From: Manish Katiyar Subject: ext4 crashes in case of failed mounts Date: Fri, 14 Jan 2011 19:34:56 -0800 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 To: ext4 Return-path: Received: from mail-qy0-f181.google.com ([209.85.216.181]:59524 "EHLO mail-qy0-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752404Ab1AODfR (ORCPT ); Fri, 14 Jan 2011 22:35:17 -0500 Received: by qyk12 with SMTP id 12so4048604qyk.19 for ; Fri, 14 Jan 2011 19:35:16 -0800 (PST) Sender: linux-ext4-owner@vger.kernel.org List-ID: Hi, I was trying to simulate some failed mount cases so changed ext4_mb_init() to return -ENOMEM. The next mount crashes with following backtrace. Shouldn't it be handled gracefully ? [ 746.680089] EXT4-fs (loop0): failed to initialize mballoc (-12) [ 746.680127] EXT4-fs (loop0): mount failed [ 746.694981] BUG: unable to handle kernel NULL pointer dereference at 000001c4 [ 746.694981] IP: [] ext4_clear_inode+0x2c/0x50 [ext4] [ 746.694981] *pde = 00000000 [ 746.694981] Oops: 0000 [#1] SMP [ 746.694981] last sysfs file: /sys/devices/virtual/block/loop0/range [ 746.694981] Modules linked in: ext4 jbd2 binfmt_misc bridge stp bnep video output lp ppdev snd_intel8x0 snd_ac97_codec ac97_bus snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device psmouse snd serio_raw pcspkr soundcore i2c_piix4 snd_page_alloc parport_pc parport pcnet32 mii floppy [ 746.694981] [ 746.694981] Pid: 3395, comm: mount Tainted: G W 2.6.36.2myversion #1 /VirtualBox [ 746.694981] EIP: 0060:[] EFLAGS: 00010286 CPU: 0 [ 746.694981] EIP is at ext4_clear_inode+0x2c/0x50 [ext4] [ 746.694981] EAX: 00000000 EBX: d82fd824 ECX: 00000000 EDX: d6685c00 [ 746.694981] ESI: d6685c00 EDI: d82fd824 EBP: d871ddc4 ESP: d871ddc0 [ 746.694981] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 [ 746.694981] Process mount (pid: 3395, ti=d871c000 task=d9486220 task.ti=d871c000) [ 746.694981] Stack: [ 746.694981] d82fd824 d871ddec e08afefe 00000246 00000246 c0217863 00000001 00000246 [ 746.694981] <0> d82fd824 d6685c00 d82fd824 d871ddf8 c021703a d82fd824 d871de08 c021786a [ 746.694981] <0> 00000000 d82f911c d871de40 c02155a2 d8726000 c058d728 00000020 d871de9c [ 746.694981] Call Trace: [ 746.694981] [] ? ext4_evict_inode+0x2e/0x330 [ext4] [ 746.694981] [] ? iput+0x143/0x260 [ 746.694981] [] ? evict+0x1a/0xb0 [ 746.694981] [] ? iput+0x14a/0x260 [ 746.694981] [] ? shrink_dcache_for_umount_subtree+0x192/0x220 [ 746.694981] [] ? mutex_unlock+0x8/0x10 [ 746.694981] [] ? sget+0x1f9/0x410 [ 746.694981] [] ? shrink_dcache_for_umount+0x28/0x50 [ 746.694981] [] ? generic_shutdown_super+0x1b/0xd0 [ 746.694981] [] ? disk_name+0xaf/0xc0 [ 746.694981] [] ? kill_block_super+0x25/0x40 [ 746.694981] [] ? deactivate_locked_super+0x3d/0x60 [ 746.694981] [] ? get_sb_bdev+0x16f/0x180 [ 746.694981] [] ? ext4_get_sb+0x21/0x30 [ext4] [ 746.694981] [] ? ext4_fill_super+0x0/0x32d0 [ext4] [ 746.694981] [] ? vfs_kern_mount+0x6a/0x1b0 [ 746.694981] [] ? get_fs_type+0x9d/0xc0 [ 746.694981] [] ? do_kern_mount+0x39/0xe0 [ 746.694981] [] ? do_mount+0x340/0x7b0 [ 746.694981] [] ? memdup_user+0x33/0x70 [ 746.694981] [] ? strndup_user+0x49/0x60 [ 746.694981] [] ? sys_mount+0x84/0xb0 [ 746.694981] [] ? syscall_call+0x7/0xb [ 746.694981] Code: 89 e5 53 89 c3 e8 05 99 96 df 89 d8 e8 4e 90 95 df 89 d8 e8 a7 62 98 df 89 d8 e8 c0 5f 01 00 8b 83 0c 01 00 00 8b 80 60 02 00 00 <8b> 80 c4 01 00 00 85 c0 74 0b 8d 93 f4 01 00 00 e8 4f 71 f6 ff [ 746.694981] EIP: [] ext4_clear_inode+0x2c/0x50 [ext4] SS:ESP 0068:d871ddc0 [ 746.694981] CR2: 00000000000001c4 [ 746.699688] ---[ end trace 4eaa2a86a8e2da24 ]--- [ 1338.678856] kmemleak: 31 new suspected memory leaks (see /sys/kernel/debug/kmemleak) ======================================================================= (gdb) l *(ext4_clear_inode+0x2c) 0x19f8c is in ext4_clear_inode (fs/ext4/super.c:878). 873 { 874 invalidate_inode_buffers(inode); 875 end_writeback(inode); 876 dquot_drop(inode); 877 ext4_discard_preallocations(inode); 878 if (EXT4_JOURNAL(inode)) 879 jbd2_journal_release_jbd_inode(EXT4_SB(inode->i_sb)->s_journal, 880 &EXT4_I(inode)->jinode); 881 } -- Thanks - Manish ================================== [$\*.^ -- I miss being one of them ==================================