Re: [syzbot] [gfs2?] general protection fault in gfs2_remove_from_journal (2)

Next message: Daniil Dulov: "[PATCH] ring-buffer: Fix possible dereference of uninitialized pointer"
Previous message: Irui Wang (&#x738B;&#x745E;): "Re: [PATCH v4 5/6] dt-bindings: media: mediatek,vcodec-encoder: Add MT8196 with VCP support"
In reply to: syzbot: "Re: [syzbot] [gfs2?] general protection fault in gfs2_remove_from_journal (2)"
Next in thread: syzbot: "Re: [syzbot] [gfs2?] general protection fault in gfs2_remove_from_journal (2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Qing Wang

Date: Fri Feb 13 2026 - 05:01:25 EST

#syz test

diff --git a/fs/gfs2/meta_io.c b/fs/gfs2/meta_io.c
index e4356198d8d8..f459ad89b641 100644
--- a/fs/gfs2/meta_io.c
+++ b/fs/gfs2/meta_io.c
@@ -350,11 +350,13 @@ void gfs2_remove_from_journal(struct buffer_head *bh, int meta)
trace_gfs2_pin(bd, 0);
atomic_dec(&sdp->sd_log_pinned);
list_del_init(&bd->bd_list);
- if (meta == REMOVE_META)
- tr->tr_num_buf_rm++;
- else
- tr->tr_num_databuf_rm++;
- set_bit(TR_TOUCHED, &tr->tr_flags);
+ if (tr) {
+ if (meta == REMOVE_META)
+ tr->tr_num_buf_rm++;
+ else
+ tr->tr_num_databuf_rm++;
+ set_bit(TR_TOUCHED, &tr->tr_flags);
+ }
was_pinned = 1;
brelse(bh);
}