[f2fs-dev] [Bug 210745] kernel crash during umounting a partition with f2fs filesystem
https://bugzilla.kernel.org/show_bug.cgi?id=210745 --- Comment #4 from Chao Yu (c...@kernel.org) --- (In reply to Zhiguo.Niu from comment #2) > hi Chao, > > Thanks for your reply, I have checked my codebase, there is no any other > private patches in current version. > > I find that local variables natvec & setvec in f2fs_destroy_node_manager may > be inited as 0xaa and 0x, just like : > > void f2fs_destroy_node_manager(struct f2fs_sb_info *sbi) > { > struct f2fs_nm_info *nm_i = NM_I(sbi); > struct free_nid *i, *next_i; > struct nat_entry *natvec[NATVEC_SIZE]; > struct nat_entry_set *setvec[SETVEC_SIZE]; > I don't think so, natvec array will be assigned in __gang_lookup_nat_cache(), and natvec[0..found - 1] will be valid, in "destroy nat cache" loop, we will not access natvec array out-of-range. Can you please check whether @found is valid or not (@found should be less or equal than NATVEC_SIZE)? BTW, one possible case could be stack overflow, but during umount(), would that really happen? -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug. ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
[f2fs-dev] [Bug 210745] kernel crash during umounting a partition with f2fs filesystem
https://bugzilla.kernel.org/show_bug.cgi?id=210745 --- Comment #3 from Chao Yu (c...@kernel.org) --- nm_i->nat_list_lock was introduced in 4.19, are you sure your codebase is 4.14.193? -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug. ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
[f2fs-dev] [Bug 210745] kernel crash during umounting a partition with f2fs filesystem
https://bugzilla.kernel.org/show_bug.cgi?id=210745 --- Comment #2 from Zhiguo.Niu (zhiguo@unisoc.com) --- (In reply to Chao Yu from comment #1) > Hi, > > I checked the code of 4.14.193, I don't have any clue about why this can > happen, > and I don't remember that there is such corruption condition occured on nid > list, because all its update is under nat_tree_lock, let me know if I missed > something. > > Do you apply private patch on 4.14.193? hi Chao, Thanks for your reply, I have checked my codebase, there is no any other private patches in current version. I find that local variables natvec & setvec in f2fs_destroy_node_manager may be inited as 0xaa and 0x, just like : void f2fs_destroy_node_manager(struct f2fs_sb_info *sbi) { struct f2fs_nm_info *nm_i = NM_I(sbi); struct free_nid *i, *next_i; struct nat_entry *natvec[NATVEC_SIZE]; struct nat_entry_set *setvec[SETVEC_SIZE]; dis: crash_arm64> dis f2fs_destroy_node_manager 0xff800842e2a8 : stp x29, x30, [sp,#-96]! 0xff800842e2ac : stp x28, x27, [sp,#16] 0xff800842e2b0 : stp x26, x25, [sp,#32] 0xff800842e2b4 : stp x24, x23, [sp,#48] 0xff800842e2b8 : stp x22, x21, [sp,#64] 0xff800842e2bc : stp x20, x19, [sp,#80] 0xff800842e2c0 : mov x29, sp 0xff800842e2c4 : sub sp, sp, #0x320 0xff800842e2c8 : adrpx8, 0xff800947e000 0xff800842e2cc : ldr x8, [x8,#264] 0xff800842e2d0 : mov x27, x0 0xff800842e2d4 : str x8, [x29,#-16] 0xff800842e2d8 : nop 0xff800842e2dc : ldr x20, [x27,#112] 0xff800842e2e0 : add x0, sp, #0x110 0xff800842e2e4 : mov w1, #0xaa // #170 0xff800842e2e8 : mov w2, #0x200 // #512 0xff800842e2ec : bl 0xff8008be6b80 <__memset> 0xff800842e2f0 : mov x8, #0x // #-6148914691236517206 0xff800842e2f4 : stp x8, x8, [sp,#256] 0xff800842e2f8 : stp x8, x8, [sp,#240] 0xff800842e2fc : stp x8, x8, [sp,#224] 0xff800842e300 : stp x8, x8, [sp,#208] 0xff800842e304 : stp x8, x8, [sp,#192] 0xff800842e308 : stp x8, x8, [sp,#176] 0xff800842e30c : stp x8, x8, [sp,#160] 0xff800842e310 : stp x8, x8, [sp,#144] 0xff800842e314 : stp x8, x8, [sp,#128] 0xff800842e318 : stp x8, x8, [sp,#112] 0xff800842e31c : stp x8, x8, [sp,#96] 0xff800842e320 : stp x8, x8, [sp,#80] 0xff800842e324 : stp x8, x8, [sp,#64] 0xff800842e328 : stp x8, x8, [sp,#48] 0xff800842e32c : stp x8, x8, [sp,#32] 0xff800842e330 : stp x8, x8, [sp,#16] I am not sure this is the root cause about this issue, because these invalid entry can be found in nat_root radix tree of f2fs_nm_info thanks! thanks! -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug. ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
[f2fs-dev] [Bug 210745] kernel crash during umounting a partition with f2fs filesystem
https://bugzilla.kernel.org/show_bug.cgi?id=210745 Chao Yu (c...@kernel.org) changed: What|Removed |Added Status|NEW |NEEDINFO CC||c...@kernel.org --- Comment #1 from Chao Yu (c...@kernel.org) --- Hi, I checked the code of 4.14.193, I don't have any clue about why this can happen, and I don't remember that there is such corruption condition occured on nid list, because all its update is under nat_tree_lock, let me know if I missed something. Do you apply private patch on 4.14.193? -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug. ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel