Chao Yu <c...@kernel.org> 于2022年11月15日周二 00:02写道: > > On 2022/11/14 9:47, Jun Nie wrote: > > Hi Chao & Jaegeuk, > > > > There is a KASAN report[0] that shows invalid memory > > access(use-after-free) in f2fs garbage collection process, and this > > issue is fixed by a recent f2fs patch set[1]. The KASAN report is caused > > by an abnormal sum->ofs_in_node value 0xc3f1 in the first check. And > > the investigation indicates that the f2fs_summary_block address range > > is not from f2fs_kzalloc() in build_curseg(). The memory > > allocation/free happens in non-f2fs thread, such as network. So I > > guess the f2fs subsystem is accessing memory that's not belong to f2fs > > in some cases. With the below commit merged into mainline recently, > > this use-after-free issue disappears. But there is another thread > > blocked issue as below. The patch c6ad7fd16657 check the valid > > ofs_in_node and stop further gc. I am not sure whether it is expected > > that the f2fs_summary_block address in gc thread is not from > > allocation in build_curseg(). Because I am not familiar with f2fs. > > > > Could you help comment on my question and new issue? Is there any work > > in progress to fix the new blocked issue? Thanks! > > Please check below patch: > > https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev-test&id=2272d08781a73b6d7039ed70f6d68d87ac82f256 > Thanks for the patch! I cherry pick below 3 patches from your branch to mainline to test the bug. It is not reproduced any more.
b380cedda7c3 f2fs: fix to do sanity check on i_extra_isize in is_alive() cdcb173c158e f2fs: Fix the race condition of resize flag between resizefs c316fb60f5fb f2fs: should put a page when checking the summary info BTW: below log line is repeated endless if cdcb173c158e is missing. [ 142.766237][ T9] F2FS-fs (loop0): Inconsistent blkaddr offset: base:9, ofs_in_node:50161, max:923, ino:8, nid:8 Regards, Jun > Thanks, > > > > > [0] > > https://syzkaller.appspot.com/bug?id=4cbcff00422ea402c2e5be2bc041a8f4196d608c > > [1] c6ad7fd16657 f2fs: fix to do sanity check on summary info > > _______________________________________________ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel