852eee62d31abd Christoph Hellwig 2023-01-21 687 map_length = min(map_length, length);
d5e4377d505189 Christoph Hellwig 2023-01-21 688 if (use_append)
b35243a447b9fe Christoph Hellwig 2024-08-26 689 map_length = btrfs_append_map_length(bbio, map_length);
d5e4377d505189 Christoph Hellwig 2023-01-21 690
103c19723c80bf Christoph Hellwig 2022-11-15 691 if (map_length < length) {
b35243a447b9fe Christoph Hellwig 2024-08-26 692 bbio = btrfs_split_bio(fs_info, bbio, map_length);
28c02a018d50ae Johannes Thumshirn 2024-10-29 693 if (IS_ERR(bbio)) {
28c02a018d50ae Johannes Thumshirn 2024-10-29 694 ret = PTR_ERR(bbio);
28c02a018d50ae Johannes Thumshirn 2024-10-29 695 goto fail;
We hit this goto. We know from the if statement that map_length < length.
28c02a018d50ae Johannes Thumshirn 2024-10-29 696 }
2cef0c79bb81d8 Christoph Hellwig 2023-03-07 697 bio = &bbio->bio;
103c19723c80bf Christoph Hellwig 2022-11-15 698 }
103c19723c80bf Christoph Hellwig 2022-11-15 699
...
852eee62d31abd Christoph Hellwig 2023-01-21 753 done:
852eee62d31abd Christoph Hellwig 2023-01-21 754 return map_length == length;
9ba0004bd95e05 Christoph Hellwig 2023-01-21 755
9ba0004bd95e05 Christoph Hellwig 2023-01-21 756 fail:
9ba0004bd95e05 Christoph Hellwig 2023-01-21 757 btrfs_bio_counter_dec(fs_info);
10d9d8c3512f16 Qu Wenruo 2024-08-17 758 /*
10d9d8c3512f16 Qu Wenruo 2024-08-17 759 * We have split the original bbio, now we have to end both the current
10d9d8c3512f16 Qu Wenruo 2024-08-17 760 * @bbio and remaining one, as the remaining one will never be submitted.
10d9d8c3512f16 Qu Wenruo 2024-08-17 761 */
10d9d8c3512f16 Qu Wenruo 2024-08-17 762 if (map_length < length) {
10d9d8c3512f16 Qu Wenruo 2024-08-17 @763 struct btrfs_bio *remaining = bbio->private;
^^^^^^^^^^^^^
Error pointer dereference
This analysis looks correct.
I want to send a new version of the bio_split() rework series this
morning, so I will not pick up this change for now.
John
