CVE-2022-50743

In the Linux kernel, the following vulnerability has been resolved:

erofs: Fix pcluster memleak when its block address is zero

syzkaller reported a memleak: https://syzkaller.appspot.com/bug?id=62f37ff612f0021641eda5b17f056f1668aa9aed

unreferenced object 0xffff88811009c7f8 (size 136): ... backtrace: [<ffffffff821db19b>] zerofsdoreadpage+0x99b/0x1740 [<ffffffff821dee9e>] zerofsreadahead+0x24e/0x580 [<ffffffff814bc0d6>] read_pages+0x86/0x3d0 ...

syzkaller constructed a case: in zerofsregisterpcluster(), ztailpacking = false and map->mpa = zero. This makes pcl->obj.index be zero although pcl is not a inline pcluster.

Then following path adds refcount for grp, but the refcount won't be put because pcl is inline.

zerofsreadahead() zerofsdoreadpage() # for another page zerofscollectorbegin() erofsfindworkgroup() erofsworkgroup_get()

Since it's illegal for the block address of a non-inlined pcluster to be zero, add check here to avoid registering the pcluster which would be leaked.