ocfs2: fix panic in failed foilio allocation

BugLink: https://bugs.launchpad.net/bugs/2115252

commit 31d4cd4 upstream.

commit 7e119cf ("ocfs2: convert w_pages to w_folios") and commit
9a5e086 ("ocfs2: use an array of folios instead of an array of
pages") save -ENOMEM in the folio array upon allocation failure and call
the folio array free code.

The folio array free code expects either valid folio pointers or NULL.
Finding the -ENOMEM will result in a panic.  Fix by NULLing the error
folio entry.

Link: https://lkml.kernel.org/r/[email protected]
Fixes: 7e119cf ("ocfs2: convert w_pages to w_folios")
Fixes: 9a5e086 ("ocfs2: use an array of folios instead of an array of pages")
Signed-off-by: Mark Tinguely <[email protected]>
Reviewed-by: Matthew Wilcox (Oracle) <[email protected]>
Cc: Changwei Ge <[email protected]>
Cc: Joel Becker <[email protected]>
Cc: Junxiao Bi <[email protected]>
Cc: Mark Fasheh <[email protected]>
Cc: Nathan Chancellor <[email protected]>
Cc: <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
CVE-2025-37950
Signed-off-by: Manuel Diewald <[email protected]>
Signed-off-by: Stefan Bader <[email protected]>

Author: marktinguely

fs/ocfs2/alloc.c

@@ -6918,6 +6918,7 @@ static int ocfs2_grab_folios(struct inode *inode, loff_t start, loff_t end,
 		if (IS_ERR(folios[numfolios])) {
 			ret = PTR_ERR(folios[numfolios]);
 			mlog_errno(ret);
+			folios[numfolios] = NULL;
 			goto out;
 		}