From nobody Fri Dec 19 13:27:17 2025 Received: from mail-oo1-f71.google.com (mail-oo1-f71.google.com [209.85.161.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2A93F1EA7CC for ; Sat, 6 Dec 2025 05:34:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.161.71 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764999275; cv=none; b=DNlbEInYT79YU551xSK1O8NgdQwVW8nNHPQ405jWOv7+bqbu2q1KfRnrAWmh3RIQPdQhzWLAu1B3SLMa0Ud+37c6VE62dvaM2gEklKOEV+mHMM6pwOEtGQMJ9xYjTLyljgjeEbdBulwagZd6a9XdDrVJYg4t3j6kNjCv2Rr2Drs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764999275; c=relaxed/simple; bh=T+ePk7zxYbKwHU9ydaDYBCmylF8dhgWXt83mMbfh2CE=; h=MIME-Version:Date:In-Reply-To:Message-ID:Subject:From:To: Content-Type; b=JOMsML3EM6pQA6vuyOWEVojdo+uhDyflqc1nVoEkJxqo32uAx63bo5fvggXQ+8M7/V+AchqvbvCEX24q5YcFssZqOaQNKm9/OFezAt0GLCbHyry9hHiHJgKVPfGysoM0MRT6FjXWMOYPTvYE42jYR4jXhNz0K1Kphu+TtPJXCMg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.161.71 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-oo1-f71.google.com with SMTP id 006d021491bc7-6573d873f92so1871147eaf.2 for ; Fri, 05 Dec 2025 21:34:33 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764999273; x=1765604073; h=to:from:subject:message-id:in-reply-to:date:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=6FhB80ZfveIVv/AIEDioQMkVVfk/itVPJ2qcRSB9Lps=; b=nMxqAZaGm8k1fX0Is9RV+cDaMS/WvPihve9j40Bfi+jwMLfmrEXBOyVCVqucWz3sKk mASTeswFq0h5jN+7NDhmudhzH/nQz+g9LLtTAlRav+hfJcPvIgqTkLp45UdTzrG8DhLC P+G/PNgjqYZNp4PYeLK/R7qGq6U2D6xG+lFUzFsHJedVStAzQvOMB/bTiWIthIhrNfEp euoiIbWTBPHtwENs+IMAZ8e3X8bMOuy8Jfny61wDfMq/xfYROukiHIThicbbx+FjjVMU yK8LsTXysVGCKRlFKQ049Q6Bd3uxTEdPZwzVFsmQCTflvFyy/vrzBn8Tm6E1xlyyh209 X6WQ== X-Gm-Message-State: AOJu0Yw/z8ie3xFAs/74F53Zjn/c7ahIPS0hjsEQGkVH9FZLm8XuXsUy ZEz62+6wp8PT8j4Qtn4QrUV613GbcRpa0xJ85X7pn0qr8gvvZI+tJ1xcYT3jhu0oNFdYxq45Glm 4C7Tx3j/P3wDKo2tfxtcH6MdQULUBoZg5Qqk7GMOgtUzCk0YZ1RMSzLHM/fg= X-Google-Smtp-Source: AGHT+IEwfz1AL3OLGQvgelsLI+pehhaZqtx7QqWnMk08CANOrMX0fn9989IcK7A22qDR93vxUIaZQDpN115Aoepkj1eJVVVRkrLA Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Received: by 2002:a05:6820:f022:b0:659:9a49:8ddf with SMTP id 006d021491bc7-6599a8ebb3fmr684442eaf.33.1764999273395; Fri, 05 Dec 2025 21:34:33 -0800 (PST) Date: Fri, 05 Dec 2025 21:34:33 -0800 In-Reply-To: <69332cf9.a70a0220.243dc6.0011.GAE@google.com> X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <6933c069.a70a0220.243dc6.0035.GAE@google.com> Subject: Forwarded: [PATCH] f2fs: fix hung task in block_operations during checkpoint From: syzbot To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" For archival purposes, forwarding an incoming command email to linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com. *** Subject: [PATCH] f2fs: fix hung task in block_operations during checkpoint Author: kartikey406@gmail.com #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git= master f2fs_sync_inode_meta() can return 0 (success) even when f2fs_update_inode_page() fails and triggers f2fs_stop_checkpoint(). This happens because the error flag check only occurs at the start of each loop iteration, not after f2fs_update_inode_page() returns. When I/O errors occur: 1. f2fs_update_inode_page() retries 8 times then calls f2fs_stop_checkpoint(), which sets CP_ERROR_FLAG 2. f2fs_sync_inode_meta() returns 0 without checking the error flag 3. block_operations() sees success and loops back to retry_flush_qu= otas 4. Dirty inodes remain on list (sync failed), loop repeats forever 5. Checkpoint never completes, waiters block indefinitely This causes hung tasks when operations like unlink wait for checkpo= int completion while holding locks that other tasks need. Fix by checking f2fs_cp_error() after processing each inode in f2fs_sync_inode_meta() to detect errors from f2fs_update_inode_page= (). Reported-by: syzbot+4235e4d7b6fd75704528@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3D4235e4d7b6fd75704= 528 Signed-off-by: Deepanshu Kartikey --- fs/f2fs/checkpoint.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c index bbe07e3a6c75..992637269a84 100644 --- a/fs/f2fs/checkpoint.c +++ b/fs/f2fs/checkpoint.c @@ -1140,6 +1140,10 @@ static int f2fs_sync_inode_meta(struct f2fs_sb_info = *sbi) return -EIO; =20 spin_lock(&sbi->inode_lock[DIRTY_META]); + if (unlikely(f2fs_cp_error(sbi))) { + spin_unlock(&sbi->inode_lock[DIRTY_META]); + return -EIO; + } if (list_empty(head)) { spin_unlock(&sbi->inode_lock[DIRTY_META]); return 0; @@ -1155,6 +1159,8 @@ static int f2fs_sync_inode_meta(struct f2fs_sb_info *= sbi) if (is_inode_flag_set(inode, FI_DIRTY_INODE)) f2fs_update_inode_page(inode); iput(inode); + if (unlikely(f2fs_cp_error(sbi))) + return EIO; } } return 0; --=20 2.43.0