203737 – JFS: BUG: unable to handle kernel NULL pointer dereference at 0000000000000080

Bug 203737 - JFS: BUG: unable to handle kernel NULL pointer dereference at 0000000000000080

Summary: JFS: BUG: unable to handle kernel NULL pointer dereference at 0000000000000080

Status:	NEW

Alias:	None

Product:	File System
Classification:	Unclassified
Component:	JFS (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	Dave Kleikamp

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-05-28 02:00 UTC by midwinter1993
Modified:	2019-06-18 07:13 UTC (History)
CC List:	1 user (show)

See Also:
Kernel Version:	5.1.3
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description midwinter1993 2019-05-28 02:00:37 UTC

A bug occurs in JFS filesystem when:

1. mount JFS with options: `nointegrity,grpquota`
2. make a new directory
3. umount it

Tested under kernel-5.1.3

--- Reproduce script ---

```
#!/bin/bash

mnt_dir="./tmp-dir"
disk=./jfs.img

dd if=/dev/zero of=$disk bs=5M count=10
mkfs.jfs $disk

mkdir -pv "$mnt_dir"

mount "$disk" "$mnt_dir" -o "nointegrity,grpquota"

mkdir "$mnt_dir/a"

umount "$mnt_dir" # BUG occurs here
```

--- end ---

--- core dump ---
```
[   44.684910] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080
[   44.686081] #PF error: [normal kernel read fault]
[   44.686748] PGD 0 P4D 0 
[   44.687120] Oops: 0000 [#1] SMP PTI
[   44.687640] CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.1.3 #4
[   44.688500] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
[   44.689830] Workqueue: writeback wb_workfn (flush-7:0)
[   44.690562] RIP: 0010:lbmStartIO+0x62/0x140
[   44.691158] Code: 0c 00 00 48 c7 c2 e0 45 fe a8 e8 89 38 36 00 48 89 c5 41 8b 44 24 3c 8d 48 f7 48 8b 43 30 48 d3 e0 48 89 45 28 49 8b 44 24 20 <4c> 8b a8 80 00 00 00 4c 39 6d 08 74 17 e8 cc d1 c6 ff 66 81 65 14
[   44.693776] RSP: 0000:ffffafab00353938 EFLAGS: 00010246
[   44.694515] RAX: 0000000000000000 RBX: ffff9dadac43af80 RCX: 0000000000000003
[   44.695522] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[   44.696526] RBP: ffff9dadac52dc00 R08: ffff9dadbd7e4980 R09: 0000000000024ea0
[   44.697528] R10: 0000000000000001 R11: ffff9dadbffdc000 R12: ffff9dadac65d600
[   44.698524] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000002
[   44.699532] FS:  0000000000000000(0000) GS:ffff9dadbda00000(0000) knlGS:0000000000000000
[   44.700666] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   44.701476] CR2: 0000000000000080 CR3: 000000006c110000 CR4: 00000000000006f0
[   44.702478] Call Trace:
[   44.702854]  lbmWrite+0x164/0x1f0
[   44.703323]  lmGCwrite+0x12e/0x150
[   44.703819]  jfs_flush_journal+0x2b8/0x380
[   44.704400]  metapage_writepage+0x1b4/0x440
[   44.704993]  __writepage+0x24/0x80
[   44.705480]  write_cache_pages+0x3d2/0x810
[   44.706059]  ? __test_set_page_writeback+0x490/0x490
[   44.706763]  ? __switch_to_asm+0x40/0x70
[   44.707327]  ? __switch_to_asm+0x34/0x70
[   44.707885]  ? __switch_to_asm+0x40/0x70
[   44.708440]  ? __switch_to_asm+0x34/0x70
[   44.708997]  ? __switch_to_asm+0x40/0x70
[   44.709554]  ? __switch_to_asm+0x34/0x70
[   44.710111]  ? __switch_to_asm+0x40/0x70
[   44.710668]  ? __switch_to_asm+0x34/0x70
[   44.711223]  ? __switch_to_asm+0x40/0x70
[   44.711796]  ? __switch_to_asm+0x34/0x70
[   44.712366]  ? __switch_to_asm+0x40/0x70
[   44.712929]  do_writepages+0xe6/0x130
[   44.713453]  ? __switch_to_asm+0x34/0x70
[   44.713871]  ? __switch_to_asm+0x40/0x70
[   44.714337]  ? __switch_to_asm+0x34/0x70
[   44.714899]  ? __switch_to_asm+0x40/0x70
[   44.715467]  ? __switch_to_asm+0x34/0x70
[   44.716029]  __writeback_single_inode+0x7c/0x620
[   44.716686]  ? __schedule+0x257/0x730
[   44.717211]  writeback_sb_inodes+0x2ae/0x690
[   44.717821]  wb_writeback+0x187/0x4b0
[   44.718346]  ? set_worker_desc+0x7f/0xf0
[   44.718888]  ? wb_workfn+0x54/0x620
[   44.719222]  wb_workfn+0x114/0x620
[   44.719735]  ? __switch_to_asm+0x40/0x70
[   44.720291]  ? __switch_to_asm+0x34/0x70
[   44.720842]  ? __switch_to_asm+0x40/0x70
[   44.721373]  ? __switch_to_asm+0x34/0x70
[   44.721901]  ? __switch_to_asm+0x40/0x70
[   44.722430]  process_one_work+0x28f/0x650
[   44.722970]  worker_thread+0x56/0x5e0
[   44.723479]  kthread+0x122/0x170
[   44.723924]  ? process_one_work+0x650/0x650
[   44.724503]  ? kthread_park+0x110/0x110
[   44.725070]  ret_from_fork+0x35/0x40
[   44.725587] Modules linked in:
[   44.726044] Dumping ftrace buffer:
[   44.726509]    (ftrace buffer empty)
[   44.726994] CR2: 0000000000000080
[   44.727324] ---[ end trace 55fb01d11b665cd6 ]---
[   44.727767] RIP: 0010:lbmStartIO+0x62/0x140
[   44.728164] Code: 0c 00 00 48 c7 c2 e0 45 fe a8 e8 89 38 36 00 48 89 c5 41 8b 44 24 3c 8d 48 f7 48 8b 43 30 48 d3 e0 48 89 45 28 49 8b 44 24 20 <4c> 8b a8 80 00 00 00 4c 39 6d 08 74 17 e8 cc d1 c6 ff 66 81 65 14
[   44.729877] RSP: 0000:ffffafab00353938 EFLAGS: 00010246
[   44.730368] RAX: 0000000000000000 RBX: ffff9dadac43af80 RCX: 0000000000000003
[   44.731029] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[   44.731899] RBP: ffff9dadac52dc00 R08: ffff9dadbd7e4980 R09: 0000000000024ea0
[   44.732849] R10: 0000000000000001 R11: ffff9dadbffdc000 R12: ffff9dadac65d600
[   44.733799] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000002
[   44.734749] FS:  0000000000000000(0000) GS:ffff9dadbda00000(0000) knlGS:0000000000000000
[   44.735829] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   44.736597] CR2: 0000000000000080 CR3: 000000006c110000 CR4: 00000000000006f0
[   44.737549] Kernel panic - not syncing: Fatal exception
[   44.738392] Dumping ftrace buffer:
[   44.738861]    (ftrace buffer empty)
[   44.739354] Kernel Offset: 0x25a00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
```

Comment 1 Oleksandr 2019-06-17 19:45:31 UTC

I have done some changes and seems it starts working :
---
 fs/jfs/jfs_logmgr.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/jfs/jfs_logmgr.c b/fs/jfs/jfs_logmgr.c
index 6b68df3..3cd7026 100644
--- a/fs/jfs/jfs_logmgr.c
+++ b/fs/jfs/jfs_logmgr.c
@@ -1223,6 +1223,7 @@ static int open_dummy_log(struct super_block *sb)
                /* Make up some stuff */
                dummy_log->base = 0;
                dummy_log->size = 1024;
+               dummy_log->bdev = sb->s_bdev;
                rc = lmLogInit(dummy_log);
                if (rc) {
                        kfree(dummy_log);

Comment 2 Oleksandr 2019-06-17 19:46:20 UTC

maybe reformat patch needed

Comment 3 Oleksandr 2019-06-18 07:13:02 UTC

There seems bio_set_dev(bio, bdev) in case bdev is null then we get error

Note You need to log in before you can comment on or make changes to this bug.