Bug 215897

Created attachment 300821 [details]
case.c

I have encountered a bug in F2FS file system in kernel v5.17.

The file operations performed on the file system are in case.c, and I have uploaded the F2FS image to the google net disk (https://drive.google.com/file/d/1SQ5oHSMJLD_e_HtYRad6gcmVQU-dvLk3/view?usp=sharing).

The kernel should enable CONFIG_KASAN=y and CONFIG_KASAN_INLINE=y. You can reproduce the bug by running the following commands:

gcc -o case case.c
losetup /dev/loop0 case.img
mount -o "background_gc=sync,disable_roll_forward,nouser_xattr,disable_ext_identify,nobarrier,fastboot,mode=adaptive,grpquota,noquota,alloc_mode=reuse,test_dummy_encryption" -t f2fs /dev/loop0 /root/mnt
./case

The kernel message is shown below:

4,1119,116278718,-;------------[ cut here ]------------
2,1120,116278721,-;kernel BUG at fs/f2fs/f2fs.h:2511!
4,1121,116278795,-;invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
4,1122,116278799,-;CPU: 7 PID: 1335 Comm: rm Not tainted 5.17.0 #3
4,1123,116278803,-;Hardware name: Dell Inc. OptiPlex 9020/03CPWF, BIOS A14 09/14/2015
4,1124,116278805,-;RIP: 0010:truncate_node+0x85c/0xa70
4,1125,116278810,-;Code: 3c 24 e8 f7 11 4d ff e9 bb f8 ff ff 4c 89 54 24 10 e8 e8 11 4d ff 4c 8b 54 24 10 e9 55 fa ff ff e8 b9 11 4d ff e9 57 fb ff ff <0f> 0b 0f 0b 0f 0b 48 b8 00 00 00 00 00 fc ff df 48 8b 54 24 28 48
4,1126,116278813,-;RSP: 0018:ffff88812a707b98 EFLAGS: 00010246
4,1127,116278816,-;RAX: 0000000000000007 RBX: ffff88812a707ca0 RCX: ffffffff850d5532
4,1128,116278819,-;RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff888114e94484
4,1129,116278821,-;RBP: ffff888158cb0e88 R08: 0000000000000001 R09: ffffed10254e0f69
4,1130,116278823,-;R10: ffff888114e94834 R11: ffffed10254e0f68 R12: 0000000000000000
4,1131,116278826,-;R13: ffff888114e94000 R14: ffff88812a707be8 R15: 0000000000000000
4,1132,116278828,-;FS:  00007f9ded34c580(0000) GS:ffff8881d57c0000(0000) knlGS:0000000000000000
4,1133,116278831,-;CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
4,1134,116278833,-;CR2: 0000564e9d5956a8 CR3: 000000010dfbc002 CR4: 00000000001706e0
4,1135,116278835,-;Call Trace:
4,1136,116278837,-; <TASK>
4,1137,116278839,-; ? f2fs_get_node_info+0xd10/0xd10
4,1138,116278843,-; f2fs_remove_inode_page+0x2a2/0x830
4,1139,116278846,-; ? f2fs_get_dnode_of_data+0x18e0/0x18e0
4,1140,116278850,-; ? f2fs_mark_inode_dirty_sync+0x4f/0x70
4,1141,116278853,-; ? f2fs_truncate+0x29f/0x710
4,1142,116278856,-; f2fs_evict_inode+0x9b7/0x1510
4,1143,116278860,-; evict+0x282/0x4e0
4,1144,116278862,-; ? __lookup_hash+0x1b/0x150
4,1145,116278867,-; do_unlinkat+0x33a/0x540
4,1146,116278870,-; ? __x64_sys_rmdir+0x50/0x50
4,1147,116278872,-; ? create_object+0x649/0xaf0
4,1148,116278875,-; ? kasan_unpoison+0x23/0x50
4,1149,116278879,-; ? kmem_cache_alloc+0x10f/0x220
4,1150,116278882,-; ? getname_flags+0xf8/0x4e0
4,1151,116278886,-; __x64_sys_unlinkat+0x8e/0xd0
4,1152,116278889,-; do_syscall_64+0x3b/0x90
4,1153,116278893,-; entry_SYSCALL_64_after_hwframe+0x44/0xae
4,1154,116278897,-;RIP: 0033:0x7f9ded268d3b
4,1155,116278900,-;Code: 73 01 c3 48 8b 0d 55 c1 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 25 c1 0d 00 f7 d8 64 89 01 48
4,1156,116278902,-;RSP: 002b:00007ffeb743e838 EFLAGS: 00000246 ORIG_RAX: 0000000000000107
4,1157,116278906,-;RAX: ffffffffffffffda RBX: 0000564e9d5957d0 RCX: 00007f9ded268d3b
4,1158,116278908,-;RDX: 0000000000000000 RSI: 0000564e9d5945a0 RDI: 00000000ffffff9c
4,1159,116278910,-;RBP: 0000564e9d594510 R08: 0000000000000003 R09: 0000000000000000
4,1160,116278912,-;R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
4,1161,116278914,-;R13: 00007ffeb743ea10 R14: 00007ffeb743ea10 R15: 0000000000000002
4,1162,116278917,-; </TASK>
4,1163,116278919,-;Modules linked in: x86_pkg_temp_thermal efivarfs
4,1164,116279030,-;---[ end trace 0000000000000000 ]---