Commit efc8ef87 authored Nov 06, 2023 by Osama Muhammad Committed by Greg Kroah-Hartman Jan 25, 2024

gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump



[ Upstream commit 8877243beafa7c6bfc42022cbfdf9e39b25bd4fa ]

Syzkaller has reported a NULL pointer dereference when accessing
rgd->rd_rgl in gfs2_rgrp_dump().  This can happen when creating
rgd->rd_gl fails in read_rindex_entry().  Add a NULL pointer check in
gfs2_rgrp_dump() to prevent that.

Reported-and-tested-by:  <syzbot+da0fc229cc1ff4bb2e6d@syzkaller.appspotmail.com>
Link: https://syzkaller.appspot.com/bug?extid=da0fc229cc1ff4bb2e6d


Fixes: 72244b6b ("gfs2: improve debug information when lvb mismatches are found")
Signed-off-by: Osama Muhammad <osmtendev@gmail.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent d1fe1aed

fs/gfs2/rgrp.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -2275,7 +2275,7 @@ void gfs2_rgrp_dump(struct seq_file seq, struct gfs2_glock gl,
		(unsigned long long)rgd->rd_addr, rgd->rd_flags,
		rgd->rd_free, rgd->rd_free_clone, rgd->rd_dinodes,
		rgd->rd_reserved, rgd->rd_extfail_pt);
		if (rgd->rd_sbd->sd_args.ar_rgrplvb) {
		if (rgd->rd_sbd->sd_args.ar_rgrplvb && rgd->rd_rgl) {
		struct gfs2_rgrp_lvb *rgl = rgd->rd_rgl;

		gfs2_print_dbg(seq, "%s L: f:%02x b:%u i:%u\n", fs_id_buf,