From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
syzbot+83699adeb2d13579c31e@syzkaller.appspotmail.com,
Chao Yu <yuchao0@huawei.com>, Jaegeuk Kim <jaegeuk@kernel.org>,
Ben Hutchings <ben.hutchings@codethink.co.uk>
Subject: [PATCH 4.4 023/104] f2fs: sanity check on sit entry
Date: Thu, 24 Jan 2019 20:19:12 +0100 [thread overview]
Message-ID: <20190124190157.593594078@linuxfoundation.org> (raw)
In-Reply-To: <20190124190154.968308875@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jaegeuk Kim <jaegeuk@kernel.org>
commit b2ca374f33bd33fd822eb871876e4888cf79dc97 upstream.
syzbot hit the following crash on upstream commit
87ef12027b9b1dd0e0b12cf311fbcb19f9d92539 (Wed Apr 18 19:48:17 2018 +0000)
Merge tag 'ceph-for-4.17-rc2' of git://github.com/ceph/ceph-client
syzbot dashboard link: https://syzkaller.appspot.com/bug?extid=83699adeb2d13579c31e
C reproducer: https://syzkaller.appspot.com/x/repro.c?id=5805208181407744
syzkaller reproducer: https://syzkaller.appspot.com/x/repro.syz?id=6005073343676416
Raw console output: https://syzkaller.appspot.com/x/log.txt?id=6555047731134464
Kernel config: https://syzkaller.appspot.com/x/.config?id=1808800213120130118
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+83699adeb2d13579c31e@syzkaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for details.
If you forward the report, please keep this part and the footer.
F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
F2FS-fs (loop0): invalid crc value
BUG: unable to handle kernel paging request at ffffed006b2a50c0
PGD 21ffee067 P4D 21ffee067 PUD 21fbeb067 PMD 0
Oops: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 4514 Comm: syzkaller989480 Not tainted 4.17.0-rc1+ #8
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:build_sit_entries fs/f2fs/segment.c:3653 [inline]
RIP: 0010:build_segment_manager+0x7ef7/0xbf70 fs/f2fs/segment.c:3852
RSP: 0018:ffff8801b102e5b0 EFLAGS: 00010a06
RAX: 1ffff1006b2a50c0 RBX: 0000000000000004 RCX: 0000000000000001
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8801ac74243e
RBP: ffff8801b102f410 R08: ffff8801acbd46c0 R09: fffffbfff14d9af8
R10: fffffbfff14d9af8 R11: ffff8801acbd46c0 R12: ffff8801ac742a80
R13: ffff8801d9519100 R14: dffffc0000000000 R15: ffff880359528600
FS: 0000000001e04880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffed006b2a50c0 CR3: 00000001ac6ac000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
f2fs_fill_super+0x4095/0x7bf0 fs/f2fs/super.c:2803
mount_bdev+0x30c/0x3e0 fs/super.c:1165
f2fs_mount+0x34/0x40 fs/f2fs/super.c:3020
mount_fs+0xae/0x328 fs/super.c:1268
vfs_kern_mount.part.34+0xd4/0x4d0 fs/namespace.c:1037
vfs_kern_mount fs/namespace.c:1027 [inline]
do_new_mount fs/namespace.c:2517 [inline]
do_mount+0x564/0x3070 fs/namespace.c:2847
ksys_mount+0x12d/0x140 fs/namespace.c:3063
__do_sys_mount fs/namespace.c:3077 [inline]
__se_sys_mount fs/namespace.c:3074 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3074
do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x443d6a
RSP: 002b:00007ffd312813c8 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000c00 RCX: 0000000000443d6a
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd312813d0
RBP: 0000000000000003 R08: 0000000020016a00 R09: 000000000000000a
R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000004
R13: 0000000000402c60 R14: 0000000000000000 R15: 0000000000000000
RIP: build_sit_entries fs/f2fs/segment.c:3653 [inline] RSP: ffff8801b102e5b0
RIP: build_segment_manager+0x7ef7/0xbf70 fs/f2fs/segment.c:3852 RSP: ffff8801b102e5b0
CR2: ffffed006b2a50c0
---[ end trace a2034989e196ff17 ]---
Reported-and-tested-by: syzbot+83699adeb2d13579c31e@syzkaller.appspotmail.com
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
[bwh: Backported to 4.4: adjust context]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/segment.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -2152,6 +2152,15 @@ static int build_sit_entries(struct f2fs
unsigned int old_valid_blocks;
start = le32_to_cpu(segno_in_journal(sum, i));
+ if (start >= MAIN_SEGS(sbi)) {
+ f2fs_msg(sbi->sb, KERN_ERR,
+ "Wrong journal entry on segno %u",
+ start);
+ set_sbi_flag(sbi, SBI_NEED_FSCK);
+ err = -EINVAL;
+ break;
+ }
+
se = &sit_i->sentries[start];
sit = sit_in_journal(sum, i);
next prev parent reply other threads:[~2019-01-24 20:14 UTC|newest]
Thread overview: 112+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-24 19:18 [PATCH 4.4 000/104] 4.4.172-stable review Greg Kroah-Hartman
2019-01-24 19:18 ` [PATCH 4.4 001/104] tty/ldsem: Wake up readers after timed out down_write() Greg Kroah-Hartman
2019-01-24 19:18 ` [PATCH 4.4 002/104] can: gw: ensure DLC boundaries after CAN frame modification Greg Kroah-Hartman
2019-01-24 19:18 ` [PATCH 4.4 003/104] f2fs: clean up argument of recover_data Greg Kroah-Hartman
2019-01-24 19:18 ` [PATCH 4.4 004/104] f2fs: cover more area with nat_tree_lock Greg Kroah-Hartman
2019-01-24 19:18 ` [PATCH 4.4 005/104] f2fs: move sanity checking of cp into get_valid_checkpoint Greg Kroah-Hartman
2019-01-24 19:18 ` [PATCH 4.4 006/104] f2fs: fix to convert inline directory correctly Greg Kroah-Hartman
2019-01-24 19:18 ` [PATCH 4.4 007/104] f2fs: give -EINVAL for norecovery and rw mount Greg Kroah-Hartman
2019-01-24 19:18 ` [PATCH 4.4 008/104] f2fs: remove an obsolete variable Greg Kroah-Hartman
2019-01-24 19:18 ` [PATCH 4.4 009/104] f2fs: factor out fsync inode entry operations Greg Kroah-Hartman
2019-01-24 19:18 ` [PATCH 4.4 010/104] f2fs: fix inode cache leak Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 011/104] f2fs: fix to avoid reading out encrypted data in page cache Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 012/104] f2fs: not allow to write illegal blkaddr Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 013/104] f2fs: avoid unneeded loop in build_sit_entries Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 014/104] f2fs: use crc and cp version to determine roll-forward recovery Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 015/104] f2fs: introduce get_checkpoint_version for cleanup Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 016/104] f2fs: put directory inodes before checkpoint in roll-forward recovery Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 017/104] f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 018/104] f2fs: detect wrong layout Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 019/104] f2fs: free meta pages if sanity check for ckpt is failed Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 020/104] f2fs: fix race condition in between free nid allocator/initializer Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 021/104] f2fs: return error during fill_super Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 022/104] f2fs: check blkaddr more accuratly before issue a bio Greg Kroah-Hartman
2019-01-24 19:19 ` Greg Kroah-Hartman [this message]
2019-01-24 19:19 ` [PATCH 4.4 024/104] f2fs: enhance sanity_check_raw_super() to avoid potential overflow Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 025/104] f2fs: clean up with is_valid_blkaddr() Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 026/104] f2fs: introduce and spread verify_blkaddr Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 027/104] f2fs: fix to do sanity check with secs_per_zone Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 028/104] f2fs: fix to do sanity check with user_block_count Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 029/104] f2fs: Add sanity_check_inode() function Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 030/104] f2fs: fix to do sanity check with node footer and iblocks Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 031/104] f2fs: fix to do sanity check with reserved blkaddr of inline inode Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 032/104] f2fs: fix to do sanity check with block address in main area Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 033/104] f2fs: fix to do sanity check with block address in main area v2 Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 034/104] f2fs: fix to do sanity check with cp_pack_start_sum Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 035/104] f2fs: fix invalid memory access Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 036/104] f2fs: fix missing up_read Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 037/104] f2fs: fix validation of the block count in sanity_check_raw_super Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 038/104] media: em28xx: Fix misplaced reset of dev->v4l::field_count Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 039/104] proc: Remove empty line in /proc/self/status Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 040/104] arm64/kvm: consistently handle host HCR_EL2 flags Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 041/104] arm64: Dont trap host pointer auth use to EL2 Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 042/104] ipv6: fix kernel-infoleak in ipv6_local_error() Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 043/104] net: bridge: fix a bug on using a neighbour cache entry without checking its state Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 044/104] packet: Do not leak dev refcounts on error exit Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 045/104] ip: on queued skb use skb_header_pointer instead of pskb_may_pull Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 046/104] crypto: authencesn - Avoid twice completion call in decrypt path Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 047/104] crypto: authenc - fix parsing key with misaligned rta_len Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 048/104] btrfs: wait on ordered extents on abort cleanup Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 049/104] Yama: Check for pid death before checking ancestry Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 050/104] scsi: sd: Fix cache_type_store() Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 051/104] mips: fix n32 compat_ipc_parse_version Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 052/104] mfd: tps6586x: Handle interrupts on suspend Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 053/104] Disable MSI also when pcie-octeon.pcie_disable on Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 054/104] omap2fb: Fix stack memory disclosure Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 055/104] media: vivid: fix error handling of kthread_run Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 056/104] media: vivid: set min width/height to a value > 0 Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 057/104] LSM: Check for NULL cred-security on free Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 058/104] media: vb2: vb2_mmap: move lock up Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 