[f2fs-dev] [Bug 220575] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000

[bugzilla-daemon--- via Linux-f2fs-devel <linux-f2fs-devel@lists.sourceforge.net>]

https://bugzilla.kernel.org/show_bug.cgi?id=220575

--- Comment #15 from JY (JY.Ho@mediatek.com) ---
(In reply to Chao Yu from comment #7)
> Can you please hook fscrypt_free_bounce_page() to set page private w/
> special value, something as below:
> 
> void fscrypt_free_bounce_page(struct page *bounce_page)
> {
>       if (!bounce_page)
>               return;
>       set_page_private(bounce_page, (unsigned long)0xF2F52011);
>       ClearPagePrivate(bounce_page);
>       mempool_free(bounce_page, fscrypt_bounce_page_pool);
> }
> 
> And add some check conditions in f2fs_is_cp_guaranteed() to see whether the
> page has been freed before inc_page_count().

By the way, this is my test result. Is that another issue?

[27024.604851] JY f2fs_is_cp_guaranteed 65 bounced_page:0xfffffffe81338410,
_private:0xfffffffe813c54f0, fscrypt_pagecache_page(page):0x000000005566f2f5

[27024.620405] JYJY :fffffffe813c54f0 is the PAGE

[27024.626388] page: refcount:4 mapcount:1 mapping:000000008cdd016b index:0x1d
pfn:0x3f443

[27024.636025] memcg:ffffff8031bd0000

[27024.641269] flags:
0x1000000000009029(locked|uptodate|lru|owner_2|private|zone=0)

[27024.650060] raw: 1000000000009029 fffffffe813c54a8 fffffffe813bc588
ffffff806b096f68

[27024.660600] raw: 000000000000001d 0000000000000009 0000000400000000
ffffff8031bd0000

[27024.669271] raw: 000000003f443000 0000000000000000

[27024.675745] page dumped because: JY got the BUG!

[27024.683789] page_owner tracks the page as allocated

[27024.690777] page last allocated via order 0, migratetype Movable, gfp_mask
0x152c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE),
pid 30372, tgid 30372 (android.vending), ts 27014734256272, free_ts
27002686350166

[27024.724435]  post_alloc_hook+0x1d0/0x1e8

[27024.730550]  prep_new_page+0x30/0x150

[27024.735185]  get_page_from_freelist+0x11e8/0x127c

[27024.744799]  __alloc_pages_noprof+0x1b0/0x448

[27024.753649]  __folio_alloc_noprof+0x1c/0x64

[27024.759063]  page_cache_ra_unbounded+0x1a4/0x36c

[27024.767626]  page_cache_ra_order+0x358/0x434

[27024.774150]  do_sync_mmap_readahead+0x20c/0x280

[27024.780541]  filemap_fault+0x1e0/0x868

[27024.785950]  f2fs_filemap_fault+0x34/0xec

[27024.792392]  __do_fault+0x70/0x110

[27024.797172]  do_pte_missing+0x300/0x12f0

[27024.802556]  handle_mm_fault+0x4d4/0x818

[27024.808201]  do_page_fault+0x210/0x640

[27024.813143]  do_translation_fault+0x48/0x11c

[27024.818658]  do_mem_abort+0x5c/0x108

[27024.824631] page last free pid 55 tgid 55 stack trace:

[27024.831407]  free_unref_page+0x828/0x978

[27024.837039]  __folio_put+0xac/0xdc

[27024.842449]  migrate_pages_batch+0x127c/0x1894

[27024.849239]  migrate_pages+0x3f0/0x798

[27024.856057]  compact_zone+0xca8/0x12ec

[27024.861241]  compact_node+0xc0/0x190

[27024.865955]  kcompactd+0x3b8/0x978

[27024.872656]  kthread+0x118/0x1ac

[27024.878257]  ret_from_fork+0x10/0x20[27024.604851] JY f2fs_is_cp_guaranteed
65 bounced_page:0xfffffffe81338410, _private:0xfffffffe813c54f0,
fscrypt_pagecache_page(page):0x000000005566f2f5

[27024.620405] JYJY :fffffffe813c54f0 is the PAGE

[27024.626388] page: refcount:4 mapcount:1 mapping:000000008cdd016b index:0x1d
pfn:0x3f443

[27024.636025] memcg:ffffff8031bd0000

[27024.641269] flags:
0x1000000000009029(locked|uptodate|lru|owner_2|private|zone=0)

[27024.650060] raw: 1000000000009029 fffffffe813c54a8 fffffffe813bc588
ffffff806b096f68

[27024.660600] raw: 000000000000001d 0000000000000009 0000000400000000
ffffff8031bd0000

[27024.669271] raw: 000000003f443000 0000000000000000

[27024.675745] page dumped because: JY got the BUG!

[27024.683789] page_owner tracks the page as allocated

[27024.690777] page last allocated via order 0, migratetype Movable, gfp_mask
0x152c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE),
pid 30372, tgid 30372 (android.vending), ts 27014734256272, free_ts
27002686350166

[27024.724435]  post_alloc_hook+0x1d0/0x1e8

[27024.730550]  prep_new_page+0x30/0x150

[27024.735185]  get_page_from_freelist+0x11e8/0x127c

[27024.744799]  __alloc_pages_noprof+0x1b0/0x448

[27024.753649]  __folio_alloc_noprof+0x1c/0x64

[27024.759063]  page_cache_ra_unbounded+0x1a4/0x36c

[27024.767626]  page_cache_ra_order+0x358/0x434

[27024.774150]  do_sync_mmap_readahead+0x20c/0x280

[27024.780541]  filemap_fault+0x1e0/0x868

[27024.785950]  f2fs_filemap_fault+0x34/0xec

[27024.792392]  __do_fault+0x70/0x110

[27024.797172]  do_pte_missing+0x300/0x12f0

[27024.802556]  handle_mm_fault+0x4d4/0x818

[27024.808201]  do_page_fault+0x210/0x640

[27024.813143]  do_translation_fault+0x48/0x11c

[27024.818658]  do_mem_abort+0x5c/0x108

[27024.824631] page last free pid 55 tgid 55 stack trace:

[27024.831407]  free_unref_page+0x828/0x978

[27024.837039]  __folio_put+0xac/0xdc

[27024.842449]  migrate_pages_batch+0x127c/0x1894

[27024.849239]  migrate_pages+0x3f0/0x798

[27024.856057]  compact_zone+0xca8/0x12ec

[27024.861241]  compact_node+0xc0/0x190

[27024.865955]  kcompactd+0x3b8/0x978

[27024.872656]  kthread+0x118/0x1ac

[27024.878257]  ret_from_fork+0x10/0x20

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are watching the assignee of the bug.

_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel