Re: [PATCH] nilfs2: fix missing continue after -ENOENT in nilfs_ioctl_mark_blocks_dirty()

Next message: Jakub Kicinski: "Re: [PATCH net v2] ipv6: fix data race in fib6_metric_set() using cmpxchg"
Previous message: Dmitry Baryshkov: "Re: [PATCH 2/2] interconnect: qcom: add Hawi interconnect provider driver"
In reply to: Ryusuke Konishi: "Re: [PATCH] nilfs2: fix missing continue after -ENOENT in nilfs_ioctl_mark_blocks_dirty()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Deepanshu Kartikey

Date: Mon Mar 30 2026 - 20:48:25 EST

On Mon, Mar 30, 2026 at 11:39 PM Ryusuke Konishi
<konishi.ryusuke@xxxxxxxxx> wrote:
>
> (added Junjie Cao to CC)
>
> Hi Deepanshu,
>
>
> I checked this and found that this fallthrough was intentional, aiming
> to detect and skip a dead block by the subsequent comparison with
> bd_oblocknr.
>
> The problem is that it does not reject cases where bd_oblocknr takes
> an unexpected value of 0.
>
> This bd_oblocknr parameter stores the location where the userland GC
> library found the target data block or the target intermediate block
> of the DAT file.
> As long as it is valid, it can never be block 0, which typically
> stores the primary superblock and others.
>
> However, due to the missing check for that anomalous value, the
> corrupted ioctl request pattern generated by syzbot triggers the
> assertion failure you pointed out.
> I think a check like the following should be inserted at the beginning
> of each iteration of the loop:
>
> if (unlikely(!bdescs[i].bd_oblocknr))
> return -EINVAL;
>
> Could you please restructure the patch in that direction?
>
> Thanks,
> Ryusuke Konishi

Hi Ryusuke,

Thanks for the clarification. I have sent patch v2

Thanks

Deepanshu