From nobody Fri Dec 19 13:27:17 2025
Received: from mail-ot1-f72.google.com (mail-ot1-f72.google.com
 [209.85.210.72])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 060EB1DDC2B
	for <linux-kernel@vger.kernel.org>; Sat,  6 Dec 2025 02:31:03 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.72
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1764988265; cv=none;
 b=u7QHynjwZuY/3R/FsE83sl6LOUVySndARC4AcoyLZfENPwEQ9v34B04lCAB206QWH3mXYmnIurTX9ftA+RPh2mTJSfdOvJY0Aw7XM7BZQSREGx+zEqwdrmXzuSckM7aHyfL7dPWpRnM3CBss6eL/bT4dQxRo0+hDwbF4Bs1AuKw=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1764988265; c=relaxed/simple;
	bh=phTltiinsX7Cob9YSGNJbOMO9bTJKEU7qcSJjnNZSkk=;
	h=MIME-Version:Date:In-Reply-To:Message-ID:Subject:From:To:
	 Content-Type;
 b=hhQZ+tkBinkDGYi0BAAUCIBDMiMAPeuIklDG3ISF2J3N9FuJNBcP3Ro4zkTwtVl97AF4MwmtJQoLdFy5ApOi8E4Xqzc9Iarln9V+sojut5FJ7FFNARZniCaI8ei86+8xRhDn48LAZPzGMhp+hfuJHa9jXVAhfNoRdgoNplou35E=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com;
 spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com;
 arc=none smtp.client-ip=209.85.210.72
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com
Received: by mail-ot1-f72.google.com with SMTP id
 46e09a7af769-7c702347c6eso2761493a34.1
        for <linux-kernel@vger.kernel.org>;
 Fri, 05 Dec 2025 18:31:03 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1764988263; x=1765593063;
        h=to:from:subject:message-id:in-reply-to:date:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=0faarr6USPVkNJ+UheD3QfVtJOIpijAaebckku2tDhU=;
        b=oophHjB0cDXkjmEvr5Y38xcvF9TvCLagvluHtnluLFWzG7r4FU85ifGlgU0jJAo3WS
         KNzB/7hizNo1TP6Izl2MjzDZbGUdmkHD8GR3FiOfG+V/DPRtT6KMN6PMDny5uTVw/YzX
         ApHpdjhJd33EK4ymTRBdHe9XgFDO1MQAlsm1dTvHSdSlDDBiUwcA5T0aStdKyhJ388i3
         wELp077TorXHCNn3n7ZbOvNgCeO0JMNhwGK6VDtTA52nWluYt2iGqzuZImltGfdvoXZL
         xAA50kmSXfwdaIzGo/c5EPbQnkz34Sx+drTQaVrJmPT7a6+8Wg0X6qx/9xO8dcQlvnFg
         1zLw==
X-Gm-Message-State: AOJu0YxtAghySTTzD/fsVSAOXE/NI0xBByOrdKyu9yClFUCwzNzevJrZ
	YhJ0gBQ5jVJB1p9YtqXZcwU99ZqXaOMoAEv+8g/4t3lsUP1A6cJ/XyQb7GUunJAvkw44qU6Oml4
	DGajqgdjzZ7fBhmxwTOOMVFvOnMt5NmER5bQxhYDMqJ1kpFPSA9QkiGttwAc=
X-Google-Smtp-Source: 
 AGHT+IF7uVjKVjJqFESaaZsY8A1UbUGptb4jrxdyS8wXDetTMel5G1uM0+DJ5uE13nj2pQo7X9U0qFp8xIec/+gyfz61OTRZea5m
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Received: by 2002:a05:6820:61c:b0:659:9a49:8e45 with SMTP id
 006d021491bc7-6599a8c4386mr572960eaf.21.1764988263152; Fri, 05 Dec 2025
 18:31:03 -0800 (PST)
Date: Fri, 05 Dec 2025 18:31:03 -0800
In-Reply-To: <69332cf9.a70a0220.243dc6.0011.GAE@google.com>
X-Google-Appengine-App-Id: s~syzkaller
X-Google-Appengine-App-Id-Alias: syzkaller
Message-ID: <69339567.050a0220.3a66f.0009.GAE@google.com>
Subject: Forwarded: [PATCH] f2fs: fix hung task in block_operations during
 checkpoint
From: syzbot <syzbot+4235e4d7b6fd75704528@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.

***

Subject: [PATCH] f2fs: fix hung task in block_operations during checkpoint
Author: kartikey406@gmail.com

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git=
 master

f2fs_sync_inode_meta() can return 0 (success) even when
f2fs_update_inode_page() fails and triggers f2fs_stop_checkpoint().
This happens because the error flag check only occurs at the start
of each loop iteration, not after f2fs_update_inode_page() returns.

When I/O errors occur:
1. f2fs_update_inode_page() retries 8 times then calls
   f2fs_stop_checkpoint(), which sets CP_ERROR_FLAG
2. f2fs_sync_inode_meta() returns 0 without checking the error flag
3. block_operations() sees success and loops back to retry_flush_quotas
4. Dirty inodes remain on list (sync failed), loop repeats forever
5. Checkpoint never completes, waiters block indefinitely

This causes hung tasks when operations like unlink wait for checkpoint
completion while holding locks that other tasks need.

Fix by checking f2fs_cp_error() after processing each inode in
f2fs_sync_inode_meta() to detect errors from f2fs_update_inode_page().

Reported-by: syzbot+4235e4d7b6fd75704528@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=3D4235e4d7b6fd75704528
Signed-off-by: Deepanshu Kartikey <kartikey406@gmail.com>
---
 fs/f2fs/checkpoint.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c
index bbe07e3a6c75..5376bb10d650 100644
--- a/fs/f2fs/checkpoint.c
+++ b/fs/f2fs/checkpoint.c
@@ -1155,6 +1155,8 @@ static int f2fs_sync_inode_meta(struct f2fs_sb_info *=
sbi)
 			if (is_inode_flag_set(inode, FI_DIRTY_INODE))
 				f2fs_update_inode_page(inode);
 			iput(inode);
+			if (unlikely(f2fs_cp_error(sbi)))
+				return -EIO;
 		}
 	}
 	return 0;
--=20
2.43.0