mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2026-05-09 19:51:25 -04:00
c836d3b8d9
Syzbot reports a f2fs bug as below:
INFO: task syz-executor328:5856 blocked for more than 144 seconds.
Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor328 state:D stack:24392 pid:5856 tgid:5832 ppid:5826 task_flags:0x400040 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5382 [inline]
__schedule+0x168f/0x4c70 kernel/sched/core.c:6767
__schedule_loop kernel/sched/core.c:6845 [inline]
schedule+0x165/0x360 kernel/sched/core.c:6860
io_schedule+0x81/0xe0 kernel/sched/core.c:7742
f2fs_balance_fs+0x4b4/0x780 fs/f2fs/segment.c:444
f2fs_map_blocks+0x3af1/0x43b0 fs/f2fs/data.c:1791
f2fs_expand_inode_data+0x653/0xaf0 fs/f2fs/file.c:1872
f2fs_fallocate+0x4f5/0x990 fs/f2fs/file.c:1975
vfs_fallocate+0x6a0/0x830 fs/open.c:338
ioctl_preallocate fs/ioctl.c:290 [inline]
file_ioctl fs/ioctl.c:-1 [inline]
do_vfs_ioctl+0x1b8f/0x1eb0 fs/ioctl.c:885
__do_sys_ioctl fs/ioctl.c:904 [inline]
__se_sys_ioctl+0x82/0x170 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
The root cause is after commit 84b5bb8bf0 ("f2fs: modify
f2fs_is_checkpoint_ready logic to allow more data to be written with the
CP disable"), we will get chance to allow f2fs_is_checkpoint_ready() to
return true once below conditions are all true:
1. checkpoint is disabled
2. there are not enough free segments
3. there are enough free blocks
Then it will cause f2fs_balance_fs() to trigger foreground GC.
void f2fs_balance_fs(struct f2fs_sb_info *sbi, bool need)
...
if (!f2fs_is_checkpoint_ready(sbi))
return;
And the testcase mounts f2fs image w/ gc_merge,checkpoint=disable, so deadloop
will happen through below race condition:
- f2fs_do_shutdown - vfs_fallocate - gc_thread_func
- file_start_write
- __sb_start_write(SB_FREEZE_WRITE)
- f2fs_fallocate
- f2fs_expand_inode_data
- f2fs_map_blocks
- f2fs_balance_fs
- prepare_to_wait
- wake_up(gc_wait_queue_head)
- io_schedule
- bdev_freeze
- freeze_super
- sb->s_writers.frozen = SB_FREEZE_WRITE;
- sb_wait_write(sb, SB_FREEZE_WRITE);
- if (sbi->sb->s_writers.frozen >= SB_FREEZE_WRITE) continue;
: cause deadloop
This patch fix to add check condition in f2fs_balance_fs(), so that if
checkpoint is disabled, we will just skip trigger foreground GC to
avoid such deadloop issue.
Meanwhile let's remove f2fs_is_checkpoint_ready() check condition in
f2fs_balance_fs(), since it's redundant, due to the main logic in the
function is to check:
a) whether checkpoint is disabled
b) there is enough free segments
f2fs_balance_fs() still has all logics after f2fs_is_checkpoint_ready()'s
removal.
Reported-by: syzbot+aa5bb5f6860e08a60450@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/linux-f2fs-devel/682d743a.a00a0220.29bc26.0289.GAE@google.com
Fixes: 84b5bb8bf0 ("f2fs: modify f2fs_is_checkpoint_ready logic to allow more data to be written with the CP disable")
Cc: Qi Han <hanqi@vivo.com>
Signed-off-by: Chao Yu <chao@kernel.org>
Reviewed-by: Zhiguo Niu <zhiguo.niu@unisoc.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Linux kernel
============
There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.
In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``. The formatted documentation can also be read online at:
https://www.kernel.org/doc/html/latest/
There are various text files in the Documentation/ subdirectory,
several of them using the reStructuredText markup notation.
Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.