From nobody Sat Feb 7 17:46:34 2026 Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 03631285417 for ; Sat, 6 Dec 2025 15:48:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765036119; cv=none; b=lwMxSImHg7tlHugzMA4qc5Yajcan5OJ+yxfDWmjysZfRgQi4RxqkTtcDYuZi2ukJjK65WoVrMyWbOZzTAuvjjRiTp1Tkn341I6pBlWoRd5DMItj5ShNlPwa8X6KpVcNNi49YVu8LF1quWAoEIS1mG5bmdkAa1ay00V/TzTIlkVU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765036119; c=relaxed/simple; bh=GuParDz5eBLylVgW96qpjXBZ/qEXhOMxbh9C6uWa7ac=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=QbdNh8tqDaXyVsW65Vif8/uXcWd+w6QzkPPNw3cCVmTzXk3DAHFk/o2ZRDVWFCxBPfR7O5MWJKfQwrzpqyfboCZaUX1NYanGTIJg0++Gtr6XVWmRP1TRDlLVX2JkeOrCS/SE9BeiYov3gKDbh4vYtCxc7SSLkgAFEm+EtFN54JQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ZglQs6D2; arc=none smtp.client-ip=209.85.210.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ZglQs6D2" Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-7b9c17dd591so2833179b3a.3 for ; Sat, 06 Dec 2025 07:48:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1765036116; x=1765640916; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=+eRPeM9q2EbXpge8hopYzyHkKbCy3VfPZR9AGB8+LLk=; b=ZglQs6D2ftMfHvS+we9HHBisi7eIXXtu65XqpxHtvldyv2BweozscSfpgFwvo2Bk0u Rdv0yFuEkrzQUokNZCSETBcQhLMQuRv8Z96XC5Jzypq9pxqVKdNZ5a8aoBLOMe8QXQ+4 futnYICabMKcfZaTA+MzvF1eOvL8r1bvIKLGroP/W9bUtOnpfGB43uXLjv75QG882ScA hgEPLLDsfvOB1gjDH+A4+IB2immCKwnmIHjNjQ1n0cEMM0BovB1ONrdaILjAs+Ydy/qw gMeVuS5mh2D1LqxOPXq8+ekWIzwPTFtrNHDYnnbJt58Z6A5cK0od1V5GZu+nAcp19qfv 3nYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1765036116; x=1765640916; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=+eRPeM9q2EbXpge8hopYzyHkKbCy3VfPZR9AGB8+LLk=; b=k5gGPgcZ667XNnOhkZQfWbVPHo+a36i6+XdxYatLIFV91UDqIEcSnqmM0cvFDJXtJa IgOuaZzAvGS0pghRCzYfz4b8X+IbduB06bFVey/iS46zMx556tfYLx9t+PrIl9JJPoV3 pbr86bZfAXo1dEqck8IJ4bN86aK79Sv2bNwpn318T5WNGyHaB4uWWPi2KvoGFVjZaq40 6kXnI+7Sj1e4GWwM+gWlx1Br0CNv5EqyTGZvwfSFYrt77y19i8DIcP+yunfYScDOxewm cgD1jGtp7HAD+qvd/K7pqeNHAgzmTOtik6uVmxgNtz6NSoXeamzZCbe/SyB0mMseVKAz NMYw== X-Forwarded-Encrypted: i=1; AJvYcCUPps55Q7EZJBWNFcjo5+UvpD5HCUp5oNrFXzbxuS+QvOLa5OV6917whq9ZwXmCudrflkKA5/hCGM0L0DQ=@vger.kernel.org X-Gm-Message-State: AOJu0Yz3s+ILoGTSpBw7kPPLWdrc62kV44VDYgVHe3r8qFK9dVtlDJ0S mF1vEdBR3dbmMfAiVvOzIoYhexvNPjgyMxksbt/dlNW0Wv+slLAJDCgi X-Gm-Gg: ASbGnct9kDi8G1W+UelA38ZarrXYbbeRg25XMyfqU7GiQiGd/Q6xtmEbpYfeokjNgdp 9L2BBTBfIxUwd04et1FjQfgt8kn8x5p7UdzpAoZNtxAsAet6a1juWZMPTjPYRoQw6nDpFeWhY+A aS2W0YNb+mQSEpjVm8+l7yJL01FWlMxQLF9eDVopmustWqTcrrngvkTzad8p+cYm4ez0q3fiRl1 agDnFAmUXmPRRfdAY7ZPRYjtbBOxIEJ47R1A66CTt+Bdp9bjeY0/jj020B0uTxQzBs9hXgXeCR7 CxQiGcRwwm0x32SPJZJ3YcEASUYnHKnMpYrmIaHj/dM3fMXFe4S9wYWIf5pFI1kpw1l4nQOfPyb dpbTNgRq5J7YMONI+KoXBhdf/b96pqmMYJCDwKOqqgeLSACUDFVkCAtVxOVbroRQGBoMCTqTMp+ C5ZXXcE3O33JT6i//GNJHDeWhw8A== X-Google-Smtp-Source: AGHT+IHFctVdxlEN7Gl0atqGBbR40knvStVEAlZWL5HG/t6ahFYt4XUQze3IxeMz74Bn6QMNjDZeag== X-Received: by 2002:a05:6a20:a11e:b0:364:31e:2cb1 with SMTP id adf61e73a8af0-36617e6c5dfmr2683085637.17.1765036116169; Sat, 06 Dec 2025 07:48:36 -0800 (PST) Received: from localhost.localdomain ([114.79.178.20]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-bf6875cc8eesm7645210a12.16.2025.12.06.07.48.