+ ocfs2-reset-folio-to-null-when-get-folio-fails.patch added to mm-nonmm-unstable branch - Linux-stable-mirror

18 Jun 2025

The patch titled
     Subject: ocfs2: reset folio to NULL when get folio fails
has been added to the -mm mm-nonmm-unstable branch.  Its filename is
     ocfs2-reset-folio-to-null-when-get-folio-fails.patch
This patch will shortly appear at
     https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches...
This patch will later appear in the mm-nonmm-unstable branch at
    git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Lizhi Xu lizhi.xu@windriver.com
Subject: ocfs2: reset folio to NULL when get folio fails
Date: Mon, 16 Jun 2025 09:31:40 +0800
The reproducer uses FAULT_INJECTION to make memory allocation fail, which
causes __filemap_get_folio() to fail, when initializing w_folios[i] in
ocfs2_grab_folios_for_write(), it only returns an error code and the value
of w_folios[i] is the error code, which causes
ocfs2_unlock_and_free_folios() to recycle the invalid w_folios[i] when
releasing folios.
Link: https://lkml.kernel.org/r/20250616013140.3602219-1-lizhi.xu@windriver.com
Reported-by: syzbot+c2ea94ae47cd7e3881ec@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=c2ea94ae47cd7e3881ec
Signed-off-by: Lizhi Xu lizhi.xu@windriver.com
Reviewed-by: Joseph Qi joseph.qi@linux.alibaba.com
Cc: Mark Fasheh mark@fasheh.com
Cc: Joel Becker jlbec@evilplan.org
Cc: Junxiao Bi junxiao.bi@oracle.com
Cc: Changwei Ge gechangwei@live.cn
Cc: Jun Piao piaojun@huawei.com
Cc: stable@vger.kernel.org
Signed-off-by: Andrew Morton akpm@linux-foundation.org
---
fs/ocfs2/aops.c |    1 +
 1 file changed, 1 insertion(+)

--- a/fs/ocfs2/aops.c~ocfs2-reset-folio-to-null-when-get-folio-fails
+++ a/fs/ocfs2/aops.c
@@ -1071,6 +1071,7 @@ static int ocfs2_grab_folios_for_write(s
    		if (IS_ERR(wc->w_folios[i])) {
    			ret = PTR_ERR(wc->w_folios[i]);
    			mlog_errno(ret);
+				wc->w_folios[i] = NULL;
    			goto out;
    		}
    	}
_
Patches currently in -mm which might be from lizhi.xu@windriver.com are
ocfs2-reset-folio-to-null-when-get-folio-fails.patch

    