Re: [f2fs-dev] f2fs: f2fs unmount hangs if f2fs_init_acl() fails during mkdir syscall
Hi, 2014-02-13 (목), 17:48 +0800, Gu Zheng: > Hi, > On 02/13/2014 05:40 PM, Andrey Tsyvarev wrote: > > > Hi, > > > >> BTW, have you tested the case that added remove_dirty_dir_inode() into the > >> fail path > >> of init_inode_metadata? > >> diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c > >> index e095a4f..d5a2c9e 100644 > >> --- a/fs/f2fs/dir.c > >> +++ b/fs/f2fs/dir.c > >> @@ -375,6 +375,7 @@ put_error: > >> /* once the failed inode becomes a bad inode, i_mode is S_IFREG */ > >> truncate_inode_pages(>i_data, 0); > >> truncate_blocks(inode, 0); > >> + remove_dirty_dir_inode(inode); > >> error: > >> remove_inode_page(inode); > >> return ERR_PTR(err); > > Yes, i have tested that case. Fail in init_inode_metadata has been > > processed correctly. Thanks. > > If no other regressions, maybe you can send out the fix patch about this > issue.:) The original patch can treat this too. Thank you. :) > > Thanks, > Gu > > > > > -- Jaegeuk Kim Samsung -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [f2fs-dev] f2fs: f2fs unmount hangs if f2fs_init_acl() fails during mkdir syscall
Hi, Sorry for the late response. I suffered from flu during last a couple of days. :( 2014-02-11 (화), 12:29 +0400, Andrey Tsyvarev: > Hi, > > > It turns out that make_bad_inode prior to iput sets i_mode to a regular > > file, so that f2fs_evict_inode -> truncate_inode_pages -> > > f2fs_invalidate_data_page doesn't decrement dirty_dents. > > > It seems that remove_dirty_dir_inode() call should also be added to the > error-path of > init_inode_metadata, because its functionality is also based on > inode->i_mode field > which is changed by make_bad_inode(). Agreed. I'll update the patch with this. Thanks, -- Jaegeuk Kim Samsung -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [f2fs-dev] f2fs: f2fs unmount hangs if f2fs_init_acl() fails during mkdir syscall
Hi, On 02/13/2014 05:40 PM, Andrey Tsyvarev wrote: > Hi, > >> BTW, have you tested the case that added remove_dirty_dir_inode() into the >> fail path >> of init_inode_metadata? >> diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c >> index e095a4f..d5a2c9e 100644 >> --- a/fs/f2fs/dir.c >> +++ b/fs/f2fs/dir.c >> @@ -375,6 +375,7 @@ put_error: >> /* once the failed inode becomes a bad inode, i_mode is S_IFREG */ >> truncate_inode_pages(>i_data, 0); >> truncate_blocks(inode, 0); >> + remove_dirty_dir_inode(inode); >> error: >> remove_inode_page(inode); >> return ERR_PTR(err); > Yes, i have tested that case. Fail in init_inode_metadata has been processed > correctly. Thanks. If no other regressions, maybe you can send out the fix patch about this issue.:) Thanks, Gu > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [f2fs-dev] f2fs: f2fs unmount hangs if f2fs_init_acl() fails during mkdir syscall
Hi, BTW, have you tested the case that added remove_dirty_dir_inode() into the fail path of init_inode_metadata? diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c index e095a4f..d5a2c9e 100644 --- a/fs/f2fs/dir.c +++ b/fs/f2fs/dir.c @@ -375,6 +375,7 @@ put_error: /* once the failed inode becomes a bad inode, i_mode is S_IFREG */ truncate_inode_pages(>i_data, 0); truncate_blocks(inode, 0); + remove_dirty_dir_inode(inode); error: remove_inode_page(inode); return ERR_PTR(err); Yes, i have tested that case. Fail in init_inode_metadata has been processed correctly. Thanks. -- Best regards, Andrey Tsyvarev Linux Verification Center, ISPRAS web:http://linuxtesting.org -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [f2fs-dev] f2fs: f2fs unmount hangs if f2fs_init_acl() fails during mkdir syscall
Hi Andrey, On 02/11/2014 04:29 PM, Andrey Tsyvarev wrote: > Hi, > >> It turns out that make_bad_inode prior to iput sets i_mode to a regular >> file, so that f2fs_evict_inode -> truncate_inode_pages -> >> f2fs_invalidate_data_page doesn't decrement dirty_dents. >> > It seems that remove_dirty_dir_inode() call should also be added to the > error-path of > init_inode_metadata, because its functionality is also based on inode->i_mode > field > which is changed by make_bad_inode(). It seems that your opinion is correct. remove_dirty_dir_inode() will not clean up the dir_inode_entry because make_bad_inode() sets i_mode to S_IFREG in the fail path of init_inode_metadata, and it leads to the following "memory leak". BTW, have you tested the case that added remove_dirty_dir_inode() into the fail path of init_inode_metadata? diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c index e095a4f..d5a2c9e 100644 --- a/fs/f2fs/dir.c +++ b/fs/f2fs/dir.c @@ -375,6 +375,7 @@ put_error: /* once the failed inode becomes a bad inode, i_mode is S_IFREG */ truncate_inode_pages(>i_data, 0); truncate_blocks(inode, 0); + remove_dirty_dir_inode(inode); error: remove_inode_page(inode); return ERR_PTR(err); Regards, Gu > > Otherwise memory leak is reported when f2fs module is unloaded: > > [ 231.378192] BUG f2fs_dirty_dir_entry (Tainted: GF O): Objects > remaining in f2fs_dirty_dir_entry on kmem_cache_close() > [ 231.378193] > - > > [ 231.378194] Disabling lock debugging due to kernel taint > [ 231.378195] INFO: Slab 0xea437200 objects=102 used=1 > fp=0x880010dc8fc8 flags=0x3fffc00080 > [ 231.378197] CPU: 0 PID: 2605 Comm: rmmod Tainted: GF B O > 3.14.0-rc1fs #4 > [ 231.378198] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS > VirtualBox 12/01/2006 > [ 231.378199] 88000e5e3200 88000cc9bd40 8166fd7e > ea437200 > [ 231.378202] 88000cc9be28 811c3fdf 88003fc10066 > 0cc9bda0 > [ 231.378203] 0020 88000cc9be38 88000cc9bde0 > 656a624f0296 > [ 231.378205] Call Trace: > [ 231.378210] [] dump_stack+0x45/0x56 > [ 231.378213] [] slab_err+0xaf/0xc0 > [ 231.378215] [] ? kmem_cache_close+0x133/0x340 > [ 231.378216] [] ? __kmalloc+0x1f5/0x250 > [ 231.378218] [] kmem_cache_close+0x153/0x340 > [ 231.378221] [] ? kmem_cache_destroy+0x27/0xf0 > [ 231.378223] [] __kmem_cache_shutdown+0x14/0x80 > [ 231.378224] [] kmem_cache_destroy+0x41/0xf0 > [ 231.378229] [] destroy_checkpoint_caches+0x21/0x30 > [f2fs] > [ 231.378232] [] exit_f2fs_fs+0x28/0x34e [f2fs] > [ 231.378235] [] SyS_delete_module+0x152/0x1f0 > [ 231.378237] [] ? __audit_syscall_entry+0x9c/0xf0 > [ 231.378239] [] system_call_fastpath+0x16/0x1b > [ 231.378242] INFO: Object 0x880010dc8000 @offset=0 > [ 231.378245] kmem_cache_destroy f2fs_dirty_dir_entry: Slab cache still has > objects > [ 231.378247] CPU: 0 PID: 2605 Comm: rmmod Tainted: GF B O > 3.14.0-rc1fs #4 > [ 231.378247] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS > VirtualBox 12/01/2006 > [ 231.378248] 88000e5e3268 88000cc9beb8 8166fd7e > 88000e5e3200 > [ 231.378250] 88000cc9bed8 811934cf > a0204f60 > [ 231.378251] 88000cc9bee8 a01eab91 88000cc9bef8 > a01facda > [ 231.378253] Call Trace: > [ 231.378255] [] dump_stack+0x45/0x56 > [ 231.378256] [] kmem_cache_destroy+0xdf/0xf0 > [ 231.378259] [] destroy_checkpoint_caches+0x21/0x30 > [f2fs] > [ 231.378262] [] exit_f2fs_fs+0x28/0x34e [f2fs] > [ 231.378263] [] SyS_delete_module+0x152/0x1f0 > [ 231.378265] [] ? __audit_syscall_entry+0x9c/0xf0 > [ 231.378266] [] system_call_fastpath+0x16/0x1b > > > Stack of allocation (obtained with KEDR, which is also used for fault > simulation): > > [ 231.414875] [leak_check] Address: 0x880010dc8000, size: 24; stack > trace of the allocation: > [ 231.414886] [leak_check] [] set_dirty_dir_page+0x62/0xe0 > [f2fs] > [ 231.414893] [leak_check] [] > f2fs_set_data_page_dirty+0x4e/0x90 [f2fs] > [ 231.414898] [leak_check] [] set_page_dirty+0x3a/0x60 > [ 231.414904] [leak_check] [] __f2fs_add_link+0x732/0x7d0 > [f2fs] > [ 231.414909] [leak_check] [] f2fs_mkdir+0xbb/0x150 [f2fs] > [ 231.414914] [leak_check] [] vfs_mkdir+0xb7/0x160 > [ 231.414918] [leak_check] [] SyS_mkdir+0x5f/0xc0 > [ 231.414923] [leak_check] [] > system_call_fastpath+0x16/0x1b > [ 231.414931] [leak_check] [] 0x > > > P.S. It was required to add 'slub_debug' kernel options for make SLUB output > correct cache name, > otherwise cache "f2fs_dirty_dir_entry" was merged into "free_nid" one. It was > surprise for me, > that's why patch investigation took so long time. > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the
Re: [f2fs-dev] f2fs: f2fs unmount hangs if f2fs_init_acl() fails during mkdir syscall
Hi Andrey, On 02/11/2014 04:29 PM, Andrey Tsyvarev wrote: Hi, It turns out that make_bad_inode prior to iput sets i_mode to a regular file, so that f2fs_evict_inode - truncate_inode_pages - f2fs_invalidate_data_page doesn't decrement dirty_dents. It seems that remove_dirty_dir_inode() call should also be added to the error-path of init_inode_metadata, because its functionality is also based on inode-i_mode field which is changed by make_bad_inode(). It seems that your opinion is correct. remove_dirty_dir_inode() will not clean up the dir_inode_entry because make_bad_inode() sets i_mode to S_IFREG in the fail path of init_inode_metadata, and it leads to the following memory leak. BTW, have you tested the case that added remove_dirty_dir_inode() into the fail path of init_inode_metadata? diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c index e095a4f..d5a2c9e 100644 --- a/fs/f2fs/dir.c +++ b/fs/f2fs/dir.c @@ -375,6 +375,7 @@ put_error: /* once the failed inode becomes a bad inode, i_mode is S_IFREG */ truncate_inode_pages(inode-i_data, 0); truncate_blocks(inode, 0); + remove_dirty_dir_inode(inode); error: remove_inode_page(inode); return ERR_PTR(err); Regards, Gu Otherwise memory leak is reported when f2fs module is unloaded: [ 231.378192] BUG f2fs_dirty_dir_entry (Tainted: GF O): Objects remaining in f2fs_dirty_dir_entry on kmem_cache_close() [ 231.378193] - [ 231.378194] Disabling lock debugging due to kernel taint [ 231.378195] INFO: Slab 0xea437200 objects=102 used=1 fp=0x880010dc8fc8 flags=0x3fffc00080 [ 231.378197] CPU: 0 PID: 2605 Comm: rmmod Tainted: GF B O 3.14.0-rc1fs #4 [ 231.378198] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 231.378199] 88000e5e3200 88000cc9bd40 8166fd7e ea437200 [ 231.378202] 88000cc9be28 811c3fdf 88003fc10066 0cc9bda0 [ 231.378203] 0020 88000cc9be38 88000cc9bde0 656a624f0296 [ 231.378205] Call Trace: [ 231.378210] [8166fd7e] dump_stack+0x45/0x56 [ 231.378213] [811c3fdf] slab_err+0xaf/0xc0 [ 231.378215] [811c84a3] ? kmem_cache_close+0x133/0x340 [ 231.378216] [811c6b55] ? __kmalloc+0x1f5/0x250 [ 231.378218] [811c84c3] kmem_cache_close+0x153/0x340 [ 231.378221] [81193417] ? kmem_cache_destroy+0x27/0xf0 [ 231.378223] [811c86c4] __kmem_cache_shutdown+0x14/0x80 [ 231.378224] [81193431] kmem_cache_destroy+0x41/0xf0 [ 231.378229] [a01eab91] destroy_checkpoint_caches+0x21/0x30 [f2fs] [ 231.378232] [a01facda] exit_f2fs_fs+0x28/0x34e [f2fs] [ 231.378235] [810ffe32] SyS_delete_module+0x152/0x1f0 [ 231.378237] [8111d85c] ? __audit_syscall_entry+0x9c/0xf0 [ 231.378239] [81680729] system_call_fastpath+0x16/0x1b [ 231.378242] INFO: Object 0x880010dc8000 @offset=0 [ 231.378245] kmem_cache_destroy f2fs_dirty_dir_entry: Slab cache still has objects [ 231.378247] CPU: 0 PID: 2605 Comm: rmmod Tainted: GF B O 3.14.0-rc1fs #4 [ 231.378247] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 231.378248] 88000e5e3268 88000cc9beb8 8166fd7e 88000e5e3200 [ 231.378250] 88000cc9bed8 811934cf a0204f60 [ 231.378251] 88000cc9bee8 a01eab91 88000cc9bef8 a01facda [ 231.378253] Call Trace: [ 231.378255] [8166fd7e] dump_stack+0x45/0x56 [ 231.378256] [811934cf] kmem_cache_destroy+0xdf/0xf0 [ 231.378259] [a01eab91] destroy_checkpoint_caches+0x21/0x30 [f2fs] [ 231.378262] [a01facda] exit_f2fs_fs+0x28/0x34e [f2fs] [ 231.378263] [810ffe32] SyS_delete_module+0x152/0x1f0 [ 231.378265] [8111d85c] ? __audit_syscall_entry+0x9c/0xf0 [ 231.378266] [81680729] system_call_fastpath+0x16/0x1b Stack of allocation (obtained with KEDR, which is also used for fault simulation): [ 231.414875] [leak_check] Address: 0x880010dc8000, size: 24; stack trace of the allocation: [ 231.414886] [leak_check] [a01e9d72] set_dirty_dir_page+0x62/0xe0 [f2fs] [ 231.414893] [leak_check] [a01ec9be] f2fs_set_data_page_dirty+0x4e/0x90 [f2fs] [ 231.414898] [leak_check] [8117b02a] set_page_dirty+0x3a/0x60 [ 231.414904] [leak_check] [a01dfeb2] __f2fs_add_link+0x732/0x7d0 [f2fs] [ 231.414909] [leak_check] [a01e2f1b] f2fs_mkdir+0xbb/0x150 [f2fs] [ 231.414914] [leak_check] [811f2a37] vfs_mkdir+0xb7/0x160 [ 231.414918] [leak_check] [811f367f] SyS_mkdir+0x5f/0xc0 [ 231.414923] [leak_check] [81680729] system_call_fastpath+0x16/0x1b [ 231.414931] [leak_check]
Re: [f2fs-dev] f2fs: f2fs unmount hangs if f2fs_init_acl() fails during mkdir syscall
Hi, BTW, have you tested the case that added remove_dirty_dir_inode() into the fail path of init_inode_metadata? diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c index e095a4f..d5a2c9e 100644 --- a/fs/f2fs/dir.c +++ b/fs/f2fs/dir.c @@ -375,6 +375,7 @@ put_error: /* once the failed inode becomes a bad inode, i_mode is S_IFREG */ truncate_inode_pages(inode-i_data, 0); truncate_blocks(inode, 0); + remove_dirty_dir_inode(inode); error: remove_inode_page(inode); return ERR_PTR(err); Yes, i have tested that case. Fail in init_inode_metadata has been processed correctly. Thanks. -- Best regards, Andrey Tsyvarev Linux Verification Center, ISPRAS web:http://linuxtesting.org -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [f2fs-dev] f2fs: f2fs unmount hangs if f2fs_init_acl() fails during mkdir syscall
Hi, On 02/13/2014 05:40 PM, Andrey Tsyvarev wrote: Hi, BTW, have you tested the case that added remove_dirty_dir_inode() into the fail path of init_inode_metadata? diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c index e095a4f..d5a2c9e 100644 --- a/fs/f2fs/dir.c +++ b/fs/f2fs/dir.c @@ -375,6 +375,7 @@ put_error: /* once the failed inode becomes a bad inode, i_mode is S_IFREG */ truncate_inode_pages(inode-i_data, 0); truncate_blocks(inode, 0); + remove_dirty_dir_inode(inode); error: remove_inode_page(inode); return ERR_PTR(err); Yes, i have tested that case. Fail in init_inode_metadata has been processed correctly. Thanks. If no other regressions, maybe you can send out the fix patch about this issue.:) Thanks, Gu -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [f2fs-dev] f2fs: f2fs unmount hangs if f2fs_init_acl() fails during mkdir syscall
Hi, Sorry for the late response. I suffered from flu during last a couple of days. :( 2014-02-11 (화), 12:29 +0400, Andrey Tsyvarev: Hi, It turns out that make_bad_inode prior to iput sets i_mode to a regular file, so that f2fs_evict_inode - truncate_inode_pages - f2fs_invalidate_data_page doesn't decrement dirty_dents. It seems that remove_dirty_dir_inode() call should also be added to the error-path of init_inode_metadata, because its functionality is also based on inode-i_mode field which is changed by make_bad_inode(). Agreed. I'll update the patch with this. Thanks, -- Jaegeuk Kim Samsung -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [f2fs-dev] f2fs: f2fs unmount hangs if f2fs_init_acl() fails during mkdir syscall
