https://bugzilla.novell.com/show_bug.cgi?id=668878 https://bugzilla.novell.com/show_bug.cgi?id=668878#c5 Tamas Visegrady <tamas.visegrady@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tamas.visegrady@gmail.com --- Comment #5 from Tamas Visegrady <tamas.visegrady@gmail.com> 2011-02-13 15:52:09 UTC --- Just ran into this after running "-t auto" mount on an all-zeroes USB stick by accident. Identical dump with 2.6.37-20-desktop. The error path in reiserfs_fill_super() indeed sets s_fs_info to NULL, but there's a non-NULL check in reiserfs_kill_sb() before using s->s_fs_info. However, doesn't reiserfs_kill_sb+0x1c dereference the superblock pointer *s at +0x1c? --------------------- static void reiserfs_kill_sb(struct super_block *s) { if (REISERFS_SB(s)) { // s->s_fs_info if (REISERFS_SB(s)->xattr_root) { // s->s_fs_info->xattr... d_invalidate(REISERFS_SB(s)->xattr_root); .. --------------------- 0000000000011b40 <reiserfs_kill_sb>: reiserfs_kill_sb(): 11b40: 48 83 ec 18 sub $0x18,%rsp 11b44: 48 89 6c 24 08 mov %rbp,0x8(%rsp) 11b49: 48 89 1c 24 mov %rbx,(%rsp) 11b4d: 48 89 fd mov %rdi,%rbp 11b50: 4c 89 64 24 10 mov %r12,0x10(%rsp) // s 11b55: 48 8b 87 78 02 00 00 mov 0x278(%rdi),%rax // s->s_fs_info 11b5c: 48 8b 98 f8 00 00 00 mov 0xf8(%rax),%rbx (cf.NULL pointer dereference at ...000000f8 ^^^^) 11b63: 48 85 db test %rbx,%rbx 11b66: 0f 84 9b 00 00 00 je 11c07 <reiserfs_kill_sb+0xc7> 11b6c: 4c 8d 63 08 lea 0x8(%rbx),%r12 11b70: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 11b73: R_X86_64_32S dcache_lock --------------------- reiserfs_fill_super() is called from mount_bdev() before deactivate_locked_super() calls back to reiserfs_kill_sb(): --------------------- (mount_bdev()) .. error = fill_super(s, data, flags & MS_SILENT ? 1 : 0); if (error) { deactivate_locked_super(s); .. --------------------- void deactivate_locked_super(struct super_block *s) .. if (atomic_dec_and_test(&s->s_active)) { fs->kill_sb(s); .. --------------------- -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.