Skip to content
Snippets Groups Projects
Commit 3ed51857 authored by Lizhi Xu's avatar Lizhi Xu Committed by David Sterba
Browse files

btrfs: add a sanity check for btrfs root in btrfs_search_slot() 


Syzbot reports a null-ptr-deref in btrfs_search_slot().

The reproducer is using rescue=ibadroots, and the extent tree root is
corrupted thus the extent tree is NULL.

When scrub tries to search the extent tree to gather the needed extent
info, btrfs_search_slot() doesn't check if the target root is NULL or
not, resulting the null-ptr-deref.

Add sanity check for btrfs root before using it in btrfs_search_slot().

Reported-by: default avatar <syzbot+3030e17bd57a73d39bd7@syzkaller.appspotmail.com>
Fixes: 42437a63 ("btrfs: introduce mount option rescue=ignorebadroots")
Link: https://syzkaller.appspot.com/bug?extid=3030e17bd57a73d39bd7


CC: stable@vger.kernel.org # 5.15+
Reviewed-by: default avatarQu Wenruo <wqu@suse.com>
Tested-by: default avatar <syzbot+3030e17bd57a73d39bd7@syzkaller.appspotmail.com>
Signed-off-by: default avatarLizhi Xu <lizhi.xu@windriver.com>
Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
parent ed67f2a9
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 5 additions and 1 deletion
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment