| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <68021f82.050a0220.243d89.0019.GAE@google.com>
Date: Fri, 18 Apr 2025 02:46:42 -0700
From: syzbot <syzbot+de1498ff3a934ac5e8b4@...kaller.appspotmail.com>
To: linux-kernel@...r.kernel.org
Subject: Re: [syzbot] Re: [syzbot] [jfs?] KASAN: null-ptr-deref Read in
drop_buffers (3)
For archival purposes, forwarding an incoming command email to
linux-kernel@...r.kernel.org.
***
Subject: Re: [syzbot] [jfs?] KASAN: null-ptr-deref Read in drop_buffers (3)
Author: richard120310@...il.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git cb82ca153949
Signed-off-by: I Hsin Cheng <richard120310@...il.com>
---
fs/buffer.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/buffer.c b/fs/buffer.c
index cc8452f60251..1e3a07c66c1a 100644
--- a/fs/buffer.c
+++ b/fs/buffer.c
@@ -2885,7 +2885,7 @@ drop_buffers(struct folio *folio, struct buffer_head **buffers_to_free)
bh = head;
do {
- if (buffer_busy(bh))
+ if (!bh || buffer_busy(bh))
goto failed;
bh = bh->b_this_page;
} while (bh != head);
@@ -2896,6 +2896,8 @@ drop_buffers(struct folio *folio, struct buffer_head **buffers_to_free)
if (bh->b_assoc_map)
__remove_assoc_queue(bh);
bh = next;
+ if (!bh)
+ goto failed;
} while (bh != head);
*buffers_to_free = head;
folio_detach_private(folio);
--
2.43.0
Powered by blists - more mailing lists