From: Denis Arefev <arefev@swemel.ru>
To: "Philipp Reisner" <philipp.reisner@linbit.com>,
"Lars Ellenberg" <lars.ellenberg@linbit.com>,
"Christoph Böhmwalder" <christoph.boehmwalder@linbit.com>
Cc: Jens Axboe <axboe@kernel.dk>,
linux-block@vger.kernel.org, lvc-project@linuxtesting.org,
drbd-dev@lists.linbit.com
Subject: [bug-report] NULL pointer dereference in __drbd_change_sync()
Date: Wed, 1 Oct 2025 13:26:14 +0300 [thread overview]
Message-ID: <20251001102619.8912-1-arefev@swemel.ru> (raw)
In the Linux kernel, there's an unpatched bug in the DRBD code in the __drbd_change_sync() function,
a NULL pointer dereference.
The call stack that leads to this error looks like this:
drbd_request_endio
|-> __req_mod(req, what, NULL, &m);
|-> case READ_COMPLETED_WITH_ERROR:
|-> drbd_set_out_of_sync(NULL, ... )
|-> __drbd_change_sync(NULL, ... );
|-> peer_device->device (NULL->device)
This bug has already been fixed here [1], but porting this commit to the kernel will be quite
difficult, since the DRBD code in the Linux kernel and on GitHub [2] differs significantly.
But ignoring it is also not a good idea.
The blamed kernel commit is 0d11f3cf279c ("drbd: Pass a peer device to the resync and online verify functions")
which came with series [3].
One possible solution is to reverse the patch series [3] because "it is mainly no-ops, pretty much just
preparation for future upstreaming work" as its cover letter says.
However, there seems to be no active drbd module development in mainline kernel since that series was posted in 2023.
[1]: https://github.com/LINBIT/drbd/commit/effc7281bf1a7922daa6393632fc6eeac1732bfa
[2]: https://github.com/LINBIT/drbd
[3]: https://lore.kernel.org/all/20230330102744.2128122-1-christoph.boehmwalder@linbit.com/
Found by Linux Verification Center (linuxtesting.org) with SVACE.
--
2.43.0
reply other threads:[~2025-10-01 10:35 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251001102619.8912-1-arefev@swemel.ru \
--to=arefev@swemel.ru \
--cc=axboe@kernel.dk \
--cc=christoph.boehmwalder@linbit.com \
--cc=drbd-dev@lists.linbit.com \
--cc=lars.ellenberg@linbit.com \
--cc=linux-block@vger.kernel.org \
--cc=lvc-project@linuxtesting.org \
--cc=philipp.reisner@linbit.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox