From: Filipe Manana <fdmanana@suse.com>
Date: Wed, 16 Apr 2025 14:56:53 +0000 (+0100)
Subject: btrfs: exit after state insertion failure at set_extent_bit()
X-Git-Tag: block-6.16-20250606~42^2~63
X-Git-Url: https://git.kernel.dk/?a=commitdiff_plain;h=67f10a10187b17ac62abddf66d16cec9d0f89a7c;p=linux-block.git

btrfs: exit after state insertion failure at set_extent_bit()

If insert_state() state failed it returns an error pointer and we call
extent_io_tree_panic() which will trigger a BUG() call. However if
CONFIG_BUG is disabled, which is an uncommon and exotic scenario, then
we fallthrough and call cache_state() which will dereference the error
pointer, resulting in an invalid memory access.

So jump to the 'out' label after calling extent_io_tree_panic(), it also
makes the code more clear besides dealing with the exotic scenario where
CONFIG_BUG is disabled.

Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
---

diff --git a/fs/btrfs/extent-io-tree.c b/fs/btrfs/extent-io-tree.c
index bf2152ff8efa..29cf3a01294f 100644
--- a/fs/btrfs/extent-io-tree.c
+++ b/fs/btrfs/extent-io-tree.c
@@ -1223,6 +1223,7 @@ hit_next:
 		if (IS_ERR(inserted_state)) {
 			ret = PTR_ERR(inserted_state);
 			extent_io_tree_panic(tree, prealloc, "insert", ret);
+			goto out;
 		}
 
 		cache_state(inserted_state, cached_state);