From: Kent Overstreet <kent.overstreet@linux.dev>
Date: Fri, 18 Apr 2025 02:38:14 +0000 (-0400)
Subject: bcachefs: Fix null ptr deref in bch2_snapshot_tree_oldest_subvol()
X-Git-Tag: v6.15-rc4~27^2~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aa6a591f0fd740e27c54110f8425b53133ad4165;p=thirdparty%2Fkernel%2Fstable.git

bcachefs: Fix null ptr deref in bch2_snapshot_tree_oldest_subvol()

Reported-by: syzbot+baee8591f336cab0958b@syzkaller.appspotmail.com
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
---

diff --git a/fs/bcachefs/snapshot.c b/fs/bcachefs/snapshot.c
index b7de29aed8391..fec569c7deb1c 100644
--- a/fs/bcachefs/snapshot.c
+++ b/fs/bcachefs/snapshot.c
@@ -396,7 +396,7 @@ u32 bch2_snapshot_tree_oldest_subvol(struct bch_fs *c, u32 snapshot_root)
 	u32 subvol = 0, s;
 
 	rcu_read_lock();
-	while (id) {
+	while (id && bch2_snapshot_exists(c, id)) {
 		s = snapshot_t(c, id)->subvol;
 
 		if (s && (!subvol || s < subvol))