Forwarded: [PATCH] f2fs: fix hung task in block_operations during checkpoint

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+4235e4d7b6fd75704528@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: Forwarded: [PATCH] f2fs: fix hung task in block_operations during checkpoint
Date: Sat, 06 Dec 2025 00:03:31 -0800	[thread overview]
Message-ID: <6933e353.a70a0220.38f243.0019.GAE@google.com> (raw)
In-Reply-To: <69332cf9.a70a0220.243dc6.0011.GAE@google.com>

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.

***

Subject: [PATCH] f2fs: fix hung task in block_operations during checkpoint
Author: kartikey406@gmail.com

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

        f2fs_sync_inode_meta() can return 0 (success) even when
        f2fs_update_inode_page() fails and triggers f2fs_stop_checkpoint().
        This happens because the error flag check only occurs at the start
        of each loop iteration, not after f2fs_update_inode_page() returns.

        When I/O errors occur:
        1. f2fs_update_inode_page() retries 8 times then calls
           f2fs_stop_checkpoint(), which sets CP_ERROR_FLAG
        2. f2fs_sync_inode_meta() returns 0 without checking the error flag
        3. block_operations() sees success and loops back to retry_flush_quotas
        4. Dirty inodes remain on list (sync failed), loop repeats forever
        5. Checkpoint never completes, waiters block indefinitely

        This causes hung tasks when operations like unlink wait for checkpoint
        completion while holding locks that other tasks need.

        Fix by checking f2fs_cp_error() after processing each inode in
        f2fs_sync_inode_meta() to detect errors from f2fs_update_inode_page().

        Reported-by: syzbot+4235e4d7b6fd75704528@syzkaller.appspotmail.com
        Closes: https://syzkaller.appspot.com/bug?extid=4235e4d7b6fd75704528
        Signed-off-by: Deepanshu Kartikey <kartikey406@gmail.com>
---
 fs/f2fs/checkpoint.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c
index bbe07e3a6c75..b0b5b792e092 100644
--- a/fs/f2fs/checkpoint.c
+++ b/fs/f2fs/checkpoint.c
@@ -1659,9 +1659,10 @@ int f2fs_write_checkpoint(struct f2fs_sb_info *sbi, struct cp_control *cpc)
 			return 0;
 		f2fs_warn(sbi, "Start checkpoint disabled!");
 	}
+	printk("f2fs_cp: 1 before cp_global_sem\n");
 	if (cpc->reason != CP_RESIZE)
 		f2fs_down_write(&sbi->cp_global_sem);
-
+	 printk("f2fs_cp: 2 after cp_global_sem\n");
 	stat_cp_time(cpc, CP_TIME_LOCK);
 
 	if (!is_sbi_flag_set(sbi, SBI_IS_DIRTY) &&
@@ -1669,16 +1670,18 @@ int f2fs_write_checkpoint(struct f2fs_sb_info *sbi, struct cp_control *cpc)
 		((cpc->reason & CP_DISCARD) && !sbi->discard_blks)))
 		goto out;
 	if (unlikely(f2fs_cp_error(sbi))) {
+		printk("f2fs_cp: 3 cp_error detected early\n");
 		err = -EIO;
 		goto out;
 	}
 
 	trace_f2fs_write_checkpoint(sbi->sb, cpc->reason, "start block_ops");
-
+	printk("f2fs_cp: 4 before block_operations\n");
 	err = block_operations(sbi);
+	printk("f2fs_cp: 5 after block_operations err=%d cp_error=%d\n", err, f2fs_cp_error(sbi));
 	if (err)
 		goto out;
-
+	//printk("f2fs_cp: 6 before do_checkpoint\n");
 	stat_cp_time(cpc, CP_TIME_OP_LOCK);
 
 	trace_f2fs_write_checkpoint(sbi->sb, cpc->reason, "finish block_ops");
@@ -1724,8 +1727,10 @@ int f2fs_write_checkpoint(struct f2fs_sb_info *sbi, struct cp_control *cpc)
 
 	/* save inmem log status */
 	f2fs_save_inmem_curseg(sbi);
+	printk("f2fs_cp: 4 before block_operations\n");
 
 	err = do_checkpoint(sbi, cpc);
+	printk("f2fs_cp: 7 after do_checkpoint err=%d\n", err);
 	if (err) {
 		f2fs_err(sbi, "do_checkpoint failed err:%d, stop checkpoint", err);
 		f2fs_bug_on(sbi, !f2fs_cp_error(sbi));
-- 
2.43.0

next prev parent reply	other threads:[~2025-12-06  8:03 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-12-05 19:05 [syzbot] [f2fs?] INFO: task hung in f2fs_release_file (3) syzbot
2025-12-06  1:58 ` Forwarded: [PATCH] f2fs: fix hung task in block_operations during checkpoint syzbot
2025-12-06  2:31 ` syzbot
2025-12-06  4:47 ` syzbot
2025-12-06  5:34 ` syzbot
2025-12-06  6:26 ` syzbot
2025-12-06  6:55 ` syzbot
2025-12-06  8:03 ` syzbot [this message]
2025-12-06  8:50 ` syzbot
2025-12-06 10:34 ` Forwarded: [PATCH] f2fs: fix infinite loop in block_operations() on CP error syzbot

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:bbe07e3a6c7 dfblob:b0b5b792e09 )
 OR (
bs:"f2fs: fix hung task in block_operations during checkpoint" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6933e353.a70a0220.38f243.0019.GAE@google.com \
    --to=syzbot+4235e4d7b6fd75704528@syzkaller.appspotmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox