linux-f2fs-devel.lists.sourceforge.net archive mirror
 help / color / mirror / Atom feed
From: bugzilla-daemon@bugzilla.kernel.org
To: linux-f2fs-devel@lists.sourceforge.net
Subject: [Bug 203343] New: page fault and hang on umounting
Date: Wed, 17 Apr 2019 00:43:44 +0000	[thread overview]
Message-ID: <bug-203343-202145@https.bugzilla.kernel.org/> (raw)

https://bugzilla.kernel.org/show_bug.cgi?id=203343

            Bug ID: 203343
           Summary: page fault and hang on umounting
           Product: File System
           Version: 2.5
    Kernel Version: 5.0
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: f2fs
          Assignee: filesystem_f2fs@kernel-bugs.kernel.org
          Reporter: jungyeon@gatech.edu
        Regression: No

Created attachment 282365
  --> https://bugzilla.kernel.org/attachment.cgi?id=282365&action=edit
image and program

- Overview
When mounting the attached crafted image and running program, I got this error.
The image is intentionally fuzzed from a normal f2fs image for testing.
Additionally, it hangs after un-mount the test directory.

- Produces
cc poc_15.c
./run.sh f2fs
sudo umount test

- Kernel Messages
[   43.639591] F2FS-fs (sdb): Bitmap was wrongly cleared, blk:7424
[   43.640885] F2FS-fs (sdb): Bitmap was wrongly cleared, blk:7680
[   43.644975] BUG: unable to handle kernel paging request at 00000c9800000f08
[   43.646215] #PF error: [WRITE]
[   43.646762] PGD 0 P4D 0 
[   43.647219] Oops: 0002 [#1] SMP PTI
[   43.647857] CPU: 0 PID: 1054 Comm: a.out Tainted: G        W         5.0.0
#3
[   43.649090] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
Ubuntu-1.8.2-1ubuntu1 04/01/2014
[   43.650857] RIP: 0010:__remove_dirty_segment+0x61/0xd0
[   43.651850] Code: 48 8b 97 88 00 00 00 4c 8d 0c 80 49 c1 e1 03 48 8b 12 48
8b 52 68 42 0f b6 14 0a 83 e2 3f 49 89 d0 41 83 e0 3f 4e 8b 44 c1 08 <3e> 49 0f
b3 00 72 42 44 8b 87 d8 03 00 00 48 8b 87 88 00 00 00 41
[   43.655422] RSP: 0018:ffffbb6d01153c70 EFLAGS: 00010202
[   43.656452] RAX: 0000000000000007 RBX: 0000000000000007 RCX:
ffff950ceb2b0300
[   43.657860] RDX: 0000000000000019 RSI: 0000000000000007 RDI:
ffff950cf13d0000
[   43.659277] RBP: ffffbb6d01153c70 R08: 00000c9800000f08 R09:
0000000000000118
[   43.660538] R10: ffffbb6d00ca3c90 R11: 000000000000a4f6 R12:
ffff950cf13d0000
[   43.661869] R13: ffff950ceb2b0348 R14: ffff950ceb2b0d00 R15:
ffffbb6d01153d38
[   43.663276] FS:  00007f7dd8377700(0000) GS:ffff950cf7a00000(0000)
knlGS:0000000000000000
[   43.664702] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   43.665841] CR2: 00000c9800000f08 CR3: 0000000235260002 CR4:
00000000001606f0
[   43.667255] Call Trace:
[   43.667754]  locate_dirty_segment+0x116/0x120
[   43.668626]  f2fs_invalidate_blocks+0x76/0x120
[   43.669525]  f2fs_truncate_data_blocks_range+0xd9/0x360
[   43.670578]  f2fs_truncate_blocks+0x43b/0x530
[   43.671446]  f2fs_truncate+0x8d/0x110
[   43.672192]  f2fs_setattr+0x3e6/0x460
[   43.672924]  notify_change+0x2e1/0x410
[   43.673676]  do_truncate+0x75/0xc0
[   43.674364]  do_sys_ftruncate+0x125/0x1c0
[   43.675177]  __x64_sys_ftruncate+0x1b/0x20
[   43.676011]  do_syscall_64+0x5a/0x110
[   43.676639]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   43.677646] RIP: 0033:0x7f7dd7e924d9
[   43.678368] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89
f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01
f0 ff ff 73 01 c3 48 8b 0d 8f 29 2c 00 f7 d8 64 89 01 48
[   43.682035] RSP: 002b:00007ffebc3caa48 EFLAGS: 00000286 ORIG_RAX:
000000000000004d
[   43.683468] RAX: ffffffffffffffda RBX: 0000000000000000 RCX:
00007f7dd7e924d9
[   43.684884] RDX: ffffffffffffff98 RSI: 0000000000000deb RDI:
0000000000000003
[   43.686294] RBP: 00007ffebc3ceed0 R08: 00007ffebc3cefb8 R09:
00007ffebc3cefb8
[   43.687668] R10: 0000000000000001 R11: 0000000000000286 R12:
00000000004004e0
[   43.689062] R13: 00007ffebc3cefb0 R14: 0000000000000000 R15:
0000000000000000
[   43.690467] Modules linked in:
[   43.691084] CR2: 00000c9800000f08
[   43.691774] ---[ end trace aeb1be51e7dc75ed ]---
[   43.692706] RIP: 0010:__remove_dirty_segment+0x61/0xd0
[   43.693739] Code: 48 8b 97 88 00 00 00 4c 8d 0c 80 49 c1 e1 03 48 8b 12 48
8b 52 68 42 0f b6 14 0a 83 e2 3f 49 89 d0 41 83 e0 3f 4e 8b 44 c1 08 <3e> 49 0f
b3 00 72 42 44 8b 87 d8 03 00 00 48 8b 87 88 00 00 00 41
[   43.697460] RSP: 0018:ffffbb6d01153c70 EFLAGS: 00010202
[   43.698502] RAX: 0000000000000007 RBX: 0000000000000007 RCX:
ffff950ceb2b0300
[   43.699885] RDX: 0000000000000019 RSI: 0000000000000007 RDI:
ffff950cf13d0000
[   43.701317] RBP: ffffbb6d01153c70 R08: 00000c9800000f08 R09:
0000000000000118
[   43.702735] R10: ffffbb6d00ca3c90 R11: 000000000000a4f6 R12:
ffff950cf13d0000
[   43.704151] R13: ffff950ceb2b0348 R14: ffff950ceb2b0d00 R15:
ffffbb6d01153d38
[   43.705478] FS:  00007f7dd8377700(0000) GS:ffff950cf7a00000(0000)
knlGS:0000000000000000
[   43.707102] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   43.708259] CR2: 00000c9800000f08 CR3: 0000000235260002 CR4:
00000000001606f0
./run.sh: line 10:  1053 Killed                  sudo ./a.out

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

             reply	other threads:[~2019-04-17  0:43 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-17  0:43 bugzilla-daemon [this message]
2019-04-17  2:51 ` [Bug 203343] page fault and hang on umounting bugzilla-daemon
2019-07-08 18:44 ` [f2fs-dev] " bugzilla-daemon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-203343-202145@https.bugzilla.kernel.org/ \
    --to=bugzilla-daemon@bugzilla.kernel.org \
    --cc=linux-f2fs-devel@lists.sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).