tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

ocfs2: avoid NULL pointer dereference in dx_dir_lookup_rec()

When a directory entry is not found, ocfs2_dx_dir_lookup_rec() prints an
error message that unconditionally dereferences the 'rec' pointer.
However, if 'rec' is NULL, this leads to a NULL pointer dereference and a
kernel panic.

Add an explicit check empty extent list to avoid dereferencing NULL
'rec' pointer.

Link: https://lkml.kernel.org/r/20250708001009.372263-1-ipravdin.official@gmail.com
Reported-by: syzbot+20282c1b2184a857ac4c@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/67cd7e29.050a0220.e1a89.0007.GAE@google.com/
Signed-off-by: Ivan Pravdin <ipravdin.official@gmail.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Jun Piao <piaojun@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

authored by

Ivan Pravdin and committed by
Andrew Morton 44acc46d 988f451e

+8
+8
fs/ocfs2/dir.c
··· 798 798 } 799 799 } 800 800 801 + if (le16_to_cpu(el->l_next_free_rec) == 0) { 802 + ret = ocfs2_error(inode->i_sb, 803 + "Inode %lu has empty extent list at depth %u\n", 804 + inode->i_ino, 805 + le16_to_cpu(el->l_tree_depth)); 806 + goto out; 807 + } 808 + 801 809 found = 0; 802 810 for (i = le16_to_cpu(el->l_next_free_rec) - 1; i >= 0; i--) { 803 811 rec = &el->l_recs[i];