From 62a07512620cdf0056be64062fa62b58c0b8c84d Mon Sep 17 00:00:00 2001
From: Edward Adam Davis <eadavis@qq.com>
Date: Wed, 23 Oct 2024 19:04:40 +0800
Subject: [PATCH] btrfs: add a sanity check for csum root before filling the
 data csum

Syzbot reported a null-ptr-deref in btrfs_lookup_csums_bitmap().
The btrfs mount options enable IGNOREDATACSUMS, which prevents the csum
root from being loaded.
Before filling in the csum data, check the flag BTRFS_FS_STATE_NO_DATA_CSUMS
to confirm that the csum root has been loaded.

Reported-and-tested-by: syzbot+5d2b33d7835870519b5f@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=5d2b33d7835870519b5f
CC: stable@vger.kernel.org # 6.6+
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
---
 fs/btrfs/scrub.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c
index 204c928beaf9cb..44549e7d55cf87 100644
--- a/fs/btrfs/scrub.c
+++ b/fs/btrfs/scrub.c
@@ -1601,8 +1601,9 @@ static int scrub_find_fill_first_stripe(struct btrfs_block_group *bg,
 		cur_logical = extent_start + extent_len;
 	}
 
-	/* Now fill the data csum. */
-	if (bg->flags & BTRFS_BLOCK_GROUP_DATA) {
+	/* Now fill the data checksums (if the checksum tree is set up). */
+	if (!test_bit(BTRFS_FS_STATE_NO_DATA_CSUMS, &fs_info->fs_state) &&
+	    bg->flags & BTRFS_BLOCK_GROUP_DATA) {
 		int sector_nr;
 		unsigned long csum_bitmap = 0;