From: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
To: Ye Bin <yebin@huaweicloud.com>,
tytso@mit.edu, adilger.kernel@dilger.ca,
linux-ext4@vger.kernel.org
Cc: jack@suse.cz
Subject: Re: [PATCH -next 8/8] ext4: fix possible null-ptr-deref in mbt_kunit_exit()
Date: Fri, 13 Mar 2026 18:03:28 +0530 [thread overview]
Message-ID: <pl57ucx3.ritesh.list@gmail.com> (raw)
In-Reply-To: <20260310130412.3156753-9-yebin@huaweicloud.com>
Ye Bin <yebin@huaweicloud.com> writes:
> From: Ye Bin <yebin10@huawei.com>
>
> There's issue as follows:
> # test_new_blocks_simple: failed to initialize: -12
> KASAN: null-ptr-deref in range [0x0000000000000638-0x000000000000063f]
> Tainted: [E]=UNSIGNED_MODULE, [N]=TEST
> RIP: 0010:mbt_kunit_exit+0x5e/0x3e0 [ext4_test]
> Call Trace:
> <TASK>
> kunit_try_run_case_cleanup+0xbc/0x100 [kunit]
> kunit_generic_run_threadfn_adapter+0x89/0x100 [kunit]
> kthread+0x408/0x540
> ret_from_fork+0xa76/0xdf0
> ret_from_fork_asm+0x1a/0x30
>
> If mbt_kunit_init() init testcase failed will lead to null-ptr-deref.
> So add test if 'sb' is inited success in mbt_kunit_exit().
>
> Fixes: 7c9fa399a369 ("ext4: add first unit test for ext4_mb_new_blocks_simple in mballoc")
> Signed-off-by: Ye Bin <yebin10@huawei.com>
> ---
> fs/ext4/mballoc-test.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/fs/ext4/mballoc-test.c b/fs/ext4/mballoc-test.c
> index c75b91ae0cf0..90ed505fa4b1 100644
> --- a/fs/ext4/mballoc-test.c
> +++ b/fs/ext4/mballoc-test.c
> @@ -362,7 +362,6 @@ static int mbt_kunit_init(struct kunit *test)
> return ret;
> }
>
> - test->priv = sb;
> kunit_activate_static_stub(test,
> ext4_read_block_bitmap_nowait,
> ext4_read_block_bitmap_nowait_stub);
> @@ -383,6 +382,8 @@ static int mbt_kunit_init(struct kunit *test)
> return -ENOMEM;
> }
>
> + test->priv = sb;
> +
So, I see that "test" which is of "struct kunit" type, is always
initialized locally on stack, so test->priv by default is always NULL.
Hence this make sense to me.
Feel free to add:
Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
> return 0;
> }
>
> @@ -390,6 +391,9 @@ static void mbt_kunit_exit(struct kunit *test)
> {
> struct super_block *sb = (struct super_block *)test->priv;
>
> + if (!sb)
> + return;
> +
> mbt_mb_release(sb);
> mbt_ctx_release(sb);
> mbt_ext4_free_super_block(sb);
> --
> 2.34.1
next prev parent reply other threads:[~2026-03-13 12:37 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-10 13:04 [PATCH -next 0/8] Fix some issues about ext4-test Ye Bin
2026-03-10 13:04 ` [PATCH -next 1/8] ext4: fix mballoc-test.c is not compiled when EXT4_KUNIT_TESTS=M Ye Bin
2026-03-11 2:44 ` kernel test robot
2026-03-11 3:26 ` kernel test robot
2026-03-10 13:04 ` [PATCH -next 2/8] ext4: introduce EXPORT_SYMBOL_FOR_EXT4_TEST() helper Ye Bin
2026-03-10 13:04 ` [PATCH -next 3/8] ext4: fix extents-test.c is not compiled when EXT4_KUNIT_TESTS=M Ye Bin
2026-03-11 6:32 ` kernel test robot
2026-03-10 13:04 ` [PATCH -next 4/8] ext4: fix miss unlock 'sb->s_umount' in extents_kunit_init() Ye Bin
2026-03-13 11:32 ` Ritesh Harjani
2026-03-10 13:04 ` [PATCH -next 5/8] ext4: fix miss free super_block in extents_kunit_exit() Ye Bin
2026-03-13 12:03 ` Ritesh Harjani
2026-03-13 14:03 ` Ojaswin Mujoo
2026-03-10 13:04 ` [PATCH -next 6/8] ext4: fix the error handling process in extents_kunit_init) Ye Bin
2026-03-13 12:15 ` Ritesh Harjani
2026-03-14 2:21 ` yebin (H)
2026-03-10 13:04 ` [PATCH -next 7/8] ext4: fix possible null-ptr-deref in extents_kunit_exit() Ye Bin
2026-03-13 12:27 ` Ritesh Harjani
2026-03-10 13:04 ` [PATCH -next 8/8] ext4: fix possible null-ptr-deref in mbt_kunit_exit() Ye Bin
2026-03-13 12:33 ` Ritesh Harjani [this message]
2026-03-13 7:16 ` [PATCH -next 0/8] Fix some issues about ext4-test Ojaswin Mujoo
2026-03-13 10:34 ` Ojaswin Mujoo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=pl57ucx3.ritesh.list@gmail.com \
--to=ritesh.list@gmail.com \
--cc=adilger.kernel@dilger.ca \
--cc=jack@suse.cz \
--cc=linux-ext4@vger.kernel.org \
--cc=tytso@mit.edu \
--cc=yebin@huaweicloud.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.