From: Al Viro <viro@zeniv.linux.org.uk>
To: Mateusz Guzik <mjguzik@gmail.com>
Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
syzbot <syzbot+d222f4b7129379c3d5bc@syzkaller.appspotmail.com>,
brauner@kernel.org, jack@suse.cz, jlbec@evilplan.org,
joseph.qi@linux.alibaba.com, linkinjeon@kernel.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
mark@fasheh.com, ocfs2-devel@lists.linux.dev,
sj1557.seo@samsung.com, syzkaller-bugs@googlegroups.com,
Chuck Lever <chuck.lever@oracle.com>
Subject: Re: [PATCH for 6.19-rc1] fs: preserve file type in make_bad_inode() unless invalid
Date: Wed, 10 Dec 2025 21:33:03 +0000 [thread overview]
Message-ID: <20251210213303.GB1712166@ZenIV> (raw)
In-Reply-To: <20251210153531.GX1712166@ZenIV>
On Wed, Dec 10, 2025 at 03:35:31PM +0000, Al Viro wrote:
> On Wed, Dec 10, 2025 at 11:09:24AM +0100, Mateusz Guzik wrote:
> > On Wed, Dec 10, 2025 at 10:45 AM Tetsuo Handa
> > <penguin-kernel@i-love.sakura.ne.jp> wrote:
> > >
> > > syzbot is hitting VFS_BUG_ON_INODE(!S_ISDIR(inode->i_mode)) check
> > > introduced by commit e631df89cd5d ("fs: speed up path lookup with cheaper
> > > handling of MAY_EXEC"), for make_bad_inode() is blindly changing file type
> > > to S_IFREG. Since make_bad_inode() might be called after an inode is fully
> > > constructed, make_bad_inode() should not needlessly change file type.
> > >
> >
> > ouch
> >
> > So let's say calls to make_bad_inode *after* d_instantiate are unavoidable.
>
> ... and each one is a bug.
In this case I strongly suspect that it had been introduced in
commit 58b6fcd2ab34399258dc509f701d0986a8e0bcaa
Author: Ahmet Eray Karadag <eraykrdg1@gmail.com>
Date: Tue Nov 18 03:18:34 2025 +0300
ocfs2: mark inode bad upon validation failure during read
Folks, make_bad_inode() is *NOT* magic and having it anywhere in "hardening"
patch is a major red flag. Please, don't do it, and I would recommend
reverting that commit, possibly along with the rest of the series.
next prev parent reply other threads:[~2025-12-10 21:32 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-04 0:07 [syzbot] [exfat?] [ocfs2?] kernel BUG in link_path_walk syzbot
2025-12-04 0:46 ` Mateusz Guzik
2025-12-04 1:21 ` syzbot
2025-12-04 7:45 ` Mateusz Guzik
2025-12-04 8:21 ` Al Viro
2025-12-04 8:40 ` Mateusz Guzik
2025-12-10 9:45 ` [PATCH for 6.19-rc1] fs: preserve file type in make_bad_inode() unless invalid Tetsuo Handa
2025-12-10 10:09 ` Jan Kara
2025-12-10 10:24 ` Mateusz Guzik
2025-12-10 21:14 ` Al Viro
2025-12-10 23:27 ` Mateusz Guzik
2026-01-06 10:10 ` Tetsuo Handa
2026-01-07 9:36 ` Jan Kara
2026-01-07 9:53 ` Tetsuo Handa
2026-01-07 10:15 ` Jan Kara
2025-12-10 10:09 ` Mateusz Guzik
2025-12-10 15:35 ` Al Viro
2025-12-10 20:43 ` Al Viro
2025-12-10 20:55 ` Al Viro
2025-12-10 21:33 ` Al Viro [this message]
2025-12-04 9:09 ` [syzbot] [exfat?] [ocfs2?] kernel BUG in link_path_walk Mateusz Guzik
2025-12-04 10:13 ` syzbot
2025-12-04 10:15 ` Mateusz Guzik
2025-12-04 11:56 ` syzbot
2025-12-04 11:58 ` Mateusz Guzik
2025-12-10 11:00 ` Mateusz Guzik
2025-12-10 11:19 ` syzbot
2025-12-10 11:28 ` Mateusz Guzik
2025-12-10 19:44 ` Mateusz Guzik
2025-12-10 20:06 ` syzbot
2025-12-10 21:47 ` Al Viro
2025-12-10 22:09 ` syzbot
2025-12-11 9:00 ` Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251210213303.GB1712166@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=brauner@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=jack@suse.cz \
--cc=jlbec@evilplan.org \
--cc=joseph.qi@linux.alibaba.com \
--cc=linkinjeon@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark@fasheh.com \
--cc=mjguzik@gmail.com \
--cc=ocfs2-devel@lists.linux.dev \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=sj1557.seo@samsung.com \
--cc=syzbot+d222f4b7129379c3d5bc@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.