Re: [f2fs-dev] [PATCH] f2fs: fix false alarm on invalid block address
Hello:
This patch was applied to jaegeuk/f2fs.git (dev)
by Jaegeuk Kim :
On Wed, 24 Apr 2024 17:35:48 + you wrote:
> f2fs_ra_meta_pages can try to read ahead on invalid block address which is
> not the corruption case.
>
> Cc: # v6.9+
> Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=218770
> Fixes: 31f85ccc84b8 ("f2fs: unify the error handling of
> f2fs_is_valid_blkaddr")
> Signed-off-by: Jaegeuk Kim
>
> [...]
Here is the summary with links:
- [f2fs-dev] f2fs: fix false alarm on invalid block address
https://git.kernel.org/jaegeuk/f2fs/c/b864ddb57eb0
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
___
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
[f2fs-dev] Patchwork summary for: f2fs
Hello: The following patches were marked "accepted", because they were applied to jaegeuk/f2fs.git (dev): Patch: [f2fs-dev] f2fs: fix false alarm on invalid block address Submitter: Jaegeuk Kim Committer: Jaegeuk Kim Patchwork: https://patchwork.kernel.org/project/f2fs/list/?series=847558 Lore link: https://lore.kernel.org/r/20240424173548.1515606-1-jaeg...@kernel.org Patch: [f2fs-dev] f2fs: use helper to print zone condition Submitter: Wu Bo Committer: Jaegeuk Kim Patchwork: https://patchwork.kernel.org/project/f2fs/list/?series=846991 Lore link: https://lore.kernel.org/r/20240423112759.4081008-1-bo...@vivo.com Total patches: 2 -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
Re: [f2fs-dev] [PATCH] f2fs: use helper to print zone condition
Hello: This patch was applied to jaegeuk/f2fs.git (dev) by Jaegeuk Kim : On Tue, 23 Apr 2024 05:27:59 -0600 you wrote: > To make code clean, use blk_zone_cond_str() to print debug information. > > Signed-off-by: Wu Bo > --- > fs/f2fs/segment.c | 17 +++-- > 1 file changed, 3 insertions(+), 14 deletions(-) Here is the summary with links: - [f2fs-dev] f2fs: use helper to print zone condition https://git.kernel.org/jaegeuk/f2fs/c/3763f9effcdc You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
[f2fs-dev] [PATCH] f2fs: remove redundant parameter in is_next_segment_free()
is_next_segment_free() takes a redundant `type` parameter. Remove it.
Signed-off-by: Yifan Zhao
---
fs/f2fs/segment.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index 2206199e8099..8d63ddfe4a77 100644
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -2645,7 +2645,7 @@ static void write_current_sum_page(struct f2fs_sb_info
*sbi,
}
static int is_next_segment_free(struct f2fs_sb_info *sbi,
- struct curseg_info *curseg, int type)
+ struct curseg_info *curseg)
{
unsigned int segno = curseg->segno + 1;
struct free_segmap_info *free_i = FREE_I(sbi);
@@ -3073,8 +3073,7 @@ static bool need_new_seg(struct f2fs_sb_info *sbi, int
type)
if (!is_set_ckpt_flags(sbi, CP_CRC_RECOVERY_FLAG) &&
curseg->seg_type == CURSEG_WARM_NODE)
return true;
- if (curseg->alloc_type == LFS &&
- is_next_segment_free(sbi, curseg, type) &&
+ if (curseg->alloc_type == LFS && is_next_segment_free(sbi, curseg) &&
likely(!is_sbi_flag_set(sbi, SBI_CP_DISABLED)))
return true;
if (!f2fs_need_SSR(sbi) || !get_ssr_segment(sbi, type, SSR, 0))
--
2.44.0
