From: bugzilla-daemon@bugzilla.kernel.org
To: linux-f2fs-devel@lists.sourceforge.net
Subject: [f2fs-dev] [Bug 215235] New: page fault in f2fs_setxattr() when mount and operate on corrupted image
Date: Mon, 06 Dec 2021 05:34:43 +0000 [thread overview]
Message-ID: <bug-215235-202145@https.bugzilla.kernel.org/> (raw)
https://bugzilla.kernel.org/show_bug.cgi?id=215235
Bug ID: 215235
Summary: page fault in f2fs_setxattr() when mount and operate
on corrupted image
Product: File System
Version: 2.5
Kernel Version: 5.16-rc3, 5.15.X
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: f2fs
Assignee: filesystem_f2fs@kernel-bugs.kernel.org
Reporter: wenqingliu0120@gmail.com
Regression: No
Created attachment 299911
--> https://bugzilla.kernel.org/attachment.cgi?id=299911&action=edit
poc and .config file
- Overview
page fault in f2fs_setxattr() when mount and operate on corrupted image
- Reproduce
tested on kernel 5.16-rc3, 5.15.X under root
# unzip tmp7.zip
#./single.sh f2fs 7
Sometimes need to run the script several times
- Kernel dump
[ 46.683775] loop0: detected capacity change from 0 to 131072
[ 46.699526] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 46.712845] F2FS-fs (loop0): Mounted with checkpoint version = 7548c2ee
[ 46.773227] BUG: unable to handle page fault for address: ffffe47bc7123f48
[ 46.773247] #PF: supervisor read access in kernel mode
[ 46.773257] #PF: error_code(0x0000) - not-present page
[ 46.773266] PGD 0 P4D 0
[ 46.773272] Oops: 0000 [#1] PREEMPT SMP NOPTI
[ 46.773281] CPU: 0 PID: 1184 Comm: tmp7 Not tainted 5.16.0-rc3 #1
[ 46.773293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
1.13.0-1ubuntu1.1 04/01/2014
[ 46.773308] RIP: 0010:kfree+0x66/0x320
[ 46.773318] Code: 80 4c 01 ed 0f 82 a0 02 00 00 48 c7 c0 00 00 00 80 48 2b
05 3c 6f 10 01 48 01 c5 48 c1 ed 0c 48 c1 e5 06 48 03 2d 1a 6f 10 01 <48> 8b 45
08 48 8d 50 ff a8 01 48 0f 45 ea 48 8b 55 08 48 8d 42 ff
[ 46.773348] RSP: 0018:ffffac4b008bfb28 EFLAGS: 00010282
[ 46.773358] RAX: 0000726bc0000000 RBX: 0000000000000000 RCX:
0000000000000001
[ 46.773370] RDX: 0000000080000001 RSI: ffffffffc07f5b9a RDI:
ffffe325848fd480
[ 46.773383] RBP: ffffe47bc7123f40 R08: ffff8d94c63e6f10 R09:
ffffe325848fd480
[ 46.773395] R10: 0000000000000018 R11: ffff8d94c63e71f8 R12:
ffffe32584098680
[ 46.773407] R13: ffffe325848fd480 R14: ffff8d94d2203000 R15:
ffff8d94c261af0c
[ 46.773419] FS: 00007f97e4524500(0000) GS:ffff8d96b5c00000(0000)
knlGS:0000000000000000
[ 46.773433] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 46.773443] CR2: ffffe47bc7123f48 CR3: 00000001035ec003 CR4:
0000000000370ef0
[ 46.773459] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 46.773471] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 46.773483] Call Trace:
[ 46.773490] <TASK>
[ 46.773494] ? __mark_inode_dirty+0x15c/0x360
[ 46.773506] __f2fs_setxattr+0x2aa/0xc00 [f2fs]
[ 46.773553] f2fs_setxattr+0xfa/0x480 [f2fs]
[ 46.773573] ? selinux_inode_permission+0xd5/0x190
[ 46.773584] __f2fs_set_acl+0x19b/0x330 [f2fs]
[ 46.773603] ? make_kuid+0xf/0x20
[ 46.773610] __vfs_removexattr+0x52/0x70
[ 46.773619] __vfs_removexattr_locked+0xb1/0x140
[ 46.773629] vfs_removexattr+0x56/0x100
[ 46.773637] removexattr+0x57/0x80
[ 46.773644] ? __check_object_size+0xd1/0x1a0
[ 46.773654] ? user_path_at_empty+0x40/0x50
[ 46.773663] ? kmem_cache_free+0xcb/0x310
[ 46.773671] ? preempt_count_add+0x49/0xa0
[ 46.773680] ? __mnt_want_write+0x5e/0x90
[ 46.773689] path_removexattr+0xa3/0xc0
[ 46.773697] __x64_sys_removexattr+0x17/0x20
[ 46.774002] do_syscall_64+0x37/0xb0
[ 46.774303] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 46.774607] RIP: 0033:0x7f97e402e639
[ 46.774902] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89
f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01
f0 ff ff 73 01 c3 48 8b 0d 1f f8 2c 00 f7 d8 64 89 01 48
[ 46.775573] RSP: 002b:00007ffc1de8b648 EFLAGS: 00000217 ORIG_RAX:
00000000000000c5
[ 46.775897] RAX: ffffffffffffffda RBX: 9e1da79895bd8a4a RCX:
00007f97e402e639
[ 46.776230] RDX: 00007f97e402e639 RSI: 00007ffc1de8b860 RDI:
00007ffc1de8b679
[ 46.776563] RBP: 00007ffc1dede2f0 R08: 00007ffc1dede3d8 R09:
00007ffc1dede3d8
[ 46.776888] R10: 00007ffc1dede3d8 R11: 0000000000000217 R12:
6c73732e72657375
[ 46.777214] R13: 007373656363615f R14: 702e6d6574737973 R15:
6c63615f7869736f
[ 46.777543] </TASK>
[ 46.777866] Modules linked in: f2fs crc32_generic joydev input_leds
serio_raw qemu_fw_cfg iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi
autofs4 btrfs blake2b_generic zstd_compress raid10 raid456 async_raid6_recov
async_memcpy async_pq async_xor async_tx xor raid6_pq raid1 raid0 multipath
linear qxl drm_ttm_helper ttm drm_kms_helper syscopyarea sysfillrect sysimgblt
fb_sys_fops drm hid_generic crct10dif_pclmul crc32_pclmul ghash_clmulni_intel
aesni_intel usbhid crypto_simd hid psmouse cryptd
[ 46.779358] CR2: ffffe47bc7123f48
[ 46.779707] ---[ end trace 52653140d82b5d23 ]---
[ 46.780053] RIP: 0010:kfree+0x66/0x320
[ 46.780396] Code: 80 4c 01 ed 0f 82 a0 02 00 00 48 c7 c0 00 00 00 80 48 2b
05 3c 6f 10 01 48 01 c5 48 c1 ed 0c 48 c1 e5 06 48 03 2d 1a 6f 10 01 <48> 8b 45
08 48 8d 50 ff a8 01 48 0f 45 ea 48 8b 55 08 48 8d 42 ff
[ 46.781119] RSP: 0018:ffffac4b008bfb28 EFLAGS: 00010282
[ 46.781484] RAX: 0000726bc0000000 RBX: 0000000000000000 RCX:
0000000000000001
[ 46.781853] RDX: 0000000080000001 RSI: ffffffffc07f5b9a RDI:
ffffe325848fd480
[ 46.782218] RBP: ffffe47bc7123f40 R08: ffff8d94c63e6f10 R09:
ffffe325848fd480
[ 46.782580] R10: 0000000000000018 R11: ffff8d94c63e71f8 R12:
ffffe32584098680
[ 46.782938] R13: ffffe325848fd480 R14: ffff8d94d2203000 R15:
ffff8d94c261af0c
[ 46.783342] FS: 00007f97e4524500(0000) GS:ffff8d96b5c00000(0000)
knlGS:0000000000000000
[ 46.783712] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 46.784078] CR2: ffffe47bc7123f48 CR3: 00000001035ec003 CR4:
0000000000370ef0
[ 46.784454] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 46.784830] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next reply other threads:[~2021-12-06 5:35 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-06 5:34 bugzilla-daemon [this message]
2021-12-11 15:43 ` [f2fs-dev] [Bug 215235] page fault in f2fs_setxattr() when mount and operate on corrupted image bugzilla-daemon
2021-12-11 16:53 ` bugzilla-daemon
2021-12-12 4:06 ` bugzilla-daemon
2022-01-10 14:26 ` bugzilla-daemon
2022-01-11 3:41 ` bugzilla-daemon
2022-10-21 14:24 ` bugzilla-daemon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-215235-202145@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@bugzilla.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.