From: Zheng Liu <gnehzuil.liu@gmail.com>
To: Dave Jones <davej@redhat.com>,
Linux Kernel <linux-kernel@vger.kernel.org>,
linux-ext4@vger.kernel.org
Subject: Re: kernel BUG at fs/ext4/namei.c:2572!
Date: Fri, 19 Jul 2013 09:17:33 +0800 [thread overview]
Message-ID: <20130719011733.GC21615@gmail.com> (raw)
In-Reply-To: <20130717161944.GA19405@redhat.com>
Hi Dave,
Thanks for reporting this.
On Wed, Jul 17, 2013 at 12:19:44PM -0400, Dave Jones wrote:
> Seen while fuzzing..
>
> kernel BUG at fs/ext4/namei.c:2572!
> invalid opcode: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
> Modules linked in: dlci bridge stp hidp cmtp kernelcapi l2tp_ppp l2tp_netlink l2tp_core sctp libcrc32c rfcomm tun fuse nfnetli
> nk can_raw ipt_ULOG can_bcm x25 scsi_transport_iscsi ipx p8023 p8022 appletalk phonet psnap vmw_vsock_vmci_transport af_key vmw_vmci rose vsock atm can netrom ax25 af_rxrpc ir
> da pppoe pppox ppp_generic slhc bluetooth nfc rfkill rds caif_socket caif crc_ccitt af_802154 llc2 llc snd_hda_codec_realtek snd_hda_intel snd_hda_codec serio_raw snd_pcm pcsp
> kr edac_core snd_page_alloc snd_timer snd soundcore r8169 mii sr_mod cdrom pata_atiixp radeon backlight drm_kms_helper ttm
> CPU: 1 PID: 1812571 Comm: trinity-child2 Not tainted 3.11.0-rc1+ #12
> Hardware name: Gigabyte Technology Co., Ltd. GA-MA78GM-S2H/GA-MA78GM-S2H, BIOS F12a 04/23/2010
> task: ffff88007dfe69a0 ti: ffff88010f7b6000 task.ti: ffff88010f7b6000
> RIP: 0010:[<ffffffff8125ce69>] [<ffffffff8125ce69>] ext4_orphan_add+0x299/0x2b0
> RSP: 0018:ffff88010f7b7cf8 EFLAGS: 00010202
> RAX: 0000000000000000 RBX: ffff8800966d3020 RCX: 0000000000000000
> RDX: 0000000000000000 RSI: ffff88007dfe70b8 RDI: 0000000000000001
> RBP: ffff88010f7b7d40 R08: ffff880126a3c4e0 R09: ffff88010f7b7ca0
> R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801271fd668
> R13: ffff8800966d2f78 R14: ffff88011d7089f0 R15: ffff88007dfe69a0
> FS: 00007f70441a3740(0000) GS:ffff88012a800000(0000) knlGS:00000000f77c96c0
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000002834000 CR3: 0000000107964000 CR4: 00000000000007e0
> DR0: 0000000000780000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
> Stack:
> 0000000000002000 00000020810b6dde 0000000000000000 ffff88011d46db00
> ffff8800966d3020 ffff88011d7089f0 ffff88009c7f4c10 ffff88010f7b7f2c
> ffff88007dfe69a0 ffff88010f7b7da8 ffffffff8125cfac ffff880100000004
> Call Trace:
> [<ffffffff8125cfac>] ext4_tmpfile+0x12c/0x180
> [<ffffffff811cba78>] path_openat+0x238/0x700
> [<ffffffff8100afc4>] ? native_sched_clock+0x24/0x80
> [<ffffffff811cc647>] do_filp_open+0x47/0xa0
> [<ffffffff811db73f>] ? __alloc_fd+0xaf/0x200
> [<ffffffff811ba2e4>] do_sys_open+0x124/0x210
> [<ffffffff81010725>] ? syscall_trace_enter+0x25/0x290
> [<ffffffff811ba3ee>] SyS_open+0x1e/0x20
> [<ffffffff816ca8d4>] tracesys+0xdd/0xe2
> [<ffffffff81001001>] ? start_thread_common.constprop.6+0x1/0xa0
> Code: 04 00 00 00 89 04 24 31 c0 e8 c4 77 04 00 e9 43 fe ff ff 66 25 00 d0 66 3d 00 80 0f 84 0e fe ff ff 83 7b 48 00 0f 84 04 fe ff ff <0f> 0b 49 8b 8c 24 50 07 00 00 e9 88 fe ff ff 0f 1f 84 00 00 00
>
>
> 2571 J_ASSERT((S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode) ||
> 2572 S_ISLNK(inode->i_mode)) || inode->i_nlink == 0);
I guess that is because we need to call drop_nlink to let ->i_nlink == 0
before adding this inode into orphan list in ext4_tmpfile(). I will try
to fix it later.
Regards,
- Zheng
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2013-07-19 0:58 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-17 16:19 kernel BUG at fs/ext4/namei.c:2572! Dave Jones
2013-07-19 1:17 ` Zheng Liu [this message]
2013-07-19 12:14 ` [PATCH] ext4: fix a bug when we try to open a file with O_TMPFILE flag Zheng Liu
2013-07-19 19:31 ` Darrick J. Wong
2013-07-19 20:01 ` Dave Jones
2013-07-19 23:36 ` Al Viro
2013-07-20 16:37 ` Zheng Liu
2013-07-21 0:56 ` Theodore Ts'o
2013-07-21 2:45 ` [GIT PULL] " Theodore Ts'o
2013-07-21 3:16 ` Linus Torvalds
2013-07-23 7:51 ` jon ernst
2013-07-23 9:59 ` Zheng Liu
2013-07-23 13:39 ` jon ernst
2013-07-23 23:38 ` Zheng Liu
2013-07-24 21:58 ` jon ernst
2013-07-25 0:13 ` [PATCH] vfs: add missing check for __O_TMPFILE in fcntl_init() (Re: [PATCH] ext4: fix...) Zheng Liu
2013-07-25 1:17 ` jon ernst
2013-07-29 6:17 ` Zheng Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130719011733.GC21615@gmail.com \
--to=gnehzuil.liu@gmail.com \
--cc=davej@redhat.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.