* [Bug 203217] New: kernel BUG at fs/f2fs/inode.c:707! and hangs
@ 2019-04-09 21:02 bugzilla-daemon
2019-04-09 21:02 ` [Bug 203217] " bugzilla-daemon
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: bugzilla-daemon @ 2019-04-09 21:02 UTC (permalink / raw)
To: linux-f2fs-devel
https://bugzilla.kernel.org/show_bug.cgi?id=203217
Bug ID: 203217
Summary: kernel BUG at fs/f2fs/inode.c:707! and hangs
Product: File System
Version: 2.5
Kernel Version: 5.0.0
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: f2fs
Assignee: filesystem_f2fs@kernel-bugs.kernel.org
Reporter: jungyeon@gatech.edu
Regression: No
Created attachment 282211
--> https://bugzilla.kernel.org/attachment.cgi?id=282211&action=edit
The (compressed) crafted image which causes crash
- Overview
When mounting the attached crafted image and running program, I got this error.
Additionally, it hangs on sync after running the program.
The image is intentionally fuzzed from a normal f2fs image for testing and I
enabled option CONFIG_F2FS_CHECK_FS on.
- Reproduces
cc poc_test_05.c
mkdir test
mount -t f2fs tmp.img test
sudo ./a.out
sync
- Messages
[ 202.860834] kernel BUG at fs/f2fs/inode.c:707!
[ 202.861484] invalid opcode: 0000 [#1] SMP PTI
[ 202.862065] CPU: 0 PID: 1932 Comm: a.out Tainted: G W 5.0.0
#4
[ 202.863079] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 202.864419] RIP: 0010:f2fs_evict_inode+0x33f/0x3a0
[ 202.865097] Code: e8 d6 67 e5 ff 8b 43 48 85 c0 0f 84 2b fe ff ff e9 06 fe
ff ff 8b 73 40 ba 02 00 00 00 4c 89 e7 e8 f6 21 01 00 e9 11 fe ff ff <0f> 0b 48
89 df e8 c7 bc 00 00 48 8b 73 40 48 85 f6 0f 84 ca fd ff
[ 202.867703] RSP: 0018:ffffb109c0da7b60 EFLAGS: 00010202
[ 202.868445] RAX: 0000000000100602 RBX: ffff94a3aebbe640 RCX:
0000000000000000
[ 202.869451] RDX: ffff94a3abdbb600 RSI: 0000000000000001 RDI:
ffff94a3aebbe640
[ 202.870456] RBP: ffff94a3aebbe748 R08: ffff94a3b4c5d400 R09:
ffffffffb6741f99
[ 202.871476] R10: ffffd6d908baf140 R11: ffff94a3abe6a500 R12:
ffff94a3b6325800
[ 202.872480] R13: 0000000000000000 R14: 00000000fffffff2 R15:
ffffd6d908d8c1c0
[ 202.873482] FS: 00007fe5ac087700(0000) GS:ffff94a3b7a00000(0000)
knlGS:0000000000000000
[ 202.874628] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 202.875440] CR2: 00007ffff0c6e000 CR3: 0000000235e56004 CR4:
00000000001606f0
[ 202.876453] Call Trace:
[ 202.876817] evict+0xba/0x180
[ 202.877257] f2fs_iget+0x598/0xdf0
[ 202.877746] f2fs_lookup+0x136/0x320
[ 202.878260] __lookup_slow+0x92/0x140
[ 202.878803] lookup_slow+0x30/0x50
[ 202.879303] walk_component+0x1c1/0x350
[ 202.879853] ? f2fs_get_dnode_of_data+0x4f8/0x600
[ 202.880509] ? f2fs_get_node_info+0x17b/0x2e0
[ 202.881134] path_lookupat+0x62/0x200
[ 202.881657] filename_lookup+0xb3/0x1a0
[ 202.882205] ? f2fs_alloc_nid_failed+0x72/0xc0
[ 202.882845] ? _cond_resched+0x11/0x40
[ 202.883382] ? kmem_cache_alloc+0x33/0x160
[ 202.883964] ? getname_flags+0x6a/0x1d0
[ 202.884512] ? do_readlinkat+0x56/0x110
[ 202.885057] do_readlinkat+0x56/0x110
[ 202.885581] ? do_mkdirat+0x80/0xe0
[ 202.886081] __x64_sys_readlink+0x16/0x20
[ 202.886671] do_syscall_64+0x43/0xf0
[ 202.887183] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 202.887920] RIP: 0033:0x7fe5abba24d9
[ 202.888431] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89
f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01
f0 ff ff 73 01 c3 48 8b 0d 8f 29 2c 00 f7 d8 64 89 01 48
[ 202.891059] RSP: 002b:00007ffff0c6bc78 EFLAGS: 00000286 ORIG_RAX:
0000000000000059
[ 202.892132] RAX: ffffffffffffffda RBX: 0000000000000000 RCX:
00007fe5abba24d9
[ 202.893135] RDX: 0000000000002000 RSI: 00007ffff0c6de20 RDI:
00007ffff0c6bd20
[ 202.894132] RBP: 00007ffff0c6fe30 R08: 00007ffff0c6ff18 R09:
00007ffff0c6ff18
[ 202.895167] R10: 00007ffff0c6ff18 R11: 0000000000000286 R12:
00000000004004e0
[ 202.896181] R13: 00007ffff0c6ff10 R14: 0000000000000000 R15:
0000000000000000
[ 202.897204] Modules linked in:
