From: kth5965@gmail.com
To: Chao Yu <chao@kernel.org>,
jaegeuk@kernel.org, linux-f2fs-devel@lists.sourceforge.net
Cc: syzbot+fc026e87558558f75c00@syzkaller.appspotmail.com,
linux-kernel@vger.kernel.org
Subject: Re: [f2fs-dev] [PATCH v2] f2fs: evict: truncate page cache before clear_inode
Date: Wed, 18 Mar 2026 00:28:38 +0900 [thread overview]
Message-ID: <20260317152838.26664-1-kth5965@gmail.com> (raw)
In-Reply-To: <9df7bc57-f0e1-4c7b-9ce1-0017eab62c2a@kernel.org>
Hi Chao,
I checked the repro again based on your comment and added some debug
logs around the related paths.
What I saw was roughly as follows.
There was already an abnormal inline state in the read path:
inline flag: set
data_exist: clear
blocks: present
This case was not rejected by sanity_check_inode(). From what I saw,
the inline sanity check does an early return when inode_has_blocks()
is true, so I think this case was skipped there. I think this may also
explain why there was no sanity warning in the log.
After that, in the eviction path, i_size was already reduced to 0, but
f2fs_truncate() still entered the inline conversion path, and
f2fs_convert_inline_inode() created folio 0 in the page cache first.
Then f2fs_convert_inline_folio() handled the empty inline case as
success because of !f2fs_exist_data(inode), and the created folio 0
remained in the page cache. Because of this, nrpages stayed 1 right
before clear_inode().
From this, I think there may be two possible directions for fixing
this:
1. prevent folio 0 from being created at all in the empty inline case,
or delay folio creation until it is actually needed
2. detect or guard this abnormal inline state earlier, in sanity check
or before that stage
At this point, both directions seem possible to me. I wanted to ask
which direction you think would be more appropriate.
If there is anything else I should check, please let me know.
Thanks.
next prev parent reply other threads:[~2026-03-17 15:28 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-24 16:06 [PATCH] f2fs: evict: truncate page cache before clear_inode Taerang Kim
2026-02-24 16:54 ` [PATCH v2] " Taerang Kim
2026-03-09 7:44 ` Chao Yu
2026-03-09 14:25 ` [f2fs-dev] " kth5965
2026-03-13 7:45 ` Chao Yu
2026-03-17 15:28 ` kth5965 [this message]
2026-03-18 3:40 ` Chao Yu
2026-03-19 15:11 ` kth5965
2026-03-23 3:14 ` Chao Yu
2026-03-31 15:24 ` kth5965
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260317152838.26664-1-kth5965@gmail.com \
--to=kth5965@gmail.com \
--cc=chao@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=syzbot+fc026e87558558f75c00@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox