[syzbot] [ocfs2?] kernel BUG in ocfs2_write_block

[syzbot] [ocfs2?] kernel BUG in ocfs2_write_block

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit:    d42f7708e27c Merge tag 'for-linus-6.11' of git://git.kerne..
git tree:       upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=16d197c7980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=1c9e296880039df9
dashboard link: https://syzkaller.appspot.com/bug?extid=c818e5c4559444f88aa0
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=17c3e407980000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=12bb9900580000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b879ea3b7dd4/disk-d42f7708.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/812a7fb7bfcc/vmlinux-d42f7708.xz
kernel image: https://storage.googleapis.com/syzbot-assets/806a22d4adbf/bzImage-d42f7708.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/e983237a6366/mount_0.gz

Bisection is inconclusive: the issue happens on the oldest tested release.

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=16fa229f980000
final oops:     https://syzkaller.appspot.com/x/report.txt?x=15fa229f980000
console output: https://syzkaller.appspot.com/x/log.txt?x=11fa229f980000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c818e5c4559444f88aa0@syzkaller.appspotmail.com

loop0: detected capacity change from 0 to 32768
=======================================================
WARNING: The mand mount option has been deprecated and
         and is ignored by this kernel. Remove the mand
         option from the mount to silence this warning.
=======================================================
------------[ cut here ]------------
kernel BUG at fs/ocfs2/buffer_head_io.c:45!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 0 UID: 0 PID: 5224 Comm: syz-executor227 Not tainted 6.11.0-rc7-syzkaller-00151-gd42f7708e27c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:ocfs2_write_block+0x62a/0x6b0 fs/ocfs2/buffer_head_io.c:45
Code: fc ff df 80 3c 08 00 74 08 4c 89 ef e8 5f 41 7a fe 49 8b 7d 00 48 89 de 48 8b 54 24 08 e8 de 44 11 00 eb 2e e8 97 1d 16 fe 90 <0f> 0b e8 8f 1d 16 fe 90 0f 0b e8 97 aa 33 08 e8 82 1d 16 fe 49 bd
RSP: 0018:ffffc90003326dc0 EFLAGS: 00010293
RAX: ffffffff837d6ec9 RBX: 0000000000000000 RCX: ffff88801b318000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
RBP: ffffc90003326e90 R08: ffffffff837d6a20 R09: 1ffffffff1fee945
R10: dffffc0000000000 R11: fffffbfff1fee946 R12: ffff88807e9ef2d0
R13: dffffc0000000000 R14: ffff88807e9ef2b8 R15: ffff888011958000
FS:  0000555580ce5380(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fae84395ed8 CR3: 0000000078dfe000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 ocfs2_update_disk_slot+0x498/0x690 fs/ocfs2/slot_map.c:197
 ocfs2_find_slot+0x4cb/0xaa0 fs/ocfs2/slot_map.c:482
 ocfs2_mount_volume+0x1a0/0x1940 fs/ocfs2/super.c:1806
 ocfs2_fill_super+0x483b/0x5880 fs/ocfs2/super.c:1084
 mount_bdev+0x20a/0x2d0 fs/super.c:1679
 legacy_get_tree+0xee/0x190 fs/fs_context.c:662
 vfs_get_tree+0x90/0x2b0 fs/super.c:1800
 do_new_mount+0x2be/0xb40 fs/namespace.c:3472
 do_mount fs/namespace.c:3812 [inline]
 __do_sys_mount fs/namespace.c:4020 [inline]
 __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:3997
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2a220a1dea
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc219a6e28 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffc219a6e40 RCX: 00007f2a220a1dea
RDX: 0000000020000280 RSI: 0000000020000040 RDI: 00007ffc219a6e40
RBP: 0000000000000004 R08: 00007ffc219a6e80 R09: 0000000000004440
R10: 00000000000008c0 R11: 0000000000000282 R12: 00000000000008c0
R13: 00007ffc219a6e80 R14: 0000000000000003 R15: 0000000001000000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ocfs2_write_block+0x62a/0x6b0 fs/ocfs2/buffer_head_io.c:45
Code: fc ff df 80 3c 08 00 74 08 4c 89 ef e8 5f 41 7a fe 49 8b 7d 00 48 89 de 48 8b 54 24 08 e8 de 44 11 00 eb 2e e8 97 1d 16 fe 90 <0f> 0b e8 8f 1d 16 fe 90 0f 0b e8 97 aa 33 08 e8 82 1d 16 fe 49 bd
RSP: 0018:ffffc90003326dc0 EFLAGS: 00010293
RAX: ffffffff837d6ec9 RBX: 0000000000000000 RCX: ffff88801b318000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
RBP: ffffc90003326e90 R08: ffffffff837d6a20 R09: 1ffffffff1fee945
R10: dffffc0000000000 R11: fffffbfff1fee946 R12: ffff88807e9ef2d0
R13: dffffc0000000000 R14: ffff88807e9ef2b8 R15: ffff888011958000
FS:  0000555580ce5380(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000560086f89778 CR3: 0000000078dfe000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Syzbot testing for ocfs2: Fix kernel BUG in ocfs2_write_block

[Prithvi Tambewagh]

#syz test git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 24172e0d79900908cf5ebf366600616d29c9b417

