[v6.6] BUG: Bad page state in z_erofs_do_read_page
Gao Xiang
hsiangkao at linux.alibaba.com
Wed Mar 25 20:00:48 AEDT 2026
#syz test
diff --git a/fs/erofs/zdata.c b/fs/erofs/zdata.c
index c1f802ecc47b..e744717d6003 100644
--- a/fs/erofs/zdata.c
+++ b/fs/erofs/zdata.c
@@ -1538,6 +1538,8 @@ static struct page *pickup_page_for_submission(struct z_erofs_pcluster *pcl,
}
unlock_page(page);
put_page(page);
+ /* since pcl->compressed_bvecs[nr].page has changed above */
+ oldpage = page;
out_allocpage:
page = erofs_allocpage(pagepool, gfp | __GFP_NOFAIL);
if (oldpage != cmpxchg(&pcl->compressed_bvecs[nr].page,
More information about the Linux-erofs
mailing list