On Tue, Sep 30, 2025 at 02:48:50PM +0800, Haotian Zhang wrote:
The error return from bio_split() is not checked before being passed to bio_chain(), leading to a kernel panic from an invalid pointer dereference.
Add a check with IS_ERR() to handle the allocation failure and prevent the crash.
This patch fixes a bug in the pktcdvd driver, which was removed from the mainline kernel but still exists in stable branches.
Fixes: 4b83e99ee7092 ("Revert "pktcdvd: remove driver."") Cc: stable@vger.kernel.org Signed-off-by: Haotian Zhang vulab@iscas.ac.cn
drivers/block/pktcdvd.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c index 65b96c083b3c..c0999c3d167a 100644 --- a/drivers/block/pktcdvd.c +++ b/drivers/block/pktcdvd.c @@ -2466,6 +2466,8 @@ static void pkt_submit_bio(struct bio *bio) split = bio_split(bio, last_zone - bio->bi_iter.bi_sector, GFP_NOIO, &pkt_bio_set);
if (IS_ERR(split))goto end_io; bio_chain(split, bio);-- 2.25.1
<formletter>
This is not the correct way to submit patches for inclusion in the stable kernel tree. Please read: https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html for how to do this properly.
</formletter>