Signed-off-by: Prithvi Tambewagh <activprithvi@gmail.com>
---
 fs/ocfs2/slot_map.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/fs/ocfs2/slot_map.c b/fs/ocfs2/slot_map.c
index e544c704b583..de793a83555c 100644
--- a/fs/ocfs2/slot_map.c
+++ b/fs/ocfs2/slot_map.c
@@ -193,6 +193,16 @@ static int ocfs2_update_disk_slot(struct ocfs2_super *osb,
 	else
 		ocfs2_update_disk_slot_old(si, slot_num, &bh);
 	spin_unlock(&osb->osb_lock);
+	if (bh->b_blocknr < OCFS2_SUPER_BLOCK_BLKNO) {
+		status = ocfs2_error(osb->sb,
+				     "Invalid Buffer Head Block Number : %llu, "
+				     "Should be >= %d",
+				     le16_to_cpu(bh->b_blocknr),
+				     le16_to_cpu((int)OCFS2_SUPER_BLOCK_BLKNO));
+		if(!status) {
+			return -EIO;
+		}
+	}
 
 	status = ocfs2_write_block(osb, bh, INODE_CACHE(si->si_inode));
 	if (status < 0)

base-commit: 24172e0d79900908cf5ebf366600616d29c9b417
-- 
2.43.0

Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_write_block

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in ocfs2_write_block

WARNING: The mand mount option has been deprecated and
         and is ignored by this kernel. Remove the mand
         option from the mount to silence this warning.
=======================================================
On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
OCFS2: File system is now read-only.
------------[ cut here ]------------
kernel BUG at fs/ocfs2/buffer_head_io.c:45!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 6601 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:ocfs2_write_block+0x5d2/0x640 fs/ocfs2/buffer_head_io.c:45
Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 45 37 8b fe 49 8b 3f 4c 89 ee 48 8b 14 24 e8 36 88 0f 00 eb 1f e8 8f 78 29 fe 90 <0f> 0b e8 87 78 29 fe 90 0f 0b e8 7f 78 29 fe e9 ce fa ff ff e8 75
RSP: 0018:ffffc90004e4ee20 EFLAGS: 00010293
RAX: ffffffff839534d1 RBX: 1ffff1100444ea03 RCX: ffff888024ae8000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90004e4eef0 R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: fffffbfff1dac76f R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888022275000 R15: 0000000000000001
FS:  00007fbd0a5066c0(0000) GS:ffff888126df7000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fbd0ae829e0 CR3: 0000000020b78000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 ocfs2_update_disk_slot+0x6f8/0x9d0 fs/ocfs2/slot_map.c:207
 ocfs2_find_slot+0x6bb/0xc30 fs/ocfs2/slot_map.c:492
 ocfs2_mount_volume fs/ocfs2/super.c:1749 [inline]
 ocfs2_fill_super+0x3833/0x65f0 fs/ocfs2/super.c:1083
 get_tree_bdev_flags+0x40e/0x4d0 fs/super.c:1691
 vfs_get_tree+0x92/0x2b0 fs/super.c:1751
 fc_mount fs/namespace.c:1208 [inline]
 do_new_mount_fc fs/namespace.c:3651 [inline]
 do_new_mount+0x302/0xa10 fs/namespace.c:3727
 do_mount fs/namespace.c:4050 [inline]
 __do_sys_mount fs/namespace.c:4238 [inline]
 __se_sys_mount+0x313/0x410 fs/namespace.c:4215
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbd0aea0e6a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fbd0a505e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fbd0a505ef0 RCX: 00007fbd0aea0e6a
RDX: 0000200000004440 RSI: 0000200000000040 RDI: 00007fbd0a505eb0
RBP: 0000200000004440 R08: 00007fbd0a505ef0 R09: 00000000000008c0
R10: 00000000000008c0 R11: 0000000000000246 R12: 0000200000000040
R13: 00007fbd0a505eb0 R14: 0000000000004440 R15: 0000200000000280
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ocfs2_write_block+0x5d2/0x640 fs/ocfs2/buffer_head_io.c:45
Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 45 37 8b fe 49 8b 3f 4c 89 ee 48 8b 14 24 e8 36 88 0f 00 eb 1f e8 8f 78 29 fe 90 <0f> 0b e8 87 78 29 fe 90 0f 0b e8 7f 78 29 fe e9 ce fa ff ff e8 75
RSP: 0018:ffffc90004e4ee20 EFLAGS: 00010293
RAX: ffffffff839534d1 RBX: 1ffff1100444ea03 RCX: ffff888024ae8000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90004e4eef0 R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: fffffbfff1dac76f R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888022275000 R15: 0000000000000001
FS:  00007fbd0a5066c0(0000) GS:ffff888126df7000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fbd0ae829e0 CR3: 0000000020b78000 CR4: 00000000003526f0


Tested on:

commit:         24172e0d Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=11510eb4580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=41ad820f608cb833
dashboard link: https://syzkaller.appspot.com/bug?extid=c818e5c4559444f88aa0
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=13d2421a580000

Syzbot testing for ocfs2: Fix kernel BUG in ocfs2_write_block

[Prithvi Tambewagh]

#syz test git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 24172e0d79900908cf5ebf366600616d29c9b417

Signed-off-by: Prithvi Tambewagh <activprithvi@gmail.com>
---
 fs/ocfs2/slot_map.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/fs/ocfs2/slot_map.c b/fs/ocfs2/slot_map.c
index e544c704b583..79f9d1753bc1 100644
--- a/fs/ocfs2/slot_map.c
+++ b/fs/ocfs2/slot_map.c
@@ -193,6 +193,17 @@ static int ocfs2_update_disk_slot(struct ocfs2_super *osb,
 	else
 		ocfs2_update_disk_slot_old(si, slot_num, &bh);
 	spin_unlock(&osb->osb_lock);
+	if (bh->b_blocknr < OCFS2_SUPER_BLOCK_BLKNO) {
+		status = ocfs2_error(osb->sb,
+				     "Invalid Slot Map Buffer Head "
+				     "Block Number : %llu, Should be >= %d",
+				     le16_to_cpu(bh->b_blocknr),
+				     le16_to_cpu((int)OCFS2_SUPER_BLOCK_BLKNO));
+		if(!status) {
+			return -EIO;
+		}
+		return status;
+	}
 
 	status = ocfs2_write_block(osb, bh, INODE_CACHE(si->si_inode));
 	if (status < 0)

base-commit: 24172e0d79900908cf5ebf366600616d29c9b417
-- 
2.43.0

Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_write_block

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+c818e5c4559444f88aa0@syzkaller.appspotmail.com
Tested-by: syzbot+c818e5c4559444f88aa0@syzkaller.appspotmail.com

Tested on:

commit:         24172e0d Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=12b54992580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=41ad820f608cb833
dashboard link: https://syzkaller.appspot.com/bug?extid=c818e5c4559444f88aa0
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=11da421a580000

Note: testing is done by a robot and is best-effort only.

Syzbot testing for ocfs2: Fix kernel BUG in ocfs2_write_block

[Prithvi Tambewagh]

#syz test git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 24172e0d79900908cf5ebf366600616d29c9b417

Signed-off-by: Prithvi Tambewagh <activprithvi@gmail.com>
---
 fs/ocfs2/slot_map.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/fs/ocfs2/slot_map.c b/fs/ocfs2/slot_map.c
index e544c704b583..788924fc3663 100644
--- a/fs/ocfs2/slot_map.c
+++ b/fs/ocfs2/slot_map.c
@@ -193,6 +193,16 @@ static int ocfs2_update_disk_slot(struct ocfs2_super *osb,
 	else
 		ocfs2_update_disk_slot_old(si, slot_num, &bh);
 	spin_unlock(&osb->osb_lock);
+	if (bh->b_blocknr < OCFS2_SUPER_BLOCK_BLKNO) {
+		status = ocfs2_error(osb->sb,
+				     "Invalid Slot Map Buffer Head "
+				     "Block Number : %llu, Should be >= %d",
+				     le16_to_cpu(bh->b_blocknr),
+				     le16_to_cpu((int)OCFS2_SUPER_BLOCK_BLKNO));
+		if (!status)
+			return -EIO;
+		return status;
+	}
 
 	status = ocfs2_write_block(osb, bh, INODE_CACHE(si->si_inode));
 	if (status < 0)

base-commit: 24172e0d79900908cf5ebf366600616d29c9b417
-- 
2.43.0

Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_write_block

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+c818e5c4559444f88aa0@syzkaller.appspotmail.com
Tested-by: syzbot+c818e5c4559444f88aa0@syzkaller.appspotmail.com

Tested on:

commit:         24172e0d Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=10470eb4580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=41ad820f608cb833
dashboard link: https://syzkaller.appspot.com/bug?extid=c818e5c4559444f88aa0
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=10074992580000

Note: testing is done by a robot and is best-effort only.

Syzbot test for ocfs2: fix kernel BUG in ocfs2_write_block

[Prithvi Tambewagh]

#syz test git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 24172e0d79900908cf5ebf366600616d29c9b417

Signed-off-by: Prithvi Tambewagh <activprithvi@gmail.com>
---
 fs/ocfs2/slot_map.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/fs/ocfs2/slot_map.c b/fs/ocfs2/slot_map.c
index e544c704b583..e916a2e8f92d 100644
--- a/fs/ocfs2/slot_map.c
+++ b/fs/ocfs2/slot_map.c
@@ -193,6 +193,16 @@ static int ocfs2_update_disk_slot(struct ocfs2_super *osb,
 	else
 		ocfs2_update_disk_slot_old(si, slot_num, &bh);
 	spin_unlock(&osb->osb_lock);
+	if (bh->b_blocknr < OCFS2_SUPER_BLOCK_BLKNO) {
+		status = ocfs2_error(osb->sb,
+				     "Invalid Slot Map Buffer Head "
+				     "Block Number : %llu, Should be >= %d",
+				     (unsigned long long)bh->b_blocknr,
+				     OCFS2_SUPER_BLOCK_BLKNO);
+		if (!status)
+			return -EIO;
+		return status;
+	}
 
 	status = ocfs2_write_block(osb, bh, INODE_CACHE(si->si_inode));
 	if (status < 0)

base-commit: 24172e0d79900908cf5ebf366600616d29c9b417
-- 
2.43.0

Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_write_block

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+c818e5c4559444f88aa0@syzkaller.appspotmail.com
Tested-by: syzbot+c818e5c4559444f88aa0@syzkaller.appspotmail.com

Tested on:

commit:         24172e0d Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=132c3eb4580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=41ad820f608cb833
dashboard link: https://syzkaller.appspot.com/bug?extid=c818e5c4559444f88aa0
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=17e43eb4580000

Note: testing is done by a robot and is best-effort only.

Syzbot test for v3: ocfs2: fix kernel BUG in ocfs2_write_block

[Prithvi Tambewagh]

#syz test git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 24172e0d79900908cf5ebf366600616d29c9b417

Signed-off-by: Prithvi Tambewagh <activprithvi@gmail.com>
---
 fs/ocfs2/slot_map.c | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/fs/ocfs2/slot_map.c b/fs/ocfs2/slot_map.c
index e544c704b583..9406ac37af6b 100644
--- a/fs/ocfs2/slot_map.c
+++ b/fs/ocfs2/slot_map.c
@@ -132,7 +132,8 @@ int ocfs2_refresh_slot_info(struct ocfs2_super *osb)
 	 * this is not true, the read of -1 (UINT64_MAX) will fail.
 	 */
 	ret = ocfs2_read_blocks(INODE_CACHE(si->si_inode), -1, si->si_blocks,
-				si->si_bh, OCFS2_BH_IGNORE_CACHE, NULL);
+				si->si_bh, OCFS2_BH_IGNORE_CACHE,
+				ocfs2_validate_slot_map_block);
 	if (ret == 0) {
 		spin_lock(&osb->osb_lock);
 		ocfs2_update_slot_info(si);
@@ -332,6 +333,26 @@ int ocfs2_clear_slot(struct ocfs2_super *osb, int slot_num)
 	return ocfs2_update_disk_slot(osb, osb->slot_info, slot_num);
 }
 
+static int ocfs2_validate_slot_map_block(struct super_block *sb,
+					 struct buffer_head *bh)
+{
+	int rc;
+
+	BUG_ON(!buffer_uptodate(bh));
+
+	if (bh->b_blocknr < OCFS2_SUPER_BLOCK_BLKNO) {
+		rc = ocfs2_error(sb,
+				 "Invalid Slot Map Buffer Head "
+				 "Block Number : %llu, Should be >= %d",
+				 (unsigned long long)bh->b_blocknr,
+				 OCFS2_SUPER_BLOCK_BLKNO);
+		if (!rc)
+			return -EIO;
+		return rc;
+	}
+	return 0;
+}
+
 static int ocfs2_map_slot_buffers(struct ocfs2_super *osb,
 				  struct ocfs2_slot_info *si)
 {
@@ -383,7 +404,8 @@ static int ocfs2_map_slot_buffers(struct ocfs2_super *osb,
 
 		bh = NULL;  /* Acquire a fresh bh */
 		status = ocfs2_read_blocks(INODE_CACHE(si->si_inode), blkno,
-					   1, &bh, OCFS2_BH_IGNORE_CACHE, NULL);
+					   1, &bh, OCFS2_BH_IGNORE_CACHE,
+					   ocfs2_validate_slot_map_block);
 		if (status < 0) {
 			mlog_errno(status);
 			goto bail;

base-commit: 24172e0d79900908cf5ebf366600616d29c9b417
-- 
2.43.0

Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_write_block

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

fs/ocfs2/slot_map.c:136:5: error: use of undeclared identifier 'ocfs2_validate_slot_map_block'; did you mean 'ocfs2_validate_inode_block'?


Tested on:

commit:         24172e0d Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel config:  https://syzkaller.appspot.com/x/.config?x=41ad820f608cb833
dashboard link: https://syzkaller.appspot.com/bug?extid=c818e5c4559444f88aa0
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=103299c2580000

Syzbot test for v3: ocfs2: fix kernel BUG in ocfs2_write_block

[Prithvi Tambewagh]

#syz test git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 24172e0d79900908cf5ebf366600616d29c9b417

Signed-off-by: Prithvi Tambewagh <activprithvi@gmail.com>
---
 fs/ocfs2/slot_map.c | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/fs/ocfs2/slot_map.c b/fs/ocfs2/slot_map.c
index e544c704b583..40e5e95fd375 100644
--- a/fs/ocfs2/slot_map.c
+++ b/fs/ocfs2/slot_map.c
@@ -44,6 +44,9 @@ struct ocfs2_slot_info {
 static int __ocfs2_node_num_to_slot(struct ocfs2_slot_info *si,
 				    unsigned int node_num);
 
+static int ocfs2_validate_slot_map_block(struct super_block *sb,
+					  struct buffer_head *bh)
+
 static void ocfs2_invalidate_slot(struct ocfs2_slot_info *si,
 				  int slot_num)
 {
@@ -132,7 +135,8 @@ int ocfs2_refresh_slot_info(struct ocfs2_super *osb)
 	 * this is not true, the read of -1 (UINT64_MAX) will fail.
 	 */
 	ret = ocfs2_read_blocks(INODE_CACHE(si->si_inode), -1, si->si_blocks,
-				si->si_bh, OCFS2_BH_IGNORE_CACHE, NULL);
+				si->si_bh, OCFS2_BH_IGNORE_CACHE,
+				ocfs2_validate_slot_map_block);
 	if (ret == 0) {
 		spin_lock(&osb->osb_lock);
 		ocfs2_update_slot_info(si);
@@ -332,6 +336,26 @@ int ocfs2_clear_slot(struct ocfs2_super *osb, int slot_num)
 	return ocfs2_update_disk_slot(osb, osb->slot_info, slot_num);
 }
 
+static int ocfs2_validate_slot_map_block(struct super_block *sb,
+					  struct buffer_head *bh)
+{
+	int rc;
+
+	BUG_ON(!buffer_uptodate(bh));
+
+	if (bh->b_blocknr < OCFS2_SUPER_BLOCK_BLKNO) {
+		rc = ocfs2_error(sb,
+				 "Invalid Slot Map Buffer Head "
+				 "Block Number : %llu, Should be >= %d",
+				 (unsigned long long)bh->b_blocknr,
+				 OCFS2_SUPER_BLOCK_BLKNO);
+		if (!rc)
+			return -EIO;
+		return rc;
+	}
+	return 0;
+}
+
 static int ocfs2_map_slot_buffers(struct ocfs2_super *osb,
 				  struct ocfs2_slot_info *si)
 {
@@ -383,7 +407,8 @@ static int ocfs2_map_slot_buffers(struct ocfs2_super *osb,
 
