Hi Folks, I’ve come across a potential null pointer dereference issue in the XFS recovery process. This seems to occur in the xlog_recover_get_buf_lsn function during the line: magic32 = be32_to_cpu(*(__be32 *)blk); Here, blk is a pointer to bp->b_addr, which is allocated earlier in xlog_recover_buf_commit_pass2 during a call to xfs_buf_read. However, I’ve observed that there is a code path where xfs_buf_read may return success without allocating/assigning bp->b_addr. This could lead to a null pointer dereference in xlog_recover_get_buf_lsn. Context
