From c026706e14ede0cf7ed57fc929eaf7cbb4a2c338 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 28 Jul 2025 15:54:29 +0200
Subject: [PATCH] 5.4-stable patches

added patches:
	nilfs2-reject-invalid-file-types-when-reading-inodes.patch
---
 ...valid-file-types-when-reading-inodes.patch | 48 +++++++++++++++++++
 queue-5.4/series                              |  1 +
 2 files changed, 49 insertions(+)
 create mode 100644 queue-5.4/nilfs2-reject-invalid-file-types-when-reading-inodes.patch

diff --git a/queue-5.4/nilfs2-reject-invalid-file-types-when-reading-inodes.patch b/queue-5.4/nilfs2-reject-invalid-file-types-when-reading-inodes.patch
new file mode 100644
index 0000000000..b1537e941c
--- /dev/null
+++ b/queue-5.4/nilfs2-reject-invalid-file-types-when-reading-inodes.patch
@@ -0,0 +1,48 @@
+From 4aead50caf67e01020c8be1945c3201e8a972a27 Mon Sep 17 00:00:00 2001
+From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Date: Thu, 10 Jul 2025 22:49:08 +0900
+Subject: nilfs2: reject invalid file types when reading inodes
+
+From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+
+commit 4aead50caf67e01020c8be1945c3201e8a972a27 upstream.
+
+To prevent inodes with invalid file types from tripping through the vfs
+and causing malfunctions or assertion failures, add a missing sanity check
+when reading an inode from a block device.  If the file type is not valid,
+treat it as a filesystem error.
+
+Link: https://lkml.kernel.org/r/20250710134952.29862-1-konishi.ryusuke@gmail.com
+Fixes: 05fe58fdc10d ("nilfs2: inode operations")
+Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Reported-by: syzbot+895c23f6917da440ed0d@syzkaller.appspotmail.com
+Link: https://syzkaller.appspot.com/bug?extid=895c23f6917da440ed0d
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nilfs2/inode.c |    9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+--- a/fs/nilfs2/inode.c
++++ b/fs/nilfs2/inode.c
+@@ -525,11 +525,18 @@ static int __nilfs_read_inode(struct sup
+ 		inode->i_op = &nilfs_symlink_inode_operations;
+ 		inode_nohighmem(inode);
+ 		inode->i_mapping->a_ops = &nilfs_aops;
+-	} else {
++	} else if (S_ISCHR(inode->i_mode) || S_ISBLK(inode->i_mode) ||
++		   S_ISFIFO(inode->i_mode) || S_ISSOCK(inode->i_mode)) {
+ 		inode->i_op = &nilfs_special_inode_operations;
+ 		init_special_inode(
+ 			inode, inode->i_mode,
+ 			huge_decode_dev(le64_to_cpu(raw_inode->i_device_code)));
++	} else {
++		nilfs_error(sb,
++			    "invalid file type bits in mode 0%o for inode %lu",
++			    inode->i_mode, ino);
++		err = -EIO;
++		goto failed_unmap;
+ 	}
+ 	nilfs_ifile_unmap_inode(root->ifile, ino, bh);
+ 	brelse(bh);
diff --git a/queue-5.4/series b/queue-5.4/series
index 3f75925963..6ae1dff853 100644
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -58,3 +58,4 @@ net-appletalk-fix-kerneldoc-warnings.patch
 net-appletalk-fix-use-after-free-in-aarp-proxy-probe.patch
 net-sched-sch_qfq-avoid-triggering-might_sleep-in-at.patch
 i2c-qup-jump-out-of-the-loop-in-case-of-timeout.patch
+nilfs2-reject-invalid-file-types-when-reading-inodes.patch
-- 
2.47.2