From arefev at swemel.ru  Wed Oct  1 12:26:14 2025
From: arefev at swemel.ru (Denis Arefev)
Date: Wed,  1 Oct 2025 13:26:14 +0300
Subject: [bug-report] NULL pointer dereference in __drbd_change_sync()
Message-ID: <20251001102619.8912-1-arefev@swemel.ru>

In the Linux kernel, there's an unpatched bug in the DRBD code in the __drbd_change_sync() function,
a NULL pointer dereference.

The call stack that leads to this error looks like this:

drbd_request_endio
|-> __req_mod(req, what, NULL, &m);
    |-> case READ_COMPLETED_WITH_ERROR:
    |-> drbd_set_out_of_sync(NULL, ... )
    	|-> __drbd_change_sync(NULL, ... );
            |-> peer_device->device (NULL->device)

This bug has already been fixed here [1], but porting this commit to the kernel will be quite
difficult, since the DRBD code in the Linux kernel and on GitHub [2] differs significantly.

But ignoring it is also not a good idea.

The blamed kernel commit is 0d11f3cf279c ("drbd: Pass a peer device to the resync and online verify functions")
which came with series [3].

One possible solution is to reverse the patch series [3] because "it is mainly no-ops, pretty much just 
preparation for future upstreaming work" as its cover letter says.  

However, there seems to be no active drbd module development in mainline kernel since that series was posted in 2023.

[1]: https://github.com/LINBIT/drbd/commit/effc7281bf1a7922daa6393632fc6eeac1732bfa
[2]: https://github.com/LINBIT/drbd
[3]: https://lore.kernel.org/all/20230330102744.2128122-1-christoph.boehmwalder at linbit.com/

Found by Linux Verification Center (linuxtesting.org) with SVACE.

-- 
2.43.0