[ 202.897682] ---[ end trace 637c750cd5ef0048 ]---
[ 202.898354] RIP: 0010:f2fs_evict_inode+0x33f/0x3a0
[ 202.899055] Code: e8 d6 67 e5 ff 8b 43 48 85 c0 0f 84 2b fe ff ff e9 06 fe
ff ff 8b 73 40 ba 02 00 00 00 4c 89 e7 e8 f6 21 01 00 e9 11 fe ff ff <0f> 0b 48
89 df e8 c7 bc 00 00 48 8b 73 40 48 85 f6 0f 84 ca fd ff
[ 202.901691] RSP: 0018:ffffb109c0da7b60 EFLAGS: 00010202
[ 202.902464] RAX: 0000000000100602 RBX: ffff94a3aebbe640 RCX:
0000000000000000
[ 202.903480] RDX: ffff94a3abdbb600 RSI: 0000000000000001 RDI:
ffff94a3aebbe640
[ 202.904494] RBP: ffff94a3aebbe748 R08: ffff94a3b4c5d400 R09:
ffffffffb6741f99
[ 202.905505] R10: ffffd6d908baf140 R11: ffff94a3abe6a500 R12:
ffff94a3b6325800
[ 202.906545] R13: 0000000000000000 R14: 00000000fffffff2 R15:
ffffd6d908d8c1c0
[ 202.907553] FS: 00007fe5ac087700(0000) GS:ffff94a3b7a00000(0000)
knlGS:0000000000000000
[ 202.908709] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 202.909530] CR2: 00007ffff0c6e000 CR3: 0000000235e56004 CR4:
00000000001606f0
-- error location
632 void f2fs_evict_inode(struct inode *inode)
633 {
...
700
701 stat_dec_inline_xattr(inode);
702 stat_dec_inline_dir(inode);
703 stat_dec_inline_inode(inode);
704
705 if (likely(!is_set_ckpt_flags(sbi, CP_ERROR_FLAG) &&
706 !is_sbi_flag_set(sbi, SBI_CP_DISABLED)))
*707 f2fs_bug_on(sbi, is_inode_flag_set(inode, FI_DIRTY_INODE));
708 else
709 f2fs_inode_synced(inode);
710
711 /* ino == 0, if f2fs_new_inode() was failed t*/
712 if (inode->i_ino)
713 invalidate_mapping_pages(NODE_MAPPING(sbi), inode->i_ino,
714 inode->i_ino);
--
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 203217] kernel BUG at fs/f2fs/inode.c:707! and hangs
2019-04-09 21:02 [Bug 203217] New: kernel BUG at fs/f2fs/inode.c:707! and hangs bugzilla-daemon
@ 2019-04-09 21:02 ` bugzilla-daemon
2019-04-15 14:51 ` bugzilla-daemon
2019-05-16 14:10 ` bugzilla-daemon
2 siblings, 0 replies; 4+ messages in thread
From: bugzilla-daemon @ 2019-04-09 21:02 UTC (permalink / raw)
To: linux-f2fs-devel
https://bugzilla.kernel.org/show_bug.cgi?id=203217
--- Comment #1 from Jungyeon (jungyeon@gatech.edu) ---
Created attachment 282213
--> https://bugzilla.kernel.org/attachment.cgi?id=282213&action=edit
poc_test_05.c
--
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 203217] kernel BUG at fs/f2fs/inode.c:707! and hangs
2019-04-09 21:02 [Bug 203217] New: kernel BUG at fs/f2fs/inode.c:707! and hangs bugzilla-daemon
2019-04-09 21:02 ` [Bug 203217] " bugzilla-daemon
@ 2019-04-15 14:51 ` bugzilla-daemon
2019-05-16 14:10 ` bugzilla-daemon
2 siblings, 0 replies; 4+ messages in thread
From: bugzilla-daemon @ 2019-04-15 14:51 UTC (permalink / raw)
To: linux-f2fs-devel
https://bugzilla.kernel.org/show_bug.cgi?id=203217
Chao Yu (chao@kernel.org) changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
CC| |chao@kernel.org
--- Comment #2 from Chao Yu (chao@kernel.org) ---
Fixed with
f2fs: fix to clear dirty inode in error path of f2fs_iget()
--
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 203217] kernel BUG at fs/f2fs/inode.c:707! and hangs
2019-04-09 21:02 [Bug 203217] New: kernel BUG at fs/f2fs/inode.c:707! and hangs bugzilla-daemon
2019-04-09 21:02 ` [Bug 203217] " bugzilla-daemon
2019-04-15 14:51 ` bugzilla-daemon
@ 2019-05-16 14:10 ` bugzilla-daemon
2 siblings, 0 replies; 4+ messages in thread
From: bugzilla-daemon @ 2019-05-16 14:10 UTC (permalink / raw)
To: linux-f2fs-devel
https://bugzilla.kernel.org/show_bug.cgi?id=203217
Jungyeon (jungyeon@gatech.edu) changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |CODE_FIX
--
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-05-16 14:10 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-04-09 21:02 [Bug 203217] New: kernel BUG at fs/f2fs/inode.c:707! and hangs bugzilla-daemon
2019-04-09 21:02 ` [Bug 203217] " bugzilla-daemon
2019-04-15 14:51 ` bugzilla-daemon
2019-05-16 14:10 ` bugzilla-daemon
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.