 		bh = NULL;  /* Acquire a fresh bh */
 		status = ocfs2_read_blocks(INODE_CACHE(si->si_inode), blkno,
-					   1, &bh, OCFS2_BH_IGNORE_CACHE, NULL);
+					   1, &bh, OCFS2_BH_IGNORE_CACHE,
+					   ocfs2_validate_slot_map_block);
 		if (status < 0) {
 			mlog_errno(status);
 			goto bail;

base-commit: 24172e0d79900908cf5ebf366600616d29c9b417
-- 
2.43.0

Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_write_block

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

fs/ocfs2/slot_map.c:48:31: error: expected ';' after top level declarator


Tested on:

commit:         24172e0d Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel config:  https://syzkaller.appspot.com/x/.config?x=41ad820f608cb833
dashboard link: https://syzkaller.appspot.com/bug?extid=c818e5c4559444f88aa0
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=10f4811a580000

Syzbot test for ocfs2: Add validate function for slot map blocks

[Prithvi Tambewagh]

#syz test git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 24172e0d79900908cf5ebf366600616d29c9b417

Signed-off-by: Prithvi Tambewagh <activprithvi@gmail.com>
---
 fs/ocfs2/slot_map.c | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/fs/ocfs2/slot_map.c b/fs/ocfs2/slot_map.c
index e544c704b583..50ddd7f50f8f 100644
--- a/fs/ocfs2/slot_map.c
+++ b/fs/ocfs2/slot_map.c
@@ -44,6 +44,9 @@ struct ocfs2_slot_info {
 static int __ocfs2_node_num_to_slot(struct ocfs2_slot_info *si,
 				    unsigned int node_num);
 
+static int ocfs2_validate_slot_map_block(struct super_block *sb,
+					  struct buffer_head *bh);
+
 static void ocfs2_invalidate_slot(struct ocfs2_slot_info *si,
 				  int slot_num)
 {
@@ -132,7 +135,8 @@ int ocfs2_refresh_slot_info(struct ocfs2_super *osb)
 	 * this is not true, the read of -1 (UINT64_MAX) will fail.
 	 */
 	ret = ocfs2_read_blocks(INODE_CACHE(si->si_inode), -1, si->si_blocks,
-				si->si_bh, OCFS2_BH_IGNORE_CACHE, NULL);
+				si->si_bh, OCFS2_BH_IGNORE_CACHE,
+				ocfs2_validate_slot_map_block);
 	if (ret == 0) {
 		spin_lock(&osb->osb_lock);
 		ocfs2_update_slot_info(si);
@@ -332,6 +336,26 @@ int ocfs2_clear_slot(struct ocfs2_super *osb, int slot_num)
 	return ocfs2_update_disk_slot(osb, osb->slot_info, slot_num);
 }
 
+static int ocfs2_validate_slot_map_block(struct super_block *sb,
+					  struct buffer_head *bh)
+{
+	int rc;
+
+	BUG_ON(!buffer_uptodate(bh));
+
+	if (bh->b_blocknr < OCFS2_SUPER_BLOCK_BLKNO) {
+		rc = ocfs2_error(sb,
+				 "Invalid Slot Map Buffer Head "
+				 "Block Number : %llu, Should be >= %d",
+				 (unsigned long long)bh->b_blocknr,
+				 OCFS2_SUPER_BLOCK_BLKNO);
+		if (!rc)
+			return -EIO;
+		return rc;
+	}
+	return 0;
+}
+
 static int ocfs2_map_slot_buffers(struct ocfs2_super *osb,
 				  struct ocfs2_slot_info *si)
 {
@@ -383,7 +407,8 @@ static int ocfs2_map_slot_buffers(struct ocfs2_super *osb,
 
 		bh = NULL;  /* Acquire a fresh bh */
 		status = ocfs2_read_blocks(INODE_CACHE(si->si_inode), blkno,
-					   1, &bh, OCFS2_BH_IGNORE_CACHE, NULL);
+					   1, &bh, OCFS2_BH_IGNORE_CACHE,
+					   ocfs2_validate_slot_map_block);
 		if (status < 0) {
 			mlog_errno(status);
 			goto bail;

base-commit: 24172e0d79900908cf5ebf366600616d29c9b417
-- 
2.43.0

Re: Syzbot test for v3: ocfs2: fix kernel BUG in ocfs2_write_block

[kernel test robot]

Hi Prithvi,

kernel test robot noticed the following build errors:

[auto build test ERROR on 24172e0d79900908cf5ebf366600616d29c9b417]

url:    https://github.com/intel-lab-lkp/linux/commits/Prithvi-Tambewagh/Syzbot-test-for-v3-ocfs2-fix-kernel-BUG-in-ocfs2_write_block/20251215-032310
base:   24172e0d79900908cf5ebf366600616d29c9b417
patch link:    https://lore.kernel.org/r/20251214192047.34811-1-activprithvi%40gmail.com
patch subject: Syzbot test for v3: ocfs2: fix kernel BUG in ocfs2_write_block
config: arc-randconfig-002-20251215 (https://download.01.org/0day-ci/archive/20251215/202512151210.z9u1Ypu5-lkp@intel.com/config)
compiler: arc-linux-gcc (GCC) 12.5.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251215/202512151210.z9u1Ypu5-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202512151210.z9u1Ypu5-lkp@intel.com/

All error/warnings (new ones prefixed by >>):

   fs/ocfs2/slot_map.c: In function 'ocfs2_validate_slot_map_block':
>> fs/ocfs2/slot_map.c:52:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
      52 | {
         | ^
   fs/ocfs2/slot_map.c:59:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
      59 | {
         | ^
   fs/ocfs2/slot_map.c:68:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
      68 | {
         | ^
   fs/ocfs2/slot_map.c:93:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
      93 | {
         | ^
   fs/ocfs2/slot_map.c:108:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     108 | {
         | ^
   fs/ocfs2/slot_map.c:120:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     120 | {
         | ^
   fs/ocfs2/slot_map.c:154:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     154 | {
         | ^
   fs/ocfs2/slot_map.c:172:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     172 | {
         | ^
   fs/ocfs2/slot_map.c:190:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     190 | {
         | ^
   fs/ocfs2/slot_map.c:215:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     215 | {
         | ^
   fs/ocfs2/slot_map.c:239:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     239 | {
         | ^
   fs/ocfs2/slot_map.c:255:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     255 | {
         | ^
   fs/ocfs2/slot_map.c:276:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     276 | {
         | ^
   fs/ocfs2/slot_map.c:289:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     289 | {
         | ^
   fs/ocfs2/slot_map.c:305:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     305 | {
         | ^
   fs/ocfs2/slot_map.c:326:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     326 | {
         | ^
   fs/ocfs2/slot_map.c:341:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     341 | {
         | ^
   fs/ocfs2/slot_map.c:361:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     361 | {
         | ^
   fs/ocfs2/slot_map.c:425:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     425 | {
         | ^
   fs/ocfs2/slot_map.c:464:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     464 | {
         | ^
   fs/ocfs2/slot_map.c:472:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     472 | {
         | ^
   fs/ocfs2/slot_map.c:525:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     525 | {
         | ^
>> fs/ocfs2/slot_map.c:546: error: expected '{' at end of input
>> fs/ocfs2/slot_map.c:545:1: warning: no return statement in function returning non-void [-Wreturn-type]
     545 | }
         | ^
   fs/ocfs2/slot_map.c: At top level:
>> fs/ocfs2/slot_map.c:44:12: warning: '__ocfs2_node_num_to_slot' declared 'static' but never defined [-Wunused-function]
      44 | static int __ocfs2_node_num_to_slot(struct ocfs2_slot_info *si,
         |            ^~~~~~~~~~~~~~~~~~~~~~~~
>> fs/ocfs2/slot_map.c:47:12: warning: 'ocfs2_validate_slot_map_block' defined but not used [-Wunused-function]
      47 | static int ocfs2_validate_slot_map_block(struct super_block *sb,
         |            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~


vim +52 fs/ocfs2/slot_map.c

d85b20e4b300ed Joel Becker       2008-02-01  42  
d85b20e4b300ed Joel Becker       2008-02-01  43  
fc881fa0d59596 Joel Becker       2008-02-01 @44  static int __ocfs2_node_num_to_slot(struct ocfs2_slot_info *si,
fc881fa0d59596 Joel Becker       2008-02-01  45  				    unsigned int node_num);
fc881fa0d59596 Joel Becker       2008-02-01  46  
39ad33650c4c83 Prithvi Tambewagh 2025-12-15 @47  static int ocfs2_validate_slot_map_block(struct super_block *sb,
39ad33650c4c83 Prithvi Tambewagh 2025-12-15  48  					  struct buffer_head *bh)
39ad33650c4c83 Prithvi Tambewagh 2025-12-15  49  
fc881fa0d59596 Joel Becker       2008-02-01  50  static void ocfs2_invalidate_slot(struct ocfs2_slot_info *si,
fc881fa0d59596 Joel Becker       2008-02-01  51  				  int slot_num)
fc881fa0d59596 Joel Becker       2008-02-01 @52  {
fc881fa0d59596 Joel Becker       2008-02-01  53  	BUG_ON((slot_num < 0) || (slot_num >= si->si_num_slots));
fc881fa0d59596 Joel Becker       2008-02-01  54  	si->si_slots[slot_num].sl_valid = 0;
fc881fa0d59596 Joel Becker       2008-02-01  55  }
fc881fa0d59596 Joel Becker       2008-02-01  56  

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Re: Syzbot test for v3: ocfs2: fix kernel BUG in ocfs2_write_block

[kernel test robot]

Hi Prithvi,

kernel test robot noticed the following build errors:

[auto build test ERROR on 24172e0d79900908cf5ebf366600616d29c9b417]

url:    https://github.com/intel-lab-lkp/linux/commits/Prithvi-Tambewagh/Syzbot-test-for-v3-ocfs2-fix-kernel-BUG-in-ocfs2_write_block/20251215-032310
base:   24172e0d79900908cf5ebf366600616d29c9b417
patch link:    https://lore.kernel.org/r/20251214192047.34811-1-activprithvi%40gmail.com
patch subject: Syzbot test for v3: ocfs2: fix kernel BUG in ocfs2_write_block
config: x86_64-kexec (https://download.01.org/0day-ci/archive/20251215/202512151201.4cweqZmR-lkp@intel.com/config)
compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251215/202512151201.4cweqZmR-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202512151201.4cweqZmR-lkp@intel.com/

All errors (new ones prefixed by >>):

>> fs/ocfs2/slot_map.c:48:31: error: expected ';' after top level declarator
      48 |                                           struct buffer_head *bh)
         |                                                                  ^
         |                                                                  ;
   1 error generated.


vim +48 fs/ocfs2/slot_map.c

    42	
    43	
    44	static int __ocfs2_node_num_to_slot(struct ocfs2_slot_info *si,
    45					    unsigned int node_num);
    46	
    47	static int ocfs2_validate_slot_map_block(struct super_block *sb,
  > 48						  struct buffer_head *bh)
    49	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_write_block

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+c818e5c4559444f88aa0@syzkaller.appspotmail.com
Tested-by: syzbot+c818e5c4559444f88aa0@syzkaller.appspotmail.com

Tested on:

commit:         24172e0d Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=12c5d11a580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=41ad820f608cb833
dashboard link: https://syzkaller.appspot.com/bug?extid=c818e5c4559444f88aa0
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1599d11a580000

Note: testing is done by a robot and is best-effort only.

