| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251209033213.GF4859@twin.jikos.cz>
Date: Tue, 9 Dec 2025 04:32:13 +0100
From: David Sterba <dsterba@...e.cz>
To: Miquel Sabaté Solà <mssola@...ola.com>
Cc: linux-btrfs@...r.kernel.org, clm@...com, dsterba@...e.com,
rostedt@...dmis.org, mhiramat@...nel.org,
mathieu.desnoyers@...icios.com, linux-kernel@...r.kernel.org,
linux-trace-kernel@...r.kernel.org,
syzbot+d991fea1b4b23b1f6bf8@...kaller.appspotmail.com
Subject: Re: [PATCH] btrfs: fix NULL dereference on root when tracing inode
eviction
On Tue, Oct 21, 2025 at 11:11:25AM +0200, Miquel Sabaté Solà wrote:
> When evicting an inode the first thing we do is to setup tracing for it,
> which implies fetching the root's id. But in btrfs_evict_inode() the
> root might be NULL, as implied in the next check that we do in
> btrfs_evict_inode().
>
> Hence, we either should set the ->root_objectid to 0 in case the root is
> NULL, or we move tracing setup after checking that the root is not
> NULL. Setting the rootid to 0 at least gives us the possibility to trace
> this call even in the case when the root is NULL, so that's the solution
> taken here.
>
> Fixes: 1abe9b8a138c ("Btrfs: add initial tracepoint support for btrfs")
> Reported-by: syzbot+d991fea1b4b23b1f6bf8@...kaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=d991fea1b4b23b1f6bf8
> Signed-off-by: Miquel Sabaté Solà <mssola@...ola.com>
Added to for-next, thanks.
Powered by blists - more mailing lists