From nobody Thu Apr 2 07:43:46 2026 Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com [209.85.216.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 204C33B47F5 for ; Mon, 30 Mar 2026 09:36:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.45 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774863386; cv=none; b=UjDQPTMYsZj/ddxKkYXTXYNHtOUKZwSoiSzswJzfzLULcGUDg/tv9fcQdjXMZX+kQv1XtJVv7DbHoG6PM9j601GQZjlehiQ29jRgFcOVvNUTCYdUylTwSw69fOzDINBbXWp2Oyp1FDfwX67FgTXCiq2zM+4FSUhtLXuGbKyjwJY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774863386; c=relaxed/simple; bh=AnRjZXKLR3Amca0xb103qTAS5TZG6ETpa41bAAty11g=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=O6BYhQoy2tBmV8nJPaezEq5q+hImdaTpdXxSEwh7S3se9NCXFsRELnJhQ7Gfx6mgFUEbjh6bivOAakW46cm9aO29fGVUEZtKeXhHSnC3Kzwa4WFvZyc2laMj7fwCgg+GApk5JbBgLVuHA9NeEM8YZbudGJ/Dj/P5aY0tnNt+gMQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=B1rGtsVa; arc=none smtp.client-ip=209.85.216.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="B1rGtsVa" Received: by mail-pj1-f45.google.com with SMTP id 98e67ed59e1d1-35d9827661bso742287a91.3 for ; Mon, 30 Mar 2026 02:36:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1774863384; x=1775468184; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=IaHpSQyclDlflAreodeBtx6h1Mjkr1q0j5vdi3fTxLQ=; b=B1rGtsVaFN20TacZ1uUjQOLbc2RdPpQJxmWVjKPrOXn2guQLeBQYikasNPU8WNORhq ZUpH5uMCVKIWotKvGPmO5bSAQh2UwM+ZGgv+UkPCAKd820ajeB5Ag/igKzwH0DnhoFkt bRw57Z/rHg9K/QVO92RslgFYQKTqOAX5GJ5AKY/vahqTEB7WqBlWLVvvMoY8ho9nbXLf zo3q9RkI8p18tPH2LGZwRuUft1SW2jWlvmsrvT6uGMlZ+UDM1VTG4StC1WhU8T7A5nqX ejEDSg/2qMR6kdTzVyoNt2MDbXrH71LCATV+8TUbRrd1Wb4pnzZQAXcFtVbJWmO6MqHW 4FVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774863384; x=1775468184; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=IaHpSQyclDlflAreodeBtx6h1Mjkr1q0j5vdi3fTxLQ=; b=ft6Z1NV512/kjztFR47D/PaBIjIAAwdzrWzGdbG/cPnuZrS36GOaqpNpeea9fLcJJH pjyoKsS1JxnNqSiWlOWZkCRk2sGt14I8mZLKMVf0MlDbFDIxQ80DDsv0AHiHR0riZtwe 2gHMeQLbkvMSiHBq9GBrofn8XOXBMP57DV26w/H6/NFQOJIDVtYl12rF1kXTRGpGNbte cB1mn9hd2De7AXDKX92TiDCzUx8Zq+2uXZSL/gc5I1hXzGP+DYZ/HogJNwD1JtCa5Rex AQXTAPQM8621EH4OQAxtCRTQiyoj4liW53U83jQi2xi/Ug4A9V14dMztm440Pt5d/s/u WxDA== X-Gm-Message-State: AOJu0YxVsXvR0pBJV+ugpgRfST8QeOwIUGvBNQj+Kh0LxxmXXH6dq1Qb s9rksJ6af+2uW1l6sKj2SdJyX9nuE1rXjpxZsh3bmzUgGflzOU8UMEvuqDirAw== X-Gm-Gg: ATEYQzwwyPewrl/wFqTsvMTu0n8n9XbVJHHjzh+RuGblQTqR/R6APEo3UuvGeQ4B+rw bo6XIYBEjpm8XesdVuG3vIcAABT8J9CPQvf3pEoTN1u6AqQp6zzIBD36bFgHXGfqZCi2DpuVvMK r4675VEOUuZoMv35qISUrSghFFqkO1ZO0VK/IFaH7tp7fdJ5BfMKCMDY0Lq0tTCY4ONZsHi56Bq +8je1OH1t4J7+xZF7TBSkfF1sC5Vfly4Ao2uyclNxPd6Vrm+5ImbzqAm5S5DuF2dMNT2BSNwNaj K/D6+jo0xP2aC+dVach0BwQo4QtjmLwJajD9HRvCN7/XhYwb/RE+cj4rEyfZg7jcVJQNZK6IOF7 A53t/tEKKGmoeCO69v/cURK+ppJYGNI+Ql7RKhscTk4dC3gX5mPp7rs5dWnja4tzYx2Fyb8QY96 d58p7VCCNMJqHF1pAmmI8dOLVR5u+9mItbffsTBGYi7dnb+Z43Z7/2BM6G5SC9hh/KZsepzFpDA oP361o= X-Received: by 2002:a17:90b:1d4c:b0:355:35b0:8b78 with SMTP id 98e67ed59e1d1-35c301067f7mr10615886a91.27.1774863384464; Mon, 30 Mar 2026 02:36:24 -0700 (PDT) Received: from deepanshu-kernel-hacker.. ([2405:201:682f:389d:9f3a:3e6b:f652:f55d]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-35d9c4e4278sm2411201a91.0.2026.03.30.02.36.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Mar 2026 02:36:23 -0700 (PDT) From: Deepanshu Kartikey To: aivazian.tigran@gmail.com Cc: linux-kernel@vger.kernel.org, Deepanshu Kartikey , syzbot+d083fd809394eab229a8@syzkaller.appspotmail.com Subject: [PATCH] bfs: fix missing set_buffer_uptodate() in bfs_move_block() Date: Mon, 30 Mar 2026 15:06:17 +0530 Message-ID: <20260330093617.380049-1-kartikey406@gmail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" bfs_move_block() uses sb_getblk() to obtain a buffer for the destination block, copies data into it via memcpy(), and then calls mark_buffer_dirty(). However, sb_getblk() only allocates a buffer head without reading the block from disk, leaving BH_Uptodate unset. This causes mark_buffer_dirty() to trigger a warning: WARNING: fs/buffer.c:1180 at mark_buffer_dirty+0x299/0x410 !buffer_uptodate(bh) Since bfs_move_block() fully overwrites the destination buffer via memcpy(), reading the block from disk is unnecessary. Instead, call set_buffer_uptodate() after the copy to indicate the buffer contains valid data before marking it dirty. Additionally, sb_getblk() can return NULL but the original code never checked for this, which would cause a NULL pointer dereference. Add a proper NULL check with cleanup of the source buffer on failure. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot+d083fd809394eab229a8@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3Dd083fd809394eab229a8 Tested-by: syzbot+d083fd809394eab229a8@syzkaller.appspotmail.com Signed-off-by: Deepanshu Kartikey --- fs/bfs/file.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/fs/bfs/file.c b/fs/bfs/file.c index d33d6bde992b..0a9b12b73324 100644 --- a/fs/bfs/file.c +++ b/fs/bfs/file.c @@ -40,7 +40,12 @@ static int bfs_move_block(unsigned long from, unsigned l= ong to, if (!bh) return -EIO; new =3D sb_getblk(sb, to); + if (!new) { + brelse(bh); + return -EIO; + } memcpy(new->b_data, bh->b_data, bh->b_size); + set_buffer_uptodate(new); mark_buffer_dirty(new); bforget(bh); brelse(new); --=20 2.43.0