From nobody Tue Apr 7 04:14:22 2026 Received: from out-181.mta1.migadu.com (out-181.mta1.migadu.com [95.215.58.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 950AF355F47 for ; Mon, 16 Mar 2026 08:20:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=95.215.58.181 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773649235; cv=none; b=D7+0/EdT2zEBv30h3woHBj7fRaX+gmB1BoXOByGam7tmuvRyjr56rWTJYOHoe4+9ckIgRK2rgwd9mg+UbtJ2kC65GVHQKp3Axzn8o/YZy8JZO28mLwcW/nyA+K9zbhSSQZav+G42PHXUdv7MeMg74QF9+w7GnxfpR/5Z/UO/hug= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773649235; c=relaxed/simple; bh=oeVzCri6wpeDD6cg8BuScxKUpYVfZuAUzvu3p3QJ8xI=; h=From:To:Cc:Subject:Date:Message-Id; b=pEhDYiH3mTILiaq/ic8bHUV8HwLxyLwVgn2wxjIVoXh6KbtHcHRK249PLZLC/NbIar8xMCHPtdctvz3CIx/OfZDhyMbLseZDPM/+cle5goecOUhRaE3YIiE+5W6T9ZwNgg8nAkmgrzwLy6Z+oNHjyKEpRKJ1MFjOhyzd/9l3NXY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=BkTZDjqO; arc=none smtp.client-ip=95.215.58.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="BkTZDjqO" X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1773649231; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc; bh=xQLmof+oFaB/69SzWnte3YNOj3E5zBMIyI7uGACdvnM=; b=BkTZDjqOld3UxqavtrcxfuW5Q9q5Clq89l2XrTxGrckJUZsRkg6+ZootacPGW9XZqV9Cv2 y27ZfF8AB+Wdi1sMjNeOia4A6qALewWGRx+zAA/YgVVdganJMTl5p0tobfY8qU8TUKkoAs tR2INgX0D7f5pliFggtKe7tPrzenEvY= From: Zqiang To: tytso@mit.edu, adilger.kernel@dilger.ca Cc: linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org, qiang.zhang@linux.dev Subject: [PATCH] ext4: Fix possible NULL pointer dereference in ext4_group_desc_free() Date: Mon, 16 Mar 2026 16:20:25 +0800 Message-Id: <20260316082025.9574-1-qiang.zhang@linux.dev> X-Migadu-Flow: FLOW_OUT Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" This can happen if the kvmalloc_objs() fails and sbi->s_group_desc pointer is NULL in the ext4_group_desc_init(), and then the ext4_group_desc_free() is called, leading to a NULL group_desc pointer dereference. This commit therefore adds a NULL check for sbi->s_group_desc before accessing its internal members. Signed-off-by: Zqiang --- fs/ext4/super.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 43f680c750ae..c4307dc04687 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1256,9 +1256,11 @@ static void ext4_group_desc_free(struct ext4_sb_info= *sbi) =20 rcu_read_lock(); group_desc =3D rcu_dereference(sbi->s_group_desc); - for (i =3D 0; i < sbi->s_gdb_count; i++) - brelse(group_desc[i]); - kvfree(group_desc); + if (group_desc) { + for (i =3D 0; i < sbi->s_gdb_count; i++) + brelse(group_desc[i]); + kvfree(group_desc); + } rcu_read_unlock(); } =20 --=20 2.17.1