From: Joseph Qi <joseph.qi@linux.alibaba.com>
To: Deepanshu Kartikey <kartikey406@gmail.com>,
mark@fasheh.com, jlbec@evilplan.org,
akpm <akpm@linux-foundation.org>
Cc: ocfs2-devel@lists.linux.dev, linux-kernel@vger.kernel.org,
syzbot+6fdd8fa3380730a4b22c@syzkaller.appspotmail.com
Subject: Re: [PATCH v2] ocfs2: clear extent cache after moving/defragmenting extents
Date: Fri, 10 Oct 2025 09:21:09 +0800 [thread overview]
Message-ID: <94c9efca-2805-4fcb-a52b-e26eac8f58e1@linux.alibaba.com> (raw)
In-Reply-To: <20251009154903.522339-1-kartikey406@gmail.com>
On 2025/10/9 23:49, Deepanshu Kartikey wrote:
> The extent map cache can become stale when extents are moved or
> defragmented, causing subsequent operations to see outdated extent
> flags. This triggers a BUG_ON in ocfs2_refcount_cal_cow_clusters().
>
> The problem occurs when:
> 1. copy_file_range() creates a reflinked extent with OCFS2_EXT_REFCOUNTED
> 2. ioctl(FITRIM) triggers ocfs2_move_extents()
> 3. __ocfs2_move_extents_range() reads and caches the extent (flags=0x2)
> 4. ocfs2_move_extent()/ocfs2_defrag_extent() calls __ocfs2_move_extent()
> which clears OCFS2_EXT_REFCOUNTED flag on disk (flags=0x0)
> 5. The extent map cache is not invalidated after the move
> 6. Later write() operations read stale cached flags (0x2) but disk has
> updated flags (0x0), causing a mismatch
> 7. BUG_ON(!(rec->e_flags & OCFS2_EXT_REFCOUNTED)) triggers
>
> Fix by clearing the extent map cache after each extent move/defrag
> operation in __ocfs2_move_extents_range(). This ensures subsequent
> operations read fresh extent data from disk.
>
> Link: https://lore.kernel.org/all/20251009142917.517229-1-kartikey406@gmail.com/T/
> Reported-by: syzbot+6fdd8fa3380730a4b22c@syzkaller.appspotmail.com
> Tested-by: syzbot+6fdd8fa3380730a4b22c@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?id=2959889e1f6e216585ce522f7e8bc002b46ad9e7
> Signed-off-by: Deepanshu Kartikey <kartikey406@gmail.com>
Looks fine.
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
> ---
> Changes in v2:
> - Fix moved to __ocfs2_move_extents_range() instead of ocfs2_refcount_cow()
> - The real issue is in FITRIM/move_extents code path, not COW path
> - COW path already clears cache at end of ocfs2_refcount_cow_hunk()
>
> fs/ocfs2/move_extents.c | 5 +++++
> 1 file changed, 5 insertions(+)
> ---
> fs/ocfs2/move_extents.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/fs/ocfs2/move_extents.c b/fs/ocfs2/move_extents.c
> index 86f2631e6360..10923bf7c8b8 100644
> --- a/fs/ocfs2/move_extents.c
> +++ b/fs/ocfs2/move_extents.c
> @@ -867,6 +867,11 @@ static int __ocfs2_move_extents_range(struct buffer_head *di_bh,
> mlog_errno(ret);
> goto out;
> }
> + /*
> + * Invalidate extent cache after moving/defragging to prevent
> + * stale cached data with outdated extent flags.
> + */
> + ocfs2_extent_map_trunc(inode, cpos);
>
> context->clusters_moved += alloc_size;
> next:
next prev parent reply other threads:[~2025-10-10 1:21 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-09 15:49 [PATCH v2] ocfs2: clear extent cache after moving/defragmenting extents Deepanshu Kartikey
2025-10-09 16:18 ` Mark Fasheh
2025-10-10 1:21 ` Joseph Qi [this message]
2025-10-11 7:31 ` Heming Zhao
2025-10-10 1:37 ` Andrew Morton
-- strict thread matches above, loose matches on Subject: below --
2025-10-10 2:00 Deepanshu Kartikey
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=94c9efca-2805-4fcb-a52b-e26eac8f58e1@linux.alibaba.com \
--to=joseph.qi@linux.alibaba.com \
--cc=akpm@linux-foundation.org \
--cc=jlbec@evilplan.org \
--cc=kartikey406@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mark@fasheh.com \
--cc=ocfs2-devel@lists.linux.dev \
--cc=syzbot+6fdd8fa3380730a4b22c@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox