[f2fs-dev] [Bug 210745] kernel crash during umounting a partition with f2fs filesystem
https://bugzilla.kernel.org/show_bug.cgi?id=210745
--- Comment #4 from Chao Yu (c...@kernel.org) ---
(In reply to Zhiguo.Niu from comment #2)
> hi Chao,
>
> Thanks for your reply, I have checked my codebase, there is no any other
> private patches in current version.
>
> I find that local variables natvec & setvec in f2fs_destroy_node_manager may
> be inited as 0xaa and 0x, just like :
>
> void f2fs_destroy_node_manager(struct f2fs_sb_info *sbi)
> {
> struct f2fs_nm_info *nm_i = NM_I(sbi);
> struct free_nid *i, *next_i;
> struct nat_entry *natvec[NATVEC_SIZE];
> struct nat_entry_set *setvec[SETVEC_SIZE];
>
I don't think so, natvec array will be assigned in __gang_lookup_nat_cache(),
and natvec[0..found - 1] will be valid, in "destroy nat cache" loop, we will
not access natvec array out-of-range.
Can you please check whether @found is valid or not (@found should be less or
equal than NATVEC_SIZE)?
BTW, one possible case could be stack overflow, but during umount(), would
that really happen?
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
___
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
[f2fs-dev] [Bug 210745] kernel crash during umounting a partition with f2fs filesystem
https://bugzilla.kernel.org/show_bug.cgi?id=210745 --- Comment #3 from Chao Yu (c...@kernel.org) --- nm_i->nat_list_lock was introduced in 4.19, are you sure your codebase is 4.14.193? -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug. ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
[f2fs-dev] [Bug 210745] kernel crash during umounting a partition with f2fs filesystem
https://bugzilla.kernel.org/show_bug.cgi?id=210745
--- Comment #2 from Zhiguo.Niu (zhiguo@unisoc.com) ---
(In reply to Chao Yu from comment #1)
> Hi,
>
> I checked the code of 4.14.193, I don't have any clue about why this can
> happen,
> and I don't remember that there is such corruption condition occured on nid
> list, because all its update is under nat_tree_lock, let me know if I missed
> something.
>
> Do you apply private patch on 4.14.193?
hi Chao,
Thanks for your reply, I have checked my codebase, there is no any other
private patches in current version.
I find that local variables natvec & setvec in f2fs_destroy_node_manager may be
inited as 0xaa and 0x, just like :
void f2fs_destroy_node_manager(struct f2fs_sb_info *sbi)
{
struct f2fs_nm_info *nm_i = NM_I(sbi);
struct free_nid *i, *next_i;
struct nat_entry *natvec[NATVEC_SIZE];
struct nat_entry_set *setvec[SETVEC_SIZE];
dis:
crash_arm64> dis f2fs_destroy_node_manager
0xff800842e2a8 : stp x29, x30, [sp,#-96]!
0xff800842e2ac : stp x28, x27,
[sp,#16]
0xff800842e2b0 : stp x26, x25,
[sp,#32]
0xff800842e2b4 : stp x24, x23,
[sp,#48]
0xff800842e2b8 : stp x22, x21,
[sp,#64]
0xff800842e2bc : stp x20, x19,
[sp,#80]
0xff800842e2c0 : mov x29, sp
0xff800842e2c4 : sub sp, sp, #0x320
0xff800842e2c8 : adrpx8,
0xff800947e000
0xff800842e2cc : ldr x8, [x8,#264]
0xff800842e2d0 : mov x27, x0
0xff800842e2d4 : str x8, [x29,#-16]
0xff800842e2d8 : nop
0xff800842e2dc : ldr x20, [x27,#112]
0xff800842e2e0 : add x0, sp, #0x110
0xff800842e2e4 : mov w1, #0xaa
// #170
0xff800842e2e8 : mov w2, #0x200
// #512
0xff800842e2ec : bl
0xff8008be6b80 <__memset>
0xff800842e2f0 : mov x8,
#0x // #-6148914691236517206
0xff800842e2f4 : stp x8, x8,
[sp,#256]
0xff800842e2f8 : stp x8, x8,
[sp,#240]
0xff800842e2fc : stp x8, x8,
[sp,#224]
0xff800842e300 : stp x8, x8,
[sp,#208]
0xff800842e304 : stp x8, x8,
[sp,#192]
0xff800842e308 : stp x8, x8,
[sp,#176]
0xff800842e30c : stp x8, x8,
[sp,#160]
0xff800842e310 : stp x8, x8,
[sp,#144]
0xff800842e314 : stp x8, x8,
[sp,#128]
0xff800842e318 : stp x8, x8,
[sp,#112]
0xff800842e31c : stp x8, x8,
[sp,#96]
0xff800842e320 : stp x8, x8,
[sp,#80]
0xff800842e324 : stp x8, x8,
[sp,#64]
0xff800842e328 : stp x8, x8,
[sp,#48]
0xff800842e32c : stp x8, x8,
[sp,#32]
0xff800842e330 : stp x8, x8,
[sp,#16]
I am not sure this is the root cause about this issue, because these invalid
entry can be found in nat_root radix tree of f2fs_nm_info
thanks!
thanks!
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
___
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
[f2fs-dev] [Bug 210745] kernel crash during umounting a partition with f2fs filesystem
https://bugzilla.kernel.org/show_bug.cgi?id=210745 Chao Yu (c...@kernel.org) changed: What|Removed |Added Status|NEW |NEEDINFO CC||c...@kernel.org --- Comment #1 from Chao Yu (c...@kernel.org) --- Hi, I checked the code of 4.14.193, I don't have any clue about why this can happen, and I don't remember that there is such corruption condition occured on nid list, because all its update is under nat_tree_lock, let me know if I missed something. Do you apply private patch on 4.14.193? -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug. ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
