[GIT PULL] nilfs2 changes for 7.1-rc1

[Viacheslav Dubeyko]

Hello Linus,

This pull request contains fixes of syzbot reported issues in
NILFS2 functionality.

The DAT inode's btree node cache (i_assoc_inode) is initialized lazily
during btree operations. However, nilfs_mdt_save_to_shadow_map()
assumes i_assoc_inode is already initialized when copying dirty pages
to the shadow map during GC. If NILFS_IOCTL_CLEAN_SEGMENTS is called
immediately after mount before any btree operation has occurred on
the DAT inode, i_assoc_inode is NULL leading to a general protection
fault. Deepanshu Kartikey has fixed this by calling
nilfs_attach_btree_node_cache() on the DAT inode in nilfs_dat_read()
at mount time, ensuring i_assoc_inode is always initialized before
any GC operation can use it.

nilfs_ioctl_mark_blocks_dirty() uses bd_oblocknr to detect dead blocks
by comparing it with the current block number bd_blocknr. If they
differ, the block is considered dead and skipped. A corrupted ioctl
request with bd_oblocknr set to 0 causes the comparison to incorrectly
match when the lookup returns -ENOENT and sets bd_blocknr to 0,
bypassing the dead block check and calling nilfs_bmap_mark() on a non-
existent block. This causes nilfs_btree_do_lookup() to return -ENOENT,
triggering the WARN_ON(ret == -ENOENT). Deepanshu Kartikey has fixed
this by rejecting ioctl requests with bd_oblocknr set to 0 at the
beginning of each iteration.

The following changes since commit
6de23f81a5e08be8fbf5e8d7e9febc72a5b5f27f:

  Linux 7.0-rc1 (2026-02-22 13:18:59 -0800)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/vdubeyko/nilfs2.git
tags/nilfs2-v7.1-tag1

for you to fetch changes up to
be3e5d10643d3be1cbac9d9939f220a99253f980:

  nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty()
(2026-03-31 11:05:55 -0700)

----------------------------------------------------------------
nilfs2 updates for v7.1

- nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty()
- nilfs2: fix NULL i_assoc_inode dereference in
nilfs_mdt_save_to_shadow_map

----------------------------------------------------------------
Deepanshu Kartikey (2):
      nilfs2: fix NULL i_assoc_inode dereference in
nilfs_mdt_save_to_shadow_map
      nilfs2: reject zero bd_oblocknr in
nilfs_ioctl_mark_blocks_dirty()

 fs/nilfs2/dat.c   | 3 +++
 fs/nilfs2/ioctl.c | 6 ++++++
 2 files changed, 9 insertions(+)