fs/f2fs/segment.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Syzbot reports a f2fs bug as below:
INFO: task syz-executor328:5856 blocked for more than 144 seconds.
Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor328 state:D stack:24392 pid:5856 tgid:5832 ppid:5826 task_flags:0x400040 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5382 [inline]
__schedule+0x168f/0x4c70 kernel/sched/core.c:6767
__schedule_loop kernel/sched/core.c:6845 [inline]
schedule+0x165/0x360 kernel/sched/core.c:6860
io_schedule+0x81/0xe0 kernel/sched/core.c:7742
f2fs_balance_fs+0x4b4/0x780 fs/f2fs/segment.c:444
f2fs_map_blocks+0x3af1/0x43b0 fs/f2fs/data.c:1791
f2fs_expand_inode_data+0x653/0xaf0 fs/f2fs/file.c:1872
f2fs_fallocate+0x4f5/0x990 fs/f2fs/file.c:1975
vfs_fallocate+0x6a0/0x830 fs/open.c:338
ioctl_preallocate fs/ioctl.c:290 [inline]
file_ioctl fs/ioctl.c:-1 [inline]
do_vfs_ioctl+0x1b8f/0x1eb0 fs/ioctl.c:885
__do_sys_ioctl fs/ioctl.c:904 [inline]
__se_sys_ioctl+0x82/0x170 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
The root cause is after commit 84b5bb8bf0f6 ("f2fs: modify
f2fs_is_checkpoint_ready logic to allow more data to be written with the
CP disable"), we will get chance to allow f2fs_is_checkpoint_ready() to
return true once below conditions are all true:
1. checkpoint is disabled
2. there are not enough free segments
3. there are enough free blocks
Then it will cause f2fs_balance_fs() to trigger foreground GC.
void f2fs_balance_fs(struct f2fs_sb_info *sbi, bool need)
...
if (!f2fs_is_checkpoint_ready(sbi))
return;
And the testcase mounts f2fs image w/ gc_merge,checkpoint=disable, so deadloop
will happen through below race condition:
- f2fs_do_shutdown - vfs_fallocate - gc_thread_func
- file_start_write
- __sb_start_write(SB_FREEZE_WRITE)
- f2fs_fallocate
- f2fs_expand_inode_data
- f2fs_map_blocks
- f2fs_balance_fs
- prepare_to_wait
- wake_up(gc_wait_queue_head)
- io_schedule
- bdev_freeze
- freeze_super
- sb->s_writers.frozen = SB_FREEZE_WRITE;
- sb_wait_write(sb, SB_FREEZE_WRITE);
- if (sbi->sb->s_writers.frozen >= SB_FREEZE_WRITE) continue;
: cause deadloop
This patch fix to add check condition in f2fs_balance_fs(), so that if
checkpoint is disabled, we will just skip trigger foreground GC to
avoid such deadloop issue.
Meanwhile let's remove f2fs_is_checkpoint_ready() check condition in
f2fs_balance_fs(), since it's redundant, due to the main logic in the
function is to check:
a) whether checkpoint is disabled
b) there is enough free segments
f2fs_balance_fs() still has all logics after f2fs_is_checkpoint_ready()'s
removal.
Reported-by: syzbot+aa5bb5f6860e08a60450@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/linux-f2fs-devel/682d743a.a00a0220.29bc26.0289.GAE@google.com
Fixes: 84b5bb8bf0f6 ("f2fs: modify f2fs_is_checkpoint_ready logic to allow more data to be written with the CP disable")
Cc: Qi Han <hanqi@vivo.com>
Signed-off-by: Chao Yu <chao@kernel.org>
---
v3:
- clean up the codes
fs/f2fs/segment.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index 5ff0111ed974..24b4bb2a4b9b 100644
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -433,7 +433,7 @@ void f2fs_balance_fs(struct f2fs_sb_info *sbi, bool need)
if (need && excess_cached_nats(sbi))
f2fs_balance_fs_bg(sbi, false);
- if (!f2fs_is_checkpoint_ready(sbi))
+ if (unlikely(is_sbi_flag_set(sbi, SBI_CP_DISABLED)))
return;
/*
--
2.49.0Chao Yu via Linux-f2fs-devel <linux-f2fs-devel@lists.sourceforge.net>
于2025年5月23日周五 11:30写道:
>
> Syzbot reports a f2fs bug as below:
>
> INFO: task syz-executor328:5856 blocked for more than 144 seconds.
> Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:syz-executor328 state:D stack:24392 pid:5856 tgid:5832 ppid:5826 task_flags:0x400040 flags:0x00004006
> Call Trace:
> <TASK>
> context_switch kernel/sched/core.c:5382 [inline]
> __schedule+0x168f/0x4c70 kernel/sched/core.c:6767
> __schedule_loop kernel/sched/core.c:6845 [inline]
> schedule+0x165/0x360 kernel/sched/core.c:6860
> io_schedule+0x81/0xe0 kernel/sched/core.c:7742
> f2fs_balance_fs+0x4b4/0x780 fs/f2fs/segment.c:444
> f2fs_map_blocks+0x3af1/0x43b0 fs/f2fs/data.c:1791
> f2fs_expand_inode_data+0x653/0xaf0 fs/f2fs/file.c:1872
> f2fs_fallocate+0x4f5/0x990 fs/f2fs/file.c:1975
> vfs_fallocate+0x6a0/0x830 fs/open.c:338
> ioctl_preallocate fs/ioctl.c:290 [inline]
> file_ioctl fs/ioctl.c:-1 [inline]
> do_vfs_ioctl+0x1b8f/0x1eb0 fs/ioctl.c:885
> __do_sys_ioctl fs/ioctl.c:904 [inline]
> __se_sys_ioctl+0x82/0x170 fs/ioctl.c:892
> do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
> do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
> entry_SYSCALL_64_after_hwframe+0x77/0x7f
>
> The root cause is after commit 84b5bb8bf0f6 ("f2fs: modify
> f2fs_is_checkpoint_ready logic to allow more data to be written with the
> CP disable"), we will get chance to allow f2fs_is_checkpoint_ready() to
> return true once below conditions are all true:
> 1. checkpoint is disabled
> 2. there are not enough free segments
> 3. there are enough free blocks
>
> Then it will cause f2fs_balance_fs() to trigger foreground GC.
>
> void f2fs_balance_fs(struct f2fs_sb_info *sbi, bool need)
> ...
> if (!f2fs_is_checkpoint_ready(sbi))
> return;
>
> And the testcase mounts f2fs image w/ gc_merge,checkpoint=disable, so deadloop
> will happen through below race condition:
>
> - f2fs_do_shutdown - vfs_fallocate - gc_thread_func
> - file_start_write
> - __sb_start_write(SB_FREEZE_WRITE)
> - f2fs_fallocate
> - f2fs_expand_inode_data
> - f2fs_map_blocks
> - f2fs_balance_fs
> - prepare_to_wait
> - wake_up(gc_wait_queue_head)
> - io_schedule
> - bdev_freeze
> - freeze_super
> - sb->s_writers.frozen = SB_FREEZE_WRITE;
> - sb_wait_write(sb, SB_FREEZE_WRITE);
> - if (sbi->sb->s_writers.frozen >= SB_FREEZE_WRITE) continue;
> : cause deadloop
>
> This patch fix to add check condition in f2fs_balance_fs(), so that if
> checkpoint is disabled, we will just skip trigger foreground GC to
> avoid such deadloop issue.
>
> Meanwhile let's remove f2fs_is_checkpoint_ready() check condition in
> f2fs_balance_fs(), since it's redundant, due to the main logic in the
> function is to check:
> a) whether checkpoint is disabled
> b) there is enough free segments
>
> f2fs_balance_fs() still has all logics after f2fs_is_checkpoint_ready()'s
> removal.
>
> Reported-by: syzbot+aa5bb5f6860e08a60450@syzkaller.appspotmail.com
> Closes: https://lore.kernel.org/linux-f2fs-devel/682d743a.a00a0220.29bc26.0289.GAE@google.com
> Fixes: 84b5bb8bf0f6 ("f2fs: modify f2fs_is_checkpoint_ready logic to allow more data to be written with the CP disable")
> Cc: Qi Han <hanqi@vivo.com>
> Signed-off-by: Chao Yu <chao@kernel.org>
> ---
> v3:
> - clean up the codes
> fs/f2fs/segment.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
> index 5ff0111ed974..24b4bb2a4b9b 100644
> --- a/fs/f2fs/segment.c
> +++ b/fs/f2fs/segment.c
> @@ -433,7 +433,7 @@ void f2fs_balance_fs(struct f2fs_sb_info *sbi, bool need)
> if (need && excess_cached_nats(sbi))
> f2fs_balance_fs_bg(sbi, false);
>
> - if (!f2fs_is_checkpoint_ready(sbi))
> + if (unlikely(is_sbi_flag_set(sbi, SBI_CP_DISABLED)))
> return;
Reviewed-by: Zhiguo Niu <zhiguo.niu@unisoc.com>
thanks!
>
> /*
> --
> 2.49.0
>
>
>
> _______________________________________________
> Linux-f2fs-devel mailing list
> Linux-f2fs-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
© 2016 - 2025 Red Hat, Inc.