linux-f2fs-devel Mailing List for linux-f2fs
Brought to you by:
kjgkr
Menu
▾
▴
linux-f2fs-devel — The f2fs filesystem development
You can subscribe to this list here.
| 2012 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(10) |
Dec
(98) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2013 |
Jan
(100) |
Feb
(72) |
Mar
(79) |
Apr
(122) |
May
(93) |
Jun
(97) |
Jul
(72) |
Aug
(72) |
Sep
(73) |
Oct
(121) |
Nov
(161) |
Dec
(206) |
| 2014 |
Jan
(75) |
Feb
(54) |
Mar
(82) |
Apr
(98) |
May
(67) |
Jun
(89) |
Jul
(136) |
Aug
(122) |
Sep
(136) |
Oct
(58) |
Nov
(87) |
Dec
(114) |
| 2015 |
Jan
(140) |
Feb
(129) |
Mar
(141) |
Apr
(71) |
May
(192) |
Jun
(52) |
Jul
(120) |
Aug
(125) |
Sep
(157) |
Oct
(100) |
Nov
(54) |
Dec
(248) |
| 2016 |
Jan
(301) |
Feb
(180) |
Mar
(138) |
Apr
(137) |
May
(145) |
Jun
(123) |
Jul
(98) |
Aug
(143) |
Sep
(196) |
Oct
(166) |
Nov
(205) |
Dec
(141) |
| 2017 |
Jan
(167) |
Feb
(275) |
Mar
(273) |
Apr
(239) |
May
(193) |
Jun
(171) |
Jul
(226) |
Aug
(153) |
Sep
(212) |
Oct
(311) |
Nov
(257) |
Dec
(418) |
| 2018 |
Jan
(474) |
Feb
(188) |
Mar
(252) |
Apr
(500) |
May
(176) |
Jun
(291) |
Jul
(361) |
Aug
(331) |
Sep
(355) |
Oct
(154) |
Nov
(209) |
Dec
(185) |
| 2019 |
Jan
(172) |
Feb
(214) |
Mar
(247) |
Apr
(425) |
May
(273) |
Jun
(360) |
Jul
(400) |
Aug
(409) |
Sep
(149) |
Oct
(218) |
Nov
(319) |
Dec
(225) |
| 2020 |
Jan
(231) |
Feb
(487) |
Mar
(411) |
Apr
(258) |
May
(292) |
Jun
(369) |
Jul
(407) |
Aug
(173) |
Sep
(266) |
Oct
(317) |
Nov
(273) |
Dec
(391) |
| 2021 |
Jan
(285) |
Feb
(130) |
Mar
(232) |
Apr
(156) |
May
(311) |
Jun
(252) |
Jul
(336) |
Aug
(326) |
Sep
(151) |
Oct
(86) |
Nov
(114) |
Dec
(125) |
| 2022 |
Jan
(132) |
Feb
(167) |
Mar
(230) |
Apr
(460) |
May
(334) |
Jun
(324) |
Jul
(147) |
Aug
(188) |
Sep
(262) |
Oct
(346) |
Nov
(314) |
Dec
(245) |
| 2023 |
Jan
(306) |
Feb
(190) |
Mar
(199) |
Apr
(444) |
May
(378) |
Jun
(441) |
Jul
(403) |
Aug
(464) |
Sep
(144) |
Oct
(98) |
Nov
(152) |
Dec
(212) |
| 2024 |
Jan
(288) |
Feb
(365) |
Mar
(218) |
Apr
(275) |
May
(200) |
Jun
(228) |
Jul
(255) |
Aug
(228) |
Sep
(280) |
Oct
(319) |
Nov
(241) |
Dec
(174) |
| 2025 |
Jan
(166) |
Feb
(171) |
Mar
(469) |
Apr
(235) |
May
(257) |
Jun
(342) |
Jul
(391) |
Aug
(328) |
Sep
(208) |
Oct
(26) |
Nov
|
Dec
|
|
From: Pedro D. G. <ped...@gm...> - 2025-10-04 03:19:13
|
folio_nr_pages() is a faster helper function to get the number of pages when
NR_PAGES_IN_LARGE_FOLIO is enabled.
Signed-off-by: Pedro Demarchi Gomes <ped...@gm...>
---
fs/f2fs/f2fs.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index 46be7560548c..4467a6e7471c 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -2036,7 +2036,7 @@ static inline struct f2fs_super_block *F2FS_RAW_SUPER(struct f2fs_sb_info *sbi)
static inline struct f2fs_super_block *F2FS_SUPER_BLOCK(struct folio *folio,
pgoff_t index)
{
- pgoff_t idx_in_folio = index % (1 << folio_order(folio));
+ pgoff_t idx_in_folio = index % folio_nr_pages(folio);
return (struct f2fs_super_block *)
(page_address(folio_page(folio, idx_in_folio)) +
--
2.39.5
|
|
From: Daeho J. <da...@gm...> - 2025-10-03 22:49:28
|
From: Daeho Jeong <dae...@go...> Zoned storage devices provide marginal over-capacity space, typically around 10%, for filesystem level storage control. By utilizing this extra capacity, we can safely reduce the default 'valid_thresh_ratio' to 80. This action helps to significantly prevent excessive garbage collection (GC) and the resulting power consumption, as the filesystem becomes less aggressive about cleaning segments that still hold a high percentage of valid data. Signed-off-by: Daeho Jeong <dae...@go...> --- fs/f2fs/gc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/f2fs/gc.h b/fs/f2fs/gc.h index 24e8b1c27acc..6c4d4567571e 100644 --- a/fs/f2fs/gc.h +++ b/fs/f2fs/gc.h @@ -25,7 +25,7 @@ #define DEF_GC_THREAD_CANDIDATE_RATIO 20 /* select 20% oldest sections as candidates */ #define DEF_GC_THREAD_MAX_CANDIDATE_COUNT 10 /* select at most 10 sections as candidates */ #define DEF_GC_THREAD_AGE_WEIGHT 60 /* age weight */ -#define DEF_GC_THREAD_VALID_THRESH_RATIO 95 /* do not GC over 95% valid block ratio for one time GC */ +#define DEF_GC_THREAD_VALID_THRESH_RATIO 80 /* do not GC over 80% valid block ratio for one time GC */ #define DEFAULT_ACCURACY_CLASS 10000 /* accuracy class */ #define LIMIT_INVALID_BLOCK 40 /* percentage over total user space */ -- 2.51.0.618.g983fd99d29-goog |
|
From: Daeho J. <da...@gm...> - 2025-10-03 22:43:25
|
From: Daeho Jeong <dae...@go...>
The current version missed setting one time GC for normal zoned GC
cycle. So, valid threshold control is not working. Need to fix it to
prevent excessive GC for zoned devices.
Fixes: e791d00bd06c ("f2fs: add valid block ratio not to do excessive GC for one time GC")
Signed-off-by: Daeho Jeong <dae...@go...>
---
fs/f2fs/gc.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c
index 098e9f71421e..88bbcf291034 100644
--- a/fs/f2fs/gc.c
+++ b/fs/f2fs/gc.c
@@ -38,13 +38,14 @@ static int gc_thread_func(void *data)
struct f2fs_gc_control gc_control = {
.victim_segno = NULL_SEGNO,
.should_migrate_blocks = false,
- .err_gc_skipped = false };
+ .err_gc_skipped = false,
+ .one_time = false };
wait_ms = gc_th->min_sleep_time;
set_freezable();
do {
- bool sync_mode, foreground = false;
+ bool sync_mode, foreground = false, gc_boost = false;
wait_event_freezable_timeout(*wq,
kthread_should_stop() ||
@@ -52,8 +53,12 @@ static int gc_thread_func(void *data)
gc_th->gc_wake,
msecs_to_jiffies(wait_ms));
- if (test_opt(sbi, GC_MERGE) && waitqueue_active(fggc_wq))
+ if (test_opt(sbi, GC_MERGE) && waitqueue_active(fggc_wq)) {
foreground = true;
+ gc_control.one_time = false;
+ } else if (f2fs_sb_has_blkzoned(sbi)) {
+ gc_control.one_time = true;
+ }
/* give it a try one time */
if (gc_th->gc_wake)
@@ -81,8 +86,6 @@ static int gc_thread_func(void *data)
continue;
}
- gc_control.one_time = false;
-
/*
* [GC triggering condition]
* 0. GC is not conducted currently.
@@ -132,7 +135,7 @@ static int gc_thread_func(void *data)
if (need_to_boost_gc(sbi)) {
decrease_sleep_time(gc_th, &wait_ms);
if (f2fs_sb_has_blkzoned(sbi))
- gc_control.one_time = true;
+ gc_boost = true;
} else {
increase_sleep_time(gc_th, &wait_ms);
}
@@ -141,7 +144,7 @@ static int gc_thread_func(void *data)
FOREGROUND : BACKGROUND);
sync_mode = (F2FS_OPTION(sbi).bggc_mode == BGGC_MODE_SYNC) ||
- (gc_control.one_time && gc_th->boost_gc_greedy);
+ (gc_boost && gc_th->boost_gc_greedy);
/* foreground GC was been triggered via f2fs_balance_fs() */
if (foreground && !f2fs_sb_has_blkzoned(sbi))
--
2.51.0.618.g983fd99d29-goog
|
|
From: <pr-...@ke...> - 2025-10-03 21:33:34
|
The pull request you sent on Fri, 3 Oct 2025 17:56:27 +0000: > git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git tags/f2fs-for-6.18-rc1 has been merged into torvalds/linux.git: https://git.kernel.org/torvalds/c/86d563ac5fb0c6f404e82692581bb67a6f35e5de Thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/prtracker.html |
|
From: Jaegeuk K. <ja...@ke...> - 2025-10-03 17:56:35
|
Hi Linus, Could you please consider this pull request? Thanks, The following changes since commit 8f5ae30d69d7543eee0d70083daf4de8fe15d585: Linux 6.17-rc1 (2025-08-10 19:41:16 +0300) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git tags/f2fs-for-6.18-rc1 for you to fetch changes up to 4e715744bf7b4e5521cc3b77f310060f862cb719: f2fs: add missing dput() when printing the donation list (2025-10-03 03:16:10 +0000) ---------------------------------------------------------------- f2fs-for-6.18-rc1 This release focuses on two primary updates for Android devices. First, it sets hash-based file name lookup as the default method to improve performance, while retaining an option to fall back to a linear lookup. Second, it resolves a persistent issue with the checkpoint=enable feature. The update further boosts performance by prefetching node blocks, merging FUA writes more efficiently, and optimizing block allocation policies. The release is rounded out by a comprehensive set of bug fixes that address memory safety, data integrity, and potential system hangs, along with minor documentation and code clean-ups. Enhancement: - add mount option and sysfs entry to tune the lookup mode - dump more information and add a timeout when enabling/disabling checkpoints - readahead node blocks in F2FS_GET_BLOCK_PRECACHE mode - merge FUA command with the existing writes - allocate HOT_DATA for IPU writes - Use allocate_section_policy to control write priority in multi-devices setups - add reserved nodes for privileged users - Add bggc_io_aware to adjust the priority of BG_GC when issuing IO - show the list of donation files Bug fix: - add missing dput() when printing the donation list - fix UAF issue in f2fs_merge_page_bio() - add sanity check on ei.len in __update_extent_tree_range() - fix infinite loop in __insert_extent_tree() - fix zero-sized extent for precache extents - fix to mitigate overhead of f2fs_zero_post_eof_page() - fix to avoid migrating empty section - fix to truncate first page in error path of f2fs_truncate() - fix to update map->m_next_extent correctly in f2fs_map_blocks() - fix wrong layout information on 16KB page - fix to do sanity check on node footer for non inode dnode - fix to avoid NULL pointer dereference in f2fs_check_quota_consistency() - fix to detect potential corrupted nid in free_nid_list - fix to clear unusable_cap for checkpoint=enable - fix to zero data after EOF for compressed file correctly - fix to avoid overflow while left shift operation - fix condition in __allow_reserved_blocks() ---------------------------------------------------------------- Bagas Sanjaya (6): Documentation: f2fs: Separate errors mode subtable Documentation: f2fs: Format compression level subtable Documentation: f2fs: Span write hint table section rows Documentation: f2fs: Wrap snippets in literal code blocks Documentation: f2fs: Indent compression_mode option list Documentation: f2fs: Reword title Chao Yu (22): f2fs: dump more information when checkpoint was blocked for long time f2fs: add time stats of checkpoint for debug f2fs: fix condition in __allow_reserved_blocks() f2fs: fix to avoid overflow while left shift operation f2fs: fix to zero data after EOF for compressed file correctly f2fs: clean up f2fs_truncate_partial_cluster() f2fs: fix to clear unusable_cap for checkpoint=enable f2fs: fix to detect potential corrupted nid in free_nid_list f2fs: add timeout in f2fs_enable_checkpoint() f2fs: dump more information for f2fs_{enable,disable}_checkpoint() f2fs: clean up w/ get_left_section_blocks() f2fs: fix to avoid NULL pointer dereference in f2fs_check_quota_consistency() f2fs: fix to allow removing qf_name f2fs: fix to do sanity check on node footer for non inode dnode f2fs: avoid unnecessary folio_clear_uptodate() for cleanup f2fs: clean up error handing of f2fs_submit_page_read() f2fs: fix to update map->m_next_extent correctly in f2fs_map_blocks() f2fs: fix to truncate first page in error path of f2fs_truncate() f2fs: fix to avoid migrating empty section f2fs: fix to mitigate overhead of f2fs_zero_post_eof_page() f2fs: add sanity check on ei.len in __update_extent_tree_range() f2fs: fix UAF issue in f2fs_merge_page_bio() Chunhai Guo (1): f2fs: add reserved nodes for privileged users Daniel Lee (2): f2fs: add lookup_mode mount option f2fs: add sysfs entry for effective lookup mode Jaegeuk Kim (5): f2fs: show the list of donation files f2fs: allocate HOT_DATA for IPU writes f2fs: merge FUA command with the existing writes f2fs: fix wrong layout information on 16KB page f2fs: add missing dput() when printing the donation list Liao Yuanhong (2): f2fs: Add bggc_io_aware to adjust the priority of BG_GC when issuing IO f2fs: Use allocate_section_policy to control write priority in multi-devices setups Soham Metha (1): docs: f2fs: fixed spelling mistakes in documentation Yunji Kang (1): f2fs: readahead node blocks in F2FS_GET_BLOCK_PRECACHE mode mason.zhang (1): f2fs: add error checking in do_write_page() wangzijie (2): f2fs: fix zero-sized extent for precache extents f2fs: fix infinite loop in __insert_extent_tree() Documentation/ABI/testing/sysfs-fs-f2fs | 56 ++++++++++++++- Documentation/filesystems/f2fs.rst | 122 ++++++++++++++++++++------------ fs/f2fs/checkpoint.c | 53 ++++++++++++++ fs/f2fs/compress.c | 43 ++++++----- fs/f2fs/data.c | 59 ++++++--------- fs/f2fs/dir.c | 17 ++++- fs/f2fs/extent_cache.c | 15 ++++ fs/f2fs/f2fs.h | 88 ++++++++++++++++++----- fs/f2fs/file.c | 49 +++++++------ fs/f2fs/gc.c | 25 ++++++- fs/f2fs/node.c | 77 ++++++++++++++------ fs/f2fs/node.h | 1 + fs/f2fs/recovery.c | 2 +- fs/f2fs/segment.c | 30 +++++++- fs/f2fs/segment.h | 28 ++++---- fs/f2fs/super.c | 121 +++++++++++++++++++++++++++---- fs/f2fs/sysfs.c | 119 ++++++++++++++++++++++++++++++- include/linux/f2fs_fs.h | 1 + 18 files changed, 702 insertions(+), 204 deletions(-) |
|
From: Eric B. <ebi...@ke...> - 2025-10-03 16:42:43
|
On Tue, Sep 16, 2025 at 02:13:39PM +0200, Jan Prusakowski wrote:
> On Mon, Sep 15, 2025 at 4:40 PM Eric Biggers <ebi...@ke...> wrote:
> >
> > On Mon, Sep 15, 2025 at 12:04:51PM +0200, Jan Prusakowski wrote:
> > > common/encrypt: Do not run _verify_ciphertext_for_encryption_policy on compressed FS
> >
> > A better title would be something like
> > "common/encrypt: Explicitly set the test file to uncompressed".
>
> Agreed, will fix that in v3.
>
> > > @@ -790,6 +790,13 @@ _do_verify_ciphertext_for_encryption_policy()
> > > _set_encpolicy $dir $keyspec $set_encpolicy_args -f $policy_flags
> > > for src in $tmp.testfile_*; do
> > > dst=$dir/${src##*.}
> > > + # To make sure the test file is not compressed we create an empty one
> > > + # and disable compression first (F2FS won't allow resetting the
> > > + # compression flag if the file has data already in it).
> > > + touch $dst
> > > + if lsattr $dst | grep -qE ".+c.+ $dst" ; then
> > > + chattr -c $dst
> > > + fi
> > > cp $src $dst
> > > inode=$(stat -c %i $dst)
> > > blocklist=$(_get_ciphertext_block_list $dst)
> >
> > Is adding 'm' (FS_NOCOMP_FL) needed too? If not, why does it exist?
>
> In my setup files created have FS_COMPR_FL set from the start. Just clearing
> FS_COMPR_FL appears to help as now all the tests using
> _verify_ciphertext_for_encryption_policy
> pass when I run them on f2fs with "-o compress_extension=*".
>
> Do you think we should add 'm' (FS_NOCOMP_FL) as well just in case some other FS
> behaves differently? Do you have any ideas on what other FS I should check?
I think so. It doesn't look like f2fs does anything with FS_NOCOMP_FL,
other than enforce that it's mutually exclusive with FS_COMPR_FL. But
there could be filesystems where 0 gives the default behavior (which
could be compress) and FS_NOCOMP_FL is needed to disable compression.
btrfs might do that, actually. It doesn't support encryption yet,
though, so these tests can't be run on btrfs.
I would just add FS_NOCOMP_FL and make sure it still works on f2fs.
- Eric
|
|
From: Nikola Z. I. <zla...@gm...> - 2025-10-03 13:47:52
|
Current i_nlink corruption check does not take into account directory inodes which have one additional i_nlink for their "." entry. Add additional check and a common corruption path. Reported-by: syz...@sy... Closes: https://syzkaller.appspot.com/bug?extid=c07d47c7bc68f47b9083 Fixes: 81edb983b3f5 ("f2fs: add check for deleted inode") Signed-off-by: Nikola Z. Ivanov <zla...@gm...> --- fs/f2fs/namei.c | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c index b882771e4699..68b33e8089b0 100644 --- a/fs/f2fs/namei.c +++ b/fs/f2fs/namei.c @@ -502,12 +502,14 @@ static struct dentry *f2fs_lookup(struct inode *dir, struct dentry *dentry, goto out; } - if (inode->i_nlink == 0) { + if (unlikely(inode->i_nlink == 0)) { f2fs_warn(F2FS_I_SB(inode), "%s: inode (ino=%lx) has zero i_nlink", __func__, inode->i_ino); - err = -EFSCORRUPTED; - set_sbi_flag(F2FS_I_SB(inode), SBI_NEED_FSCK); - goto out_iput; + goto corrupted; + } else if (unlikely(S_ISDIR(inode->i_mode) && inode->i_nlink == 1)) { + f2fs_warn(F2FS_I_SB(inode), "%s: directory inode (ino=%lx) has a single i_nlink", + __func__, inode->i_ino); + goto corrupted; } if (IS_ENCRYPTED(dir) && @@ -533,6 +535,9 @@ static struct dentry *f2fs_lookup(struct inode *dir, struct dentry *dentry, trace_f2fs_lookup_end(dir, !IS_ERR_OR_NULL(new) ? new : dentry, ino, IS_ERR(new) ? PTR_ERR(new) : err); return new; +corrupted: + err = -EFSCORRUPTED; + set_sbi_flag(F2FS_I_SB(inode), SBI_NEED_FSCK); out_iput: iput(inode); out: @@ -572,10 +577,11 @@ static int f2fs_unlink(struct inode *dir, struct dentry *dentry) if (unlikely(inode->i_nlink == 0)) { f2fs_warn(F2FS_I_SB(inode), "%s: inode (ino=%lx) has zero i_nlink", __func__, inode->i_ino); - err = -EFSCORRUPTED; - set_sbi_flag(F2FS_I_SB(inode), SBI_NEED_FSCK); - f2fs_folio_put(folio, false); - goto fail; + goto corrupted; + } else if (unlikely(S_ISDIR(inode->i_mode) && inode->i_nlink == 1)) { + f2fs_warn(F2FS_I_SB(inode), "%s: directory inode (ino=%lx) has a single i_nlink", + __func__, inode->i_ino); + goto corrupted; } f2fs_balance_fs(sbi, true); @@ -601,6 +607,12 @@ static int f2fs_unlink(struct inode *dir, struct dentry *dentry) if (IS_DIRSYNC(dir)) f2fs_sync_fs(sbi->sb, 1); + + goto fail; +corrupted: + err = -EFSCORRUPTED; + set_sbi_flag(F2FS_I_SB(inode), SBI_NEED_FSCK); + f2fs_folio_put(folio, false); fail: trace_f2fs_unlink_exit(inode, err); return err; -- 2.51.0 |
|
From: Adrian L. <adr...@pr...> - 2025-10-03 08:03:19
|
Dzień dobry, Czy jest możliwość nawiązania współpracy z Państwem? Z chęcią porozmawiam z osobą zajmującą się działaniami związanymi ze sprzedażą. Pomagamy skutecznie pozyskiwać nowych klientów. Zapraszam do kontaktu. Z pozdrowieniami Adrian Liszka |
|
From: syzbot <syz...@sy...> - 2025-10-03 06:37:42
|
Hello f2fs maintainers/developers, This is a 31-day syzbot report for the f2fs subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/f2fs During the period, 2 new issues were detected and 0 were fixed. In total, 8 issues are still open and 64 have already been fixed. Some of the still happening issues: Ref Crashes Repro Title <1> 1317 Yes INFO: task hung in f2fs_balance_fs https://syzkaller.appspot.com/bug?extid=8b85865808c8908a0d8c <2> 1179 Yes kernel BUG in f2fs_evict_inode (4) https://syzkaller.appspot.com/bug?extid=5c81eb8c0a380fa578b5 <3> 109 Yes INFO: task hung in f2fs_issue_checkpoint (2) https://syzkaller.appspot.com/bug?extid=8a7eea50810efde15b0a <4> 76 Yes kernel BUG in f2fs_write_end_io https://syzkaller.appspot.com/bug?extid=803dd716c4310d16ff3a --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syz...@go.... To disable reminders for individual bugs, reply with the following command: #syz set <Ref> no-reminders To change bug's subsystems, reply with: #syz set <Ref> subsystems: new-subsystem You may send multiple commands in a single email message. |
|
From: Jaegeuk K. <ja...@ke...> - 2025-10-03 03:15:44
|
On 10/03, Chao Yu wrote:
> On 2025/9/30 17:16, Haofeng Li wrote:
> > From: Haofeng Li <lih...@ky...>
> >
> > Fixes a memory leak issue in f2fs_move_inline_dirents() where
> > the ifolio is not properly released in certain error paths.
> >
> > Problem Analysis:
> > - In f2fs_try_convert_inline_dir(), ifolio is acquired via f2fs_get_inode_folio()
> > - When do_convert_inline_dir() fails, the caller expects ifolio to be released
> > - However, in f2fs_move_inline_dirents(), two specific error paths don't release ifolio
> >
> > Fixes: 201a05be9628a ("f2fs: add key function to handle inline dir")
> > Signed-off-by: Haofeng Li <lih...@ky...>
> > ---
> > fs/f2fs/inline.c | 8 ++++++--
> > 1 file changed, 6 insertions(+), 2 deletions(-)
> >
> > diff --git a/fs/f2fs/inline.c b/fs/f2fs/inline.c
> > index 58ac831ef704..2496866fc45d 100644
> > --- a/fs/f2fs/inline.c
> > +++ b/fs/f2fs/inline.c
> > @@ -425,7 +425,7 @@ static int f2fs_move_inline_dirents(struct inode *dir, struct folio *ifolio,
> > set_new_dnode(&dn, dir, ifolio, NULL, 0);
> > err = f2fs_reserve_block(&dn, 0);
>
> f2fs_reserve_block() will call f2fs_put_dnode() in its error path, it has
> unlocked & released inode folio?
>
> > if (err)
> > - goto out;
> > + goto out_put_ifolio;
> > if (unlikely(dn.data_blkaddr != NEW_ADDR)) {
> > f2fs_put_dnode(&dn);
>
> Ditto, or am I missing something?
It seems you're right. Let me drop this patch.
