[PATCH] gfs2: fix hung task in gfs2_jhead_process_page

Next message: syzbot: "Re: [v5.15] UBSAN: shift-out-of-bounds in ocfs2_fill_super"
Previous message: Michael Kelley: "RE: [patch 19/48] clockevents: Provide support for clocksource coupled comparators"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Deepanshu Kartikey

Date: Mon Mar 23 2026 - 23:40:14 EST

filemap_get_folio() returns an ERR_PTR if the folio is not present
in the page cache. gfs2_jhead_process_page() does not check the
return value and passes it directly to folio_wait_locked(), causing
the kernel task to get stuck in uninterruptible sleep (state D)
forever, triggering the hung task watchdog.

This can be triggered by mounting a crafted or corrupted GFS2
filesystem image.

Fix this by checking the return value of filemap_get_folio() and
returning early if the folio is not found.

Fixes: 240159077d00 ("gfs2: Convert gfs2_jhead_process_page() to use a folio")
Reported-by: syzbot+9013411dc43f3582823a@xxxxxxxxxxxxxxxxxxxxxxxxx
Closes: https://syzkaller.appspot.com/bug?extid=9013411dc43f3582823a
Signed-off-by: Deepanshu Kartikey <Kartikey406@xxxxxxxxx>
---
fs/gfs2/lops.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/fs/gfs2/lops.c b/fs/gfs2/lops.c
index 797931eb5845..005584311eff 100644
--- a/fs/gfs2/lops.c
+++ b/fs/gfs2/lops.c
@@ -467,6 +467,9 @@ static void gfs2_jhead_process_page(struct gfs2_jdesc *jd, unsigned long index,

folio = filemap_get_folio(jd->jd_inode->i_mapping, index);

+ if (IS_ERR(folio))
+ return;
+
folio_wait_locked(folio);
if (!folio_test_uptodate(folio))
*done = true;
--
2.43.0