[f2fs-dev] [Bug 215904] New: kernel BUG at fs/f2fs/inode.c:825!

* [f2fs-dev] [Bug 215904] New: kernel BUG at fs/f2fs/inode.c:825!
@ 2022-04-27 14:27 bugzilla-daemon
  2022-04-30  9:35 ` [f2fs-dev] [Bug 215904] " bugzilla-daemon
                   ` (4 more replies)
  0 siblings, 5 replies; 6+ messages in thread
From: bugzilla-daemon @ 2022-04-27 14:27 UTC (permalink / raw)
  To: linux-f2fs-devel

https://bugzilla.kernel.org/show_bug.cgi?id=215904

            Bug ID: 215904
           Summary: kernel BUG at fs/f2fs/inode.c:825!
           Product: File System
           Version: 2.5
    Kernel Version: 5.17
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: f2fs
          Assignee: filesystem_f2fs@kernel-bugs.kernel.org
          Reporter: yanming@tju.edu.cn
        Regression: No

Created attachment 300828
  --> https://bugzilla.kernel.org/attachment.cgi?id=300828&action=edit
case.c

I have encountered a bug in F2FS file system in kernel v5.17.

I have uploaded the system call sequence as case.c, and a fuzzed image can be
found in google net disk
(https://drive.google.com/file/d/1jtULqt8XBvtgyzC2eZAz8-6scMcKX6eZ/view?usp=sharing).

The kernel should enable CONFIG_KASAN=y and CONFIG_KASAN_INLINE=y. You can
reproduce the bug by running the following commands:

gcc -o case case.c
losetup /dev/loop0 case.img
mount -o
"disable_ext_identify,inline_data,inline_dentry,flush_merge,nobarrier,mode=adaptive,noquota,alloc_mode=reuse"
-t f2fs /dev/loop0 /root/mnt
./case

The kernel message is shown below:

4,20635,429868223,-;------------[ cut here ]------------
2,20636,429868228,-;kernel BUG at fs/f2fs/inode.c:825!
4,20637,429868236,-;invalid opcode: 0000 [#2] PREEMPT SMP KASAN PTI
4,20638,429868243,-;CPU: 2 PID: 4549 Comm: umount Tainted: G      D W        
5.17.0 #4
4,20639,429868249,-;Hardware name: Dell Inc. OptiPlex 9020/03CPWF, BIOS A14
09/14/2015
4,20640,429868253,-;RIP: 0010:f2fs_evict_inode+0x10b0/0x1510
4,20641,429868260,-;Code: fc ff df 4c 89 f2 48 c1 ea 03 80 3c 02 00 0f 85 33 04
00 00 41 8b 77 40 ba 01 00 00 00 48 89 ef e8 75 c0 05 00 e9 db fd ff ff <0f> 0b
48 8d 7d 48 be 08 00 00 00 e8 d0 6f 57 ff f0 80 4d 49 10 e9
4,20642,429868267,-;RSP: 0018:ffff88812cb27af0 EFLAGS: 00010202
4,20643,429868273,-;RAX: 0000000000000042 RBX: ffff88814af40000 RCX:
ffffffffb3e4a495
4,20644,429868278,-;RDX: 1ffff1102bd53356 RSI: 0000000000000008 RDI:
ffff88815ea99ab0
4,20645,429868284,-;RBP: ffff888110ece000 R08: 0000000000000001 R09:
ffffed102bd53357
4,20646,429868288,-;R10: ffff88815ea99ab7 R11: ffffed102bd53356 R12:
ffff88815ea99ab0
4,20647,429868293,-;R13: ffff888110ece048 R14: ffff88815ea99878 R15:
ffff88815ea99838
4,20648,429868298,-;FS:  00007f2e62b1b840(0000) GS:ffff8881d5680000(0000)
knlGS:0000000000000000
4,20649,429868304,-;CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
4,20650,429868309,-;CR2: 000056521bb81000 CR3: 0000000117f70003 CR4:
00000000001706e0
4,20651,429868313,-;Call Trace:
4,20652,429868317,-; <TASK>
4,20653,429868322,-; evict+0x282/0x4e0
4,20654,429868328,-; __dentry_kill+0x2b2/0x4d0
4,20655,429868334,-; ? shrink_lock_dentry.part.0+0x7c/0x200
4,20656,429868341,-; shrink_dentry_list+0x17c/0x4f0
4,20657,429868348,-; shrink_dcache_parent+0x143/0x1e0
4,20658,429868355,-; ? shrink_dcache_sb+0x280/0x280
4,20659,429868361,-; ? rwsem_spin_on_owner+0x1d0/0x1d0
4,20660,429868368,-; ? f2fs_get_sectors_written+0x370/0x370
4,20661,429868375,-; do_one_tree+0x9/0x30
4,20662,429868381,-; shrink_dcache_for_umount+0x51/0x120
4,20663,429868388,-; generic_shutdown_super+0x5c/0x3a0
4,20664,429868395,-; kill_block_super+0x90/0xd0
4,20665,429868401,-; kill_f2fs_super+0x225/0x310
4,20666,429868407,-; ? kasan_quarantine_put+0x46/0x160
4,20667,429868413,-; ? f2fs_dquot_commit+0xb0/0xb0
4,20668,429868419,-; ? kfree+0x8f/0x2b0
4,20669,429868425,-; ? unregister_shrinker+0x194/0x250
4,20670,429868432,-; deactivate_locked_super+0x78/0xc0
4,20671,429868438,-; cleanup_mnt+0x2b7/0x480
4,20672,429868444,-; ? call_rcu+0x21c/0x820
4,20673,429868450,-; task_work_run+0xc8/0x150
4,20674,429868457,-; exit_to_user_mode_prepare+0x14a/0x150
4,20675,429868464,-; syscall_exit_to_user_mode+0x1d/0x40
4,20676,429868471,-; do_syscall_64+0x48/0x90
4,20677,429868477,-; entry_SYSCALL_64_after_hwframe+0x44/0xae
4,20678,429868483,-;RIP: 0033:0x7f2e62d7a19b
4,20679,429868488,-;Code: cc 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 90 f3 0f 1e
fa 31 f6 e9 05 00 00 00 0f 1f 44 00 00 f3 0f 1e fa b8 a6 00 00 00 0f 05 <48> 3d
01 f0 ff ff 73 01 c3 48 8b 0d c5 cc 0c 00 f7 d8 64 89 01 48
4,20680,429868494,-;RSP: 002b:00007ffd8e9f9438 EFLAGS: 00000246 ORIG_RAX:
00000000000000a6
4,20681,429868500,-;RAX: 0000000000000000 RBX: 00007f2e62eac204 RCX:
00007f2e62d7a19b
4,20682,429868505,-;RDX: 0000000000000000 RSI: 0000000000000000 RDI:
0000557ec0ea7740
4,20683,429868509,-;RBP: 0000557ec0ea7530 R08: 0000000000000000 R09:
00007ffd8e9f81e0
4,20684,429868512,-;R10: 00007f2e62e98379 R11: 0000000000000246 R12:
0000557ec0ea7740
4,20685,429868514,-;R13: 0000000000000000 R14: 0000557ec0ea7628 R15:
0000000000000000
4,20686,429868517,-; </TASK>
4,20687,429868519,-;Modules linked in: x86_pkg_temp_thermal efivarfs
4,20688,429868526,-;---[ end trace 0000000000000000 ]---

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are watching the assignee of the bug.

_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

^ permalink raw reply	[flat|nested] 6+ messages in thread