From nobody Thu Dec 18 23:21:30 2025 Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7AD1825C80D for ; Tue, 16 Dec 2025 20:05:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765915555; cv=none; b=TOMPVz7LkhW1NmxvGskuvlMuvijvPpeXNzPsyMpdmG1HfhhJpR3wDZs5MXlz0S7z5Z0JPL040H5Ry1YfY93y1m8/JUMMOy+dhwIGw/nRqco9jOlV3zVBYw8iV+7MXgVheo/1NnzryVe023DYFPa0g8+fyEH8YQodNHYPHbvpzyI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765915555; c=relaxed/simple; bh=2gtWttGGpvweLIEYAm1LIdNsm1ecj87EixohqJgLCSU=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=VEViD8l6qfvdwUOgkocuDXl1NUmM/n33UOe2SbD9QqpWC5G5NtvyAzwbU2038Eqe7l7f8DrZtS7ZWD4kqqEYuVgMOFVhQ9Ze+/5mJN55ndU/lPOQoULJXMJ3BW8GwrCCYJHrhSvV8MYBb2YVHmklXcYeUgzILJtb3OKEGKpd0cQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=nTYyEzGe; arc=none smtp.client-ip=209.85.214.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="nTYyEzGe" Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-2a07f8dd9cdso36763145ad.1 for ; Tue, 16 Dec 2025 12:05:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1765915554; x=1766520354; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=nk5VEo3f/bbA5JsoMBtqnTR2AhljYyWjNqK2HiCPcog=; b=nTYyEzGeHbkSOiH1YmQhyL0ks8Mxv1oYx++nnDDjHKlpUZDNirWxV9M6cAZcQSc+9i DglkE1PeMeabBJx6YuGy03J96NAXMU3Qs8CpvnokgcsWamEX6ZhjufBCPnZnF938jjZc Dqag8tN/kbtYuwSLBNFPtdM9UgE531rNhcse/ggr62YHXlEXEHeEwF2vesP4APs3TyNM 9L5kVq3/An1bx19ev/XhGTbiAIP39ZTSzAbbi1xt1hIAJHNRad7OL5pbTzCaLiCBYovB yFwQkBRX1LCi6E/7jCqctb32EDUM9hXALj8IVvyfJkiBZ6Rra6KrnahgMtrFM1MQ7GCv bYQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1765915554; x=1766520354; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=nk5VEo3f/bbA5JsoMBtqnTR2AhljYyWjNqK2HiCPcog=; b=ekBLRzHkoq9/bnpHRkkw0Q8Swc3YTbyTvDuCuVrA+KfVaGjqQO8GBSmbY+fRljpqXW 7U3cbe9cPe5xbBTgIH4iyPyJvMM+9qkj/DTNzWAruFApzwAZxyHKw0BFzdsqeFtq8xK3 qO4Xh+7lGiR9wpGgAknliXTgzUBJA7G9oKjgP1pKJ6uyQkf8IqHqhp9LmXRWDM00GnKp AYdDRdv79tIWH7Y3mR+gesg+rq6onUiBFLz62Wa0SDxwZw+YJnE2KoZoyeV9hb4JWsxz 7V4FBzSoWdK4Ub+CtNIWdW9ey4/SFi06qaPl5x1N9XiFbKhINjGNS/1QyxOoItljBvIk q37A== X-Forwarded-Encrypted: i=1; AJvYcCV+b4m2Ib7TSDNJs4EyLxTP92xEV3+exOHbMnCzcfw8qM9psd7rV+mXElRcb0kWI6jethKZhieztUbJ8FI=@vger.kernel.org X-Gm-Message-State: AOJu0YwWI2N0lhFis5FyX1kdu1JiFoaggoILfbHdQpQHE9zC8kHSReEs tu7pkrbJ3laTO/4aDdRKUTjNq1E7WyX239t/5BwPacu4X6/hqIWzBSD0 X-Gm-Gg: AY/fxX7FkTrYQ//cQSx7FwaL4RZIFIa/7xrYSzzK4SweXvwGrsRPd44+s8eXOxtIP0p +oF0B0lB8XEbV/N/cyOiYRmehUOeYnIkrkolgRsDd3+lGsQl7+sTcehDqr2yY7wYrqF5V1uH27l TelTnb9y8/uVH4HrUhABSnQgQvaFGcs+1xAfFeD+LdedMJtyy381Zi+pGUAU7mq6qfM+wMv8Qi5 K9RDfQDcuol4uq/yaei6TgWEYf8iBaD1Ui8dVffP8ES6BEaQqqIfcfwfVLWoMuIOsF/rrUcEjw9 WEjohV7a6pSzM/Ojr6H1hiJfDUt8+yXV7z5+UQ37t64lnYWmcYTrmqh70lpLxpsuruT+NJIEpTn 7Ur7MH9M0s5spCbcuUz7VEcUAd7Wi06mpm0TqINCaSWTHRhKRMvZRQ7PFr8kScPEpYtBG9juc+Q dVb0h7P0PJTteLtEgrj4HcoWUeNkE= X-Google-Smtp-Source: AGHT+IFBB9lpgo0EscsFPmTDrekwuTdVKsOIVSCKfGeWbaP7aOmozgyPAliYKh+tJ6xigpQG1/qjWQ== X-Received: by 2002:a17:903:234a:b0:2a0:9eed:5182 with SMTP id d9443c01a7336-2a09eed5585mr124313435ad.20.1765915553651; Tue, 16 Dec 2025 12:05:53 -0800 (PST) Received: from localhost.localdomain ([111.125.240.40]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29ee9d38ae7sm175407925ad.35.2025.12.16.12.05.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Dec 2025 12:05:53 -0800 (PST) From: Prithvi Tambewagh To: mark@fasheh.com, jlbec@evilplan.org, joseph.qi@linux.alibaba.com Cc: ocfs2-devel@lists.linux.dev, linux-kernel@vger.kernel.org, linux-kernel-mentees@lists.linux.dev, skhan@linuxfoundation.org, david.hunter.linux@gmail.com, khalid@kernel.org, Prithvi Tambewagh , syzbot+779d072a1067a8b1a917@syzkaller.appspotmail.com, stable@vger.kernel.org Subject: [PATCH] ocfs2: handle OCFS2_SUPER_BLOCK_FL flag in system dinode Date: Wed, 17 Dec 2025 01:35:44 +0530 Message-ID: <20251216200544.4114-1-activprithvi@gmail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When ocfs2_populate_inode() is called during mount process, if the flag OCFS2_SUPER_BLOCK_FL is set in on-disk system dinode, then BUG() is triggered, causing kernel to panic. This is indicative of metadata corruption. This is fixed by calling ocfs2_error() to print the error log and the corresponding inode is marked as 'bad', so that it is not used further during the mount process. It is ensured that the fact of that inode being bad is propagated to caller ocfs2_populate_inode() i.e. ocfs2_read_locked_inode() using is_bad_inode() and further behind along the call trace as well. Reported-by: syzbot+779d072a1067a8b1a917@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3D779d072a1067a8b1a917 Tested-by: syzbot+779d072a1067a8b1a917@syzkaller.appspotmail.com Cc: stable@vger.kernel.org Signed-off-by: Prithvi Tambewagh --- fs/ocfs2/inode.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/fs/ocfs2/inode.c b/fs/ocfs2/inode.c index 12e5d1f73325..f439dc801845 100644 --- a/fs/ocfs2/inode.c +++ b/fs/ocfs2/inode.c @@ -347,7 +347,12 @@ void ocfs2_populate_inode(struct inode *inode, struct = ocfs2_dinode *fe, } else if (fe->i_flags & cpu_to_le32(OCFS2_SUPER_BLOCK_FL)) { /* we can't actually hit this as read_inode can't * handle superblocks today ;-) */ - BUG(); + ocfs2_error(sb, + "System Inode %llu has " + "OCFS2_SUPER_BLOCK_FL set", + (unsigned long long)le64_to_cpu(fe->i_blkno)); + make_bad_inode(inode); + return; } =20 switch (inode->i_mode & S_IFMT) { @@ -555,6 +560,11 @@ static int ocfs2_read_locked_inode(struct inode *inode, =20 ocfs2_populate_inode(inode, fe, 0); =20 + if (is_bad_inode(inode)) { + status =3D -EIO; + goto bail; + } + BUG_ON(args->fi_blkno !=3D le64_to_cpu(fe->i_blkno)); =20 if (buffer_dirty(bh) && !buffer_jbd(bh)) { @@ -576,7 +586,7 @@ static int ocfs2_read_locked_inode(struct inode *inode, if (can_lock) ocfs2_inode_unlock(inode, lock_level); =20 - if (status < 0) + if (status < 0 && !is_bad_inode(inode)) make_bad_inode(inode); =20 brelse(bh); base-commit: d76bb1ebb5587f66b0f8b8099bfbb44722bc08b3 --=20 2.43.0