On Wed, 2008-05-21 at 10:26 +0200, Eric Sesterhenn wrote: > ah, i removed jfs somewhen because the mkfs.jfs doesnt work > if the file is smaller than 16mb, i readded it and got > a first oops for you > > [52500.590030] ERROR: (device loop1): diRead: i_ino != di_number > [52500.590308] BUG: unable to handle kernel NULL pointer dereference at > 00000237 > [52500.590518] IP: [<c019348a>] iput+0xa/0x50 > [52500.590642] *pde = 00000000 > [52500.590749] Oops: 0000 [#2] PREEMPT DEBUG_PAGEALLOC > [52500.590958] Modules linked in: nfsd exportfs > [52500.591155] > [52500.591220] Pid: 6938, comm: mount Tainted: G D (2.6.26-rc3 > #26) > [52500.591304] EIP: 0060:[<c019348a>] EFLAGS: 00010282 CPU: 0 > [52500.591356] EIP is at iput+0xa/0x50 > [52500.591356] EAX: fffffffb EBX: fffffffb ECX: 00000001 EDX: 00000000 > [52500.591356] ESI: c9811920 EDI: cbd5f780 EBP: cbc67e34 ESP: cbc67e30 > [52500.591356] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 > [52500.591356] Process mount (pid: 6938, ti=cbc67000 task=cbeb3f00 > task.ti=cbc67000) > [52500.591356] Stack: fffffffb cbc67e5c c0316078 cbc67e4c fffffffb > 00000000 00000000 00000002 > [52500.591356] 00000000 c9811920 00000000 cbc67ea0 c01827ff > cf415d40 c07b93c0 cf415d40 > [52500.591356] c9811920 706f6f6c 00000031 c01971ed c07e4ddc > c01971ed 000000d0 cf32e6c0 > [52500.591356] Call Trace: > [52500.591356] [<c0316078>] ? jfs_fill_super+0x268/0x2a0 > [52500.591356] [<c01827ff>] ? get_sb_bdev+0xef/0x120 > [52500.591356] [<c01971ed>] ? alloc_vfsmnt+0xdd/0x120 > [52500.591356] [<c01971ed>] ? alloc_vfsmnt+0xdd/0x120 > [52500.591356] [<c0314fd2>] ? jfs_get_sb+0x22/0x30 > [52500.591356] [<c0315e10>] ? jfs_fill_super+0x0/0x2a0 > [52500.591356] [<c018234a>] ? vfs_kern_mount+0x3a/0x90 > [52500.591356] [<c01823f9>] ? do_kern_mount+0x39/0xd0 > [52500.591356] [<c0198425>] ? do_new_mount+0x65/0x90 > [52500.591356] [<c01985aa>] ? do_mount+0x15a/0x1b0 > [52500.591356] [<c015fc7b>] ? __get_free_pages+0x1b/0x30 > [52500.591356] [<c01962b8>] ? copy_mount_options+0x38/0x140 > [52500.591356] [<c0188d47>] ? getname+0xa7/0xc0 > [52500.591356] [<c019866f>] ? sys_mount+0x6f/0xb0 > [52500.591356] [<c0103d7d>] ? sysenter_past_esp+0x6a/0xb1 > [52500.591356] ======================= > [52500.591356] Code: 4f fa ff 5d c3 8d b6 00 00 00 00 8d bf 00 00 00 00 > 55 89 e5 e8 d8 88 46 00 31 c0 5d c3 8d 74 26 00 55 85 c0 89 e5 53 89 c3 > 74 3d <83> b8 3c 02 00 00 40 74 37 8d 40 24 ba e0 ce 7a c0 e8 90 3c 1d > [52500.591356] EIP: [<c019348a>] iput+0xa/0x50 SS:ESP 0068:cbc67e30 > [52500.599040] ---[ end trace 299f5ea1b691e69f ]--- > > kerneloops.org also catched it, but the code is not disassembled > yet, http://kerneloops.org/raw.php?rawid=13020&msgid= > this is with linux-next from yesterday > > A copy of the image file is available here: > http://www.cccmz.de/~snakebyte/jfs.7.img.bz2 Thanks. It's a bug in an error path that hadn't been caught before. This patch should fix it. ------------------------------------- JFS: skip bad iput() call in error path If jfs_iget() fails, we can't call iput() on the returned error. Thanks to Eric Sesterhenn's fuzzer testing for reporting the problem. Signed-off-by: Dave Kleikamp <shaggy@xxxxxxxxxxxxxxxxxx> diff --git a/fs/jfs/super.c b/fs/jfs/super.c index 50ea654..0288e6d 100644 --- a/fs/jfs/super.c +++ b/fs/jfs/super.c @@ -499,7 +499,7 @@ static int jfs_fill_super(struct super_block *sb, void *data, int silent) inode = jfs_iget(sb, ROOT_I); if (IS_ERR(inode)) { ret = PTR_ERR(inode); - goto out_no_root; + goto out_no_rw; } sb->s_root = d_alloc_root(inode); if (!sb->s_root) @@ -521,9 +521,8 @@ static int jfs_fill_super(struct super_block *sb, void *data, int silent) return 0; out_no_root: - jfs_err("jfs_read_super: get root inode failed"); - if (inode) - iput(inode); + jfs_err("jfs_read_super: get root dentry failed"); + iput(inode); out_no_rw: rc = jfs_umount(sb); -- David Kleikamp IBM Linux Technology Center -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
