fs/ntfs3: Fix NULL dereference in ni_write_inode

Syzbot reports a NULL dereference in ni_write_inode.
When creating a new inode, if allocation fails in mi_init function
(called in mi_format_new function), mi->mrec is set to NULL.
In the error path of this inode creation, mi->mrec is later
dereferenced in ni_write_inode.

Add a NULL check to prevent NULL dereference.

Link: https://syzkaller.appspot.com/bug?extid=f45957555ed4a808cc7a
Reported-and-tested-by: syzbot+f45957555ed4a808cc7a@syzkaller.appspotmail.com
Signed-off-by: Abdun Nihaal <abdun.nihaal@gmail.com>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>

diff --git a/fs/ntfs3/frecord.c b/fs/ntfs3/frecord.c
index f1df52dfab74ba5dac22c775439d938d7c144fd3..912eeb3d34717fd146a4c2e3055760be09847e54 100644 (file)
--- a/fs/ntfs3/frecord.c
+++ b/fs/ntfs3/frecord.c
@@ -3258,6 +3258,9 @@ int ni_write_inode(struct inode *inode, int sync, const char *hint)
                return 0;
        }
 
+       if (!ni->mi.mrec)
+               goto out;
+
        if (is_rec_inuse(ni->mi.mrec) &&
            !(sbi->flags & NTFS_FLAGS_LOG_REPLAYING) && inode->i_nlink) {
                bool modified = false;