* [f2fs-dev] [Bug 215235] New: page fault in f2fs_setxattr() when mount and operate on corrupted image
@ 2021-12-06 5:34 bugzilla-daemon
2021-12-11 15:43 ` [f2fs-dev] [Bug 215235] " bugzilla-daemon
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: bugzilla-daemon @ 2021-12-06 5:34 UTC (permalink / raw)
To: linux-f2fs-devel
https://bugzilla.kernel.org/show_bug.cgi?id=215235
Bug ID: 215235
Summary: page fault in f2fs_setxattr() when mount and operate
on corrupted image
Product: File System
Version: 2.5
Kernel Version: 5.16-rc3, 5.15.X
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: f2fs
Assignee: filesystem_f2fs@kernel-bugs.kernel.org
Reporter: wenqingliu0120@gmail.com
Regression: No
Created attachment 299911
--> https://bugzilla.kernel.org/attachment.cgi?id=299911&action=edit
poc and .config file
- Overview
page fault in f2fs_setxattr() when mount and operate on corrupted image
- Reproduce
tested on kernel 5.16-rc3, 5.15.X under root
# unzip tmp7.zip
#./single.sh f2fs 7
Sometimes need to run the script several times
- Kernel dump
[ 46.683775] loop0: detected capacity change from 0 to 131072
[ 46.699526] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 46.712845] F2FS-fs (loop0): Mounted with checkpoint version = 7548c2ee
[ 46.773227] BUG: unable to handle page fault for address: ffffe47bc7123f48
[ 46.773247] #PF: supervisor read access in kernel mode
[ 46.773257] #PF: error_code(0x0000) - not-present page
[ 46.773266] PGD 0 P4D 0
[ 46.773272] Oops: 0000 [#1] PREEMPT SMP NOPTI
[ 46.773281] CPU: 0 PID: 1184 Comm: tmp7 Not tainted 5.16.0-rc3 #1
[ 46.773293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
1.13.0-1ubuntu1.1 04/01/2014
[ 46.773308] RIP: 0010:kfree+0x66/0x320
[ 46.773318] Code: 80 4c 01 ed 0f 82 a0 02 00 00 48 c7 c0 00 00 00 80 48 2b
05 3c 6f 10 01 48 01 c5 48 c1 ed 0c 48 c1 e5 06 48 03 2d 1a 6f 10 01 <48> 8b 45
08 48 8d 50 ff a8 01 48 0f 45 ea 48 8b 55 08 48 8d 42 ff
[ 46.773348] RSP: 0018:ffffac4b008bfb28 EFLAGS: 00010282
[ 46.773358] RAX: 0000726bc0000000 RBX: 0000000000000000 RCX:
0000000000000001
[ 46.773370] RDX: 0000000080000001 RSI: ffffffffc07f5b9a RDI:
ffffe325848fd480
[ 46.773383] RBP: ffffe47bc7123f40 R08: ffff8d94c63e6f10 R09:
ffffe325848fd480
[ 46.773395] R10: 0000000000000018 R11: ffff8d94c63e71f8 R12:
ffffe32584098680
[ 46.773407] R13: ffffe325848fd480 R14: ffff8d94d2203000 R15:
ffff8d94c261af0c
[ 46.773419] FS: 00007f97e4524500(0000) GS:ffff8d96b5c00000(0000)
knlGS:0000000000000000
[ 46.773433] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 46.773443] CR2: ffffe47bc7123f48 CR3: 00000001035ec003 CR4:
0000000000370ef0
[ 46.773459] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 46.773471] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 46.773483] Call Trace:
[ 46.773490] <TASK>
[ 46.773494] ? __mark_inode_dirty+0x15c/0x360
[ 46.773506] __f2fs_setxattr+0x2aa/0xc00 [f2fs]
[ 46.773553] f2fs_setxattr+0xfa/0x480 [f2fs]
[ 46.773573] ? selinux_inode_permission+0xd5/0x190
[ 46.773584] __f2fs_set_acl+0x19b/0x330 [f2fs]
[ 46.773603] ? make_kuid+0xf/0x20
[ 46.773610] __vfs_removexattr+0x52/0x70
[ 46.773619] __vfs_removexattr_locked+0xb1/0x140
[ 46.773629] vfs_removexattr+0x56/0x100
[ 46.773637] removexattr+0x57/0x80
[ 46.773644] ? __check_object_size+0xd1/0x1a0
[ 46.773654] ? user_path_at_empty+0x40/0x50
[ 46.773663] ? kmem_cache_free+0xcb/0x310
[ 46.773671] ? preempt_count_add+0x49/0xa0
[ 46.773680] ? __mnt_want_write+0x5e/0x90
[ 46.773689] path_removexattr+0xa3/0xc0
[ 46.773697] __x64_sys_removexattr+0x17/0x20
[ 46.774002] do_syscall_64+0x37/0xb0
[ 46.774303] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 46.774607] RIP: 0033:0x7f97e402e639
[ 46.774902] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89
f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01
f0 ff ff 73 01 c3 48 8b 0d 1f f8 2c 00 f7 d8 64 89 01 48
[ 46.775573] RSP: 002b:00007ffc1de8b648 EFLAGS: 00000217 ORIG_RAX:
00000000000000c5
[ 46.775897] RAX: ffffffffffffffda RBX: 9e1da79895bd8a4a RCX:
00007f97e402e639
[ 46.776230] RDX: 00007f97e402e639 RSI: 00007ffc1de8b860 RDI:
00007ffc1de8b679
[ 46.776563] RBP: 00007ffc1dede2f0 R08: 00007ffc1dede3d8 R09:
00007ffc1dede3d8
[ 46.776888] R10: 00007ffc1dede3d8 R11: 0000000000000217 R12:
6c73732e72657375
[ 46.777214] R13: 007373656363615f R14: 702e6d6574737973 R15:
6c63615f7869736f
[ 46.777543] </TASK>
[ 46.777866] Modules linked in: f2fs crc32_generic joydev input_leds
serio_raw qemu_fw_cfg iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi
autofs4 btrfs blake2b_generic zstd_compress raid10 raid456 async_raid6_recov
async_memcpy async_pq async_xor async_tx xor raid6_pq raid1 raid0 multipath
linear qxl drm_ttm_helper ttm drm_kms_helper syscopyarea sysfillrect sysimgblt
fb_sys_fops drm hid_generic crct10dif_pclmul crc32_pclmul ghash_clmulni_intel
aesni_intel usbhid crypto_simd hid psmouse cryptd
[ 46.779358] CR2: ffffe47bc7123f48
[ 46.779707] ---[ end trace 52653140d82b5d23 ]---
[ 46.780053] RIP: 0010:kfree+0x66/0x320
[ 46.780396] Code: 80 4c 01 ed 0f 82 a0 02 00 00 48 c7 c0 00 00 00 80 48 2b
05 3c 6f 10 01 48 01 c5 48 c1 ed 0c 48 c1 e5 06 48 03 2d 1a 6f 10 01 <48> 8b 45
08 48 8d 50 ff a8 01 48 0f 45 ea 48 8b 55 08 48 8d 42 ff
[ 46.781119] RSP: 0018:ffffac4b008bfb28 EFLAGS: 00010282
[ 46.781484] RAX: 0000726bc0000000 RBX: 0000000000000000 RCX:
0000000000000001
[ 46.781853] RDX: 0000000080000001 RSI: ffffffffc07f5b9a RDI:
ffffe325848fd480
[ 46.782218] RBP: ffffe47bc7123f40 R08: ffff8d94c63e6f10 R09:
ffffe325848fd480
[ 46.782580] R10: 0000000000000018 R11: ffff8d94c63e71f8 R12:
ffffe32584098680
[ 46.782938] R13: ffffe325848fd480 R14: ffff8d94d2203000 R15:
ffff8d94c261af0c
[ 46.783342] FS: 00007f97e4524500(0000) GS:ffff8d96b5c00000(0000)
knlGS:0000000000000000
[ 46.783712] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 46.784078] CR2: ffffe47bc7123f48 CR3: 00000001035ec003 CR4:
0000000000370ef0
[ 46.784454] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 46.784830] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* [f2fs-dev] [Bug 215235] page fault in f2fs_setxattr() when mount and operate on corrupted image
2021-12-06 5:34 [f2fs-dev] [Bug 215235] New: page fault in f2fs_setxattr() when mount and operate on corrupted image bugzilla-daemon
@ 2021-12-11 15:43 ` bugzilla-daemon
2021-12-11 16:53 ` bugzilla-daemon
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: bugzilla-daemon @ 2021-12-11 15:43 UTC (permalink / raw)
To: linux-f2fs-devel
https://bugzilla.kernel.org/show_bug.cgi?id=215235
Chao Yu (chao@kernel.org) changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
CC| |chao@kernel.org
--- Comment #1 from Chao Yu (chao@kernel.org) ---
Thanks for the report!
I've submitted a fixing patch, could you please have a try?
https://lore.kernel.org/linux-f2fs-devel/20211211154059.7173-1-chao@kernel.org/T/#u
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* [f2fs-dev] [Bug 215235] page fault in f2fs_setxattr() when mount and operate on corrupted image
2021-12-06 5:34 [f2fs-dev] [Bug 215235] New: page fault in f2fs_setxattr() when mount and operate on corrupted image bugzilla-daemon
2021-12-11 15:43 ` [f2fs-dev] [Bug 215235] " bugzilla-daemon
@ 2021-12-11 16:53 ` bugzilla-daemon
2021-12-12 4:06 ` bugzilla-daemon
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: bugzilla-daemon @ 2021-12-11 16:53 UTC (permalink / raw)
To: linux-f2fs-devel
https://bugzilla.kernel.org/show_bug.cgi?id=215235
--- Comment #2 from Wenqing Liu (wenqingliu0120@gmail.com) ---
Thank you. The issue is gone with the patch on my test machine.
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* [f2fs-dev] [Bug 215235] page fault in f2fs_setxattr() when mount and operate on corrupted image
2021-12-06 5:34 [f2fs-dev] [Bug 215235] New: page fault in f2fs_setxattr() when mount and operate on corrupted image bugzilla-daemon
2021-12-11 15:43 ` [f2fs-dev] [Bug 215235] " bugzilla-daemon
2021-12-11 16:53 ` bugzilla-daemon
@ 2021-12-12 4:06 ` bugzilla-daemon
2022-01-10 14:26 ` bugzilla-daemon
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: bugzilla-daemon @ 2021-12-12 4:06 UTC (permalink / raw)
To: linux-f2fs-devel
https://bugzilla.kernel.org/show_bug.cgi?id=215235
Chao Yu (chao@kernel.org) changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |CODE_FIX
--- Comment #3 from Chao Yu (chao@kernel.org) ---
Thanks for the verification. :)
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* [f2fs-dev] [Bug 215235] page fault in f2fs_setxattr() when mount and operate on corrupted image
2021-12-06 5:34 [f2fs-dev] [Bug 215235] New: page fault in f2fs_setxattr() when mount and operate on corrupted image bugzilla-daemon
` (2 preceding siblings ...)
2021-12-12 4:06 ` bugzilla-daemon
@ 2022-01-10 14:26 ` bugzilla-daemon
2022-01-11 3:41 ` bugzilla-daemon
2022-10-21 14:24 ` bugzilla-daemon
5 siblings, 0 replies; 7+ messages in thread
From: bugzilla-daemon @ 2022-01-10 14:26 UTC (permalink / raw)
To: linux-f2fs-devel
https://bugzilla.kernel.org/show_bug.cgi?id=215235
David Disseldorp (ddiss.dev@gmail.com) changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ddiss.dev@gmail.com
--- Comment #4 from David Disseldorp (ddiss.dev@gmail.com) ---
(In reply to Chao Yu from comment #1)
> Thanks for the report!
>
> I've submitted a fixing patch, could you please have a try?
>
> https://lore.kernel.org/linux-f2fs-devel/20211211154059.7173-1-chao@kernel.
> org/T/#u
This fix appears to be missing from mainline. Do you still plan on submitting
it?
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* [f2fs-dev] [Bug 215235] page fault in f2fs_setxattr() when mount and operate on corrupted image
2021-12-06 5:34 [f2fs-dev] [Bug 215235] New: page fault in f2fs_setxattr() when mount and operate on corrupted image bugzilla-daemon
` (3 preceding siblings ...)
2022-01-10 14:26 ` bugzilla-daemon
@ 2022-01-11 3:41 ` bugzilla-daemon
2022-10-21 14:24 ` bugzilla-daemon
5 siblings, 0 replies; 7+ messages in thread
From: bugzilla-daemon @ 2022-01-11 3:41 UTC (permalink / raw)
To: linux-f2fs-devel
https://bugzilla.kernel.org/show_bug.cgi?id=215235
--- Comment #5 from Chao Yu (chao@kernel.org) ---
This patch was merged in dev branch, and will be pushed to mainline in
5.17-rc1.
https://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git/commit/?h=dev-test&id=645a3c40ca3d40cc32b4b5972bf2620f2eb5dba6
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* [f2fs-dev] [Bug 215235] page fault in f2fs_setxattr() when mount and operate on corrupted image
2021-12-06 5:34 [f2fs-dev] [Bug 215235] New: page fault in f2fs_setxattr() when mount and operate on corrupted image bugzilla-daemon
` (4 preceding siblings ...)
2022-01-11 3:41 ` bugzilla-daemon
@ 2022-10-21 14:24 ` bugzilla-daemon
5 siblings, 0 replies; 7+ messages in thread
From: bugzilla-daemon @ 2022-10-21 14:24 UTC (permalink / raw)
To: linux-f2fs-devel
https://bugzilla.kernel.org/show_bug.cgi?id=215235
alexwriter (alexwriter2003@gmail.com) changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |alexwriter2003@gmail.com
--- Comment #6 from alexwriter (alexwriter2003@gmail.com) ---
Re:
- Overview
page fault in f2fs_setxattr(https://stemhave.com/programming-help.html) when
mount and operate on corrupted image
- Reproduce
tested on kernel 5.16-rc3, 5.15.X under root
# unzip tmp7.zip
#./single.sh f2fs 7
Sometimes need to run the script several times
---------------------------------
Thaks for fix this...
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-10-21 14:24 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-06 5:34 [f2fs-dev] [Bug 215235] New: page fault in f2fs_setxattr() when mount and operate on corrupted image bugzilla-daemon
2021-12-11 15:43 ` [f2fs-dev] [Bug 215235] " bugzilla-daemon
2021-12-11 16:53 ` bugzilla-daemon
2021-12-12 4:06 ` bugzilla-daemon
2022-01-10 14:26 ` bugzilla-daemon
2022-01-11 3:41 ` bugzilla-daemon
2022-10-21 14:24 ` bugzilla-daemon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).