| Message ID | 20230905045753.24964-1-chao@kernel.org (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | a4639380bbe66172df329f8b54aa7d2e943f0f64 |
| Headers | show |
| Series | [f2fs-dev] f2fs: fix to drop meta_inode's page cache in f2fs_put_super() | expand |
Hello: This patch was applied to jaegeuk/f2fs.git (dev) by Jaegeuk Kim <jaegeuk@kernel.org>: On Tue, 5 Sep 2023 12:57:53 +0800 you wrote: > syzbot reports a kernel bug as below: > > F2FS-fs (loop1): detect filesystem reference count leak during umount, type: 10, count: 1 > kernel BUG at fs/f2fs/super.c:1639! > CPU: 0 PID: 15451 Comm: syz-executor.1 Not tainted 6.5.0-syzkaller-09338-ge0152e7481c6 #0 > RIP: 0010:f2fs_put_super+0xce1/0xed0 fs/f2fs/super.c:1639 > Call Trace: > generic_shutdown_super+0x161/0x3c0 fs/super.c:693 > kill_block_super+0x3b/0x70 fs/super.c:1646 > kill_f2fs_super+0x2b7/0x3d0 fs/f2fs/super.c:4879 > deactivate_locked_super+0x9a/0x170 fs/super.c:481 > deactivate_super+0xde/0x100 fs/super.c:514 > cleanup_mnt+0x222/0x3d0 fs/namespace.c:1254 > task_work_run+0x14d/0x240 kernel/task_work.c:179 > resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] > exit_to_user_mode_loop kernel/entry/common.c:171 [inline] > exit_to_user_mode_prepare+0x210/0x240 kernel/entry/common.c:204 > __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline] > syscall_exit_to_user_mode+0x1d/0x60 kernel/entry/common.c:296 > do_syscall_64+0x44/0xb0 arch/x86/entry/common.c:86 > entry_SYSCALL_64_after_hwframe+0x63/0xcd > > [...] Here is the summary with links: - [f2fs-dev] f2fs: fix to drop meta_inode's page cache in f2fs_put_super() https://git.kernel.org/jaegeuk/f2fs/c/a4639380bbe6 You are awesome, thank you!
diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index 9ef9d5baece0..973184f267cb 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1675,7 +1675,7 @@ static void f2fs_put_super(struct super_block *sb) f2fs_wait_on_all_pages(sbi, F2FS_WB_CP_DATA); - if (err) { + if (err || f2fs_cp_error(sbi)) { truncate_inode_pages_final(NODE_MAPPING(sbi)); truncate_inode_pages_final(META_MAPPING(sbi)); }
syzbot reports a kernel bug as below: F2FS-fs (loop1): detect filesystem reference count leak during umount, type: 10, count: 1 kernel BUG at fs/f2fs/super.c:1639! CPU: 0 PID: 15451 Comm: syz-executor.1 Not tainted 6.5.0-syzkaller-09338-ge0152e7481c6 #0 RIP: 0010:f2fs_put_super+0xce1/0xed0 fs/f2fs/super.c:1639 Call Trace: generic_shutdown_super+0x161/0x3c0 fs/super.c:693 kill_block_super+0x3b/0x70 fs/super.c:1646 kill_f2fs_super+0x2b7/0x3d0 fs/f2fs/super.c:4879 deactivate_locked_super+0x9a/0x170 fs/super.c:481 deactivate_super+0xde/0x100 fs/super.c:514 cleanup_mnt+0x222/0x3d0 fs/namespace.c:1254 task_work_run+0x14d/0x240 kernel/task_work.c:179 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop kernel/entry/common.c:171 [inline] exit_to_user_mode_prepare+0x210/0x240 kernel/entry/common.c:204 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline] syscall_exit_to_user_mode+0x1d/0x60 kernel/entry/common.c:296 do_syscall_64+0x44/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd In f2fs_put_super(), it tries to do sanity check on dirty and IO reference count of f2fs, once there is any reference count leak, it will trigger panic. The root case is, during f2fs_put_super(), if there is any IO error in f2fs_wait_on_all_pages(), we missed to truncate meta_inode's page cache later, result in panic, fix this case. Fixes: 20872584b8c0 ("f2fs: fix to drop all dirty meta/node pages during umount()") Reported-by: syzbot+ebd7072191e2eddd7d6e@syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-f2fs-devel/000000000000a14f020604a62a98@google.com Signed-off-by: Chao Yu <chao@kernel.org> --- fs/f2fs/super.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)