From nobody Mon Feb  9 02:02:06 2026
Received: from outboundhk.mxmail.xiaomi.com (outboundhk.mxmail.xiaomi.com
 [207.226.244.122])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 28BB71C1F22
	for <linux-kernel@vger.kernel.org>; Thu, 23 Jan 2025 07:15:29 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=207.226.244.122
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1737616532; cv=none;
 b=FmeueOLGzAelY4vDa7SHKB98vWH/+f4di9qkDZaD+vpVm3vezbUFXywu1/C/VnwK00xvPo91B3r4KoYFGvMOe8FYqXMtzb1ELcN4DDJ8Px2JMMKzz5lLylNXZ26YWsD8lJ0iWYxM1BOkprPxGSqoE24P0ZOsWIVRyylxp+IYyvw=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1737616532; c=relaxed/simple;
	bh=E3eMr1ciJIq0sVODlr6e87SrVK/QSP2RZqg1Z7iII+E=;
	h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type;
 b=gCmNSnosJT/6QCVaz6UJnIi9+MPbQQgADMcrEuORqQuH5KIb+TExYne5JCM6HCG35k6fiIohdyczBwUxy2elV90yqQtNIj8iofIKO4dVGjc1nKEld5lHdBc9a1vH20wXR762E2lz3sok2mE0bjodKj5QWKQ4MzZMGpADTPaeF5A=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=xiaomi.com;
 spf=pass smtp.mailfrom=xiaomi.com; arc=none smtp.client-ip=207.226.244.122
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=xiaomi.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=xiaomi.com
X-CSE-ConnectionGUID: 33F8P/r9SuOQculHWvQUTg==
X-CSE-MsgGUID: fsJpJdfeQyi1PQl6b1AImg==
X-IronPort-AV: E=Sophos;i="6.13,227,1732550400";
   d="scan'208";a="131114153"
From: Jianan Huang <huangjianan@xiaomi.com>
To: <linux-f2fs-devel@lists.sourceforge.net>, <chao@kernel.org>,
	<jaegeuk@kernel.org>
CC: <linux-kernel@vger.kernel.org>, <daehojeong@google.com>,
	<heyunlei@xiaomi.com>, <wanghui33@xiaomi.com>, <yudongbin@xiaomi.com>,
	<jnhuang95@gmail.com>, Jianan Huang <huangjianan@xiaomi.com>
Subject: [PATCH] f2fs: fix inconsistent dirty state of atomic file
Date: Thu, 23 Jan 2025 15:14:17 +0800
Message-ID: <20250123071417.253019-1-huangjianan@xiaomi.com>
X-Mailer: git-send-email 2.43.0
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: BJ-MBX17.mioffice.cn (10.237.8.137) To YZ-MBX05.mioffice.cn
 (10.237.88.125)
Content-Type: text/plain; charset="utf-8"

When testing the atomic write fix patches, the f2fs_bug_on was
triggered as below:

------------[ cut here ]------------
kernel BUG at fs/f2fs/inode.c:935!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI
CPU: 3 UID: 0 PID: 257 Comm: bash Not tainted 6.13.0-rc1-00033-gc283a70d349=
7 #5
RIP: 0010:f2fs_evict_inode+0x50f/0x520
Call Trace:
 <TASK>
 ? __die_body+0x65/0xb0
 ? die+0x9f/0xc0
 ? do_trap+0xa1/0x170
 ? f2fs_evict_inode+0x50f/0x520
 ? f2fs_evict_inode+0x50f/0x520
 ? handle_invalid_op+0x65/0x80
 ? f2fs_evict_inode+0x50f/0x520
 ? exc_invalid_op+0x39/0x50
 ? asm_exc_invalid_op+0x1a/0x20
 ? __pfx_f2fs_get_dquots+0x10/0x10
 ? f2fs_evict_inode+0x50f/0x520
 ? f2fs_evict_inode+0x2e5/0x520
 evict+0x186/0x2f0
 prune_icache_sb+0x75/0xb0
 super_cache_scan+0x1a8/0x200
 do_shrink_slab+0x163/0x320
 shrink_slab+0x2fc/0x470
 drop_slab+0x82/0xf0
 drop_caches_sysctl_handler+0x4e/0xb0
 proc_sys_call_handler+0x183/0x280
 vfs_write+0x36d/0x450
 ksys_write+0x68/0xd0
 do_syscall_64+0xc8/0x1a0
 ? arch_exit_to_user_mode_prepare+0x11/0x60
 ? irqentry_exit_to_user_mode+0x7e/0xa0

The root cause is: f2fs uses FI_ATOMIC_DIRTIED to indicate dirty
atomic files during commit. If the inode is dirtied during commit,
such as by f2fs_i_pino_write, the vfs inode keeps clean and the
f2fs inode is set to FI_DIRTY_INODE. The FI_DIRTY_INODE flag cann't
be cleared by write_inode later due to the clean vfs inode. Finally,
f2fs_bug_on is triggered due to this inconsistent state when evict.

To reproduce this situation:
- fd =3D open("/mnt/test.db", O_WRONLY)
- ioctl(fd, F2FS_IOC_START_ATOMIC_WRITE)
- mv /mnt/test.db /mnt/test1.db
- ioctl(fd, F2FS_IOC_COMMIT_ATOMIC_WRITE)
- echo 3 > /proc/sys/vm/drop_caches

To fix this problem, clear FI_DIRTY_INODE after commit, then
f2fs_mark_inode_dirty_sync will ensure a consistent dirty state.

Fixes: fccaa81de87e ("f2fs: prevent atomic file from being dirtied before c=
ommit")
Signed-off-by: Yunlei He <heyunlei@xiaomi.com>
Signed-off-by: Jianan Huang <huangjianan@xiaomi.com>
---
 fs/f2fs/segment.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index dc1b47f9269a..71b509a31eae 100644
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -201,6 +201,7 @@ void f2fs_abort_atomic_write(struct inode *inode, bool =
clean)
 	clear_inode_flag(inode, FI_ATOMIC_FILE);
 	if (is_inode_flag_set(inode, FI_ATOMIC_DIRTIED)) {
 		clear_inode_flag(inode, FI_ATOMIC_DIRTIED);
+		clear_inode_flag(inode, FI_DIRTY_INODE);
 		f2fs_mark_inode_dirty_sync(inode, true);
 	}
 	stat_dec_atomic_inode(inode);
--=20
2.43.0