___
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
Re: [f2fs-dev] [syzbot] [f2fs?] KASAN: slab-out-of-bounds Read in f2fs_get_node_info
Hello, syzbot tried to test the proposed patch but the build/boot failed: ][T1] usbcore: registered new interface driver port100 [7.895087][T1] usbcore: registered new interface driver nfcmrvl [7.905107][T1] Loading iSCSI transport class v2.0-870. [7.922010][T1] virtio_scsi virtio0: 1/0/0 default/read/poll queues [7.931607][T1] [ cut here ] [7.932648][T1] refcount_t: decrement hit 0; leaking memory. [7.933996][T1] WARNING: CPU: 0 PID: 1 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0 [7.935773][T1] Modules linked in: [7.936430][T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.9.0-rc1-syzkaller-00035-g5f5d424df7e0 #0 [7.938346][T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [7.940220][T1] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [7.941129][T1] Code: b2 00 00 00 e8 e7 3e f2 fc 5b 5d c3 cc cc cc cc e8 db 3e f2 fc c6 05 d1 c3 ce 0a 01 90 48 c7 c7 60 57 fe 8b e8 37 bd b4 fc 90 <0f> 0b 90 90 eb d9 e8 bb 3e f2 fc c6 05 ae c3 ce 0a 01 90 48 c7 c7 [7.944817][T1] RSP: :c9066e18 EFLAGS: 00010246 [7.946204][T1] RAX: 66500b6c8a695200 RBX: 88814074d61c RCX: 8880166c8000 [7.947881][T1] RDX: RSI: RDI: [7.949474][T1] RBP: 0004 R08: 8157ffe2 R09: fbfff1bf96e0 [7.950651][T1] R10: dc00 R11: fbfff1bf96e0 R12: ea83fdc0 [7.952066][T1] R13: ea83fdc8 R14: 1d4000107fb9 R15: [7.953537][T1] FS: () GS:8880b940() knlGS: [7.955023][T1] CS: 0010 DS: ES: CR0: 80050033 [7.956765][T1] CR2: 88823000 CR3: 0df32000 CR4: 003506f0 [7.958239][T1] DR0: DR1: DR2: [7.959594][T1] DR3: DR6: fffe0ff0 DR7: 0400 [7.960858][T1] Call Trace: [7.961668][T1] [7.962214][T1] ? __warn+0x163/0x4e0 [7.963029][T1] ? refcount_warn_saturate+0xfa/0x1d0 [7.964034][T1] ? report_bug+0x2b3/0x500 [7.964911][T1] ? refcount_warn_saturate+0xfa/0x1d0 [7.965754][T1] ? handle_bug+0x3e/0x70 [7.966390][T1] ? exc_invalid_op+0x1a/0x50 [7.967476][T1] ? asm_exc_invalid_op+0x1a/0x20 [7.968393][T1] ? __warn_printk+0x292/0x360 [7.969171][T1] ? refcount_warn_saturate+0xfa/0x1d0 [7.969977][T1] ? refcount_warn_saturate+0xf9/0x1d0 [7.971093][T1] __free_pages_ok+0xc54/0xd80 [7.971989][T1] make_alloc_exact+0xa3/0xf0 [7.972707][T1] vring_alloc_queue_split+0x20a/0x600 [7.974010][T1] ? __pfx_vring_alloc_queue_split+0x10/0x10 [7.975606][T1] ? vp_find_vqs+0x4c/0x4e0 [7.976506][T1] ? virtscsi_probe+0x3ea/0xf60 [7.977276][T1] ? virtio_dev_probe+0x991/0xaf0 [7.978066][T1] ? really_probe+0x2b8/0xad0 [7.978729][T1] ? driver_probe_device+0x50/0x430 [7.979895][T1] vring_create_virtqueue_split+0xc6/0x310 [7.980907][T1] ? ret_from_fork+0x4b/0x80 [7.981907][T1] ? __pfx_vring_create_virtqueue_split+0x10/0x10 [7.983053][T1] vring_create_virtqueue+0xca/0x110 [7.984261][T1] ? __pfx_vp_notify+0x10/0x10 [7.985081][T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 [7.986232][T1] setup_vq+0xe9/0x2d0 [7.987144][T1] ? __pfx_vp_notify+0x10/0x10 [7.988136][T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 [7.989737][T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 [7.990898][T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 [7.992460][T1] vp_setup_vq+0xbf/0x330 [7.993445][T1] ? __pfx_vp_config_changed+0x10/0x10 [7.994457][T1] ? ioread16+0x2f/0x90 [7.995411][T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 [7.996442][T1] vp_find_vqs_msix+0x8b2/0xc80 [7.997332][T1] vp_find_vqs+0x4c/0x4e0 [7.998606][T1] virtscsi_init+0x8db/0xd00 [7.999359][T1] ? __pfx_virtscsi_init+0x10/0x10 [8.96][T1] ? __pfx_default_calc_sets+0x10/0x10 [8.001321][T1] ? scsi_host_alloc+0xa57/0xea0 [8.002518][T1] ? vp_get+0xfd/0x140 [8.003649][T1] virtscsi_probe+0x3ea/0xf60 [8.004550][T1] ? __pfx_virtscsi_probe+0x10/0x10 [8.005302][T1] ? vp_setup_vq+0x26d/0x330 [8.006401][T1] ? __pfx_vp_set_status+0x10/0x10 [8.007509][T1] ? vp_set_status+0x1a/0x40 [8.008360][T1] ? virtio_no_restricted_mem_acc+0x9/0x10 [8.009422][T1] ? virtio_features_ok+0x10c/0x270 [8.010463][T1] virtio_dev_probe+0x991/0xaf0 [8.011159][T1] ? __pfx_virtio_dev_probe+0x10/0x10 [8.012074][T1] really_probe+0x2b8/0xad0 [8.012764][T1]
Re: [f2fs-dev] [syzbot] [f2fs?] KASAN: slab-out-of-bounds Read in f2fs_get_node_info
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git bugfix/syzbot On 2024/4/25 15:59, syzbot wrote: Hello, syzbot found the following issue on: HEAD commit:ed30a4a51bb1 Linux 6.9-rc5 git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=1116bc3098 kernel config: https://syzkaller.appspot.com/x/.config?x=5a05c230e142f2bc dashboard link: https://syzkaller.appspot.com/bug?extid=3694e283cf5c40df6d14 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1128486b18 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1516bc3098 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/7a2e1a02882c/disk-ed30a4a5.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/329966999344/vmlinux-ed30a4a5.xz kernel image: https://storage.googleapis.com/syzbot-assets/1befbdf4dcac/bzImage-ed30a4a5.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/42ddf2738cf7/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+3694e283cf5c40df6...@syzkaller.appspotmail.com F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 == BUG: KASAN: slab-out-of-bounds in f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline] BUG: KASAN: slab-out-of-bounds in current_nat_addr fs/f2fs/node.h:213 [inline] BUG: KASAN: slab-out-of-bounds in f2fs_get_node_info+0xece/0x1200 fs/f2fs/node.c:600 Read of size 1 at addr 88807a58c76c by task syz-executor280/5076 CPU: 1 PID: 5076 Comm: syz-executor280 Not tainted 6.9.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline] current_nat_addr fs/f2fs/node.h:213 [inline] f2fs_get_node_info+0xece/0x1200 fs/f2fs/node.c:600 f2fs_xattr_fiemap fs/f2fs/data.c:1848 [inline] f2fs_fiemap+0x55d/0x1ee0 fs/f2fs/data.c:1925 ioctl_fiemap fs/ioctl.c:220 [inline] do_vfs_ioctl+0x1c07/0x2e50 fs/ioctl.c:838 __do_sys_ioctl fs/ioctl.c:902 [inline] __se_sys_ioctl+0x81/0x170 fs/ioctl.c:890 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f60d34ae739 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffc9f2f1148 EFLAGS: 0246 ORIG_RAX: 0010 RAX: ffda RBX: 7ffc9f2f1318 RCX: 7f60d34ae739 RDX: 2040 RSI: c020660b RDI: 0004 RBP: 7f60d3527610 R08: R09: 7ffc9f2f1318 R10: 551a R11: 0246 R12: 0001 R13: 7ffc9f2f1308 