Re: Syzbot test for v3: ocfs2: fix kernel BUG in ocfs2_write_block

[kernel test robot]

Hi Prithvi,

kernel test robot noticed the following build errors:

[auto build test ERROR on 24172e0d79900908cf5ebf366600616d29c9b417]

url:    https://github.com/intel-lab-lkp/linux/commits/Prithvi-Tambewagh/Syzbot-test-for-v3-ocfs2-fix-kernel-BUG-in-ocfs2_write_block/20251215-032310
base:   24172e0d79900908cf5ebf366600616d29c9b417
patch link:    https://lore.kernel.org/r/20251214192047.34811-1-activprithvi%40gmail.com
patch subject: Syzbot test for v3: ocfs2: fix kernel BUG in ocfs2_write_block
config: x86_64-kexec (https://download.01.org/0day-ci/archive/20251215/202512151240.MwIXYwyy-lkp@intel.com/config)
compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251215/202512151240.MwIXYwyy-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202512151240.MwIXYwyy-lkp@intel.com/

All errors (new ones prefixed by >>):

>> fs/ocfs2/slot_map.c:48:31: error: expected ';' after top level declarator
      48 |                                           struct buffer_head *bh)
         |                                                                  ^
         |                                                                  ;
   1 error generated.


vim +48 fs/ocfs2/slot_map.c

    42	
    43	
    44	static int __ocfs2_node_num_to_slot(struct ocfs2_slot_info *si,
    45					    unsigned int node_num);
    46	
    47	static int ocfs2_validate_slot_map_block(struct super_block *sb,
  > 48						  struct buffer_head *bh)
    49	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Re: Syzbot test for v3: ocfs2: fix kernel BUG in ocfs2_write_block

[kernel test robot]

Hi Prithvi,

kernel test robot noticed the following build errors:

[auto build test ERROR on 24172e0d79900908cf5ebf366600616d29c9b417]

url:    https://github.com/intel-lab-lkp/linux/commits/Prithvi-Tambewagh/Syzbot-test-for-v3-ocfs2-fix-kernel-BUG-in-ocfs2_write_block/20251215-032310
base:   24172e0d79900908cf5ebf366600616d29c9b417
patch link:    https://lore.kernel.org/r/20251214192047.34811-1-activprithvi%40gmail.com
patch subject: Syzbot test for v3: ocfs2: fix kernel BUG in ocfs2_write_block
config: x86_64-rhel-9.4 (https://download.01.org/0day-ci/archive/20251215/202512151209.PXAJgMVX-lkp@intel.com/config)
compiler: gcc-14 (Debian 14.2.0-19) 14.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251215/202512151209.PXAJgMVX-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202512151209.PXAJgMVX-lkp@intel.com/

All error/warnings (new ones prefixed by >>):

   fs/ocfs2/slot_map.c: In function 'ocfs2_validate_slot_map_block':
>> fs/ocfs2/slot_map.c:52:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
      52 | {
         | ^
   fs/ocfs2/slot_map.c:59:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
      59 | {
         | ^
   fs/ocfs2/slot_map.c:68:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
      68 | {
         | ^
   fs/ocfs2/slot_map.c:93:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
      93 | {
         | ^
   fs/ocfs2/slot_map.c:108:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     108 | {
         | ^
   fs/ocfs2/slot_map.c:120:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     120 | {
         | ^
   fs/ocfs2/slot_map.c:154:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     154 | {
         | ^
   fs/ocfs2/slot_map.c:172:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     172 | {
         | ^
   fs/ocfs2/slot_map.c:190:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     190 | {
         | ^
   fs/ocfs2/slot_map.c:215:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     215 | {
         | ^
   fs/ocfs2/slot_map.c:239:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     239 | {
         | ^
   fs/ocfs2/slot_map.c:255:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     255 | {
         | ^
   fs/ocfs2/slot_map.c:276:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     276 | {
         | ^
   fs/ocfs2/slot_map.c:289:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     289 | {
         | ^
   fs/ocfs2/slot_map.c:305:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     305 | {
         | ^
   fs/ocfs2/slot_map.c:326:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     326 | {
         | ^
   fs/ocfs2/slot_map.c:341:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     341 | {
         | ^
   fs/ocfs2/slot_map.c:361:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     361 | {
         | ^
   fs/ocfs2/slot_map.c:425:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     425 | {
         | ^
   fs/ocfs2/slot_map.c:464:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     464 | {
         | ^
   fs/ocfs2/slot_map.c:472:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     472 | {
         | ^
   fs/ocfs2/slot_map.c:525:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token
     525 | {
         | ^
>> fs/ocfs2/slot_map.c:546: error: expected '{' at end of input
>> fs/ocfs2/slot_map.c:545:1: warning: no return statement in function returning non-void [-Wreturn-type]
     545 | }
         | ^
   fs/ocfs2/slot_map.c: At top level:
>> fs/ocfs2/slot_map.c:44:12: warning: '__ocfs2_node_num_to_slot' declared 'static' but never defined [-Wunused-function]
      44 | static int __ocfs2_node_num_to_slot(struct ocfs2_slot_info *si,
         |            ^~~~~~~~~~~~~~~~~~~~~~~~
>> fs/ocfs2/slot_map.c:47:12: warning: 'ocfs2_validate_slot_map_block' defined but not used [-Wunused-function]
      47 | static int ocfs2_validate_slot_map_block(struct super_block *sb,
         |            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~


