1. Patchew
  2. linux
  3. View series

[PATCH] btrfs: fix NULL pointer dereference in do_abort_log_replay

Suchit Karunakaran posted 1 patch 1 month, 2 weeks ago 
fs/btrfs/tree-log.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] btrfs: fix NULL pointer dereference in do_abort_log_replay
Posted by Suchit Karunakaran 1 month, 2 weeks ago 
Coverity reported a NULL pointer dereference issue (CID 1666756) in
do_abort_log_replay(). When btrfs_alloc_path() fails in
replay_one_buffer(), wc->subvol_path is NULL, but btrfs_abort_log_replay()
calls do_abort_log_replay() which unconditionally dereferences
wc->subvol_path when attempting to print debug information. Fix this by
adding a NULL check before dereferencing wc->subvol_path in
do_abort_log_replay().

Signed-off-by: Suchit Karunakaran <suchitkarunakaran@gmail.com>
---
 fs/btrfs/tree-log.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
index 5831754bb01c..2d9d38b82daa 100644
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -190,7 +190,7 @@ static void do_abort_log_replay(struct walk_control *wc, const char *function,
 
 	btrfs_abort_transaction(wc->trans, error);
 
-	if (wc->subvol_path->nodes[0]) {
+	if (wc->subvol_path && wc->subvol_path->nodes[0]) {
 		btrfs_crit(fs_info,
 			   "subvolume (root %llu) leaf currently being processed:",
 			   btrfs_root_id(wc->root));
-- 
2.52.0
Re: [PATCH] btrfs: fix NULL pointer dereference in do_abort_log_replay
Posted by Filipe Manana 1 month, 2 weeks ago 
On Fri, Dec 19, 2025 at 5:18 PM Suchit Karunakaran
<suchitkarunakaran@gmail.com> wrote:
>
> Coverity reported a NULL pointer dereference issue (CID 1666756) in
> do_abort_log_replay(). When btrfs_alloc_path() fails in
> replay_one_buffer(), wc->subvol_path is NULL, but btrfs_abort_log_replay()
> calls do_abort_log_replay() which unconditionally dereferences
> wc->subvol_path when attempting to print debug information. Fix this by
> adding a NULL check before dereferencing wc->subvol_path in
> do_abort_log_replay().
>
> Signed-off-by: Suchit Karunakaran <suchitkarunakaran@gmail.com>

Reviewed-by: Filipe Manana <fdmanana@suse.com>

Thanks, I'll add it to the for-next github branch with a proper Fixes tag.

> ---
>  fs/btrfs/tree-log.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
> index 5831754bb01c..2d9d38b82daa 100644
> --- a/fs/btrfs/tree-log.c
> +++ b/fs/btrfs/tree-log.c
> @@ -190,7 +190,7 @@ static void do_abort_log_replay(struct walk_control *wc, const char *function,
>
>         btrfs_abort_transaction(wc->trans, error);
>
> -       if (wc->subvol_path->nodes[0]) {
> +       if (wc->subvol_path && wc->subvol_path->nodes[0]) {
>                 btrfs_crit(fs_info,
>                            "subvolume (root %llu) leaf currently being processed:",
>                            btrfs_root_id(wc->root));
> --
> 2.52.0
>
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.