R14: 0001 R15: 0001 Allocated by task 5076: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:370 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387 kasan_kmalloc include/linux/kasan.h:211 [inline] __do_kmalloc_node mm/slub.c:3966 [inline] __kmalloc_node_track_caller+0x24e/0x4e0 mm/slub.c:3986 kmemdup+0x2a/0x60 mm/util.c:131 init_node_manager fs/f2fs/node.c:3268 [inline] f2fs_build_node_manager+0x8cc/0x2870 fs/f2fs/node.c:3329 f2fs_fill_super+0x583c/0x8120 fs/f2fs/super.c:4540 mount_bdev+0x20a/0x2d0 fs/super.c:1658 legacy_get_tree+0xee/0x190 fs/fs_context.c:662 vfs_get_tree+0x90/0x2a0 fs/super.c:1779 do_new_mount+0x2be/0xb40 fs/namespace.c:3352 do_mount fs/namespace.c:3692 [inline] __do_sys_mount fs/namespace.c:3898 [inline] __se_sys_mount+0x2d9/0x3c0 fs/namespace.c:3875 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f The buggy address belongs to the object at 88807a58c700 which belongs to the cache kmalloc-64 of size 64 The buggy address is located 44 bytes to the right of allocated 64-byte region [88807a58c700, 88807a58c740) The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping: index:0x0 pfn:0x7a58c flags: 0xfff8000800(slab|node=0|zone=1|lastcpupid=0xfff) page_type: 0x() raw: 00fff8000800 888015041640 eaaa6400 dead0004 raw: 00200020 0001 page dumped because: kasan: bad access detected page_owner tracks the page as allocated
Re: [f2fs-dev] [PATCH] f2fs: use helper to print zone condition
On 2024/4/23 19:27, Wu Bo wrote: To make code clean, use blk_zone_cond_str() to print debug information. Signed-off-by: Wu Bo Reviewed-by: Chao Yu Thanks, ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
[f2fs-dev] [PATCH] f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()
syzbot reports a kernel bug as below:
F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
==
BUG: KASAN: slab-out-of-bounds in f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline]
BUG: KASAN: slab-out-of-bounds in current_nat_addr fs/f2fs/node.h:213 [inline]
BUG: KASAN: slab-out-of-bounds in f2fs_get_node_info+0xece/0x1200
fs/f2fs/node.c:600
Read of size 1 at addr 88807a58c76c by task syz-executor280/5076
CPU: 1 PID: 5076 Comm: syz-executor280 Not tainted 6.9.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
03/27/2024
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
print_address_description mm/kasan/report.c:377 [inline]
print_report+0x169/0x550 mm/kasan/report.c:488
kasan_report+0x143/0x180 mm/kasan/report.c:601
f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline]
current_nat_addr fs/f2fs/node.h:213 [inline]
f2fs_get_node_info+0xece/0x1200 fs/f2fs/node.c:600
f2fs_xattr_fiemap fs/f2fs/data.c:1848 [inline]
f2fs_fiemap+0x55d/0x1ee0 fs/f2fs/data.c:1925
ioctl_fiemap fs/ioctl.c:220 [inline]
do_vfs_ioctl+0x1c07/0x2e50 fs/ioctl.c:838
__do_sys_ioctl fs/ioctl.c:902 [inline]
__se_sys_ioctl+0x81/0x170 fs/ioctl.c:890
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
The root cause is we missed to do sanity check on i_xattr_nid during
f2fs_iget(), so that in fiemap() path, current_nat_addr() will access
nat_bitmap w/ offset from invalid i_xattr_nid, result in triggering
kasan bug report, fix it.
