Details

Issue of the Implementation # K0001

Brief

(ext4) NPD when using sb->s_fs_info during clean-up after a failed mount

Detailed Description

When attempting to mount a loop device attached to a file with ext4 filesystem in it, the following call to kmalloc() returned NULL (fs/ext4/mballoc.c:2437):

    i = (sb->s_blocksize_bits + 2) * sizeof(*sbi->s_mb_maxs);
    sbi->s_mb_maxs = kmalloc(i, GFP_KERNEL);

ext4_mb_init() returns -ENOMEM as it should, and at the end of ext4_fill_super() s_fs_info field of the corresponding struct super_block instance is set to NULL (fs/ext4/super.c:3686):

out_fail:
    sb->s_fs_info = NULL;

But after that, there is an attempt to dereference sb->s_fs_info in ext4_sync_fs(), for example (fs/ext4/super.c:4123):

    struct ext4_sb_info *sbi = EXT4_SB(sb);
    ...
    flush_workqueue(sbi->dio_unwritten_wq);

'sbi' is NULL in the last statement in this case.

Component

linux-kernel 2.6.37

References

Problems found by KEDR

Accepted

Kernel Bug Tracker, bug #26752

Status

Fixed in the kernel 2.6.39-rc1

[Home]

Русский

About Us

Projects

Results