Re: [PATCH] ocfs2: add journal NULL check in ocfs2_checkpoint_inode()
From: Joseph Qi
Date: Mon Jun 01 2026 - 02:51:11 EST
On 6/1/26 11:32 AM, Heming Zhao wrote:
> On Sun, May 31, 2026 at 09:16:45PM +0800, Joseph Qi wrote:
>> During unmount, ocfs2_journal_shutdown() frees the journal and sets
>> osb->journal to NULL. Later, when VFS evicts remaining cached inodes,
>> ocfs2_evict_inode() -> ocfs2_clear_inode() -> ocfs2_checkpoint_inode()
>> -> ocfs2_ci_fully_checkpointed() dereferences osb->journal, causing a
>> NULL pointer dereference.
>>
>> Fix this by adding a NULL check for osb->journal in
>> ocfs2_checkpoint_inode(). If the journal is NULL, it has already been
>> fully flushed and destroyed during shutdown, so there is nothing to
>> checkpoint.
>>
>> Reported-by: Farhad Alemi <farhad.alemi@xxxxxxxxxxxx>
>> Fixes: da5e7c87827e ("ocfs2: cleanup journal init and shutdown")
>> Signed-off-by: Joseph Qi <joseph.qi@xxxxxxxxxxxxxxxxx>
>> Tested-by: Farhad Alemi <farhad.alemi@xxxxxxxxxxxx>
>> ---
>> fs/ocfs2/journal.h | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/fs/ocfs2/journal.h b/fs/ocfs2/journal.h
>> index 6397170f302f..f8b3b2a3d630 100644
>> --- a/fs/ocfs2/journal.h
>> +++ b/fs/ocfs2/journal.h
>> @@ -196,6 +196,9 @@ static inline void ocfs2_checkpoint_inode(struct inode *inode)
>> if (ocfs2_mount_local(osb))
>> return;
>>
>> + if (!osb->journal)
>> + return;
>> +
>
> In my view, the code is correct for this bug.
> However, the if condition is insufficient if ocfs2_journal_shutdown() sets
> "journal = NULL" immediately after this line.
>
During unmount, journal shutdown happens before final inode eviction is
triggered by generic_shutdown_super() -> evict_inodes(). That means they
run sequentially in the unmount path (same thread context).
Thanks,
Joseph