Hi, 2014-02-13 (목), 17:48 +0800, Gu Zheng: Hi, On 02/13/2014 05:40 PM, Andrey Tsyvarev wrote: Hi, BTW, have you tested the case that added remove_dirty_dir_inode() into the fail path of init_inode_metadata? diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c index e095a4f..d5a2c9e 100644 --- a/fs/f2fs/dir.c +++ b/fs/f2fs/dir.c @@ -375,6 +375,7 @@ put_error: /* once the failed inode becomes a bad inode, i_mode is S_IFREG */ truncate_inode_pages(inode-i_data, 0); truncate_blocks(inode, 0); + remove_dirty_dir_inode(inode); error: remove_inode_page(inode); return ERR_PTR(err); Yes, i have tested that case. Fail in init_inode_metadata has been processed correctly. Thanks. If no other regressions, maybe you can send out the fix patch about this issue.:) The original patch can treat this too. Thank you. :) Thanks, Gu -- Jaegeuk Kim Samsung -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [f2fs-dev] f2fs: f2fs unmount hangs if f2fs_init_acl() fails during mkdir syscall
Hi, It turns out that make_bad_inode prior to iput sets i_mode to a regular file, so that f2fs_evict_inode -> truncate_inode_pages -> f2fs_invalidate_data_page doesn't decrement dirty_dents. It seems that remove_dirty_dir_inode() call should also be added to the error-path of init_inode_metadata, because its functionality is also based on inode->i_mode field which is changed by make_bad_inode(). Otherwise memory leak is reported when f2fs module is unloaded: [ 231.378192] BUG f2fs_dirty_dir_entry (Tainted: GF O): Objects remaining in f2fs_dirty_dir_entry on kmem_cache_close() [ 231.378193] - [ 231.378194] Disabling lock debugging due to kernel taint [ 231.378195] INFO: Slab 0xea437200 objects=102 used=1 fp=0x880010dc8fc8 flags=0x3fffc00080 [ 231.378197] CPU: 0 PID: 2605 Comm: rmmod Tainted: GF B O 3.14.0-rc1fs #4 [ 231.378198] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 231.378199] 88000e5e3200 88000cc9bd40 8166fd7e ea437200 [ 231.378202] 88000cc9be28 811c3fdf 88003fc10066 0cc9bda0 [ 231.378203] 0020 88000cc9be38 88000cc9bde0 656a624f0296 [ 231.378205] Call Trace: [ 231.378210] [] dump_stack+0x45/0x56 [ 231.378213] [] slab_err+0xaf/0xc0 [ 231.378215] [] ? kmem_cache_close+0x133/0x340 [ 231.378216] [] ? __kmalloc+0x1f5/0x250 [ 231.378218] [] kmem_cache_close+0x153/0x340 [ 231.378221] [] ? kmem_cache_destroy+0x27/0xf0 [ 231.378223] [] __kmem_cache_shutdown+0x14/0x80 [ 231.378224] [] kmem_cache_destroy+0x41/0xf0 [ 231.378229] [] destroy_checkpoint_caches+0x21/0x30 [f2fs] [ 231.378232] [] exit_f2fs_fs+0x28/0x34e [f2fs] [ 231.378235] [] SyS_delete_module+0x152/0x1f0 [ 231.378237] [] ? __audit_syscall_entry+0x9c/0xf0 [ 231.378239] [] system_call_fastpath+0x16/0x1b [ 231.378242] INFO: Object 0x880010dc8000 @offset=0 [ 231.378245] kmem_cache_destroy f2fs_dirty_dir_entry: Slab cache still has objects [ 231.378247] CPU: 0 PID: 2605 Comm: rmmod Tainted: GF B O 3.14.0-rc1fs #4 [ 231.378247] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 231.378248] 88000e5e3268 88000cc9beb8 8166fd7e 88000e5e3200 [ 231.378250] 88000cc9bed8 811934cf a0204f60 [ 231.378251] 88000cc9bee8 a01eab91 88000cc9bef8 a01facda [ 231.378253] Call Trace: [ 231.378255] [] dump_stack+0x45/0x56 [ 231.378256] [] kmem_cache_destroy+0xdf/0xf0 [ 231.378259] [] destroy_checkpoint_caches+0x21/0x30 [f2fs] [ 231.378262] [] exit_f2fs_fs+0x28/0x34e [f2fs] [ 231.378263] [] SyS_delete_module+0x152/0x1f0 [ 231.378265] [] ? __audit_syscall_entry+0x9c/0xf0 [ 231.378266] [] system_call_fastpath+0x16/0x1b Stack of allocation (obtained with KEDR, which is also used for fault simulation): [ 231.414875] [leak_check] Address: 0x880010dc8000, size: 24; stack trace of the allocation: [ 231.414886] [leak_check] [] set_dirty_dir_page+0x62/0xe0 [f2fs] [ 231.414893] [leak_check] [] f2fs_set_data_page_dirty+0x4e/0x90 [f2fs] [ 231.414898] [leak_check] [] set_page_dirty+0x3a/0x60 [ 231.414904] [leak_check] [] __f2fs_add_link+0x732/0x7d0 [f2fs] [ 231.414909] [leak_check] [] f2fs_mkdir+0xbb/0x150 [f2fs] [ 231.414914] [leak_check] [] vfs_mkdir+0xb7/0x160 [ 231.414918] [leak_check] [] SyS_mkdir+0x5f/0xc0 [ 231.414923] [leak_check] [] system_call_fastpath+0x16/0x1b [ 231.414931] [leak_check] [] 0x P.S. It was required to add 'slub_debug' kernel options for make SLUB output correct cache name, otherwise cache "f2fs_dirty_dir_entry" was merged into "free_nid" one. It was surprise for me, that's why patch investigation took so long time. -- Best regards, Andrey Tsyvarev Linux Verification Center, ISPRAS web:http://linuxtesting.org -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [f2fs-dev] f2fs: f2fs unmount hangs if f2fs_init_acl() fails during mkdir syscall
Hi, It turns out that make_bad_inode prior to iput sets i_mode to a regular file, so that f2fs_evict_inode - truncate_inode_pages - f2fs_invalidate_data_page doesn't decrement dirty_dents. It seems that remove_dirty_dir_inode() call should also be added to the error-path of init_inode_metadata, because its functionality is also based on inode-i_mode field which is changed by make_bad_inode(). Otherwise memory leak is reported when f2fs module is unloaded: [ 231.378192] BUG f2fs_dirty_dir_entry (Tainted: GF O): Objects remaining in f2fs_dirty_dir_entry on kmem_cache_close() [ 231.378193] - [ 231.378194] Disabling lock debugging due to kernel taint [ 231.378195] INFO: Slab 0xea437200 objects=102 used=1 fp=0x880010dc8fc8 flags=0x3fffc00080 [ 231.378197] CPU: 0 PID: 2605 Comm: rmmod Tainted: GF B O 3.14.0-rc1fs #4 [ 231.378198] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 231.378199] 88000e5e3200 88000cc9bd40 8166fd7e ea437200 [ 231.378202] 88000cc9be28 811c3fdf 88003fc10066 0cc9bda0 [ 231.378203] 0020 88000cc9be38 88000cc9bde0 656a624f0296 [ 231.378205] Call Trace: [ 231.378210] [8166fd7e] dump_stack+0x45/0x56 [ 231.378213] [811c3fdf] slab_err+0xaf/0xc0 [ 231.378215] [811c84a3] ? kmem_cache_close+0x133/0x340 [ 231.378216] [811c6b55] ? __kmalloc+0x1f5/0x250 [ 231.378218] [811c84c3] kmem_cache_close+0x153/0x340 [ 231.378221] [81193417] ? kmem_cache_destroy+0x27/0xf0 [ 231.378223] [811c86c4] __kmem_cache_shutdown+0x14/0x80 [ 231.378224] [81193431] kmem_cache_destroy+0x41/0xf0 [ 231.378229] [a01eab91] destroy_checkpoint_caches+0x21/0x30 [f2fs] [ 231.378232] [a01facda] exit_f2fs_fs+0x28/0x34e [f2fs] [ 231.378235] [810ffe32] SyS_delete_module+0x152/0x1f0 [ 231.378237] [8111d85c] ? __audit_syscall_entry+0x9c/0xf0 [ 231.378239] [81680729] system_call_fastpath+0x16/0x1b [ 231.378242] INFO: Object 0x880010dc8000 @offset=0 [ 231.378245] kmem_cache_destroy f2fs_dirty_dir_entry: Slab cache still has objects [ 231.378247] CPU: 0 PID: 2605 Comm: rmmod Tainted: GF B O 3.14.0-rc1fs #4 [ 231.378247] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 231.378248] 88000e5e3268 88000cc9beb8 8166fd7e 88000e5e3200 [ 231.378250] 88000cc9bed8 811934cf a0204f60 [ 231.378251] 88000cc9bee8 a01eab91 88000cc9bef8 a01facda [ 231.378253] Call Trace: [ 231.378255] [8166fd7e] dump_stack+0x45/0x56 [ 231.378256] [811934cf] kmem_cache_destroy+0xdf/0xf0 [ 231.378259] [a01eab91] destroy_checkpoint_caches+0x21/0x30 [f2fs] [ 231.378262] [a01facda] exit_f2fs_fs+0x28/0x34e [f2fs] [ 231.378263] [810ffe32] SyS_delete_module+0x152/0x1f0 [ 231.378265] [8111d85c] ? __audit_syscall_entry+0x9c/0xf0 [ 231.378266] [81680729] system_call_fastpath+0x16/0x1b Stack of allocation (obtained with KEDR, which is also used for fault simulation): [ 231.414875] [leak_check] Address: 0x880010dc8000, size: 24; stack trace of the allocation: [ 231.414886] [leak_check] [a01e9d72] set_dirty_dir_page+0x62/0xe0 [f2fs] [ 231.414893] [leak_check] [a01ec9be] f2fs_set_data_page_dirty+0x4e/0x90 [f2fs] [ 231.414898] [leak_check] [8117b02a] set_page_dirty+0x3a/0x60 [ 231.414904] [leak_check] [a01dfeb2] __f2fs_add_link+0x732/0x7d0 [f2fs] [ 231.414909] [leak_check] [a01e2f1b] f2fs_mkdir+0xbb/0x150 [f2fs] [ 231.414914] [leak_check] [811f2a37] vfs_mkdir+0xb7/0x160 [ 231.414918] [leak_check] [811f367f] SyS_mkdir+0x5f/0xc0 [ 231.414923] [leak_check] [81680729] system_call_fastpath+0x16/0x1b [ 231.414931] [leak_check] [] 0x P.S. It was required to add 'slub_debug' kernel options for make SLUB output correct cache name, otherwise cache f2fs_dirty_dir_entry was merged into free_nid one. It was surprise for me, that's why patch investigation took so long time. -- Best regards, Andrey Tsyvarev Linux Verification Center, ISPRAS web:http://linuxtesting.org -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [f2fs-dev] f2fs: f2fs unmount hangs if f2fs_init_acl() fails during mkdir syscall
Hi, It turns out that make_bad_inode prior to iput sets i_mode to a regular file, so that f2fs_evict_inode -> truncate_inode_pages -> f2fs_invalidate_data_page doesn't decrement dirty_dents. This patch should resolve the bug. Thank you :) When a new directory is allocated, if an error is occurred, we should truncate preallocated dentry pages too. This bug was reported by Andrey Tsyvarev after a while as follows. mkdir()-> f2fs_add_link()-> init_inode_metadata()-> f2fs_init_acl()-> f2fs_get_acl()-> f2fs_getxattr()-> read_all_xattrs() fails. Also there was a BUG_ON triggered after the fault in mkdir()-> f2fs_add_link()-> init_inode_metadata()-> remove_inode_page() -> f2fs_bug_on(inode->i_blocks != 0 && inode->i_blocks != 1); But, previous patch wasn't perfect to resolve that bug, so the following bug report was also submitted. kernel BUG at fs/f2fs/inode.c:274! Call Trace: [] evict+0xa3/0x1a0 [] iput+0xf5/0x180 [] f2fs_mkdir+0xf3/0x150 [f2fs] [] vfs_mkdir+0xb7/0x160 [] SyS_mkdir+0x5f/0xc0 [] system_call_fastpath+0x16/0x1b Finally, this patch resolves all the issues like below. If an error is occurred after make_empty_dir(), 1. truncate_inode_pages() The make_bad_inode() prior to iput() will change i_mode to S_IFREG, which means that f2fs will not decrement fi->dirty_dents during f2fs_evict_inode. But, by calling it here, we can do that. 2. truncate_blocks() Preallocated dentry pages are trucated here to sync i_blocks. Reported-by: Andrey Tsyvarev Signed-off-by: Jaegeuk Kim --- fs/f2fs/dir.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c index bfcb4ae..92ce1db 100644 --- a/fs/f2fs/dir.c +++ b/fs/f2fs/dir.c @@ -372,6 +372,9 @@ static struct page *init_inode_metadata(struct inode *inode, put_error: f2fs_put_page(page, 1); + /* once the failed inode becomes a bad inode, i_mode is S_IFREG */ + truncate_inode_pages(>i_data, 0); + truncate_blocks(inode, 0); error: remove_inode_page(inode); return ERR_PTR(err); -- 1.8.4.474.g128a96c -- Jaegeuk Kim Samsung -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: f2fs: f2fs unmount hangs if f2fs_init_acl() fails during mkdir syscall
Hi, 2014-02-06 (목), 16:17 +0400, Andrey Tsyvarev: > Hi, > > 06.02.2014 10:02, Jaegeuk Kim пишет: > > Hi, > > > > Thank you for the test and valuable report. > > > > This bug was fixed recently by: > > > > commit 03dea3129d558bf5293a6e9f12777176619ac876 > > Author: Jaegeuk Kim > > Date: Wed Feb 5 11:16:39 2014 +0900 > > > > f2fs: fix to truncate dentry pages in the error case > Now remove_inode_page() succeed, but another assertion failed (tested on > revision e964751c): > > [ 1272.747011] kernel BUG at fs/f2fs/inode.c:274! > [ 1272.747011] invalid opcode: [#1] SMP > [ 1272.747011] Modules linked in: f2fs kedr_fsim_indicator_common(OF) > kedr_fsim_indicator_capable(OF) > kedr_fsim_indicator_kmalloc(OF) kedr_fsim_vmm(OF) kedr_fsim_mem_util(OF) > kedr_fsim_capable(OF) > kedr_fsim_uaccess(OF) kedr_fsim_cmm(OF) kedr_fault_simulation(OF) > kedr(OF) fuse nf_conntrack_netbios_ns > nf_conntrack_broadcast ipt_MASQUERADE ip6t_REJECT xt_conntrack > ebtable_nat ebtable_broute bridge stp > llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 > nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle > ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat > nf_conntrack_ipv4 nf_defrag_ipv4 > nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security > iptable_raw parport_pc i2c_piix4 e1000 > i2c_core microcode parport ata_generic pata_acpi [last unloaded: kedr] > [ 1272.747011] CPU: 0 PID: 14613 Comm: fs-driver-tests Tainted: GF > W O 3.14.0-rc1fs #1 > [ 1272.747011] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS > VirtualBox 12/01/2006 > [ 1272.747011] task: 88001e939190 ti: 88000d7ec000 task.ti: > 88000d7ec000 > [ 1272.747011] RIP: 0010:[] [] > f2fs_evict_inode+0x178/0x180 [f2fs] > [ 1272.747011] RSP: 0018:88000d7ede50 EFLAGS: 00010202 > [ 1272.747011] RAX: 0001 RBX: 88000475cc30 RCX: > 88001e9398a0 > [ 1272.747011] RDX: 0002 RSI: RDI: > 88000475ce10 > [ 1272.747011] RBP: 88000d7ede68 R08: R09: > > [ 1272.747011] R10: R11: 0001 R12: > 88000475cc30 > [ 1272.747011] R13: 88000f147800 R14: a01e7080 R15: > 88000f147b80 > [ 1272.747011] FS: 7f1795424740() GS:88003fc0() > knlGS: > [ 1272.747011] CS: 0010 DS: ES: CR0: 8005003b > [ 1272.747011] CR2: 7fc33bfa9000 CR3: 0f14e000 CR4: > 06f0 > [ 1272.747011] Stack: > [ 1272.747011] 88000475cc30 88000475cdc8 a01e7080 > 88000d7ede90 > [ 1272.747011] 811fde03 88000475cc30 88000475ccb8 > 88000f147000 > [ 1272.747011] 88000d7edec0 811fe615 88000475cc30 > 88000f147800 > [ 1272.747011] Call Trace: > [ 1272.747011] [] evict+0xa3/0x1a0 > [ 1272.747011] [] iput+0xf5/0x180 > [ 1272.747011] [] f2fs_mkdir+0xf3/0x150 [f2fs] > [ 1272.747011] [] vfs_mkdir+0xb7/0x160 > [ 1272.747011] [] SyS_mkdir+0x5f/0xc0 > [ 1272.747011] [] system_call_fastpath+0x16/0x1b > [ 1272.747011] Code: 01 e1 4c 89 e7 e8 39 59 03 e1 5b 41 5c 41 5d 5d c3 > 31 c0 49 83 bc 24 c8 00 00 00 01 0f 97 c0 > eb 8f 4c 89 e7 e8 fa ec ff ff eb 89 <0f> 0b 66 0f 1f 44 00 00 0f 1f 44 > 00 00 55 48 c7 c0 dc ff ff ff > [ 1272.747011] RIP [] f2fs_evict_inode+0x178/0x180 [f2fs] > [ 1272.747011] RSP > > Failed assertion claims that dirty dentries counter should be zero when > inode is deleted. > This counter is incremented by > mkdir()-> >f2fs_add_link()-> > init_inode_metadata()-> >make_empty_dir()-> > set_page_dirty(); > > but no one decrement it. > May be, this should be done along with truncating directory inode in > error-path of init_inode_metadata() ? It's weird, since original intention was that pages should be invalidated by: f2fs_evict_inode - truncate_inode_pages - f2fs_invalidate_page - decrement dirty_dents I'll see what happened a little bit more. Thanks, > > > -- > Best regards, > Andrey Tsyvarev > Linux Verification Center, ISPRAS > web: http://linuxtesting.org > > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majord...@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ -- Jaegeuk Kim Samsung -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: f2fs: f2fs unmount hangs if f2fs_init_acl() fails during mkdir syscall
