Re: [syzbot] Re: [syzbot] [jfs?] KASAN: null-ptr-deref Read in drop_buffers (3)

From: syzbot
Date: Fri Apr 18 2025 - 05:47:39 EST

Next message: Simon Horman: "Re: [net-next PATCH v3 03/11] net: pcs: Add subsystem"
Previous message: Purva Yeshi: "Re: [PATCH] net: ipv4: Fix uninitialized pointer warning in fnhe_remove_oldest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

For archival purposes, forwarding an incoming command email to
linux-kernel@xxxxxxxxxxxxxxx.

***

Subject: Re: [syzbot] [jfs?] KASAN: null-ptr-deref Read in drop_buffers (3)
Author: richard120310@xxxxxxxxx

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git cb82ca153949

Signed-off-by: I Hsin Cheng <richard120310@xxxxxxxxx>
---
fs/buffer.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/buffer.c b/fs/buffer.c
index cc8452f60251..1e3a07c66c1a 100644
--- a/fs/buffer.c
+++ b/fs/buffer.c
@@ -2885,7 +2885,7 @@ drop_buffers(struct folio *folio, struct buffer_head **buffers_to_free)

bh = head;
do {
- if (buffer_busy(bh))
+ if (!bh || buffer_busy(bh))
goto failed;
bh = bh->b_this_page;
} while (bh != head);
@@ -2896,6 +2896,8 @@ drop_buffers(struct folio *folio, struct buffer_head **buffers_to_free)
if (bh->b_assoc_map)
__remove_assoc_queue(bh);
bh = next;
+ if (!bh)
+ goto failed;
} while (bh != head);
*buffers_to_free = head;
folio_detach_private(folio);
--
2.43.0

Next message: Simon Horman: "Re: [net-next PATCH v3 03/11] net: pcs: Add subsystem"
Previous message: Purva Yeshi: "Re: [PATCH] net: ipv4: Fix uninitialized pointer warning in fnhe_remove_oldest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]