From: Chris Mason <mason@suse.com>

From: Jeff Mahoney <jeffm@suse.de>

fsstress manages to setup a sequence of events that allow an attempt to
perform direct-io on a tail.  bh_result->b_page == NULL, which causes the
PageLocked and PageWriteback checks to perform a NULL deref, causing the
oops.


---

 25-akpm/fs/reiserfs/inode.c |    2 +-
 1 files changed, 1 insertion(+), 1 deletion(-)

diff -puN fs/reiserfs/inode.c~reiserfs-direct-tail fs/reiserfs/inode.c
--- 25/fs/reiserfs/inode.c~reiserfs-direct-tail	2004-03-12 18:25:17.893937088 -0800
+++ 25-akpm/fs/reiserfs/inode.c	2004-03-12 18:25:17.898936328 -0800
@@ -444,7 +444,7 @@ static int reiserfs_get_blocks_direct_io
         /* make sure future calls to the direct io funcs for this offset
         ** in the file fail by unmapping the buffer
         */
-        reiserfs_unmap_buffer(bh_result);
+        clear_buffer_mapped(bh_result);
         ret = -EINVAL ;
     }
     /* Possible unpacked tail. Flush the data before pages have

_