[PATCH] nilfs2: skip blocks with no bmap entry in nilfs_ioctl_mark_blocks_dirty()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Junjie Cao <junjie.cao@linux.dev>
To: Ryusuke Konishi <konishi.ryusuke@gmail.com>,
	Viacheslav Dubeyko <slava@dubeyko.com>
Cc: linux-nilfs@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+466a45fcfb0562f5b9a0@syzkaller.appspotmail.com,
	stable@vger.kernel.org, Junjie Cao <junjie.cao@linux.dev>
Subject: [PATCH] nilfs2: skip blocks with no bmap entry in nilfs_ioctl_mark_blocks_dirty()
Date: Fri, 20 Mar 2026 00:21:59 +0800	[thread overview]
Message-ID: <20260319162159.302104-1-junjie.cao@linux.dev> (raw)

In nilfs_ioctl_mark_blocks_dirty(), called during garbage collection,
nilfs_bmap_lookup_at_level() may return -ENOENT when a block no longer
exists in the DAT bmap.  In that case the code sets bd_blocknr to 0 but
falls through to the liveness check that compares bd_blocknr against
bd_oblocknr.  If bd_oblocknr also happens to be 0, the descriptor is
incorrectly treated as live and the code attempts to get or mark the
non-existent block, triggering a WARN_ON.

Fix this by adding a continue statement so that a block descriptor is
immediately skipped when its bmap lookup returns -ENOENT, since there
is no block in the DAT to mark dirty.

Fixes: 7942b919f732 ("nilfs2: ioctl operations")
Reported-by: syzbot+466a45fcfb0562f5b9a0@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=466a45fcfb0562f5b9a0
Cc: stable@vger.kernel.org
Signed-off-by: Junjie Cao <junjie.cao@linux.dev>
---
 fs/nilfs2/ioctl.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/nilfs2/ioctl.c b/fs/nilfs2/ioctl.c
index 1bfe8a2..d71a0a5 100644
--- a/fs/nilfs2/ioctl.c
+++ b/fs/nilfs2/ioctl.c
@@ -744,6 +744,7 @@ static int nilfs_ioctl_mark_blocks_dirty(struct the_nilfs *nilfs,
 		if (ret < 0) {
 			if (ret != -ENOENT)
 				return ret;
 			bdescs[i].bd_blocknr = 0;
+			continue;
 		}
 		if (bdescs[i].bd_blocknr != bdescs[i].bd_oblocknr)
 			/* skip dead block */
-- 
2.43.0

                 reply	other threads:[~2026-03-19 16:22 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:1bfe8a2 dfblob:d71a0a5 )
 OR (
bs:"[PATCH] nilfs2: skip blocks with no bmap entry in nilfs_ioctl_mark_blocks_dirty()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260319162159.302104-1-junjie.cao@linux.dev \
    --to=junjie.cao@linux.dev \
    --cc=konishi.ryusuke@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nilfs@vger.kernel.org \
    --cc=slava@dubeyko.com \
    --cc=stable@vger.kernel.org \
    --cc=syzbot+466a45fcfb0562f5b9a0@syzkaller.appspotmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.