Re: [syzbot] Re: [syzbot] [afs?] general protection fault in afs_atcell_get_link
From: syzbot
Date: Tue Mar 18 2025 - 05:11:05 EST
For archival purposes, forwarding an incoming command email to
linux-kernel@xxxxxxxxxxxxxxx.
***
Subject: Re: [syzbot] [afs?] general protection fault in afs_atcell_get_link
Author: enjuk@xxxxxxxxxx
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: b35233e7bfa0 Merge tag 'for-6.14/dm-fixes-2' of git://git...
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=1232704c580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=317038cbd53153e8
> dashboard link: https://syzkaller.appspot.com/bug?extid=76a6f18e3af82e84f264
> compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17d3fc78580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=169fb874580000
#syz test
diff --git a/fs/afs/dynroot.c b/fs/afs/dynroot.c
index 9732a1e17db3..3ea5e388ee16 100644
--- a/fs/afs/dynroot.c
+++ b/fs/afs/dynroot.c
@@ -213,6 +213,9 @@ static const char *afs_atcell_get_link(struct dentry *dentry, struct inode *inod
if (!dentry) {
/* We're in RCU-pathwalk. */
cell = rcu_dereference(net->ws_cell);
+ if (!cell)
+ return ERR_PTR(-ENOENT);
+
if (dotted)
name = cell->name - 1;
else