From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 036A229B781 for ; Sat, 6 Dec 2025 15:48:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.170 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765036118; cv=none; b=fNxUl+S+fSulB7W6A70823zl97W3tRCLuoIz9FuSe/v3JieuZwvtuc9wrEXASHMH+bihW97SEc2FgMd3SZnUaWn7Oa47Ajp8L2dxI+61NkcZh22ooK9H5lCPe/KZpxXrFLmCTbZGNtWh53JG5f/Vn9S4/Hie7dLC5H3ixvEd3b8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765036118; c=relaxed/simple; bh=GuParDz5eBLylVgW96qpjXBZ/qEXhOMxbh9C6uWa7ac=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=prHmjPE4GHc4oilWaSRyFqsK0P9sK6Njo7Xq2WtF72fJCUwydsPN57gUZLezvqvCdVVyJkUNm0rJlCN4xeMU0LJe6uhkMFFnBrmhFmjrcEcwPGvJPBE/c3XAbB8QlQc4VFffNmKYlAAirWIWQyQF7IG3jKS06GP+4VCktHHuOQ8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ROegrRMb; arc=none smtp.client-ip=209.85.210.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ROegrRMb" Received: by mail-pf1-f170.google.com with SMTP id d2e1a72fcca58-7bc248dc16aso2488462b3a.0 for ; Sat, 06 Dec 2025 07:48:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1765036116; x=1765640916; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=+eRPeM9q2EbXpge8hopYzyHkKbCy3VfPZR9AGB8+LLk=; b=ROegrRMbt7tAJR04w/QBpviK5CwHD6Uwq3GJCKoULAUNJ3T7aly5eCwgGgJwnl0VPw r1lUe1VALMSfaHVx4ItJFBtUdM1NK1LsY403e1tFqHB2TtfIKhb+S00mCD2Y4r4dU/8l 04vyJ97VsLh9ko8MkvjG96T6waqKXHihP96RIfJr3Jzuq+Nf+ZSQoVjpKL64za0UTXwe iU7CZge1TVg98ZcwjddsKSIEwZXwcC4FK3O5vXPanC3e1NtXH+SRI5MvKDJgb1RaS4C0 qbNAGfWu3ybXD1P6yXtUlMSCNJpiK3eG8U1ZjI2PlE1YlUHU2FZS+NBgickqIulBW2Mm FEhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1765036116; x=1765640916; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=+eRPeM9q2EbXpge8hopYzyHkKbCy3VfPZR9AGB8+LLk=; b=W0bq5ZOelcwp4nZ1blsJBaIVRV1hbbGeCh1dpVUjLsXsv/hJLjPnfwUKtMuiCPyBcP dxE0LXL5BySc+xOpYJ4lyG4ZC/66Q9KAlBKKP3M8rbFUn0u8t0XtQzz7ggYkubJf77tV Wm6dvSIQfpQ7f/27OCHudphNVbRGfelTQpmQV/qaA6EUwI5JfTZsyWanuTFl6SLW8lTh icxuAx3ls/jLaFL95XpEYkGLcXnU10ytxMWI+DQiLzyL6Qgq02O9a+dXtE43Ib5jXmBa QaBRCeWu2vTMMrFPoWGAom90y6kBQ+a3ZKWVJbCuOjJiqnu7SUrb85cucl/yjISp7FtF BFcg== X-Forwarded-Encrypted: i=1; AJvYcCWnAwsCLnunec/SqTeUSsGmHU0xl/yEVmOibwvS3jVvu3OygIvFvww0h7+x7NYopeilDXCt4T8miGLnpHI+LC8IUZvZpw==@lists.linux.dev X-Gm-Message-State: AOJu0Yz3nWVBTq/LaklzoxnHotXR2jc8Rww8SS8wqAM8rTiU4Rb6bQ64 UybIz+paawMu8EwcelKXAp3GRu53amlsnSKeKckr2wmy0Ky0HKCaKq/f X-Gm-Gg: ASbGncvS+5+cgH26n0Y9NGE653eJPrVLpnvZL09ZycSxVaCvITqZmO3IZgmldYH3vHF LvgkuNLTss1iROCwhK6ZO5SxZQFcX4eEc34ryrKYkxa3OZFL059ZSJMJE7E1PB0lJxdZNTtOzTc tsXpuLGziunFvak3r6MO/jZzHxfu4t6uyDeC6j9FdHtj+bPZDHUeBzWOPgSXhm+SUvRWAvQqGnv Al9fczGu0oR30S5xfFsI9DQbAifbIXdJmLJlFIXMad0yge2QON3v3JS1mbDHlJuUIkxi2IprEuw rns4atYw3uh8sI274T+kC2N6jOb3EZLtxyHzttDAjQUmXtQEWU31pk7SI9cvoxk+3ZCC2G/Gm5M AcJ0Jtq7WV6O7E6LJ+ycn1JZeycBU5Fq747VTabJw2lEyT641Uz77IQmQQmhMLKCgqsPAoWYbYZ 0JvVl1rvChqN+kW6TH74NKaNWEgA== X-Google-Smtp-Source: AGHT+IHFctVdxlEN7Gl0atqGBbR40knvStVEAlZWL5HG/t6ahFYt4XUQze3IxeMz74Bn6QMNjDZeag== X-Received: by 2002:a05:6a20:a11e:b0:364:31e:2cb1 with SMTP id adf61e73a8af0-36617e6c5dfmr2683085637.17.1765036116169; Sat, 06 Dec 2025 07:48:36 -0800 (PST) Received: from localhost.localdomain ([114.79.178.20]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-bf6875cc8eesm7645210a12.16.2025.12.06.07.48.