059/104] sunrpc: handle ENOMEM in rpcb_getport_async Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 060/104] selinux: fix GPF on invalid policy Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 061/104] sctp: allocate sctp_sockaddr_entry with kzalloc Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 062/104] tipc: fix uninit-value in tipc_nl_compat_link_reset_stats Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 063/104] tipc: fix uninit-value in tipc_nl_compat_bearer_enable Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 064/104] tipc: fix uninit-value in tipc_nl_compat_link_set Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 065/104] tipc: fix uninit-value in tipc_nl_compat_name_table_dump Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 066/104] tipc: fix uninit-value in tipc_nl_compat_doit Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 067/104] block/loop: Use global lock for ioctl() operation Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 068/104] loop: Fold __loop_release into loop_release Greg Kroah-Hartman
2019-01-28 13:31 ` Jan Kara
2019-01-30 7:30 ` Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 069/104] loop: Get rid of loop_index_mutex Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 070/104] loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 071/104] drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 072/104] media: vb2: be sure to unlock mutex on errors Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 073/104] r8169: Add support for new Realtek Ethernet Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 074/104] ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 075/104] ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 076/104] xfs: dont fail when converting shortform attr to long form during ATTR_REPLACE Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 077/104] platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 078/104] e1000e: allow non-monotonic SYSTIM readings Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 079/104] writeback: dont decrement wb->refcnt if !wb->bdi Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 080/104] MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 081/104] arm64: perf: set suppress_bind_attrs flag to true Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 082/104] jffs2: Fix use of uninitialized delayed_work, lockdep breakage Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 083/104] pstore/ram: Do not treat empty buffers as valid Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 084/104] powerpc/pseries/cpuidle: Fix preempt warning Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 085/104] media: firewire: Fix app_info parameter type in avc_ca{,_app}_info Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 086/104] net: call sk_dst_reset when set SO_DONTROUTE Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 087/104] scsi: target: use consistent left-aligned ASCII INQUIRY data Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 088/104] clk: imx6q: reset exclusive gates on init Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 089/104] kconfig: fix file name and line number of warn_ignored_character() Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 090/104] kconfig: fix memory leak when EOF is encountered in quotation Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 091/104] mmc: atmel-mci: do not assume idle after atmci_request_end Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 092/104] perf intel-pt: Fix error with config term "pt=0" Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 093/104] perf svghelper: Fix unchecked usage of strncpy() Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 094/104] perf parse-events: " Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 095/104] dm kcopyd: Fix bug causing workqueue stalls Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 096/104] dm snapshot: Fix excessive memory usage and " Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 097/104] ALSA: bebob: fix model-id of unit for Apogee Ensemble Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 098/104] sysfs: Disable lockdep for driver bind/unbind files Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 099/104] scsi: megaraid: fix out-of-bound array accesses Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 100/104] ocfs2: fix panic due to unrecovered local alloc Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 101/104] mm/page-writeback.c: dont break integrity writeback on ->writepage() error Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 102/104] mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 103/104] net: speed up skb_rbtree_purge() Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 104/104] ipmi:ssif: Fix handling of multi-part return messages Greg Kroah-Hartman
2019-01-25 16:32 ` [PATCH 4.4 000/104] 4.4.172-stable review Naresh Kamboju
2019-01-25 16:34 ` shuah
2019-01-25 23:16 ` Guenter Roeck
2019-01-26 12:06 ` Jon Hunter
2019-01-26 12:06 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190124190157.593594078@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ben.hutchings@codethink.co.uk \
--cc=jaegeuk@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+83699adeb2d13579c31e@syzkaller.appspotmail.com \
--cc=yuchao0@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.