From: Chao Yu <chao@kernel.org>
To: Jianan Huang <huangjianan@xiaomi.com>,
linux-f2fs-devel@lists.sourceforge.net, jaegeuk@kernel.org
Cc: chao@kernel.org, wanghui33@xiaomi.com,
linux-kernel@vger.kernel.org, Sheng Yong <shengyong1@xiaomi.com>
Subject: Re: [PATCH v2] f2fs: avoid reading already updated pages during GC
Date: Thu, 5 Mar 2026 09:38:37 +0800 [thread overview]
Message-ID: <40f2718e-73b7-415f-9ea1-fb478b987ffe@kernel.org> (raw)
In-Reply-To: <20260305011810.4189655-1-huangjianan@xiaomi.com>
On 2026/3/5 09:18, Jianan Huang wrote:
> We found the following issue during fuzz testing:
>
> page: refcount:3 mapcount:0 mapping:00000000b6e89c65 index:0x18b2dc pfn:0x161ba9
> memcg:f8ffff800e269c00
> aops:f2fs_meta_aops ino:2
> flags: 0x52880000000080a9(locked|waiters|uptodate|lru|private|zone=1|kasantag=0x4a)
> raw: 52880000000080a9 fffffffec6e17588 fffffffec0ccc088 a7ffff8067063618
> raw: 000000000018b2dc 0000000000000009 00000003ffffffff f8ffff800e269c00
> page dumped because: VM_BUG_ON_FOLIO(folio_test_uptodate(folio))
> page_owner tracks the page as allocated
> post_alloc_hook+0x58c/0x5ec
> prep_new_page+0x34/0x284
> get_page_from_freelist+0x2dcc/0x2e8c
> __alloc_pages_noprof+0x280/0x76c
> __folio_alloc_noprof+0x18/0xac
> __filemap_get_folio+0x6bc/0xdc4
> pagecache_get_page+0x3c/0x104
> do_garbage_collect+0x5c78/0x77a4
> f2fs_gc+0xd74/0x25f0
> gc_thread_func+0xb28/0x2930
> kthread+0x464/0x5d8
> ret_from_fork+0x10/0x20
> ------------[ cut here ]------------
> kernel BUG at mm/filemap.c:1563!
> folio_end_read+0x140/0x168
> f2fs_finish_read_bio+0x5c4/0xb80
> f2fs_read_end_io+0x64c/0x708
> bio_endio+0x85c/0x8c0
> blk_update_request+0x690/0x127c
> scsi_end_request+0x9c/0xb8c
> scsi_io_completion+0xf0/0x250
> scsi_finish_command+0x430/0x45c
> scsi_complete+0x178/0x6d4
> blk_mq_complete_request+0xcc/0x104
> scsi_done_internal+0x214/0x454
> scsi_done+0x24/0x34
>
> which is similar to the problem reported by syzbot:
> https://syzkaller.appspot.com/bug?extid=3686758660f980b402dc
>
> This case is consistent with the description in commit 9bf1a3f
> ("f2fs: avoid GC causing encrypted file corrupted"):
> Page 1 is moved from blkaddr A to blkaddr B by move_data_block, and after
> being written it is marked as uptodate. Then, Page 1 is moved from blkaddr
> B to blkaddr C, VM_BUG_ON_FOLIO was triggered in the endio initiated by
> ra_data_block.
>
> There is no need to read Page 1 again from blkaddr B, since it has already
> been updated. Therefore, avoid initiating I/O in this case.
>
> Fixes: 6aa58d8ad20a ("f2fs: readahead encrypted block during GC")
> Signed-off-by: Jianan Huang <huangjianan@xiaomi.com>
> Signed-off-by: Sheng Yong <shengyong1@xiaomi.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Thanks,
next prev parent reply other threads:[~2026-03-05 1:38 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-05 1:18 [PATCH v2] f2fs: avoid reading already updated pages during GC Jianan Huang
2026-03-05 1:38 ` Chao Yu [this message]
2026-03-05 19:10 ` [f2fs-dev] " patchwork-bot+f2fs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40f2718e-73b7-415f-9ea1-fb478b987ffe@kernel.org \
--to=chao@kernel.org \
--cc=huangjianan@xiaomi.com \
--cc=jaegeuk@kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=shengyong1@xiaomi.com \
--cc=wanghui33@xiaomi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox