lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <AANLkTik9FAqwXj2EOJfjR1bZ16-imT0rKS30zCrhDsZy@mail.gmail.com>
Date:	Fri, 14 Jan 2011 19:34:56 -0800
From:	Manish Katiyar <mkatiyar@...il.com>
To:	ext4 <linux-ext4@...r.kernel.org>
Subject: ext4 crashes in case of failed mounts

Hi,

I was trying to simulate some failed mount cases so changed
ext4_mb_init() to return -ENOMEM. The next mount crashes with
following backtrace. Shouldn't it be handled gracefully ?

[  746.680089] EXT4-fs (loop0): failed to initialize mballoc (-12)
[  746.680127] EXT4-fs (loop0): mount failed
[  746.694981] BUG: unable to handle kernel NULL pointer dereference at 000001c4
[  746.694981] IP: [<e08bdf5c>] ext4_clear_inode+0x2c/0x50 [ext4]
[  746.694981] *pde = 00000000
[  746.694981] Oops: 0000 [#1] SMP
[  746.694981] last sysfs file: /sys/devices/virtual/block/loop0/range
[  746.694981] Modules linked in: ext4 jbd2 binfmt_misc bridge stp
bnep video output lp ppdev snd_intel8x0 snd_ac97_codec ac97_bus
snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss
snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer
snd_seq_device psmouse snd serio_raw pcspkr soundcore i2c_piix4
snd_page_alloc parport_pc parport pcnet32 mii floppy
[  746.694981]
[  746.694981] Pid: 3395, comm: mount Tainted: G        W
2.6.36.2myversion #1 /VirtualBox
[  746.694981] EIP: 0060:[<e08bdf5c>] EFLAGS: 00010286 CPU: 0
[  746.694981] EIP is at ext4_clear_inode+0x2c/0x50 [ext4]
[  746.694981] EAX: 00000000 EBX: d82fd824 ECX: 00000000 EDX: d6685c00
[  746.694981] ESI: d6685c00 EDI: d82fd824 EBP: d871ddc4 ESP: d871ddc0
[  746.694981]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[  746.694981] Process mount (pid: 3395, ti=d871c000 task=d9486220
task.ti=d871c000)
[  746.694981] Stack:
[  746.694981]  d82fd824 d871ddec e08afefe 00000246 00000246 c0217863
00000001 00000246
[  746.694981] <0> d82fd824 d6685c00 d82fd824 d871ddf8 c021703a
d82fd824 d871de08 c021786a
[  746.694981] <0> 00000000 d82f911c d871de40 c02155a2 d8726000
c058d728 00000020 d871de9c
[  746.694981] Call Trace:
[  746.694981]  [<e08afefe>] ? ext4_evict_inode+0x2e/0x330 [ext4]
[  746.694981]  [<c0217863>] ? iput+0x143/0x260
[  746.694981]  [<c021703a>] ? evict+0x1a/0xb0
[  746.694981]  [<c021786a>] ? iput+0x14a/0x260
[  746.694981]  [<c02155a2>] ? shrink_dcache_for_umount_subtree+0x192/0x220
[  746.694981]  [<c058d728>] ? mutex_unlock+0x8/0x10
[  746.694981]  [<c0205a49>] ? sget+0x1f9/0x410
[  746.694981]  [<c0215658>] ? shrink_dcache_for_umount+0x28/0x50
[  746.694981]  [<c0204c0b>] ? generic_shutdown_super+0x1b/0xd0
[  746.694981]  [<c0253dcf>] ? disk_name+0xaf/0xc0
[  746.694981]  [<c0204ce5>] ? kill_block_super+0x25/0x40
[  746.694981]  [<c020536d>] ? deactivate_locked_super+0x3d/0x60
[  746.694981]  [<c0205f0f>] ? get_sb_bdev+0x16f/0x180
[  746.694981]  [<e08bc9e1>] ? ext4_get_sb+0x21/0x30 [ext4]
[  746.694981]  [<e08c0b00>] ? ext4_fill_super+0x0/0x32d0 [ext4]
[  746.694981]  [<c020559a>] ? vfs_kern_mount+0x6a/0x1b0
[  746.694981]  [<c0219b2d>] ? get_fs_type+0x9d/0xc0
[  746.694981]  [<c0205739>] ? do_kern_mount+0x39/0xe0
[  746.694981]  [<c021c950>] ? do_mount+0x340/0x7b0
[  746.694981]  [<c01dba73>] ? memdup_user+0x33/0x70
[  746.694981]  [<c01dbaf9>] ? strndup_user+0x49/0x60
[  746.694981]  [<c021ce44>] ? sys_mount+0x84/0xb0
[  746.694981]  [<c058f9d5>] ? syscall_call+0x7/0xb
[  746.694981] Code: 89 e5 53 89 c3 e8 05 99 96 df 89 d8 e8 4e 90 95
df 89 d8 e8 a7 62 98 df 89 d8 e8 c0 5f 01 00 8b 83 0c 01 00 00 8b 80
60 02 00 00 <8b> 80 c4 01 00 00 85 c0 74 0b 8d 93 f4 01 00 00 e8 4f 71
f6 ff
[  746.694981] EIP: [<e08bdf5c>] ext4_clear_inode+0x2c/0x50 [ext4]
SS:ESP 0068:d871ddc0
[  746.694981] CR2: 00000000000001c4
[  746.699688] ---[ end trace 4eaa2a86a8e2da24 ]---
[ 1338.678856] kmemleak: 31 new suspected memory leaks (see
/sys/kernel/debug/kmemleak)


=======================================================================

(gdb) l *(ext4_clear_inode+0x2c)
0x19f8c is in ext4_clear_inode (fs/ext4/super.c:878).
873	{
874		invalidate_inode_buffers(inode);
875		end_writeback(inode);
876		dquot_drop(inode);
877		ext4_discard_preallocations(inode);
878		if (EXT4_JOURNAL(inode))
879			jbd2_journal_release_jbd_inode(EXT4_SB(inode->i_sb)->s_journal,
880					       &EXT4_I(inode)->jinode);
881	}


-- 
Thanks -
Manish
==================================
[$\*.^ -- I miss being one of them
==================================
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