vim +52 fs/ocfs2/slot_map.c

d85b20e4b300ed Joel Becker       2008-02-01  42  
d85b20e4b300ed Joel Becker       2008-02-01  43  
fc881fa0d59596 Joel Becker       2008-02-01 @44  static int __ocfs2_node_num_to_slot(struct ocfs2_slot_info *si,
fc881fa0d59596 Joel Becker       2008-02-01  45  				    unsigned int node_num);
fc881fa0d59596 Joel Becker       2008-02-01  46  
39ad33650c4c83 Prithvi Tambewagh 2025-12-15 @47  static int ocfs2_validate_slot_map_block(struct super_block *sb,
39ad33650c4c83 Prithvi Tambewagh 2025-12-15  48  					  struct buffer_head *bh)
39ad33650c4c83 Prithvi Tambewagh 2025-12-15  49  
fc881fa0d59596 Joel Becker       2008-02-01  50  static void ocfs2_invalidate_slot(struct ocfs2_slot_info *si,
fc881fa0d59596 Joel Becker       2008-02-01  51  				  int slot_num)
fc881fa0d59596 Joel Becker       2008-02-01 @52  {
fc881fa0d59596 Joel Becker       2008-02-01  53  	BUG_ON((slot_num < 0) || (slot_num >= si->si_num_slots));
fc881fa0d59596 Joel Becker       2008-02-01  54  	si->si_slots[slot_num].sl_valid = 0;
fc881fa0d59596 Joel Becker       2008-02-01  55  }
fc881fa0d59596 Joel Becker       2008-02-01  56  

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Syzbot test for v4: ocfs2: Add validate function for slot map blocks

[Prithvi Tambewagh]

#syz test git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 24172e0d79900908cf5ebf366600616d29c9b417

Signed-off-by: Prithvi Tambewagh <activprithvi@gmail.com>
---
 fs/ocfs2/slot_map.c | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/fs/ocfs2/slot_map.c b/fs/ocfs2/slot_map.c
index e544c704b583..ea4a68abc25b 100644
--- a/fs/ocfs2/slot_map.c
+++ b/fs/ocfs2/slot_map.c
@@ -44,6 +44,9 @@ struct ocfs2_slot_info {
 static int __ocfs2_node_num_to_slot(struct ocfs2_slot_info *si,
 				    unsigned int node_num);
 
+static int ocfs2_validate_slot_map_block(struct super_block *sb,
+					  struct buffer_head *bh);
+
 static void ocfs2_invalidate_slot(struct ocfs2_slot_info *si,
 				  int slot_num)
 {
@@ -132,7 +135,8 @@ int ocfs2_refresh_slot_info(struct ocfs2_super *osb)
 	 * this is not true, the read of -1 (UINT64_MAX) will fail.
 	 */
 	ret = ocfs2_read_blocks(INODE_CACHE(si->si_inode), -1, si->si_blocks,
-				si->si_bh, OCFS2_BH_IGNORE_CACHE, NULL);
+				si->si_bh, OCFS2_BH_IGNORE_CACHE,
+				ocfs2_validate_slot_map_block);
 	if (ret == 0) {
 		spin_lock(&osb->osb_lock);
 		ocfs2_update_slot_info(si);
@@ -332,6 +336,24 @@ int ocfs2_clear_slot(struct ocfs2_super *osb, int slot_num)
 	return ocfs2_update_disk_slot(osb, osb->slot_info, slot_num);
 }
 
+static int ocfs2_validate_slot_map_block(struct super_block *sb,
+					  struct buffer_head *bh)
+{
+	int rc;
+
+	BUG_ON(!buffer_uptodate(bh));
+
+	if (bh->b_blocknr < OCFS2_SUPER_BLOCK_BLKNO) {
+		rc = ocfs2_error(sb,
+				 "Invalid Slot Map Buffer Head "
+				 "Block Number : %llu, Should be >= %d",
+				 (unsigned long long)bh->b_blocknr,
+				 OCFS2_SUPER_BLOCK_BLKNO);
+		return rc;
+	}
+	return 0;
+}
+
 static int ocfs2_map_slot_buffers(struct ocfs2_super *osb,
 				  struct ocfs2_slot_info *si)
 {
@@ -383,7 +405,8 @@ static int ocfs2_map_slot_buffers(struct ocfs2_super *osb,
 
 		bh = NULL;  /* Acquire a fresh bh */
 		status = ocfs2_read_blocks(INODE_CACHE(si->si_inode), blkno,
-					   1, &bh, OCFS2_BH_IGNORE_CACHE, NULL);
+					   1, &bh, OCFS2_BH_IGNORE_CACHE,
+					   ocfs2_validate_slot_map_block);
 		if (status < 0) {
 			mlog_errno(status);
 			goto bail;

base-commit: 24172e0d79900908cf5ebf366600616d29c9b417
-- 
2.43.0

Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_write_block

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+c818e5c4559444f88aa0@syzkaller.appspotmail.com
Tested-by: syzbot+c818e5c4559444f88aa0@syzkaller.appspotmail.com

Tested on:

commit:         24172e0d Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=122439c2580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=41ad820f608cb833
dashboard link: https://syzkaller.appspot.com/bug?extid=c818e5c4559444f88aa0
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=17d0b11a580000

Note: testing is done by a robot and is best-effort only.