0
[  202.877746]  f2fs_lookup+0x136/0x320
[  202.878260]  __lookup_slow+0x92/0x140
[  202.878803]  lookup_slow+0x30/0x50
[  202.879303]  walk_component+0x1c1/0x350
[  202.879853]  ? f2fs_get_dnode_of_data+0x4f8/0x600
[  202.880509]  ? f2fs_get_node_info+0x17b/0x2e0
[  202.881134]  path_lookupat+0x62/0x200
[  202.881657]  filename_lookup+0xb3/0x1a0
[  202.882205]  ? f2fs_alloc_nid_failed+0x72/0xc0
[  202.882845]  ? _cond_resched+0x11/0x40
[  202.883382]  ? kmem_cache_alloc+0x33/0x160
[  202.883964]  ? getname_flags+0x6a/0x1d0
[  202.884512]  ? do_readlinkat+0x56/0x110
[  202.885057]  do_readlinkat+0x56/0x110
[  202.885581]  ? do_mkdirat+0x80/0xe0
[  202.886081]  __x64_sys_readlink+0x16/0x20
[  202.886671]  do_syscall_64+0x43/0xf0
[  202.887183]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  202.887920] RIP: 0033:0x7fe5abba24d9
[  202.888431] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89
f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01
f0 ff ff 73 01 c3 48 8b 0d 8f 29 2c 00 f7 d8 64 89 01 48
[  202.891059] RSP: 002b:00007ffff0c6bc78 EFLAGS: 00000286 ORIG_RAX:
0000000000000059
[  202.892132] RAX: ffffffffffffffda RBX: 0000000000000000 RCX:
00007fe5abba24d9
[  202.893135] RDX: 0000000000002000 RSI: 00007ffff0c6de20 RDI:
00007ffff0c6bd20
[  202.894132] RBP: 00007ffff0c6fe30 R08: 00007ffff0c6ff18 R09:
00007ffff0c6ff18
[  202.895167] R10: 00007ffff0c6ff18 R11: 0000000000000286 R12:
00000000004004e0
[  202.896181] R13: 00007ffff0c6ff10 R14: 0000000000000000 R15:
0000000000000000
[  202.897204] Modules linked in:
[  202.897682] ---[ end trace 637c750cd5ef0048 ]---
[  202.898354] RIP: 0010:f2fs_evict_inode+0x33f/0x3a0
[  202.899055] Code: e8 d6 67 e5 ff 8b 43 48 85 c0 0f 84 2b fe ff ff e9 06 fe
ff ff 8b 73 40 ba 02 00 00 00 4c 89 e7 e8 f6 21 01 00 e9 11 fe ff ff <0f> 0b 48
89 df e8 c7 bc 00 00 48 8b 73 40 48 85 f6 0f 84 ca fd ff
[  202.901691] RSP: 0018:ffffb109c0da7b60 EFLAGS: 00010202
[  202.902464] RAX: 0000000000100602 RBX: ffff94a3aebbe640 RCX:
0000000000000000
[  202.903480] RDX: ffff94a3abdbb600 RSI: 0000000000000001 RDI:
ffff94a3aebbe640
[  202.904494] RBP: ffff94a3aebbe748 R08: ffff94a3b4c5d400 R09:
ffffffffb6741f99
[  202.905505] R10: ffffd6d908baf140 R11: ffff94a3abe6a500 R12:
ffff94a3b6325800
[  202.906545] R13: 0000000000000000 R14: 00000000fffffff2 R15:
ffffd6d908d8c1c0
[  202.907553] FS:  00007fe5ac087700(0000) GS:ffff94a3b7a00000(0000)
knlGS:0000000000000000
[  202.908709] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  202.909530] CR2: 00007ffff0c6e000 CR3: 0000000235e56004 CR4:
00000000001606f0

-- error location

632 void f2fs_evict_inode(struct inode *inode)
633 {
...
700 
701     stat_dec_inline_xattr(inode);
702     stat_dec_inline_dir(inode);
703     stat_dec_inline_inode(inode);
704 
705     if (likely(!is_set_ckpt_flags(sbi, CP_ERROR_FLAG) &&
706                 !is_sbi_flag_set(sbi, SBI_CP_DISABLED)))
*707         f2fs_bug_on(sbi, is_inode_flag_set(inode, FI_DIRTY_INODE));
708     else
709         f2fs_inode_synced(inode);
710 
711     /* ino == 0, if f2fs_new_inode() was failed t*/
712     if (inode->i_ino)
713         invalidate_mapping_pages(NODE_MAPPING(sbi), inode->i_ino,
714                             inode->i_ino);

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [Bug 203217] kernel BUG at fs/f2fs/inode.c:707! and hangs
  2019-04-09 21:02 [Bug 203217] New: kernel BUG at fs/f2fs/inode.c:707! and hangs bugzilla-daemon
@ 2019-04-09 21:02 ` bugzilla-daemon
  2019-04-15 14:51 ` bugzilla-daemon
  2019-05-16 14:10 ` bugzilla-daemon
  2 siblings, 0 replies; 4+ messages in thread
From: bugzilla-daemon @ 2019-04-09 21:02 UTC (permalink / raw)
  To: linux-f2fs-devel

https://bugzilla.kernel.org/show_bug.cgi?id=203217

--- Comment #1 from Jungyeon (jungyeon@gatech.edu) ---
Created attachment 282213
  --> https://bugzilla.kernel.org/attachment.cgi?id=282213&action=edit
poc_test_05.c

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [Bug 203217] kernel BUG at fs/f2fs/inode.c:707! and hangs
  2019-04-09 21:02 [Bug 203217] New: kernel BUG at fs/f2fs/inode.c:707! and hangs bugzilla-daemon
  2019-04-09 21:02 ` [Bug 203217] " bugzilla-daemon
@ 2019-04-15 14:51 ` bugzilla-daemon
  2019-05-16 14:10 ` bugzilla-daemon
  2 siblings, 0 replies; 4+ messages in thread
From: bugzilla-daemon @ 2019-04-15 14:51 UTC (permalink / raw)
  To: linux-f2fs-devel

https://bugzilla.kernel.org/show_bug.cgi?id=203217

Chao Yu (chao@kernel.org) changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
                 CC|                            |chao@kernel.org

--- Comment #2 from Chao Yu (chao@kernel.org) ---
Fixed with

f2fs: fix to clear dirty inode in error path of f2fs_iget()

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [Bug 203217] kernel BUG at fs/f2fs/inode.c:707! and hangs
  2019-04-09 21:02 [Bug 203217] New: kernel BUG at fs/f2fs/inode.c:707! and hangs bugzilla-daemon
  2019-04-09 21:02 ` [Bug 203217] " bugzilla-daemon
  2019-04-15 14:51 ` bugzilla-daemon
@ 2019-05-16 14:10 ` bugzilla-daemon
  2 siblings, 0 replies; 4+ messages in thread
From: bugzilla-daemon @ 2019-05-16 14:10 UTC (permalink / raw)
  To: linux-f2fs-devel

https://bugzilla.kernel.org/show_bug.cgi?id=203217

Jungyeon (jungyeon@gatech.edu) changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |CODE_FIX

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-05-16 14:10 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-04-09 21:02 [Bug 203217] New: kernel BUG at fs/f2fs/inode.c:707! and hangs bugzilla-daemon
2019-04-09 21:02 ` [Bug 203217] " bugzilla-daemon
2019-04-15 14:51 ` bugzilla-daemon
2019-05-16 14:10 ` bugzilla-daemon

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.