Re: [PATCH] ocfs2: handle RESTART_META gracefully in

Next message: Luca Ceresoli: "[PATCH 36/41] drm/tidss: remove now-redundant call to drm_connector_attach_encoder()"
Previous message: Luca Ceresoli: "[PATCH 17/41] drm/msm/hdmi: remove now-redundant call to drm_connector_attach_encoder()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: syzbot

Date: Fri Apr 17 2026 - 06:15:01 EST

> From: Tristan Madani <tristan@xxxxxxxxxxxxxxxxxxx>
>
> #syz test: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

This crash does not have a reproducer. I cannot test it.

>
> ocfs2_xattr_extend_allocation
>
> ocfs2_xattr_extend_allocation() contains:
>
> BUG_ON(why == RESTART_META);
>
> under the assumption that a metadata-driven allocation restart cannot
> happen for xattr value extents. However, on corrupted filesystem
> images this assumption does not hold, and the BUG_ON crashes the
> kernel.
>
> Replace the BUG_ON with a graceful error return. This lets the
> filesystem report corruption via -EIO rather than panicking.
>
> Reported-by: syzbot+e538032956b1157914a3@xxxxxxxxxxxxxxxxxxxxxxxxx
> Closes: https://syzkaller.appspot.com/bug?extid=e538032956b1157914a3
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Tristan Madani <tristan@xxxxxxxxxxxxxxxxxxx>
> ---
> fs/ocfs2/xattr.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c
> index XXXXXXX..XXXXXXX 100644
> --- a/fs/ocfs2/xattr.c
> +++ b/fs/ocfs2/xattr.c
> @@ -744,8 +744,12 @@ static int ocfs2_xattr_extend_allocation(struct inode *inode,
> /*
> * We can only fail in case the alloc file doesn't give
> * up enough clusters.
> */
> - BUG_ON(why == RESTART_META);
> + if (why == RESTART_META) {
> + status = -EIO;
> + mlog_errno(status);
> + break;
> + }
>
> credits = ocfs2_calc_extend_credits(inode->i_sb,
> &vb->vb_xv->xr_list);
> --
> 2.43.0