Commit 3726a197 authored Oct 27, 2024 by Piotr Zalewski Committed by Kent Overstreet Oct 29, 2024

bcachefs: Fix NULL ptr dereference in btree_node_iter_and_journal_peek



Add NULL check for key returned from bch2_btree_and_journal_iter_peek in
btree_node_iter_and_journal_peek to avoid NULL ptr dereference in
bch2_bkey_buf_reassemble.

When key returned from bch2_btree_and_journal_iter_peek is NULL it means
that btree topology needs repair. Print topology error message with
position at which node wasn't found, its parent node information and
btree_id with level.

Return error code returned by bch2_topology_error to ensure that topology
error is handled properly by recovery.

Reported-by:  <syzbot+005ef9aa519f30d97657@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=005ef9aa519f30d97657


Fixes: 5222a460 ("bcachefs: BTREE_ITER_WITH_JOURNAL")
Suggested-by: Alan Huang <mmpgouride@gmail.com>
Suggested-by: Kent Overstreet <kent.overstreet@linux.dev>
Signed-off-by: Piotr Zalewski <pZ010001011111@proton.me>
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>

parent ca959e32

fs/bcachefs/btree_iter.c

+13 −0

Original line number	Diff line number	Diff line
		@@ -882,6 +882,18 @@ static noinline int btree_node_iter_and_journal_peek(struct btree_trans *trans,
		__bch2_btree_and_journal_iter_init_node_iter(trans, &jiter, l->b, l->iter, path->pos);

		k = bch2_btree_and_journal_iter_peek(&jiter);
		if (!k.k) {
		struct printbuf buf = PRINTBUF;

		prt_str(&buf, "node not found at pos ");
		bch2_bpos_to_text(&buf, path->pos);
		prt_str(&buf, " at btree ");
		bch2_btree_pos_to_text(&buf, c, l->b);

		ret = bch2_fs_topology_error(c, "%s", buf.buf);
		printbuf_exit(&buf);
		goto err;
		}

		bch2_bkey_buf_reassemble(out, c, k);

		@@ -889,6 +901,7 @@ static noinline int btree_node_iter_and_journal_peek(struct btree_trans *trans,
		c->opts.btree_node_prefetch)
		ret = btree_path_prefetch_j(trans, path, &jiter);

		err:
		bch2_btree_and_journal_iter_exit(&jiter);
		return ret;
		}