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 06 Dec 2025 07:48:35 -0800 (PST) From: Prithvi Tambewagh To: mark@fasheh.com, jlbec@evilplan.org, joseph.qi@linux.alibaba.com Cc: ocfs2-devel@lists.linux.dev, linux-kernel@vger.kernel.org, linux-kernel-mentees@lists.linux.dev, skhan@linuxfoundation.org, david.hunter.linux@gmail.com, khalid@kernel.org, Prithvi Tambewagh , syzbot+c818e5c4559444f88aa0@syzkaller.appspotmail.com, stable@vger.kernel.org Subject: [PATCH] ocfs2: Fix kernel BUG in ocfs2_write_block Date: Sat, 6 Dec 2025 21:18:19 +0530 Message-ID: <20251206154819.175479-1-activprithvi@gmail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel-mentees@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit When the filesystem is being mounted, the kernel panics while the data regarding slot map allocation to the local node, is being written to the disk. This occurs because the value of slot map buffer head block number, which should have been greater than or equal to `OCFS2_SUPER_BLOCK_BLKNO` (evaluating to 2) is less than it, indicative of disk metadata corruption. This triggers BUG_ON(bh->b_blocknr < OCFS2_SUPER_BLOCK_BLKNO) in ocfs2_write_block(), causing the kernel to panic. This is fixed by introducing an if condition block in ocfs2_update_disk_slot(), right before calling ocfs2_write_block(), which checks if `bh->b_blocknr` is lesser than `OCFS2_SUPER_BLOCK_BLKNO`; if yes, then ocfs2_error is called, which prints the error log, for debugging purposes, and the return value of ocfs2_error() is returned back to caller of ocfs2_update_disk_slot() i.e. ocfs2_find_slot(). If the return value is zero. then error code EIO is returned. Reported-by: syzbot+c818e5c4559444f88aa0@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c818e5c4559444f88aa0 Tested-by: syzbot+c818e5c4559444f88aa0@syzkaller.appspotmail.com Cc: stable@vger.kernel.org Signed-off-by: Prithvi Tambewagh --- fs/ocfs2/slot_map.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/fs/ocfs2/slot_map.c b/fs/ocfs2/slot_map.c index e544c704b583..788924fc3663 100644 --- a/fs/ocfs2/slot_map.c +++ b/fs/ocfs2/slot_map.c @@ -193,6 +193,16 @@ static int ocfs2_update_disk_slot(struct ocfs2_super *osb, else ocfs2_update_disk_slot_old(si, slot_num, &bh); spin_unlock(&osb->osb_lock); + if (bh->b_blocknr < OCFS2_SUPER_BLOCK_BLKNO) { + status = ocfs2_error(osb->sb, + "Invalid Slot Map Buffer Head " + "Block Number : %llu, Should be >= %d", + le16_to_cpu(bh->b_blocknr), + le16_to_cpu((int)OCFS2_SUPER_BLOCK_BLKNO)); + if (!status) + return -EIO; + return status; + } status = ocfs2_write_block(osb, bh, INODE_CACHE(si->si_inode)); if (status < 0) base-commit: 24172e0d79900908cf5ebf366600616d29c9b417 -- 2.43.0