This is a note to let you know that I've just added the patch titled fs/ntfs3: Fix attr_punch_hole() null pointer derenference to the 6.1-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: fs-ntfs3-fix-attr_punch_hole-null-pointer-derenference.patch and it can be found in the queue-6.1 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 6d5c9e79b726cc473d40e9cb60976dbe8e669624 Mon Sep 17 00:00:00 2001 From: Alon Zahavi <zahavi.alon@xxxxxxxxx> Date: Mon, 15 Aug 2022 14:07:12 +0300 Subject: fs/ntfs3: Fix attr_punch_hole() null pointer derenference From: Alon Zahavi <zahavi.alon@xxxxxxxxx> commit 6d5c9e79b726cc473d40e9cb60976dbe8e669624 upstream. The bug occours due to a misuse of `attr` variable instead of `attr_b`. `attr` is being initialized as NULL, then being derenfernced as `attr->res.data_size`. This bug causes a crash of the ntfs3 driver itself, If compiled directly to the kernel, it crashes the whole system. Signed-off-by: Alon Zahavi <zahavi.alon@xxxxxxxxx> Co-developed-by: Tal Lossos <tallossos@xxxxxxxxx> Signed-off-by: Tal Lossos <tallossos@xxxxxxxxx> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@xxxxxxxxxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/ntfs3/attrib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/ntfs3/attrib.c +++ b/fs/ntfs3/attrib.c @@ -2038,7 +2038,7 @@ int attr_punch_hole(struct ntfs_inode *n return -ENOENT; if (!attr_b->non_res) { - u32 data_size = le32_to_cpu(attr->res.data_size); + u32 data_size = le32_to_cpu(attr_b->res.data_size); u32 from, to; if (vbo > data_size) Patches currently in stable-queue which might be from zahavi.alon@xxxxxxxxx are queue-6.1/fs-ntfs3-fix-attr_punch_hole-null-pointer-derenference.patch