Reported-by: syzbot+3694e283cf5c40df6...@syzkaller.appspotmail.com
Closes:
https://lore.kernel.org/linux-f2fs-devel/94036c0616e72...@google.com
Signed-off-by: Chao Yu
---
fs/f2fs/inode.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c
index d7a5a88a1a5e..7968b14d49f4 100644
--- a/fs/f2fs/inode.c
+++ b/fs/f2fs/inode.c
@@ -362,6 +362,12 @@ static bool sanity_check_inode(struct inode *inode, struct
page *node_page)
return false;
}
+ if (fi->i_xattr_nid && f2fs_check_nid_range(sbi, fi->i_xattr_nid)) {
+ f2fs_warn(sbi, "%s: inode (ino=%lx) has corrupted i_xattr_nid:
%u, run fsck to fix.",
+ __func__, inode->i_ino, fi->i_xattr_nid);
+ return false;
+ }
+
return true;
}
--
2.40.1
___
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
[f2fs-dev] [syzbot] [f2fs?] KASAN: slab-out-of-bounds Read in f2fs_get_node_info
Hello, syzbot found the following issue on: HEAD commit:ed30a4a51bb1 Linux 6.9-rc5 git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=1116bc3098 kernel config: https://syzkaller.appspot.com/x/.config?x=5a05c230e142f2bc dashboard link: https://syzkaller.appspot.com/bug?extid=3694e283cf5c40df6d14 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1128486b18 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1516bc3098 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/7a2e1a02882c/disk-ed30a4a5.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/329966999344/vmlinux-ed30a4a5.xz kernel image: https://storage.googleapis.com/syzbot-assets/1befbdf4dcac/bzImage-ed30a4a5.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/42ddf2738cf7/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+3694e283cf5c40df6...@syzkaller.appspotmail.com F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 == BUG: KASAN: slab-out-of-bounds in f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline] BUG: KASAN: slab-out-of-bounds in current_nat_addr fs/f2fs/node.h:213 [inline] BUG: KASAN: slab-out-of-bounds in f2fs_get_node_info+0xece/0x1200 fs/f2fs/node.c:600 Read of size 1 at addr 88807a58c76c by task syz-executor280/5076 CPU: 1 PID: 5076 Comm: syz-executor280 Not tainted 6.9.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline] current_nat_addr fs/f2fs/node.h:213 [inline] f2fs_get_node_info+0xece/0x1200 fs/f2fs/node.c:600 f2fs_xattr_fiemap fs/f2fs/data.c:1848 [inline] f2fs_fiemap+0x55d/0x1ee0 fs/f2fs/data.c:1925 ioctl_fiemap fs/ioctl.c:220 [inline] do_vfs_ioctl+0x1c07/0x2e50 fs/ioctl.c:838 __do_sys_ioctl fs/ioctl.c:902 [inline] __se_sys_ioctl+0x81/0x170 fs/ioctl.c:890 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f60d34ae739 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffc9f2f1148 EFLAGS: 0246 ORIG_RAX: 0010 RAX: ffda RBX: 7ffc9f2f1318 RCX: 7f60d34ae739 RDX: 2040 RSI: c020660b RDI: 0004 RBP: 7f60d3527610 R08: R09: 7ffc9f2f1318 R10: 551a R11: 0246 R12: 0001 R13: 7ffc9f2f1308 R14: 0001 R15: 0001 Allocated by task 5076: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:370 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387 kasan_kmalloc include/linux/kasan.h:211 [inline] __do_kmalloc_node mm/slub.c:3966 [inline] __kmalloc_node_track_caller+0x24e/0x4e0 mm/slub.c:3986 kmemdup+0x2a/0x60 mm/util.c:131 init_node_manager fs/f2fs/node.c:3268 [inline] f2fs_build_node_manager+0x8cc/0x2870 fs/f2fs/node.c:3329 f2fs_fill_super+0x583c/0x8120 fs/f2fs/super.c:4540 mount_bdev+0x20a/0x2d0 fs/super.c:1658 legacy_get_tree+0xee/0x190 