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 06 Dec 2025 07:48:35 -0800 (PST) From: Prithvi Tambewagh To: mark@fasheh.com, jlbec@evilplan.org, joseph.qi@linux.alibaba.com Cc: ocfs2-devel@lists.linux.dev, linux-kernel@vger.kernel.org, linux-kernel-mentees@lists.linux.dev, skhan@linuxfoundation.org, david.hunter.linux@gmail.com, khalid@kernel.org, Prithvi Tambewagh , syzbot+c818e5c4559444f88aa0@syzkaller.appspotmail.com, stable@vger.kernel.org Subject: [PATCH] ocfs2: Fix kernel BUG in ocfs2_write_block Date: Sat, 6 Dec 2025 21:18:19 +0530 Message-ID: <20251206154819.175479-1-activprithvi@gmail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When the filesystem is being mounted, the kernel panics while the data regarding slot map allocation to the local node, is being written to the disk. This occurs because the value of slot map buffer head block number, which should have been greater than or equal to `OCFS2_SUPER_BLOCK_BLKNO` (evaluating to 2) is less than it, indicative of disk metadata corruption. This triggers BUG_ON(bh->b_blocknr < OCFS2_SUPER_BLOCK_BLKNO) in ocfs2_write_block(), causing the kernel to panic. This is fixed by introducing an if condition block in ocfs2_update_disk_slot(), right before calling ocfs2_write_block(), which checks if `bh->b_blocknr` is lesser than `OCFS2_SUPER_BLOCK_BLKNO`; if yes, then ocfs2_error is called, which prints the error log, for debugging purposes, and the return value of ocfs2_error() is returned back to caller of ocfs2_update_disk_slot() i.e. ocfs2_find_slot(). If the return value is zero. then error code EIO is returned. Reported-by: syzbot+c818e5c4559444f88aa0@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3Dc818e5c4559444f88aa0 Tested-by: syzbot+c818e5c4559444f88aa0@syzkaller.appspotmail.com Cc: stable@vger.kernel.org Signed-off-by: Prithvi Tambewagh --- fs/ocfs2/slot_map.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/fs/ocfs2/slot_map.c b/fs/ocfs2/slot_map.c index e544c704b583..788924fc3663 100644 --- a/fs/ocfs2/slot_map.c +++ b/fs/ocfs2/slot_map.c @@ -193,6 +193,16 @@ static int ocfs2_update_disk_slot(struct ocfs2_super *= osb, else ocfs2_update_disk_slot_old(si, slot_num, &bh); spin_unlock(&osb->osb_lock); + if (bh->b_blocknr < OCFS2_SUPER_BLOCK_BLKNO) { + status =3D ocfs2_error(osb->sb, + "Invalid Slot Map Buffer Head " + "Block Number : %llu, Should be >=3D %d", + le16_to_cpu(bh->b_blocknr), + le16_to_cpu((int)OCFS2_SUPER_BLOCK_BLKNO)); + if (!status) + return -EIO; + return status; + } =20 status =3D ocfs2_write_block(osb, bh, INODE_CACHE(si->si_inode)); if (status < 0) base-commit: 24172e0d79900908cf5ebf366600616d29c9b417 --=20 2.43.0