btrfs: exit after state insertion failure at set_extent_bit()

If insert_state() state failed it returns an error pointer and we call
extent_io_tree_panic() which will trigger a BUG() call. However if
CONFIG_BUG is disabled, which is an uncommon and exotic scenario, then
we fallthrough and call cache_state() which will dereference the error
pointer, resulting in an invalid memory access.

So jump to the 'out' label after calling extent_io_tree_panic(), it also
makes the code more clear besides dealing with the exotic scenario where
CONFIG_BUG is disabled.

Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>

diff --git a/fs/btrfs/extent-io-tree.c b/fs/btrfs/extent-io-tree.c
index bf2152ff8efa1b7538b776e858659cc1ab4ef55f..29cf3a01294f6f08f1c0fee8e951f4ce176ba5fd 100644 (file)
--- a/fs/btrfs/extent-io-tree.c
+++ b/fs/btrfs/extent-io-tree.c
@@ -1223,6 +1223,7 @@ hit_next:
                if (IS_ERR(inserted_state)) {
                        ret = PTR_ERR(inserted_state);
                        extent_io_tree_panic(tree, prealloc, "insert", ret);
+                       goto out;
                }
 
                cache_state(inserted_state, cached_state);