fs/fs_context.c:662 vfs_get_tree+0x90/0x2a0 fs/super.c:1779 do_new_mount+0x2be/0xb40 fs/namespace.c:3352 do_mount fs/namespace.c:3692 [inline] __do_sys_mount fs/namespace.c:3898 [inline] __se_sys_mount+0x2d9/0x3c0 fs/namespace.c:3875 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f The buggy address belongs to the object at 88807a58c700 which belongs to the cache kmalloc-64 of size 64 The buggy address is located 44 bytes to the right of allocated 64-byte region [88807a58c700, 88807a58c740) The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping: index:0x0 pfn:0x7a58c flags: 0xfff8000800(slab|node=0|zone=1|lastcpupid=0xfff) page_type: 0x() raw: 00fff8000800 888015041640 eaaa6400 dead0004 raw: 00200020 0001 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 4536, tgid 106643948 (udevd), ts 4536, free_ts
Re: [f2fs-dev] [PATCH 3/3] f2fs: fix false alarm on invalid block address
On 2024/4/19 18:27, Juhyung Park wrote: On Sat, Apr 13, 2024 at 5:57 AM Jaegeuk Kim wrote: On 04/11, Chao Yu wrote: On 2024/4/10 4:34, Jaegeuk Kim wrote: f2fs_ra_meta_pages can try to read ahead on invalid block address which is not the corruption case. In which case we will read ahead invalid meta pages? recovery w/ META_POR? In my case, it seems like it's META_SIT, and it's triggered right after mount. Ah, I see, actually it hits at this case, thanks for the information. Thanks, fsck detects invalid_blkaddr, and when the kernel mounts it, it immediately flags invalid_blkaddr again: [6.333498] init: [libfs_mgr] Running /system/bin/fsck.f2fs -a -c 1 --debug-cache /dev/block/sda13 [6.337671] fsck.f2fs: Info: Fix the reported corruption. [6.337947] fsck.f2fs: Info: not exist /proc/version! [6.338010] fsck.f2fs: Info: can't find /sys, assuming normal block device [6.338294] fsck.f2fs: Info: MKFS version [6.338319] fsck.f2fs: "5.10.160-android12-9-ge5cfec41c8e2" [6.338366] fsck.f2fs: Info: FSCK version [6.338380] fsck.f2fs: from "5.10-arter97" [6.338393] fsck.f2fs: to "5.10-arter97" [6.338414] fsck.f2fs: Info: superblock features = 1499 : encrypt verity extra_attr project_quota quota_ino casefold [6.338429] fsck.f2fs: Info: superblock encrypt level = 0, salt = [6.338442] fsck.f2fs: Info: checkpoint stop reason: shutdown(180) [6.338455] fsck.f2fs: Info: fs errors: invalid_blkaddr [6.338468] fsck.f2fs: Info: Segments per section = 1 [6.338480] fsck.f2fs: Info: Sections per zone = 1 [6.338492] fsck.f2fs: Info: total FS sectors = 58971571 (230357 MB) [6.340599] fsck.f2fs: Info: CKPT version = 2b7e3b29 [6.340620] fsck.f2fs: Info: version timestamp cur: 19789296, prev: 18407008 [6.677041] fsck.f2fs: Info: checkpoint state = 46 : crc compacted_summary orphan_inodes sudden-power-off [6.677052] fsck.f2fs: [FSCK] Check node 1 / 712937 (0.00%) [8.997922] fsck.f2fs: [FSCK] Check node 71294 / 712937 (10.00%) [ 10.629205] fsck.f2fs: [FSCK] Check node 142587 / 712937 (20.00%) [ 12.278186] fsck.f2fs: [FSCK] Check node 213880 / 712937 (30.00%) [ 13.768177] fsck.f2fs: [FSCK] Check node 285173 / 712937 (40.00%) [ 17.446971] fsck.f2fs: [FSCK] Check node 356466 / 712937 (50.00%) [ 19.891623] fsck.f2fs: [FSCK] Check node 427759 / 712937 (60.00%) [ 23.251327] fsck.f2fs: [FSCK] Check node 499052 / 712937 (70.00%) [ 28.493457] fsck.f2fs: [FSCK] Check node 570345 / 712937 (80.00%) [ 29.640800] fsck.f2fs: [FSCK] Check node 641638 / 712937 (90.00%) [ 30.718347] fsck.f2fs: [FSCK] Check node 712931 / 712937 (100.00%) [ 30.724176] fsck.f2fs: [ 30.737160] fsck.f2fs: [FSCK] Max image size: 167506 MB, Free space: 62850 MB [ 30.737164] fsck.f2fs: [FSCK] Unreachable nat entries [Ok..] [0x0] [ 30.737638] fsck.f2fs: [FSCK] SIT valid block bitmap checking [Ok..] [ 30.737640] fsck.f2fs: [FSCK] Hard link checking for regular file [Ok..] [0xd] [ 30.737641] fsck.f2fs: [FSCK] valid_block_count matching with CP [Ok..] [0x28b98e6] [ 30.737644] fsck.f2fs: [FSCK] valid_node_count matching with CP (de lookup) [Ok..] [0xae0e9] [ 30.737646] fsck.f2fs: [FSCK] valid_node_count matching with CP (nat lookup) [Ok..] [0xae0e9] [ 30.737647] fsck.f2fs: [FSCK] valid_inode_count matched with CP [Ok..] [0xa74a3] [ 30.737649] fsck.f2fs: [FSCK] free segment_count matched with CP [Ok..] [0x7aa3] [ 30.737662] fsck.f2fs: [FSCK] next block offset is free [Ok..] [ 30.737663] fsck.f2fs: [FSCK] fixing SIT types [ 30.737867] fsck.f2fs: [FSCK] other corrupted bugs [Ok..] [ 30.737893] fsck.f2fs: [update_superblock: 765] Info: Done to update superblock [ 30.960610] fsck.f2fs: [ 30.960618] fsck.f2fs: Done: 24.622956 secs [ 30.960620] fsck.f2fs: [ 30.960622] fsck.f2fs: c, u, RA, CH, CM, Repl= [ 30.960627] fsck.f2fs: 1 1 43600517 42605434 995083 985083 [ 30.963274] F2FS-fs (sda13): Using encoding defined by superblock: utf8-12.1.0 with flags 0x0 [ 30.995360] __f2fs_is_valid_blkaddr: type=2 (Manually added that print ^) [ 30.995369] [ cut here ] [ 30.995375] WARNING: CPU: 7 PID: 1 at f2fs_handle_error+0x18/0x3c [ 30.995378] CPU: 7 PID: 1 Comm: init Tainted: G S W 5.10.209-arter97-r15-kernelsu-g0867d0e4f1d2 #6 [ 30.995379] Hardware name: Qualcomm Technologies, Inc. Cape QRD with PM8010 (DT) [ 30.995380] pstate: 2245 (nzCv daif +PAN -UAO +TCO BTYPE=--) [ 30.995382] pc : f2fs_handle_error+0x18/0x3c [ 30.995384] lr : __f2fs_is_valid_blkaddr+0x2a4/0x2b0 [ 30.995385] sp : ff80209e79b0 [ 30.995386] x29: ff80209e79b0 x28: 0037 [ 30.995388] x27: 01c7 x26: 20120121 [ 30.995389] x25: 00d9 x24: [ 30.995390] x23: 00f1a700 x22: 0828 [ 30.995391] x21:
Re: [PATCH 3/6] memory-failure: Remove calls to page_mapping()
On 2024/4/24 6:55, Matthew Wilcox (Oracle) wrote:
> This is mostly just inlining page_mapping() into the two callers.
>
> Signed-off-by: Matthew Wilcox (Oracle)
Acked-by: Miaohe Lin
Thanks.
.
> ---
> mm/memory-failure.c | 6 --
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/mm/memory-failure.c b/mm/memory-failure.c
> index e065dd9be21e..62aa3db17854 100644
> --- a/mm/memory-failure.c
> +++ b/mm/memory-failure.c
> @@ -216,6 +216,7 @@ EXPORT_SYMBOL_GPL(hwpoison_filter_flags_value);
>
> static int hwpoison_filter_dev(struct page *p)
> {
> + struct folio *folio = page_folio(p);
> struct address_space *mapping;
> dev_t dev;
>
> @@ -223,7 +224,7 @@ static int hwpoison_filter_dev(struct page *p)
> hwpoison_filter_dev_minor == ~0U)
> return 0;
>
> - mapping = page_mapping(p);
> + mapping = folio_mapping(folio);
> if (mapping == NULL || mapping->host == NULL)
> return -EINVAL;
>
> @@ -1090,7 +1091,8 @@ static int me_pagecache_clean(struct page_state *ps,
> struct page *p)
> */
> static int me_pagecache_dirty(struct page_state *ps, struct page *p)
> {
> - struct address_space *mapping = page_mapping(p);
> + struct folio *folio = page_folio(p);
> + struct address_space *mapping = folio_mapping(folio);
>
> /* TBD: print more information about the file. */
> if (mapping) {
>
