Re: [PATCH] nilfs2: fix missing continue after -ENOENT in nilfs_ioctl_mark_blocks_dirty()
From: Ryusuke Konishi
Date: Fri Mar 20 2026 - 13:41:00 EST
Thank you, Deepanshu.
On Thu, Mar 19, 2026 at 6:19 PM Deepanshu Kartikey wrote:
>
> nilfs_ioctl_mark_blocks_dirty() calls nilfs_bmap_lookup_at_level() to
> get the current block number of each block descriptor. When the lookup
> returns -ENOENT, meaning the block does not exist, it sets bd_blocknr
> to 0 and continues processing.
>
> However, if bd_oblocknr is also 0, the subsequent check:
>
> if (bdescs[i].bd_blocknr != bdescs[i].bd_oblocknr)
> continue;
>
> will not skip the block, and nilfs_bmap_mark() will be called on a
> non-existent block. This causes nilfs_btree_do_lookup() to return
> -ENOENT, triggering the WARN_ON(ret == -ENOENT).
>
> Fix this by adding a continue statement after setting bd_blocknr to 0
> when the lookup returns -ENOENT, so that dead blocks are always skipped
> regardless of the value of bd_oblocknr.
>
> Fixes: 7942b919f732 ("nilfs2: ioctl operations")
> Reported-by: syzbot+98a040252119df0506f8@xxxxxxxxxxxxxxxxxxxxxxxxx
> Closes: https://syzkaller.appspot.com/bug?extid=98a040252119df0506f8
> Signed-off-by: Deepanshu Kartikey <Kartikey406@xxxxxxxxx>
> ---
> fs/nilfs2/ioctl.c | 1 +
> 1 file changed, 1 insertion(+)
Since this implementation interacts with userland GC, I will check
whether this is a simple missing 'continue' statement or if it was
intentional.
If it is as you pointed out, I will pick it up and send it upstream.
Thanks,
Ryusuke Konishi
>
> diff --git a/fs/nilfs2/ioctl.c b/fs/nilfs2/ioctl.c
> index e17b8da66491..1615a314f557 100644
> --- a/fs/nilfs2/ioctl.c
> +++ b/fs/nilfs2/ioctl.c
> @@ -745,6 +745,7 @@ static int nilfs_ioctl_mark_blocks_dirty(struct the_nilfs *nilfs,
> if (ret != -ENOENT)
> return ret;
> bdescs[i].bd_blocknr = 0;
> + continue;
> }
> if (bdescs[i].bd_blocknr != bdescs[i].bd_oblocknr)
> /* skip dead block */
> --
> 2.43.0
>