CVE-2025-68771

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ocfs2: fix kernel BUG in ocfs2_find_victim_chain<br /> <br /> syzbot reported a kernel BUG in ocfs2_find_victim_chain() because the<br /> `cl_next_free_rec` field of the allocation chain list (next free slot in<br /> the chain list) is 0, triggring the BUG_ON(!cl-&gt;cl_next_free_rec)<br /> condition in ocfs2_find_victim_chain() and panicking the kernel.<br /> <br /> To fix this, an if condition is introduced in ocfs2_claim_suballoc_bits(),<br /> just before calling ocfs2_find_victim_chain(), the code block in it being<br /> executed when either of the following conditions is true:<br /> <br /> 1. `cl_next_free_rec` is equal to 0, indicating that there are no free<br /> chains in the allocation chain list<br /> 2. `cl_next_free_rec` is greater than `cl_count` (the total number of<br /> chains in the allocation chain list)<br /> <br /> Either of them being true is indicative of the fact that there are no<br /> chains left for usage.<br /> <br /> This is addressed using ocfs2_error(), which prints<br /> the error log for debugging purposes, rather than panicking the kernel.