2011-01-15 03:35:17

by Manish Katiyar

[permalink] [raw]
Subject: ext4 crashes in case of failed mounts

Hi,

I was trying to simulate some failed mount cases so changed
ext4_mb_init() to return -ENOMEM. The next mount crashes with
following backtrace. Shouldn't it be handled gracefully ?

[ 746.680089] EXT4-fs (loop0): failed to initialize mballoc (-12)
[ 746.680127] EXT4-fs (loop0): mount failed
[ 746.694981] BUG: unable to handle kernel NULL pointer dereference at 000001c4
[ 746.694981] IP: [<e08bdf5c>] ext4_clear_inode+0x2c/0x50 [ext4]
[ 746.694981] *pde = 00000000
[ 746.694981] Oops: 0000 [#1] SMP
[ 746.694981] last sysfs file: /sys/devices/virtual/block/loop0/range
[ 746.694981] Modules linked in: ext4 jbd2 binfmt_misc bridge stp
bnep video output lp ppdev snd_intel8x0 snd_ac97_codec ac97_bus
snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss
snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer
snd_seq_device psmouse snd serio_raw pcspkr soundcore i2c_piix4
snd_page_alloc parport_pc parport pcnet32 mii floppy
[ 746.694981]
[ 746.694981] Pid: 3395, comm: mount Tainted: G W
2.6.36.2myversion #1 /VirtualBox
[ 746.694981] EIP: 0060:[<e08bdf5c>] EFLAGS: 00010286 CPU: 0
[ 746.694981] EIP is at ext4_clear_inode+0x2c/0x50 [ext4]
[ 746.694981] EAX: 00000000 EBX: d82fd824 ECX: 00000000 EDX: d6685c00
[ 746.694981] ESI: d6685c00 EDI: d82fd824 EBP: d871ddc4 ESP: d871ddc0
[ 746.694981] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 746.694981] Process mount (pid: 3395, ti=d871c000 task=d9486220
task.ti=d871c000)
[ 746.694981] Stack:
[ 746.694981] d82fd824 d871ddec e08afefe 00000246 00000246 c0217863
00000001 00000246
[ 746.694981] <0> d82fd824 d6685c00 d82fd824 d871ddf8 c021703a
d82fd824 d871de08 c021786a
[ 746.694981] <0> 00000000 d82f911c d871de40 c02155a2 d8726000
c058d728 00000020 d871de9c
[ 746.694981] Call Trace:
[ 746.694981] [<e08afefe>] ? ext4_evict_inode+0x2e/0x330 [ext4]
[ 746.694981] [<c0217863>] ? iput+0x143/0x260
[ 746.694981] [<c021703a>] ? evict+0x1a/0xb0
[ 746.694981] [<c021786a>] ? iput+0x14a/0x260
[ 746.694981] [<c02155a2>] ? shrink_dcache_for_umount_subtree+0x192/0x220
[ 746.694981] [<c058d728>] ? mutex_unlock+0x8/0x10
[ 746.694981] [<c0205a49>] ? sget+0x1f9/0x410
[ 746.694981] [<c0215658>] ? shrink_dcache_for_umount+0x28/0x50
[ 746.694981] [<c0204c0b>] ? generic_shutdown_super+0x1b/0xd0
[ 746.694981] [<c0253dcf>] ? disk_name+0xaf/0xc0
[ 746.694981] [<c0204ce5>] ? kill_block_super+0x25/0x40
[ 746.694981] [<c020536d>] ? deactivate_locked_super+0x3d/0x60
[ 746.694981] [<c0205f0f>] ? get_sb_bdev+0x16f/0x180
[ 746.694981] [<e08bc9e1>] ? ext4_get_sb+0x21/0x30 [ext4]
[ 746.694981] [<e08c0b00>] ? ext4_fill_super+0x0/0x32d0 [ext4]
[ 746.694981] [<c020559a>] ? vfs_kern_mount+0x6a/0x1b0
[ 746.694981] [<c0219b2d>] ? get_fs_type+0x9d/0xc0
[ 746.694981] [<c0205739>] ? do_kern_mount+0x39/0xe0
[ 746.694981] [<c021c950>] ? do_mount+0x340/0x7b0
[ 746.694981] [<c01dba73>] ? memdup_user+0x33/0x70
[ 746.694981] [<c01dbaf9>] ? strndup_user+0x49/0x60
[ 746.694981] [<c021ce44>] ? sys_mount+0x84/0xb0
[ 746.694981] [<c058f9d5>] ? syscall_call+0x7/0xb
[ 746.694981] Code: 89 e5 53 89 c3 e8 05 99 96 df 89 d8 e8 4e 90 95
df 89 d8 e8 a7 62 98 df 89 d8 e8 c0 5f 01 00 8b 83 0c 01 00 00 8b 80
60 02 00 00 <8b> 80 c4 01 00 00 85 c0 74 0b 8d 93 f4 01 00 00 e8 4f 71
f6 ff
[ 746.694981] EIP: [<e08bdf5c>] ext4_clear_inode+0x2c/0x50 [ext4]
SS:ESP 0068:d871ddc0
[ 746.694981] CR2: 00000000000001c4
[ 746.699688] ---[ end trace 4eaa2a86a8e2da24 ]---
[ 1338.678856] kmemleak: 31 new suspected memory leaks (see
/sys/kernel/debug/kmemleak)


=======================================================================

(gdb) l *(ext4_clear_inode+0x2c)
0x19f8c is in ext4_clear_inode (fs/ext4/super.c:878).
873 {
874 invalidate_inode_buffers(inode);
875 end_writeback(inode);
876 dquot_drop(inode);
877 ext4_discard_preallocations(inode);
878 if (EXT4_JOURNAL(inode))
879 jbd2_journal_release_jbd_inode(EXT4_SB(inode->i_sb)->s_journal,
880 &EXT4_I(inode)->jinode);
881 }


--
Thanks -
Manish
==================================
[$\*.^ -- I miss being one of them
==================================