>
> Thanks,
>
> > @@ -434,7 +434,7 @@ static int f2fs_move_inline_dirents(struct inode *dir, struct folio *ifolio,
> > __func__, dir->i_ino, dn.data_blkaddr);
> > f2fs_handle_error(F2FS_F_SB(folio), ERROR_INVALID_BLKADDR);
> > err = -EFSCORRUPTED;
> > - goto out;
> > + goto out_put_ifolio;
> > }
> > f2fs_folio_wait_writeback(folio, DATA, true, true);
> > @@ -479,6 +479,10 @@ static int f2fs_move_inline_dirents(struct inode *dir, struct folio *ifolio,
> > out:
> > f2fs_folio_put(folio, true);
> > return err;
> > +
> > +out_put_ifolio:
> > + f2fs_folio_put(ifolio, true);
> > + goto out;
> > }
> > static int f2fs_add_inline_entries(struct inode *dir, void *inline_dentry)
|
|
From: <bug...@ke...> - 2025-10-03 03:13:49
|
https://bugzilla.kernel.org/show_bug.cgi?id=220575 --- Comment #19 from JY (JY...@me...) --- (In reply to Chao Yu from comment #18) > (In reply to JY from comment #16) > > I tried to modified: > > + set_page_private(bounce_page, (unsigned long)0x5566F2F5); > > > > But I got two results from different panics. > > fscrypt_pagecache_page(page):0x000000005566f2f5 and > > > > fscrypt_pagecache_page(page):0x0000000000000000 (As shown below) > > I think this is the same issue, actually, value of page->private should be > unpredictable, because this is a UAF issue, we don't know how system changes > the page after we freed it. > > So, can you please test the fix to check whether it can solve your problem > or not? Thanks a lot. :) No problem, it's my pleasure. :) -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug. |
|
From: <bug...@ke...> - 2025-10-03 02:44:58
|
https://bugzilla.kernel.org/show_bug.cgi?id=220575 --- Comment #18 from Chao Yu (ch...@ke...) --- (In reply to JY from comment #16) > I tried to modified: > + set_page_private(bounce_page, (unsigned long)0x5566F2F5); > > But I got two results from different panics. > fscrypt_pagecache_page(page):0x000000005566f2f5 and > > fscrypt_pagecache_page(page):0x0000000000000000 (As shown below) I think this is the same issue, actually, value of page->private should be unpredictable, because this is a UAF issue, we don't know how system changes the page after we freed it. So, can you please test the fix to check whether it can solve your problem or not? Thanks a lot. :) -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug. |
|
From: <bug...@ke...> - 2025-10-03 02:35:15
|
https://bugzilla.kernel.org/show_bug.cgi?id=220575 --- Comment #17 from Chao Yu (ch...@ke...) --- (In reply to JY from comment #14) > - inc_page_count(fio->sbi, WB_DATA_TYPE(page, false)); > + inc_page_count(fio->sbi, WB_DATA_TYPE(fio->page, false)); > Is that right? Yes, I think so. -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug. |
|
From: Chao Yu <ch...@ke...> - 2025-10-03 01:39:45
|
On 2025/9/30 17:16, Haofeng Li wrote:
> From: Haofeng Li <lih...@ky...>
>
> Fixes a memory leak issue in f2fs_move_inline_dirents() where
> the ifolio is not properly released in certain error paths.
>
> Problem Analysis:
> - In f2fs_try_convert_inline_dir(), ifolio is acquired via f2fs_get_inode_folio()
> - When do_convert_inline_dir() fails, the caller expects ifolio to be released
> - However, in f2fs_move_inline_dirents(), two specific error paths don't release ifolio
>
> Fixes: 201a05be9628a ("f2fs: add key function to handle inline dir")
> Signed-off-by: Haofeng Li <lih...@ky...>
> ---
> fs/f2fs/inline.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/fs/f2fs/inline.c b/fs/f2fs/inline.c
> index 58ac831ef704..2496866fc45d 100644
> --- a/fs/f2fs/inline.c
> +++ b/fs/f2fs/inline.c
> @@ -425,7 +425,7 @@ static int f2fs_move_inline_dirents(struct inode *dir, struct folio *ifolio,
> set_new_dnode(&dn, dir, ifolio, NULL, 0);
> err = f2fs_reserve_block(&dn, 0);
f2fs_reserve_block() will call f2fs_put_dnode() in its error path, it has
unlocked & released inode folio?
> if (err)
> - goto out;
> + goto out_put_ifolio;
>
> if (unlikely(dn.data_blkaddr != NEW_ADDR)) {
> f2fs_put_dnode(&dn);
Ditto, or am I missing something?
Thanks,
> @@ -434,7 +434,7 @@ static int f2fs_move_inline_dirents(struct inode *dir, struct folio *ifolio,
> __func__, dir->i_ino, dn.data_blkaddr);
> f2fs_handle_error(F2FS_F_SB(folio), ERROR_INVALID_BLKADDR);
> err = -EFSCORRUPTED;
> - goto out;
> + goto out_put_ifolio;
> }
>
> f2fs_folio_wait_writeback(folio, DATA, true, true);
> @@ -479,6 +479,10 @@ static int f2fs_move_inline_dirents(struct inode *dir, struct folio *ifolio,
> out:
> f2fs_folio_put(folio, true);
> return err;
> +
> +out_put_ifolio:
> + f2fs_folio_put(ifolio, true);
> + goto out;
> }
>
> static int f2fs_add_inline_entries(struct inode *dir, void *inline_dentry)
|
|
From: Chao Yu <ch...@ke...> - 2025-10-03 01:27:41
|
On 2025/10/2 09:56, Jaegeuk Kim via Linux-f2fs-devel wrote:
> We missed to call dput() on the grabbed dentry.
>
> Fixes: f1a49c1b112b ("f2fs: show the list of donation files")
> Signed-off-by: Jaegeuk Kim <ja...@ke...>
Reviewed-by: Chao Yu <ch...@ke...>
Thanks,
|
|
From: <pat...@ke...> - 2025-10-02 20:50:27
|
Hello:
This patch was applied to jaegeuk/f2fs.git (dev)
by Jaegeuk Kim <ja...@ke...>:
On Tue, 30 Sep 2025 17:16:21 +0800 you wrote:
> From: Haofeng Li <lih...@ky...>
>
> Fixes a memory leak issue in f2fs_move_inline_dirents() where
> the ifolio is not properly released in certain error paths.
>
> Problem Analysis:
> - In f2fs_try_convert_inline_dir(), ifolio is acquired via f2fs_get_inode_folio()
> - When do_convert_inline_dir() fails, the caller expects ifolio to be released
> - However, in f2fs_move_inline_dirents(), two specific error paths don't release ifolio
>
> [...]
Here is the summary with links:
- [f2fs-dev] f2fs: fix ifolio memory leak in f2fs_move_inline_dirents error path
https://git.kernel.org/jaegeuk/f2fs/c/9fc1840e0217
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
|
|
From: <pat...@ke...> - 2025-10-02 20:50:26
|
Hello:
This patch was applied to jaegeuk/f2fs.git (dev)
by Jaegeuk Kim <ja...@ke...>:
On Thu, 2 Oct 2025 01:56:45 +0000 you wrote:
> We missed to call dput() on the grabbed dentry.