Hi, 06.02.2014 10:02, Jaegeuk Kim пишет: Hi, Thank you for the test and valuable report. This bug was fixed recently by: commit 03dea3129d558bf5293a6e9f12777176619ac876 Author: Jaegeuk Kim Date: Wed Feb 5 11:16:39 2014 +0900 f2fs: fix to truncate dentry pages in the error case Now remove_inode_page() succeed, but another assertion failed (tested on revision e964751c): [ 1272.747011] kernel BUG at fs/f2fs/inode.c:274! [ 1272.747011] invalid opcode: [#1] SMP [ 1272.747011] Modules linked in: f2fs kedr_fsim_indicator_common(OF) kedr_fsim_indicator_capable(OF) kedr_fsim_indicator_kmalloc(OF) kedr_fsim_vmm(OF) kedr_fsim_mem_util(OF) kedr_fsim_capable(OF) kedr_fsim_uaccess(OF) kedr_fsim_cmm(OF) kedr_fault_simulation(OF) kedr(OF) fuse nf_conntrack_netbios_ns nf_conntrack_broadcast ipt_MASQUERADE ip6t_REJECT xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw parport_pc i2c_piix4 e1000 i2c_core microcode parport ata_generic pata_acpi [last unloaded: kedr] [ 1272.747011] CPU: 0 PID: 14613 Comm: fs-driver-tests Tainted: GF W O 3.14.0-rc1fs #1 [ 1272.747011] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 1272.747011] task: 88001e939190 ti: 88000d7ec000 task.ti: 88000d7ec000 [ 1272.747011] RIP: 0010:[] [] f2fs_evict_inode+0x178/0x180 [f2fs] [ 1272.747011] RSP: 0018:88000d7ede50 EFLAGS: 00010202 [ 1272.747011] RAX: 0001 RBX: 88000475cc30 RCX: 88001e9398a0 [ 1272.747011] RDX: 0002 RSI: RDI: 88000475ce10 [ 1272.747011] RBP: 88000d7ede68 R08: R09: [ 1272.747011] R10: R11: 0001 R12: 88000475cc30 [ 1272.747011] R13: 88000f147800 R14: a01e7080 R15: 88000f147b80 [ 1272.747011] FS: 7f1795424740() GS:88003fc0() knlGS: [ 1272.747011] CS: 0010 DS: ES: CR0: 8005003b [ 1272.747011] CR2: 7fc33bfa9000 CR3: 0f14e000 CR4: 06f0 [ 1272.747011] Stack: [ 1272.747011] 88000475cc30 88000475cdc8 a01e7080 88000d7ede90 [ 1272.747011] 811fde03 88000475cc30 88000475ccb8 88000f147000 [ 1272.747011] 88000d7edec0 811fe615 88000475cc30 88000f147800 [ 1272.747011] Call Trace: [ 1272.747011] [] evict+0xa3/0x1a0 [ 1272.747011] [] iput+0xf5/0x180 [ 1272.747011] [] f2fs_mkdir+0xf3/0x150 [f2fs] [ 1272.747011] [] vfs_mkdir+0xb7/0x160 [ 1272.747011] [] SyS_mkdir+0x5f/0xc0 [ 1272.747011] [] system_call_fastpath+0x16/0x1b [ 1272.747011] Code: 01 e1 4c 89 e7 e8 39 59 03 e1 5b 41 5c 41 5d 5d c3 31 c0 49 83 bc 24 c8 00 00 00 01 0f 97 c0 eb 8f 4c 89 e7 e8 fa ec ff ff eb 89 <0f> 0b 66 0f 1f 44 00 00 0f 1f 44 00 00 55 48 c7 c0 dc ff ff ff [ 1272.747011] RIP [] f2fs_evict_inode+0x178/0x180 [f2fs] [ 1272.747011] RSP Failed assertion claims that dirty dentries counter should be zero when inode is deleted. This counter is incremented by mkdir()-> f2fs_add_link()-> init_inode_metadata()-> make_empty_dir()-> set_page_dirty(); but no one decrement it. May be, this should be done along with truncating directory inode in error-path of init_inode_metadata() ? -- Best regards, Andrey Tsyvarev Linux Verification Center, ISPRAS web: http://linuxtesting.org -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: f2fs: f2fs unmount hangs if f2fs_init_acl() fails during mkdir syscall
Hi, 06.02.2014 10:02, Jaegeuk Kim пишет: Hi, Thank you for the test and valuable report. This bug was fixed recently by: commit 03dea3129d558bf5293a6e9f12777176619ac876 Author: Jaegeuk Kim jaegeuk@samsung.com Date: Wed Feb 5 11:16:39 2014 +0900 f2fs: fix to truncate dentry pages in the error case Now remove_inode_page() succeed, but another assertion failed (tested on revision e964751c): [ 1272.747011] kernel BUG at fs/f2fs/inode.c:274! [ 1272.747011] invalid opcode: [#1] SMP [ 1272.747011] Modules linked in: f2fs kedr_fsim_indicator_common(OF) kedr_fsim_indicator_capable(OF) kedr_fsim_indicator_kmalloc(OF) kedr_fsim_vmm(OF) kedr_fsim_mem_util(OF) kedr_fsim_capable(OF) kedr_fsim_uaccess(OF) kedr_fsim_cmm(OF) kedr_fault_simulation(OF) kedr(OF) fuse nf_conntrack_netbios_ns nf_conntrack_broadcast ipt_MASQUERADE ip6t_REJECT xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw parport_pc i2c_piix4 e1000 i2c_core microcode parport ata_generic pata_acpi [last unloaded: kedr] [ 1272.747011] CPU: 0 PID: 14613 Comm: fs-driver-tests Tainted: GF W O 3.14.0-rc1fs #1 [ 1272.747011] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 1272.747011] task: 88001e939190 ti: 88000d7ec000 task.ti: 88000d7ec000 [ 1272.747011] RIP: 0010:[a01c74a8] [a01c74a8] f2fs_evict_inode+0x178/0x180 [f2fs] [ 1272.747011] RSP: 0018:88000d7ede50 EFLAGS: 00010202 [ 1272.747011] RAX: 0001 RBX: 88000475cc30 RCX: 88001e9398a0 [ 1272.747011] RDX: 0002 RSI: RDI: 88000475ce10 [ 1272.747011] RBP: 88000d7ede68 R08: R09: [ 1272.747011] R10: R11: 0001 R12: 88000475cc30 [ 1272.747011] R13: 88000f147800 R14: a01e7080 R15: 88000f147b80 [ 1272.747011] FS: 7f1795424740() GS:88003fc0() knlGS: [ 1272.747011] CS: 0010 DS: ES: CR0: 8005003b [ 1272.747011] CR2: 7fc33bfa9000 CR3: 0f14e000 CR4: 06f0 [ 1272.747011] Stack: [ 1272.747011] 88000475cc30 88000475cdc8 a01e7080 88000d7ede90 [ 1272.747011] 811fde03 88000475cc30 88000475ccb8 88000f147000 [ 1272.747011] 88000d7edec0 811fe615 88000475cc30 88000f147800 [ 1272.747011] Call Trace: [ 1272.747011] [811fde03] evict+0xa3/0x1a0 [ 1272.747011] [811fe615] iput+0xf5/0x180 [ 1272.747011] [a01c7f63] f2fs_mkdir+0xf3/0x150 [f2fs] [ 1272.747011] [811f2a77] vfs_mkdir+0xb7/0x160 [ 1272.747011] [811f36bf] SyS_mkdir+0x5f/0xc0 [ 1272.747011] [81680769] system_call_fastpath+0x16/0x1b [ 1272.747011] Code: 01 e1 4c 89 e7 e8 39 59 03 e1 5b 41 5c 41 5d 5d c3 31 c0 49 83 bc 24 c8 00 00 00 01 0f 97 c0 eb 8f 4c 89 e7 e8 fa ec ff ff eb 89 0f 0b 66 0f 1f 44 00 00 0f 1f 44 00 00 55 48 c7 c0 dc ff ff ff [ 1272.747011] RIP [a01c74a8] f2fs_evict_inode+0x178/0x180 [f2fs] [ 1272.747011] RSP 88000d7ede50 Failed assertion claims that dirty dentries counter should be zero when inode is deleted. This counter is incremented by mkdir()- f2fs_add_link()- init_inode_metadata()- make_empty_dir()- set_page_dirty(); but no one decrement it. May be, this should be done along with truncating directory inode in error-path of init_inode_metadata() ? -- Best regards, Andrey Tsyvarev Linux Verification Center, ISPRAS web: http://linuxtesting.org -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: f2fs: f2fs unmount hangs if f2fs_init_acl() fails during mkdir syscall
Hi, 2014-02-06 (목), 16:17 +0400, Andrey Tsyvarev: Hi, 06.02.2014 10:02, Jaegeuk Kim пишет: Hi, Thank you for the test and valuable report. This bug was fixed recently by: commit 03dea3129d558bf5293a6e9f12777176619ac876 Author: Jaegeuk Kim jaegeuk@samsung.com Date: Wed Feb 5 11:16:39 2014 +0900 f2fs: fix to truncate dentry pages in the error case Now remove_inode_page() succeed, but another assertion failed (tested on revision e964751c): [ 1272.747011] kernel BUG at fs/f2fs/inode.c:274! [ 1272.747011] invalid opcode: [#1] SMP [ 1272.747011] Modules linked in: f2fs kedr_fsim_indicator_common(OF) kedr_fsim_indicator_capable(OF) kedr_fsim_indicator_kmalloc(OF) kedr_fsim_vmm(OF) kedr_fsim_mem_util(OF) kedr_fsim_capable(OF) kedr_fsim_uaccess(OF) kedr_fsim_cmm(OF) kedr_fault_simulation(OF) kedr(OF) fuse nf_conntrack_netbios_ns nf_conntrack_broadcast ipt_MASQUERADE ip6t_REJECT xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw parport_pc i2c_piix4 e1000 i2c_core microcode parport ata_generic pata_acpi [last unloaded: kedr] [ 1272.747011] CPU: 0 PID: 14613 Comm: fs-driver-tests Tainted: GF W O 3.14.0-rc1fs #1 [ 1272.747011] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 1272.747011] task: 88001e939190 ti: 88000d7ec000 task.ti: 88000d7ec000 [ 1272.747011] RIP: 0010:[a01c74a8] [a01c74a8] f2fs_evict_inode+0x178/0x180 [f2fs] [ 1272.747011] RSP: 0018:88000d7ede50 EFLAGS: 00010202 [ 1272.747011] RAX: 0001 RBX: 88000475cc30 RCX: 88001e9398a0 [ 1272.747011] RDX: 0002 RSI: RDI: 88000475ce10 [ 1272.747011] RBP: 88000d7ede68 R08: R09: [ 1272.747011] R10: R11: 0001 R12: 88000475cc30 [ 1272.747011] R13: 88000f147800 R14: a01e7080 R15: 88000f147b80 [ 1272.747011] FS: 7f1795424740() GS:88003fc0() knlGS: [ 1272.747011] CS: 0010 DS: ES: CR0: 8005003b [ 1272.747011] CR2: 7fc33bfa9000 CR3: 0f14e000 CR4: 06f0 [ 1272.747011] Stack: [ 1272.747011] 88000475cc30 88000475cdc8 a01e7080 88000d7ede90 [ 1272.747011] 811fde03 88000475cc30 88000475ccb8 88000f147000 [ 1272.747011] 88000d7edec0 811fe615 88000475cc30 88000f147800 [ 1272.747011] Call Trace: [ 1272.747011] [811fde03] evict+0xa3/0x1a0 [ 1272.747011] [811fe615] iput+0xf5/0x180 [ 1272.747011] [a01c7f63] f2fs_mkdir+0xf3/0x150 [f2fs] [ 1272.747011] [811f2a77] vfs_mkdir+0xb7/0x160 [ 1272.747011] [811f36bf] SyS_mkdir+0x5f/0xc0 [ 1272.747011] [81680769] system_call_fastpath+0x16/0x1b [ 1272.747011] Code: 01 e1 4c 89 e7 e8 39 59 03 e1 5b 41 5c 41 5d 5d c3 31 c0 49 83 bc 24 c8 00 00 00 01 0f 97 c0 eb 8f 4c 89 e7 e8 fa ec ff ff eb 89 0f 0b 66 0f 1f 44 00 00 0f 1f 44 00 00 55 48 c7 c0 dc ff ff ff [ 1272.747011] RIP [a01c74a8] f2fs_evict_inode+0x178/0x180 [f2fs] [ 1272.747011] RSP 88000d7ede50 Failed assertion claims that dirty dentries counter should be zero when inode is deleted. This counter is incremented by mkdir()- f2fs_add_link()- init_inode_metadata()- make_empty_dir()- set_page_dirty(); but no one decrement it. May be, this should be done along with truncating directory inode in error-path of init_inode_metadata() ? It's weird, since original intention was that pages should be invalidated by: f2fs_evict_inode - truncate_inode_pages - f2fs_invalidate_page - decrement dirty_dents I'll see what happened a little bit more. Thanks, -- Best regards, Andrey Tsyvarev Linux Verification Center, ISPRAS web: http://linuxtesting.org -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ -- Jaegeuk Kim Samsung -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [f2fs-dev] f2fs: f2fs unmount hangs if f2fs_init_acl() fails during mkdir syscall
Hi, It turns out that make_bad_inode prior to iput sets i_mode to a regular file, so that f2fs_evict_inode - truncate_inode_pages - f2fs_invalidate_data_page doesn't decrement dirty_dents. This patch should resolve the bug. Thank you :) When a new directory is allocated, if an error is occurred, we should truncate preallocated dentry pages too. This bug was reported by Andrey Tsyvarev after a while as follows. mkdir()- f2fs_add_link()- init_inode_metadata()- f2fs_init_acl()- f2fs_get_acl()- f2fs_getxattr()- read_all_xattrs() fails. Also there was a BUG_ON triggered after the fault in mkdir()- f2fs_add_link()- init_inode_metadata()- remove_inode_page() - f2fs_bug_on(inode-i_blocks != 0 inode-i_blocks != 1); But, previous patch wasn't perfect to resolve that bug, so the following bug report was also submitted. kernel BUG at fs/f2fs/inode.c:274! Call Trace: [811fde03] evict+0xa3/0x1a0 [811fe615] iput+0xf5/0x180 [a01c7f63] f2fs_mkdir+0xf3/0x150 [f2fs] [811f2a77] vfs_mkdir+0xb7/0x160 [811f36bf] SyS_mkdir+0x5f/0xc0 [81680769] system_call_fastpath+0x16/0x1b Finally, this patch resolves all the issues like below. If an error is occurred after make_empty_dir(), 1. truncate_inode_pages() The make_bad_inode() prior to iput() will change i_mode to S_IFREG, which means that f2fs will not decrement fi-dirty_dents during f2fs_evict_inode. But, by calling it here, we can do that. 2. truncate_blocks() Preallocated dentry pages are trucated here to sync i_blocks. Reported-by: Andrey Tsyvarev tsyva...@ispras.ru Signed-off-by: Jaegeuk Kim jaegeuk@samsung.com --- fs/f2fs/dir.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c index bfcb4ae..92ce1db 100644 --- a/fs/f2fs/dir.c +++ b/fs/f2fs/dir.c @@ -372,6 +372,9 @@ static struct page *init_inode_metadata(struct inode *inode, put_error: f2fs_put_page(page, 1); + /* once the failed inode becomes a bad inode, i_mode is S_IFREG */ + truncate_inode_pages(inode-i_data, 0); + truncate_blocks(inode, 0); error: remove_inode_page(inode); return ERR_PTR(err); -- 1.8.4.474.g128a96c -- Jaegeuk Kim Samsung -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: f2fs: f2fs unmount hangs if f2fs_init_acl() fails during mkdir syscall
Hi, Thank you for the test and valuable report. This bug was fixed recently by: commit 03dea3129d558bf5293a6e9f12777176619ac876 Author: Jaegeuk Kim Date: Wed Feb 5 11:16:39 2014 +0900 f2fs: fix to truncate dentry pages in the error case You can find that from the tree: git://git.kernel.org/cgit/linux/kernel/git/jaegeuk/f2fs.git/log/?h=dev Thanks, 2014-02-06 (목), 09:43 +0400, Andrey Tsyvarev: > Hello, > > Testing f2fs (of linux-3.13) under fault simulation, we detected > umount() hangs up after > mkdir()-> >f2fs_add_link()-> > init_inode_metadata()-> >f2fs_init_acl()-> > f2fs_get_acl()-> >f2fs_getxattr()-> > read_all_xattrs() fails. > > Also there was a BUG_ON triggered after the fault in > mkdir()-> >f2fs_add_link()-> > init_inode_metadata()-> >remove_inode_page() -> > f2fs_bug_on(inode->i_blocks != 0 && inode->i_blocks != 1); > > In this case there are 2 blocks allocated, which are counted with > inode->i_blocks field: > > static struct page *init_inode_metadata(struct inode *inode, > struct inode *dir, const struct qstr *name) > { > struct page *page; > int err; > > if (is_inode_flag_set(F2FS_I(inode), FI_NEW_INODE)) { > page = new_inode_page(inode, name); <- First block is > allocated for the inode > if (IS_ERR(page)) > return page; > > if (S_ISDIR(inode->i_mode)) { > err = make_empty_dir(inode, dir, page); <- Second block > is allocated for the inode > if (err) > goto error; > } > > err = f2fs_init_acl(inode, dir, page); <- This call returns > error > if (err) > goto error; > ... > } else { > ... > } > > init_dent_inode(name, page); > > /* > * This file should be checkpointed during fsync. > * We lost i_pino from now on. > */ > if (is_inode_flag_set(F2FS_I(inode), FI_INC_LINK)) { > file_lost_pino(inode); > inc_nlink(inode); > } > return page; > > error: > f2fs_put_page(page, 1); > remove_inode_page(inode); <- Expects at most one block > allocated for inode > return ERR_PTR(err); > } > > Found by Linux File System Verification project (linuxtesting.org). > > > Here are some additional details. > > F2fs-related kernel configuration is: > CONFIG_F2FS_FS=m > CONFIG_F2FS_STAT_FS=y > CONFIG_F2FS_FS_XATTR=y > CONFIG_F2FS_FS_POSIX_ACL=y > CONFIG_F2FS_FS_SECURITY=y > CONFIG_F2FS_CHECK_FS=y > > > BUG_ON log: > [ 117.863869] kernel BUG at fs/f2fs/node.c:825! > [ 117.863870] invalid opcode: [#1] SMP > [ 117.863872] Modules linked in: f2fs kedr_fsim_indicator_common(OF) > kedr_fsim_indicator_capable(OF) > kedr_fsim_indicator_kmalloc(OF) kedr_fsim_vmm(OF) kedr_fsim_mem_util(OF) > kedr_fsim_capable(OF) > kedr_fsim_uaccess(OF) kedr_fsim_cmm(OF) kedr_fault_simulation(OF) > kedr(OF) fuse nf_conntrack_netbios_ns > nf_conntrack_broadcast ipt_MASQUERADE ip6t_REJECT xt_conntrack > ebtable_nat ebtable_broute bridge stp llc > ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 > nf_nat_ipv6 ip6table_mangle > ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat > nf_conntrack_ipv4 nf_defrag_ipv4 > nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security > iptable_raw microcode i2c_piix4 parport_pc > e1000 i2c_core parport ata_generic pata_acpi [last unloaded: kedr] > [ 117.863894] CPU: 0 PID: 2766 Comm: fs-driver-tests Tainted: > GF O 3.13.0fs #2 > [ 117.863895] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS > VirtualBox 12/01/2006 > [ 117.863896] task: 881b6420 ti: 8800111ac000 task.ti: > 8800111ac000 > [ 117.863897] RIP: 0010:[] [] > remove_inode_page+0xbf/0xd0 [f2fs] > [ 117.863901] RSP: 0018:8800111ade08 EFLAGS: 00010202 > [ 117.863902] RAX: RBX: 8800125a0c30 RCX: > 881b6a78 > [ 117.863903] RDX: 8800 RSI: ea4b9780 RDI: > 8800125a0c30 > [ 117.863903] RBP: 8800111ade50 R08: 0001 R09: > > [ 117.863904] R10: 0006 R11: 000f R12: > ea4b9780 > [ 117.863905] R13: 0004 R14: ea4b9780 R15: > ea4b97c0 > [ 117.863907] FS: 7ff92dc9f740() GS:88003fc0() > knlGS: > [ 117.863908] CS: 0010 DS: ES: CR0: 8005003b > [ 117.863909] CR2: 7f6673415000 CR3: 3c628000 CR4: > 06f0 > [ 117.863913] Stack: > [ 117.863913] 41ff ea4b97c0 8800111ade50 > a01e9ffa > [ 117.863915] ea4b9780 8800 880012e5d000 > 0003 > [ 117.863917] ea4b9740 8800111adec0 a01d0d20 > 880012532948 > [ 117.863919] Call Trace: > [ 117.863922] [] ?
