* [f2fs-dev] [Bug 215765] New: kernel NULL pointer dereference at fs/f2fs/dir.c:f2fs_add_regular_entry() when mount and operate on corrupted image
@ 2022-03-28 14:41 bugzilla-daemon
2022-03-29 3:40 ` [f2fs-dev] [Bug 215765] " bugzilla-daemon
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: bugzilla-daemon @ 2022-03-28 14:41 UTC (permalink / raw)
To: linux-f2fs-devel
https://bugzilla.kernel.org/show_bug.cgi?id=215765
Bug ID: 215765
Summary: kernel NULL pointer dereference at
fs/f2fs/dir.c:f2fs_add_regular_entry() when mount and
operate on corrupted image
Product: File System
Version: 2.5
Kernel Version: 5.17
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: f2fs
Assignee: filesystem_f2fs@kernel-bugs.kernel.org
Reporter: wenqingliu0120@gmail.com
Regression: No
Created attachment 300632
--> https://bugzilla.kernel.org/attachment.cgi?id=300632&action=edit
corrupted image and .config
- Overview
kernel NULL pointer dereference at fs/f2fs/dir.c:f2fs_add_regular_entry() when
mount and operate on corrupted image
- Reproduce
tested on kernel 5.17
# mkdir mnt
# mount tmp40.img mount
# ls mnt
- Kernel dump
[ 131.000658] loop0: detected capacity change from 0 to 131072
[ 131.147683] F2FS-fs (loop0): Mounted with checkpoint version = 7548c462
[ 132.640535] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 132.640656] #PF: supervisor instruction fetch in kernel mode
[ 132.640709] #PF: error_code(0x0010) - not-present page
[ 132.640755] PGD 0 P4D 0
[ 132.640784] Oops: 0010 [#1] PREEMPT SMP NOPTI
[ 132.640829] CPU: 3 PID: 1251 Comm: ls Not tainted 5.17.0 #1
[ 132.640882] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
1.13.0-1ubuntu1.1 04/01/2014
[ 132.640955] RIP: 0010:0x0
[ 132.641003] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
[ 132.641123] RSP: 0018:ffffc184c04fb9e0 EFLAGS: 00010246
[ 132.641174] RAX: 0000000000000000 RBX: ffffed6584a0ef80 RCX:
000000000000003b
[ 132.641236] RDX: 0017ffffc0000005 RSI: ffffa093e83be000 RDI:
ffffed6584a0ef80
[ 132.641296] RBP: ffffa093e83be950 R08: 0000000000000000 R09:
000000000000003b
[ 132.641358] R10: 000000000000003d R11: 000000000000003b R12:
ffffed6584a0ef80
[ 132.641418] R13: ffffed6584a0ef80 R14: ffffa093c5492340 R15:
ffffc184c04fbac0
[ 132.641480] FS: 00007fd9bbdc7040(0000) GS:ffffa095b5d80000(0000)
knlGS:0000000000000000
[ 132.641550] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 132.641600] CR2: ffffffffffffffd6 CR3: 000000010213e003 CR4:
0000000000370ee0
[ 132.641671] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 132.641745] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 132.641806] Call Trace:
[ 132.641832] <TASK>
[ 132.641855] folio_mark_dirty+0x33/0x50
[ 132.641906] f2fs_add_regular_entry+0x541/0xad0 [f2fs]
[ 132.642440] f2fs_add_dentry+0x6c/0xb0 [f2fs]
[ 132.642583] f2fs_do_add_link+0x182/0x230 [f2fs]
[ 132.642717] __recover_dot_dentries+0x2d6/0x470 [f2fs]
[ 132.642865] f2fs_lookup+0x5af/0x6a0 [f2fs]
[ 132.643000] __lookup_slow+0xac/0x200
[ 132.643043] lookup_slow+0x45/0x70
[ 132.643080] walk_component+0x16c/0x250
[ 132.643121] path_lookupat+0x8b/0x1f0
[ 132.643160] filename_lookup+0xef/0x250
[ 132.643204] ? __check_object_size+0xc2/0x190
[ 132.643265] ? user_path_at_empty+0x46/0x70
[ 132.643307] user_path_at_empty+0x46/0x70
[ 132.643349] vfs_statx+0x98/0x190
[ 132.643388] __do_sys_newlstat+0x41/0x90
[ 132.643433] ? fpregs_assert_state_consistent+0x1e/0x40
[ 132.643484] ? exit_to_user_mode_prepare+0x38/0x1a0
[ 132.643536] __x64_sys_newlstat+0x1a/0x30
[ 132.643578] do_syscall_64+0x37/0xb0
[ 132.643615] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 132.643666] RIP: 0033:0x7fd9bb69f7c5
[ 132.643703] Code: c9 b6 2d 00 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f
40 00 83 ff 01 48 89 f0 77 30 48 89 c7 48 89 d6 b8 06 00 00 00 0f 05 <48> 3d 00
f0 ff ff 77 03 f3 c3 90 48 8b 15 91 b6 2d 00 f7 d8 64 89
[ 132.647032] RSP: 002b:00007ffdd3099a08 EFLAGS: 00000246 ORIG_RAX:
0000000000000006
[ 132.648731] RAX: ffffffffffffffda RBX: 00005628315da0e8 RCX:
00007fd9bb69f7c5
[ 132.651089] RDX: 00005628315da100 RSI: 00005628315da100 RDI:
00007ffdd3099a10
[ 132.652883] RBP: 00007ffdd3099e00 R08: 0000000000000000 R09:
00005628315def9c
[ 132.654519] R10: 0000000000000000 R11: 0000000000000246 R12:
00007ffdd3099a10
[ 132.656120] R13: 0000000000000000 R14: 0000000000000003 R15:
00005628315da100
[ 132.657749] </TASK>
[ 132.659376] Modules linked in: f2fs crc32_generic iscsi_tcp libiscsi_tcp
libiscsi scsi_transport_iscsi xfs input_leds joydev serio_raw qemu_fw_cfg
autofs4 raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor
async_tx raid1 raid0 multipath linear hid_generic usbhid hid qxl drm_ttm_helper
ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm
crct10dif_pclmul crc32_pclmul psmouse ghash_clmulni_intel aesni_intel
crypto_simd cryptd
[ 132.665794] CR2: 0000000000000000
[ 132.666980] ---[ end trace 0000000000000000 ]---
[ 132.668162] RIP: 0010:0x0
[ 132.669083] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
[ 132.670020] RSP: 0018:ffffc184c04fb9e0 EFLAGS: 00010246
[ 132.670932] RAX: 0000000000000000 RBX: ffffed6584a0ef80 RCX:
000000000000003b
[ 132.671866] RDX: 0017ffffc0000005 RSI: ffffa093e83be000 RDI:
ffffed6584a0ef80
[ 132.672797] RBP: ffffa093e83be950 R08: 0000000000000000 R09:
000000000000003b
[ 132.673641] R10: 000000000000003d R11: 000000000000003b R12:
ffffed6584a0ef80
[ 132.674374] R13: ffffed6584a0ef80 R14: ffffa093c5492340 R15:
ffffc184c04fbac0
[ 132.675131] FS: 00007fd9bbdc7040(0000) GS:ffffa095b5d80000(0000)
knlGS:0000000000000000
[ 132.675895] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 132.676702] CR2: ffffffffffffffd6 CR3: 000000010213e003 CR4:
0000000000370ee0
[ 132.677500] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 132.678279] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* [f2fs-dev] [Bug 215765] kernel NULL pointer dereference at fs/f2fs/dir.c:f2fs_add_regular_entry() when mount and operate on corrupted image
2022-03-28 14:41 [f2fs-dev] [Bug 215765] New: kernel NULL pointer dereference at fs/f2fs/dir.c:f2fs_add_regular_entry() when mount and operate on corrupted image bugzilla-daemon
@ 2022-03-29 3:40 ` bugzilla-daemon
2022-03-29 17:27 ` bugzilla-daemon
2022-03-30 16:58 ` bugzilla-daemon
2 siblings, 0 replies; 4+ messages in thread
From: bugzilla-daemon @ 2022-03-29 3:40 UTC (permalink / raw)
To: linux-f2fs-devel
https://bugzilla.kernel.org/show_bug.cgi?id=215765
Chao Yu (chao@kernel.org) changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
CC| |chao@kernel.org
--- Comment #1 from Chao Yu (chao@kernel.org) ---
Hi Wenqing,
Thanks for the report! Could you please test w/ below patch?
https://lore.kernel.org/linux-f2fs-devel/20220328160253.3102-1-chao@kernel.org/T/#u
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* [f2fs-dev] [Bug 215765] kernel NULL pointer dereference at fs/f2fs/dir.c:f2fs_add_regular_entry() when mount and operate on corrupted image
2022-03-28 14:41 [f2fs-dev] [Bug 215765] New: kernel NULL pointer dereference at fs/f2fs/dir.c:f2fs_add_regular_entry() when mount and operate on corrupted image bugzilla-daemon
2022-03-29 3:40 ` [f2fs-dev] [Bug 215765] " bugzilla-daemon
@ 2022-03-29 17:27 ` bugzilla-daemon
2022-03-30 16:58 ` bugzilla-daemon
2 siblings, 0 replies; 4+ messages in thread
From: bugzilla-daemon @ 2022-03-29 17:27 UTC (permalink / raw)
To: linux-f2fs-devel
https://bugzilla.kernel.org/show_bug.cgi?id=215765
--- Comment #2 from Wenqing Liu (wenqingliu0120@gmail.com) ---
(In reply to Chao Yu from comment #1)
> Hi Wenqing,
>
> Thanks for the report! Could you please test w/ below patch?
>
> https://lore.kernel.org/linux-f2fs-devel/20220328160253.3102-1-chao@kernel.
> org/T/#u
Thanks Chao, I tested it on 5.17.1, the NULL pointer dereference didn't appear
with the patched kernel.
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* [f2fs-dev] [Bug 215765] kernel NULL pointer dereference at fs/f2fs/dir.c:f2fs_add_regular_entry() when mount and operate on corrupted image
2022-03-28 14:41 [f2fs-dev] [Bug 215765] New: kernel NULL pointer dereference at fs/f2fs/dir.c:f2fs_add_regular_entry() when mount and operate on corrupted image bugzilla-daemon
2022-03-29 3:40 ` [f2fs-dev] [Bug 215765] " bugzilla-daemon
2022-03-29 17:27 ` bugzilla-daemon
@ 2022-03-30 16:58 ` bugzilla-daemon
2 siblings, 0 replies; 4+ messages in thread
From: bugzilla-daemon @ 2022-03-30 16:58 UTC (permalink / raw)
To: linux-f2fs-devel
https://bugzilla.kernel.org/show_bug.cgi?id=215765
Artem S. Tashkinov (aros@gmx.com) changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |CODE_FIX
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-03-30 16:59 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-28 14:41 [f2fs-dev] [Bug 215765] New: kernel NULL pointer dereference at fs/f2fs/dir.c:f2fs_add_regular_entry() when mount and operate on corrupted image bugzilla-daemon
2022-03-29 3:40 ` [f2fs-dev] [Bug 215765] " bugzilla-daemon
2022-03-29 17:27 ` bugzilla-daemon
2022-03-30 16:58 ` bugzilla-daemon
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.