>
> Fixes: f1a49c1b112b ("f2fs: show the list of donation files")
> Signed-off-by: Jaegeuk Kim <ja...@ke...>
> ---
> fs/f2fs/sysfs.c | 1 +
> 1 file changed, 1 insertion(+)
Here is the summary with links:
- [f2fs-dev] f2fs: add missing dput() when printing the donation list
https://git.kernel.org/jaegeuk/f2fs/c/e34b65fd0c7f
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
|
|
From: <pat...@ke...> - 2025-10-02 20:50:20
|
Hello: The following patches were marked "accepted", because they were applied to jaegeuk/f2fs.git (dev): Patch: [f2fs-dev] f2fs: add missing dput() when printing the donation list Submitter: Jaegeuk Kim <ja...@ke...> Committer: Jaegeuk Kim <ja...@ke...> Patchwork: https://patchwork.kernel.org/project/f2fs/list/?series=1007867 Lore link: https://lore.kernel.org/r/202...@ke... Patch: [f2fs-dev] f2fs: fix ifolio memory leak in f2fs_move_inline_dirents error path Submitter: Haofeng Li <920...@qq...> Committer: Jaegeuk Kim <ja...@ke...> Patchwork: https://patchwork.kernel.org/project/f2fs/list/?series=1007350 Lore link: https://lore.kernel.org/r/ten...@qq... Total patches: 2 -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html |
|
From: Jaegeuk K. <ja...@ke...> - 2025-10-02 20:26:10
|
Signed-off-by: Jaegeuk Kim <ja...@ke...>
---
tools/f2fs_io/f2fs_io.c | 23 ++++++++++++++++++-----
1 file changed, 18 insertions(+), 5 deletions(-)
diff --git a/tools/f2fs_io/f2fs_io.c b/tools/f2fs_io/f2fs_io.c
index d07e6c6b1bfe..9baea2b99b31 100644
--- a/tools/f2fs_io/f2fs_io.c
+++ b/tools/f2fs_io/f2fs_io.c
@@ -951,7 +951,8 @@ static void do_read(int argc, char **argv, const struct cmd_desc *cmd)
char *data = NULL;
char *print_buf = NULL;
unsigned bs, count, i, print_bytes;
- u64 total_time = 0;
+ u64 io_time_start, io_time_end;
+ u64 mlock_time_start = 0, mlock_time_end = 0;
int flags = 0;
int do_mmap = 0;
int do_mlock = 0;
@@ -1008,13 +1009,18 @@ static void do_read(int argc, char **argv, const struct cmd_desc *cmd)
printf("fadvise SEQUENTIAL|WILLNEED to a file: %s\n", argv[7]);
}
- total_time = get_current_us();
+ io_time_start = get_current_us();
if (do_mmap) {
data = mmap(NULL, count * buf_size, PROT_READ,
MAP_SHARED | MAP_POPULATE, fd, offset);
if (data == MAP_FAILED)
die("Mmap failed");
+ io_time_end = get_current_us();
+ mlock_time_start = get_current_us();
+ if (mlock(data, count * buf_size))
+ die_errno("mlock failed");
+ mlock_time_end = get_current_us();
read_cnt = count * buf_size;
memcpy(print_buf, data, print_bytes);
} else if (do_mlock) {
@@ -1025,9 +1031,14 @@ static void do_read(int argc, char **argv, const struct cmd_desc *cmd)
if (posix_fadvise(fd, offset, count * buf_size,
POSIX_FADV_WILLNEED) != 0)
die_errno("fadvise failed");
+ io_time_end = get_current_us();
+
+ mlock_time_start = get_current_us();
if (mlock(data, count * buf_size))
die_errno("mlock failed");
+ mlock_time_end = get_current_us();
read_cnt = count * buf_size;
+ memcpy(print_buf, data, print_bytes);
} else {
for (i = 0; i < count; i++) {
if (!do_dontcache) {
@@ -1052,10 +1063,12 @@ static void do_read(int argc, char **argv, const struct cmd_desc *cmd)
if (i == 0)
memcpy(print_buf, buf, print_bytes);
}
+ io_time_end = get_current_us();
}
- printf("Read %"PRIu64" bytes total_time = %"PRIu64" us, BW = %.Lf MB/s print %u bytes:\n",
- read_cnt, get_current_us() - total_time,
- ((long double)read_cnt / (get_current_us() - total_time)), print_bytes);
+ printf("Read %"PRIu64" bytes IO time = %"PRIu64" us mlock time = %"PRIu64" us, BW = %.Lf MB/s print %u bytes:\n",
+ read_cnt, io_time_end - io_time_start,
+ mlock_time_end - mlock_time_start,
+ ((long double)read_cnt / (io_time_end - io_time_start)), print_bytes);
printf("%08"PRIx64" : ", offset);
for (i = 1; i <= print_bytes; i++) {
printf("%02x", print_buf[i - 1]);
--
2.51.0.710.ga91ca5db03-goog
|
|
From: Daeho J. <da...@gm...> - 2025-10-02 20:24:12
|
On Wed, Oct 1, 2025 at 6:59 PM Jaegeuk Kim via Linux-f2fs-devel
<lin...@li...> wrote:
>
> We missed to call dput() on the grabbed dentry.
>
> Fixes: f1a49c1b112b ("f2fs: show the list of donation files")
> Signed-off-by: Jaegeuk Kim <ja...@ke...>
> ---
> fs/f2fs/sysfs.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/fs/f2fs/sysfs.c b/fs/f2fs/sysfs.c
> index 7992386fb9e6..6d2a4fba68a2 100644
> --- a/fs/f2fs/sysfs.c
> +++ b/fs/f2fs/sysfs.c
> @@ -1845,6 +1845,7 @@ static int __maybe_unused donation_list_seq_show(struct seq_file *seq,
> (loff_t)(fi->donate_end + 1) << (PAGE_SHIFT - 10),
> (loff_t)inode->i_mapping->nrpages << (PAGE_SHIFT - 10));
> next:
> + dput(dentry);
> inode_unlock_shared(inode);
> iput(inode);
> }
> --
> 2.51.0.618.g983fd99d29-goog
>
>
Reviewed-by: Daeho Jeong <dae...@go...>
Thanks,
>
> _______________________________________________
> Linux-f2fs-devel mailing list
> Lin...@li...
> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
|
|
From: Jaegeuk K. <ja...@ke...> - 2025-10-02 01:56:53
|
We missed to call dput() on the grabbed dentry.
Fixes: f1a49c1b112b ("f2fs: show the list of donation files")
Signed-off-by: Jaegeuk Kim <ja...@ke...>
---
fs/f2fs/sysfs.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/f2fs/sysfs.c b/fs/f2fs/sysfs.c
index 7992386fb9e6..6d2a4fba68a2 100644
--- a/fs/f2fs/sysfs.c
+++ b/fs/f2fs/sysfs.c
@@ -1845,6 +1845,7 @@ static int __maybe_unused donation_list_seq_show(struct seq_file *seq,
(loff_t)(fi->donate_end + 1) << (PAGE_SHIFT - 10),
(loff_t)inode->i_mapping->nrpages << (PAGE_SHIFT - 10));
next:
+ dput(dentry);
inode_unlock_shared(inode);
iput(inode);
}
--
2.51.0.618.g983fd99d29-goog
|
|
From: Jaegeuk K. <ja...@ke...> - 2025-10-01 17:25:24
|
On 09/30, Juhyung Park wrote:
> I recall being told by Chao that the ext is checked with .startsWith()-like
> semantics, hence "mp" covering both mp3/mp4.