f2fs: f2fs unmount hangs if f2fs_init_acl() fails during mkdir syscall
Hello, Testing f2fs (of linux-3.13) under fault simulation, we detected umount() hangs up after mkdir()-> f2fs_add_link()-> init_inode_metadata()-> f2fs_init_acl()-> f2fs_get_acl()-> f2fs_getxattr()-> read_all_xattrs() fails. Also there was a BUG_ON triggered after the fault in mkdir()-> f2fs_add_link()-> init_inode_metadata()-> remove_inode_page() -> f2fs_bug_on(inode->i_blocks != 0 && inode->i_blocks != 1); In this case there are 2 blocks allocated, which are counted with inode->i_blocks field: static struct page *init_inode_metadata(struct inode *inode, struct inode *dir, const struct qstr *name) { struct page *page; int err; if (is_inode_flag_set(F2FS_I(inode), FI_NEW_INODE)) { page = new_inode_page(inode, name); <- First block is allocated for the inode if (IS_ERR(page)) return page; if (S_ISDIR(inode->i_mode)) { err = make_empty_dir(inode, dir, page); <- Second block is allocated for the inode if (err) goto error; } err = f2fs_init_acl(inode, dir, page); <- This call returns error if (err) goto error; ... } else { ... } init_dent_inode(name, page); /* * This file should be checkpointed during fsync. * We lost i_pino from now on. */ if (is_inode_flag_set(F2FS_I(inode), FI_INC_LINK)) { file_lost_pino(inode); inc_nlink(inode); } return page; error: f2fs_put_page(page, 1); remove_inode_page(inode); <- Expects at most one block allocated for inode return ERR_PTR(err); } Found by Linux File System Verification project (linuxtesting.org). Here are some additional details. F2fs-related kernel configuration is: CONFIG_F2FS_FS=m CONFIG_F2FS_STAT_FS=y CONFIG_F2FS_FS_XATTR=y CONFIG_F2FS_FS_POSIX_ACL=y CONFIG_F2FS_FS_SECURITY=y CONFIG_F2FS_CHECK_FS=y BUG_ON log: [ 117.863869] kernel BUG at fs/f2fs/node.c:825! [ 117.863870] invalid opcode: [#1] SMP [ 117.863872] Modules linked in: f2fs kedr_fsim_indicator_common(OF) kedr_fsim_indicator_capable(OF) kedr_fsim_indicator_kmalloc(OF) kedr_fsim_vmm(OF) kedr_fsim_mem_util(OF) kedr_fsim_capable(OF) kedr_fsim_uaccess(OF) kedr_fsim_cmm(OF) kedr_fault_simulation(OF) kedr(OF) fuse nf_conntrack_netbios_ns nf_conntrack_broadcast ipt_MASQUERADE ip6t_REJECT xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw microcode i2c_piix4 parport_pc e1000 i2c_core parport ata_generic pata_acpi [last unloaded: kedr] [ 117.863894] CPU: 0 PID: 2766 Comm: fs-driver-tests Tainted: GF O 3.13.0fs #2 [ 117.863895] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 117.863896] task: 881b6420 ti: 8800111ac000 task.ti: 8800111ac000 [ 117.863897] RIP: 0010:[] [] remove_inode_page+0xbf/0xd0 [f2fs] [ 117.863901] RSP: 0018:8800111ade08 EFLAGS: 00010202 [ 117.863902] RAX: RBX: 8800125a0c30 RCX: 881b6a78 [ 117.863903] RDX: 8800 RSI: ea4b9780 RDI: 8800125a0c30 [ 117.863903] RBP: 8800111ade50 R08: 0001 R09: [ 117.863904] R10: 0006 R11: 000f R12: ea4b9780 [ 117.863905] R13: 0004 R14: ea4b9780 R15: ea4b97c0 [ 117.863907] FS: 7ff92dc9f740() GS:88003fc0() knlGS: [ 117.863908] CS: 0010 DS: ES: CR0: 8005003b [ 117.863909] CR2: 7f6673415000 CR3: 3c628000 CR4: 06f0 [ 117.863913] Stack: [ 117.863913] 41ff ea4b97c0 8800111ade50 a01e9ffa [ 117.863915] ea4b9780 8800 880012e5d000 0003 [ 117.863917] ea4b9740 8800111adec0 a01d0d20 880012532948 [ 117.863919] Call Trace: [ 117.863922] [] ? f2fs_init_acl+0x10a/0x180 [f2fs] [ 117.863925] [] __f2fs_add_link+0x560/0x7c0 [f2fs] [ 117.863928] [] f2fs_mkdir+0xbb/0x150 [f2fs] [ 117.863929] [] vfs_mkdir+0xb7/0x160 [ 117.863931] [] SyS_mkdir+0x5f/0xc0 [ 117.863933] [] system_call_fastpath+0x16/0x1b [ 117.863934] Code: e6 49 8b 14 24 83 e2 01 74 23 4c 89 e7 89 45 bc e8 f7 f9 f6 e0 4c 89 e7 e8 ff d1 f7 e0 8b 45 bc 48 83 c4 30 5b 41 5c 41 5d 5d c3 <0f> 0b e8 c8 9d 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 [ 117.863953] RIP [] remove_inode_page+0xbf/0xd0 [f2fs] [ 117.863956] RSP There are several ways for simulate faults in kernel function calls, e.g. manual faults insertion, fault injection kernel infrustructure. In my tests I use KEDR
f2fs: f2fs unmount hangs if f2fs_init_acl() fails during mkdir syscall
Hello, Testing f2fs (of linux-3.13) under fault simulation, we detected umount() hangs up after mkdir()- f2fs_add_link()- init_inode_metadata()- f2fs_init_acl()- f2fs_get_acl()- f2fs_getxattr()- read_all_xattrs() fails. Also there was a BUG_ON triggered after the fault in mkdir()- f2fs_add_link()- init_inode_metadata()- remove_inode_page() - f2fs_bug_on(inode-i_blocks != 0 inode-i_blocks != 1); In this case there are 2 blocks allocated, which are counted with inode-i_blocks field: static struct page *init_inode_metadata(struct inode *inode, struct inode *dir, const struct qstr *name) { struct page *page; int err; if (is_inode_flag_set(F2FS_I(inode), FI_NEW_INODE)) { page = new_inode_page(inode, name); - First block is allocated for the inode if (IS_ERR(page)) return page; if (S_ISDIR(inode-i_mode)) { err = make_empty_dir(inode, dir, page); - Second block is allocated for the inode if (err) goto error; } err = f2fs_init_acl(inode, dir, page); - This call returns error if (err) goto error; ... } else { ... } init_dent_inode(name, page); /* * This file should be checkpointed during fsync. * We lost i_pino from now on. */ if (is_inode_flag_set(F2FS_I(inode), FI_INC_LINK)) { file_lost_pino(inode); inc_nlink(inode); } return page; error: f2fs_put_page(page, 1); remove_inode_page(inode); - Expects at most one block allocated for inode return ERR_PTR(err); } Found by Linux File System Verification project (linuxtesting.org). Here are some additional details. F2fs-related kernel configuration is: CONFIG_F2FS_FS=m CONFIG_F2FS_STAT_FS=y CONFIG_F2FS_FS_XATTR=y CONFIG_F2FS_FS_POSIX_ACL=y CONFIG_F2FS_FS_SECURITY=y CONFIG_F2FS_CHECK_FS=y BUG_ON log: [ 117.863869] kernel BUG at fs/f2fs/node.c:825! [ 117.863870] invalid opcode: [#1] SMP [ 117.863872] Modules linked in: f2fs kedr_fsim_indicator_common(OF) kedr_fsim_indicator_capable(OF) kedr_fsim_indicator_kmalloc(OF) kedr_fsim_vmm(OF) kedr_fsim_mem_util(OF) kedr_fsim_capable(OF) kedr_fsim_uaccess(OF) kedr_fsim_cmm(OF) kedr_fault_simulation(OF) kedr(OF) fuse nf_conntrack_netbios_ns nf_conntrack_broadcast ipt_MASQUERADE ip6t_REJECT xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw microcode i2c_piix4 parport_pc e1000 i2c_core parport ata_generic pata_acpi [last unloaded: kedr] [ 117.863894] CPU: 0 PID: 2766 Comm: fs-driver-tests Tainted: GF O 3.13.0fs #2 [ 117.863895] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 117.863896] task: 881b6420 ti: 8800111ac000 task.ti: 8800111ac000 [ 117.863897] RIP: 0010:[a01e03bf] [a01e03bf] remove_inode_page+0xbf/0xd0 [f2fs] [ 117.863901] RSP: 0018:8800111ade08 EFLAGS: 00010202 [ 117.863902] RAX: RBX: 8800125a0c30 RCX: 881b6a78 [ 117.863903] RDX: 8800 RSI: ea4b9780 RDI: 8800125a0c30 [ 117.863903] RBP: 8800111ade50 R08: 0001 R09: [ 117.863904] R10: 0006 R11: 000f R12: ea4b9780 [ 117.863905] R13: 0004 R14: ea4b9780 R15: ea4b97c0 [ 117.863907] FS: 7ff92dc9f740() GS:88003fc0() knlGS: [ 117.863908] CS: 0010 DS: ES: CR0: 8005003b [ 117.863909] CR2: 7f6673415000 CR3: 3c628000 CR4: 06f0 [ 117.863913] Stack: [ 117.863913] 41ff ea4b97c0 8800111ade50 a01e9ffa [ 117.863915] ea4b9780 8800 880012e5d000 0003 [ 117.863917] ea4b9740 8800111adec0 a01d0d20 880012532948 [ 117.863919] Call Trace: [ 117.863922] [a01e9ffa] ? f2fs_init_acl+0x10a/0x180 [f2fs] [ 117.863925] [a01d0d20] __f2fs_add_link+0x560/0x7c0 [f2fs] [ 117.863928] [a01d3b8b] f2fs_mkdir+0xbb/0x150 [f2fs] [ 117.863929] [811cf4c7] vfs_mkdir+0xb7/0x160 [ 117.863931] [811d010f] SyS_mkdir+0x5f/0xc0 [ 117.863933] [8165bf29] system_call_fastpath+0x16/0x1b [ 117.863934] Code: e6 49 8b 14 24 83 e2 01 74 23 4c 89 e7 89 45 bc e8 f7 f9 f6 e0 4c 89 e7 e8 ff d1 f7 e0 8b 45 bc 48 83 c4 30 5b 41 5c 41 5d 5d c3 0f 0b e8 c8 9d 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 [ 117.863953] RIP [a01e03bf] remove_inode_page+0xbf/0xd0 [f2fs] [ 117.863956] RSP 8800111ade08 There are several ways for
Re: f2fs: f2fs unmount hangs if f2fs_init_acl() fails during mkdir syscall
Hi, Thank you for the test and valuable report. This bug was fixed recently by: commit 03dea3129d558bf5293a6e9f12777176619ac876 Author: Jaegeuk Kim jaegeuk@samsung.com Date: Wed Feb 5 11:16:39 2014 +0900 f2fs: fix to truncate dentry pages in the error case You can find that from the tree: git://git.kernel.org/cgit/linux/kernel/git/jaegeuk/f2fs.git/log/?h=dev Thanks, 2014-02-06 (목), 09:43 +0400, Andrey Tsyvarev: Hello, Testing f2fs (of linux-3.13) under fault simulation, we detected umount() hangs up after mkdir()- f2fs_add_link()- init_inode_metadata()- f2fs_init_acl()- f2fs_get_acl()- f2fs_getxattr()- read_all_xattrs() fails. Also there was a BUG_ON triggered after the fault in mkdir()- f2fs_add_link()- init_inode_metadata()- remove_inode_page() - f2fs_bug_on(inode-i_blocks != 0 inode-i_blocks != 1); In this case there are 2 blocks allocated, which are counted with inode-i_blocks field: static struct page *init_inode_metadata(struct inode *inode, struct inode *dir, const struct qstr *name) { struct page *page; int err; if (is_inode_flag_set(F2FS_I(inode), FI_NEW_INODE)) { page = new_inode_page(inode, name); - First block is allocated for the inode if (IS_ERR(page)) return page; if (S_ISDIR(inode-i_mode)) { err = make_empty_dir(inode, dir, page); - Second block is allocated for the inode if (err) goto error; } err = f2fs_init_acl(inode, dir, page); - This call returns error if (err) goto error; ... } else { ... } init_dent_inode(name, page); /* * This file should be checkpointed during fsync. * We lost i_pino from now on. */ if (is_inode_flag_set(F2FS_I(inode), FI_INC_LINK)) { file_lost_pino(inode); inc_nlink(inode); } return page; error: f2fs_put_page(page, 1); remove_inode_page(inode); - Expects at most one block allocated for inode return ERR_PTR(err); } Found by Linux File System Verification project (linuxtesting.org). Here are some additional details. F2fs-related kernel configuration is: CONFIG_F2FS_FS=m CONFIG_F2FS_STAT_FS=y CONFIG_F2FS_FS_XATTR=y CONFIG_F2FS_FS_POSIX_ACL=y CONFIG_F2FS_FS_SECURITY=y CONFIG_F2FS_CHECK_FS=y BUG_ON log: [ 117.863869] kernel BUG at fs/f2fs/node.c:825! [ 117.863870] invalid opcode: [#1] SMP [ 117.863872] Modules linked in: f2fs kedr_fsim_indicator_common(OF) kedr_fsim_indicator_capable(OF) kedr_fsim_indicator_kmalloc(OF) kedr_fsim_vmm(OF) kedr_fsim_mem_util(OF) kedr_fsim_capable(OF) kedr_fsim_uaccess(OF) kedr_fsim_cmm(OF) kedr_fault_simulation(OF) kedr(OF) fuse nf_conntrack_netbios_ns nf_conntrack_broadcast ipt_MASQUERADE ip6t_REJECT xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw microcode i2c_piix4 parport_pc e1000 i2c_core parport ata_generic pata_acpi [last unloaded: kedr] [ 117.863894] CPU: 0 PID: 2766 Comm: fs-driver-tests Tainted: GF O 3.13.0fs #2 [ 117.863895] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 117.863896] task: 881b6420 ti: 8800111ac000 task.ti: 8800111ac000 [ 117.863897] RIP: 0010:[a01e03bf] [a01e03bf] remove_inode_page+0xbf/0xd0 [f2fs] [ 117.863901] RSP: 0018:8800111ade08 EFLAGS: 00010202 [ 117.863902] RAX: RBX: 8800125a0c30 RCX: 881b6a78 [ 117.863903] RDX: 8800 RSI: ea4b9780 RDI: 8800125a0c30 [ 117.863903] RBP: 8800111ade50 R08: 0001 R09: [ 117.863904] R10: 0006 R11: 000f R12: ea4b9780 [ 117.863905] R13: 0004 R14: ea4b9780 R15: ea4b97c0 [ 117.863907] FS: 7ff92dc9f740() GS:88003fc0() knlGS: [ 117.863908] CS: 0010 DS: ES: CR0: 8005003b [ 117.863909] CR2: 7f6673415000 CR3: 3c628000 CR4: 06f0 [ 117.863913] Stack: [ 117.863913] 41ff ea4b97c0 8800111ade50 a01e9ffa [ 117.863915] ea4b9780 8800 880012e5d000 0003 [ 117.863917] ea4b9740 8800111adec0 a01d0d20 880012532948 [ 117.863919] Call Trace: [ 117.863922] [a01e9ffa] ? f2fs_init_acl+0x10a/0x180 [f2fs] [ 117.863925] [a01d0d20] __f2fs_add_link+0x560/0x7c0 [f2fs]