https://bugzilla.kernel.org/show_bug.cgi?id=210745
--- Comment #4 from Chao Yu ([email protected]) --- (In reply to Zhiguo.Niu from comment #2) > hi Chao, > > Thanks for your reply, I have checked my codebase, there is no any other > private patches in current version. > > I find that local variables natvec & setvec in f2fs_destroy_node_manager may > be inited as 0xaa and 0xaaaaaaaaaaaaaaaa, just like : > > void f2fs_destroy_node_manager(struct f2fs_sb_info *sbi) > { > struct f2fs_nm_info *nm_i = NM_I(sbi); > struct free_nid *i, *next_i; > struct nat_entry *natvec[NATVEC_SIZE]; > struct nat_entry_set *setvec[SETVEC_SIZE]; > I don't think so, natvec array will be assigned in __gang_lookup_nat_cache(), and natvec[0..found - 1] will be valid, in "destroy nat cache" loop, we will not access natvec array out-of-range. Can you please check whether @found is valid or not (@found should be less or equal than NATVEC_SIZE)? BTW, one possible case could be stack overflow, but during umount(), would that really happen? -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ Linux-f2fs-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