>
> Was this not the case for hot list?
Thanks, Juhyung. Yeah, it seems the code looks like that. Let me drop this
patch.
>
> On Tue, Sep 30, 2025 at 10:13 AM Jaegeuk Kim via Linux-f2fs-devel <
> lin...@li...> wrote:
>
> > Journal files will be created and deleted with random updates. Let's put
> > the data in HOT log to mitigate the entire fragmentation.
> >
> > Signed-off-by: Jaegeuk Kim <ja...@ke...>
> > ---
> > mkfs/f2fs_format.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/mkfs/f2fs_format.c b/mkfs/f2fs_format.c
> > index b98976c6ffa8..53e1f982945d 100644
> > --- a/mkfs/f2fs_format.c
> > +++ b/mkfs/f2fs_format.c
> > @@ -157,6 +157,9 @@ const char *media_ext_lists[] = {
> >
> > const char *hot_ext_lists[] = {
> > "db",
> > + "db-journal",
> > + "db-wal",
> > + "db-shm",
> >
> > #ifndef WITH_ANDROID
> > /* Virtual machines */
> > --
> > 2.51.0.618.g983fd99d29-goog
> >
> >
> >
> > _______________________________________________
> > Linux-f2fs-devel mailing list
> > Lin...@li...
> > https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
> >
|
|
From: Jaegeuk K. <ja...@ke...> - 2025-10-01 15:39:39
|
On 10/01, Mateusz Guzik wrote:
> iput() calls the problematic routine, which does a ->i_count inc/dec
> cycle. Undoing it with iput() recurses into the problem.
>
> Note f2fs should not be playing games with the refcount to begin with,
> but that will be handled later. Right now solve the immediate
> regression.
>
> Fixes: bc986b1d756482a ("fs: stop accessing ->i_count directly in f2fs and gfs2")
> Reported-by: kernel test robot <oli...@in...>
> Closes: https://lore.kernel.org/oe-lkp/202...@in...
> Signed-off-by: Mateusz Guzik <mj...@gm...>
> ---
> fs/f2fs/super.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
> index 2619cbbd7d2d..26ec31eb8c80 100644
> --- a/fs/f2fs/super.c
> +++ b/fs/f2fs/super.c
> @@ -1769,7 +1769,7 @@ static int f2fs_drop_inode(struct inode *inode)
> sb_end_intwrite(inode->i_sb);
>
> spin_lock(&inode->i_lock);
> - iput(inode);
> + atomic_dec(&inode->i_count);
It seems this was applied by Josef [1], added in 6.18-rc1. Let me apply this fix
after my f2fs pull request, since I don't have this issue in my -next tree yet.
[1] https://lore.kernel.org/all/b8e...@to.../
> }
> trace_f2fs_drop_inode(inode, 0);
> return 0;
> --
> 2.43.0
>
|
|
From: <bug...@ke...> - 2025-10-01 08:01:21
|
https://bugzilla.kernel.org/show_bug.cgi?id=220575 --- Comment #16 from JY (JY...@me...) --- (In reply to Chao Yu from comment #7) > Can you please hook fscrypt_free_bounce_page() to set page private w/ > special value, something as below: > > void fscrypt_free_bounce_page(struct page *bounce_page) > { > if (!bounce_page) > return; > set_page_private(bounce_page, (unsigned long)0xF2F52011); > ClearPagePrivate(bounce_page); > mempool_free(bounce_page, fscrypt_bounce_page_pool); > } > > And add some check conditions in f2fs_is_cp_guaranteed() to see whether the > page has been freed before inc_page_count(). I tried to modified: + set_page_private(bounce_page, (unsigned long)0x5566F2F5); But I got two results from different panics. fscrypt_pagecache_page(page):0x000000005566f2f5 and fscrypt_pagecache_page(page):0x0000000000000000 (As shown below) [38417.862874] JY f2fs_is_cp_guaranteed 65 bounced_page:0xfffffffe81cd6760, _private:0xfffffffe824723c0, fscrypt_pagecache_page(page):0x0000000000000000 [38417.921850] JYJY :fffffffe824723c0 is the PAGE [38417.968256] page: refcount:4 mapcount:1 mapping:000000000615ef5b index:0x6c pfn:0x74a0c [38417.998050] memcg:ffffff804c331380 [38418.018203] flags: 0x800000000009029(locked|uptodate|lru|owner_2|private|zone=0) [38418.046079] raw: 0800000000009029 fffffffe82475618 fffffffe82484fc8 ffffff806b25c460 [38418.100286] raw: 000000000000006c 0000000000000009 0000000400000000 ffffff804c331380 [38418.143969] raw: ffffff8064457540 0000000000000000 [38418.162562] page dumped because: JY got the BUG! [38418.199250] page_owner tracks the page as allocated [38418.225840] page last allocated via order 0, migratetype Movable, gfp_mask 0x152c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 20039, tgid 19537 (NetworkService), ts 38403893384078, free_ts 38403858760495 [38418.310128] post_alloc_hook+0x1d0/0x1e8 [38418.330509] prep_new_page+0x30/0x150 [38418.358836] get_page_from_freelist+0x11e8/0x127c [38418.375352] __alloc_pages_noprof+0x1b0/0x448 [38418.399171] __folio_alloc_noprof+0x1c/0x64 [38418.430498] page_cache_ra_unbounded+0x1a4/0x36c [38418.440402] page_cache_ra_order+0x358/0x434 [38418.446579] page_cache_async_ra+0x128/0x17c [38418.454399] filemap_fault+0x14c/0x868 [38418.467818] f2fs_filemap_fault+0x34/0xec [38418.475253] __do_fault+0x70/0x110 [38418.484117] do_pte_missing+0x424/0x12f0 [38418.489691] handle_mm_fault+0x4d4/0x818 [38418.499341] do_page_fault+0x210/0x640 [38418.504888] do_translation_fault+0x48/0x11c [38418.510476] do_mem_abort+0x5c/0x108 [38418.515795] page last free pid 64 tgid 64 stack trace: [38418.527744] free_unref_folios+0x944/0xe94 [38418.534456] shrink_folio_list+0x8c8/0x1304 [38418.543434] evict_folios+0x12ec/0x1818 [38418.550869] try_to_shrink_lruvec+0x1fc/0x3c8 [38418.561221] shrink_one+0xa4/0x230 [38418.574348] shrink_node+0xbe0/0xfc4 [38418.599077] balance_pgdat+0x7bc/0xce4 [38418.630024] kswapd+0x298/0x4d8 [38418.650979] kthread+0x118/0x1ac [38418.670266] ret_from_fork+0x10/0x20 -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug. |
|
From: <bug...@ke...> - 2025-10-01 07:51:10
|
https://bugzilla.kernel.org/show_bug.cgi?id=220575 --- Comment #15 from JY (JY...@me...) --- (In reply to Chao Yu from comment #7) > Can you please hook fscrypt_free_bounce_page() to set page private w/ > special value, something as below: > > void fscrypt_free_bounce_page(struct page *bounce_page) > { > if (!bounce_page) > return; > set_page_private(bounce_page, (unsigned long)0xF2F52011); > ClearPagePrivate(bounce_page); > mempool_free(bounce_page, fscrypt_bounce_page_pool); > } > > And add some check conditions in f2fs_is_cp_guaranteed() to see whether the > page has been freed before inc_page_count(). By the way, this is my test result. Is that another issue? [27024.604851] JY f2fs_is_cp_guaranteed 65 bounced_page:0xfffffffe81338410, _private:0xfffffffe813c54f0, fscrypt_pagecache_page(page):0x000000005566f2f5 [27024.620405] JYJY :fffffffe813c54f0 is the PAGE [27024.626388] page: refcount:4 mapcount:1 mapping:000000008cdd016b index:0x1d pfn:0x3f443 [27024.636025] memcg:ffffff8031bd0000 [27024.641269] flags: 0x1000000000009029(locked|uptodate|lru|owner_2|private|zone=0) [27024.650060] raw: 1000000000009029 fffffffe813c54a8 fffffffe813bc588 ffffff806b096f68 [27024.660600] raw: 000000000000001d 0000000000000009 0000000400000000 ffffff8031bd0000 [27024.669271] raw: 000000003f443000 0000000000000000 [27024.675745] page dumped because: JY got the BUG! [27024.683789] page_owner tracks the page as allocated [27024.690777] page last allocated via order 0, migratetype Movable, gfp_mask 0x152c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 30372, tgid 30372 (android.vending), ts 27014734256272, free_ts 27002686350166 [27024.724435] post_alloc_hook+0x1d0/0x1e8 [27024.730550] prep_new_page+0x30/0x150 [27024.735185] get_page_from_freelist+0x11e8/0x127c [27024.744799] __alloc_pages_noprof+0x1b0/0x448 [27024.753649] __folio_alloc_noprof+0x1c/0x64 [27024.759063] page_cache_ra_unbounded+0x1a4/0x36c [27024.767626] page_cache_ra_order+0x358/0x434 [27024.774150] do_sync_mmap_readahead+0x20c/0x280 [27024.780541] filemap_fault+0x1e0/0x868 [27024.785950] f2fs_filemap_fault+0x34/0xec [27024.792392] __do_fault+0x70/0x110 [27024.797172] do_pte_missing+0x300/0x12f0 [27024.802556] handle_mm_fault+0x4d4/0x818 [27024.808201] do_page_fault+0x210/0x640 [27024.813143] do_translation_fault+0x48/0x11c [27024.818658] do_mem_abort+0x5c/0x108 [27024.824631] page last free pid 55 tgid 55 stack trace: [27024.831407] free_unref_page+0x828/0x978 [27024.837039] __folio_put+0xac/0xdc [27024.842449] migrate_pages_batch+0x127c/0x1894 [27024.849239] migrate_pages+0x3f0/0x798 [27024.856057] compact_zone+0xca8/0x12ec [27024.861241] compact_node+0xc0/0x190 [27024.865955] kcompactd+0x3b8/0x978 [27024.872656] kthread+0x118/0x1ac [27024.878257] ret_from_fork+0x10/0x20[27024.604851] JY f2fs_is_cp_guaranteed 65 bounced_page:0xfffffffe81338410, _private:0xfffffffe813c54f0, fscrypt_pagecache_page(page):0x000000005566f2f5 [27024.620405] JYJY :fffffffe813c54f0 is the PAGE [27024.626388] page: refcount:4 mapcount:1 mapping:000000008cdd016b index:0x1d pfn:0x3f443 [27024.636025] memcg:ffffff8031bd0000 [27024.641269] flags: 0x1000000000009029(locked|uptodate|lru|owner_2|private|zone=0) [27024.650060] raw: 1000000000009029 fffffffe813c54a8 fffffffe813bc588 ffffff806b096f68 [27024.660600] raw: 000000000000001d 0000000000000009 0000000400000000 ffffff8031bd0000 [27024.669271] raw: 000000003f443000 0000000000000000 [27024.675745] page dumped because: JY got the BUG! [27024.683789] page_owner tracks the page as allocated [27024.690777] page last allocated via order 0, migratetype Movable, gfp_mask 0x152c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 30372, tgid 30372 (android.vending), ts 27014734256272, free_ts 27002686350166 [27024.724435] post_alloc_hook+0x1d0/0x1e8 [27024.730550] prep_new_page+0x30/0x150 [27024.735185] get_page_from_freelist+0x11e8/0x127c [27024.744799] __alloc_pages_noprof+0x1b0/0x448 [27024.753649] __folio_alloc_noprof+0x1c/0x64 [27024.759063] page_cache_ra_unbounded+0x1a4/0x36c [27024.767626] page_cache_ra_order+0x358/0x434 [27024.774150] do_sync_mmap_readahead+0x20c/0x280 [27024.780541] filemap_fault+0x1e0/0x868 [27024.785950] f2fs_filemap_fault+0x34/0xec [27024.792392] __do_fault+0x70/0x110 [27024.797172] do_pte_missing+0x300/0x12f0 [27024.802556] handle_mm_fault+0x4d4/0x818 [27024.808201] do_page_fault+0x210/0x640 [27024.813143] do_translation_fault+0x48/0x11c [27024.818658] do_mem_abort+0x5c/0x108 [27024.824631] page last free pid 55 tgid 55 stack trace: [27024.831407] free_unref_page+0x828/0x978 [27024.837039] __folio_put+0xac/0xdc [27024.842449] migrate_pages_batch+0x127c/0x1894 [27024.849239] migrate_pages+0x3f0/0x798 [27024.856057] compact_zone+0xca8/0x12ec [27024.861241] compact_node+0xc0/0x190 [27024.865955] kcompactd+0x3b8/0x978 [27024.872656] kthread+0x118/0x1ac [27024.878257] ret_from_fork+0x10/0x20 -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug. |
216 messages has been excluded from this view by a project administrator.
