NULL pointer dereference in __mark_inode_dirty

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

From: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
To: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Christoph Hellwig <hch@lst.de>,
	Andrew Morton <akpm@linux-foundation.org>,
	linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
	linux-kernel@vger.kernel.org
Subject: NULL pointer dereference in __mark_inode_dirty
Date: Thu, 9 Dec 2010 23:39:11 +0200	[thread overview]
Message-ID: <20101209213911.GB4250@swordfish.minsk.epam.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 3286 bytes --]

Hello,
I had an oops today while copying files from external USB hdd,
because of NULL pointer dereference in __mark_inode_dirty.

Stack trace looks similar to this one:
__mark_inode_dirty
touch_atime
generic_file_aio_read
vfs_read


The problem is that, at the same time something similiar 
to this happens
sb->s_bdi = NULL
bdi_prune_sb
bdi_unregister
del_gendisk
sd_remove

due to
[ 2595.650474] usb 2-1.2: new high speed USB device using ehci_hcd and address 34
[ 2595.735409] usb 2-1.2: New USB device found, idVendor=1058, idProduct=0704
[ 2595.735419] usb 2-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2595.735427] usb 2-1.2: Product: External HDD    
[ 2595.735434] usb 2-1.2: Manufacturer: Western Digital 
[ 2595.735440] usb 2-1.2: SerialNumber: 575845363038453236303437
[ 2595.738574] usb-storage 2-1.2:1.0: Quirks match for vid 1058 pid 0704: 8000
[ 2595.738678] scsi34 : usb-storage 2-1.2:1.0
[ 2596.735886] scsi 34:0:0:0: Direct-Access     WD       3200BMV External 1.05 PQ: 0 ANSI: 4
[ 2596.738702] sd 34:0:0:0: [sdb] 625142448 512-byte logical blocks: (320 GB/298 GiB)
[ 2596.739695] sd 34:0:0:0: [sdb] Write Protect is off
[ 2596.739700] sd 34:0:0:0: [sdb] Mode Sense: 21 00 00 00
[ 2596.739704] sd 34:0:0:0: [sdb] Assuming drive cache: write through
[ 2596.742589] sd 34:0:0:0: [sdb] Assuming drive cache: write through
[ 2596.788526]  sdb: sdb1
[ 2596.791876] sd 34:0:0:0: [sdb] Assuming drive cache: write through
[ 2596.791886] sd 34:0:0:0: [sdb] Attached SCSI disk
[ 2602.946272] FAT: utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[ 2614.887119] usb 2-1.2: USB disconnect, address 34
[ 2614.890093] sd 34:0:0:0: [sdb] Unhandled error code
[ 2614.890101] sd 34:0:0:0: [sdb]  Result: hostbyte=DID_NO_CONNECT driverbyte=DRIVER_OK
[ 2614.890112] sd 34:0:0:0: [sdb] CDB: Read(10): 28 00 02 49 27 eb 00 00 10 00
[ 2614.890144] end_request: I/O error, dev sdb, sector 38348779
[ 2614.890210] sd 34:0:0:0: [sdb] Unhandled error code
[ 2614.890216] sd 34:0:0:0: [sdb]  Result: hostbyte=DID_NO_CONNECT driverbyte=DRIVER_OK
[ 2614.890225] sd 34:0:0:0: [sdb] CDB: Read(10): 28 00 02 49 27 fb 00 00 f0 00
[ 2614.890256] end_request: I/O error, dev sdb, sector 38348795
[ 2614.891577] FAT: FAT read failed (blocknr 5025)
[ 2614.891744] FAT: FAT read failed (blocknr 5037)
[ 2614.893203] FAT: FAT read failed (blocknr 66)
[ 2614.893451] FAT: FAT read failed (blocknr 28135)
[ 2614.894942] FAT: FAT read failed (blocknr 32)


Later in __mark_inode_dirty
bdi = inode_to_bdi(inode)

call returns NULL. And the result is Oops.

Below is the first `solution' that I came up with. Yet I don't
think it's proper.

---

 fs/fs-writeback.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c
index 3d06ccc..0b0e79c 100644
--- a/fs/fs-writeback.c
+++ b/fs/fs-writeback.c
@@ -987,6 +987,9 @@ void __mark_inode_dirty(struct inode *inode, int flags)
 		if (!was_dirty) {
 			bdi = inode_to_bdi(inode);
 
+			if (bdi == NULL)
+				goto out;
+
 			if (bdi_cap_writeback_dirty(bdi)) {
 				WARN(!test_bit(BDI_registered, &bdi->state),
 				     "bdi-%s not registered\n", bdi->name);



[-- Attachment #2: Type: application/pgp-signature, Size: 316 bytes --]

                 reply	other threads:[~2010-12-09 21:37 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20101209213911.GB4250@swordfish.minsk.epam.com \
    --to=sergey.senozhatsky@gmail.com \
    --cc=akpm@linux-foundation.org \
    --cc=hch@lst.de \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox