On Mon, Sep 07, 2020 at 10:52:03AM -0700, Darrick J. Wong wrote: > From: Darrick J. Wong <darrick.wong@xxxxxxxxxx> > > While running xfs/364 to fuzz the middle bit of recs[2].holemask, I > observed a crash in xfs_repair stemming from the fact that each sparse > bit accounts for 4 inodes, but inode cluster buffers can map to more > than four inodes. > > When the first inode in an inode cluster is marked sparse, > process_inode_chunk won't try to load the inode cluster buffer. > Unfortunately, if the holemask indicates that there are inodes present > anywhere in the rest of the cluster buffer, repair will try to check the > corresponding cluster buffer, even if we didn't load it. This leads to > a null pointer dereference, which crashes repair. > > Avoid the null pointer dereference by marking the inode sparse and > moving on to the next inode. > > Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx> Looks good, Reviewed-by: Christoph Hellwig <hch@xxxxxx>