From mboxrd@z Thu Jan 1 00:00:00 1970 From: Edward Shishkin Subject: Re: [BUG] on mount with reiser4-for-4.8 Date: Sun, 18 Dec 2016 13:44:26 +0100 Message-ID: <585684AA.3010306@gmail.com> References: <5855B20D.6020304@gmail.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------010607030907090902090608" Return-path: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to; bh=JX0CbrfGt2OdlY+XMy5HDDQ+qp8orKI/gg+X1qVM5U4=; b=M7YYXaEJB+jDuvsSV3x+YLfXBR0iM9eEQmcqCsKqi8GcB+iG7K+zsmfL/AaI5ZeI7c 9JLG+iIbNF28C2j+Ea31k8T3bjWuiwFdt7uZMKsxtw3SCgwmjxxsV64Pj9ydFzCkwgM4 /LoaIn4OqyaUfqnASUlHx/dvhc1IPUBp8WfbqOFNMarPkpeNWIagdFB9Q7+emCg3TK3I BXkBvA3PfQqSXLnlhRD81XTpoHHasQTN4+1MLGCJtjISh1unbPhrS3TvU2z+la4+Epge gAF06/gBDWKTlo+Qh9FT0ABD3wdtqWJFA67+U5KgdKA88OkvWdSa2vKtNXq6R6plCDHm EarA== In-Reply-To: Sender: reiserfs-devel-owner@vger.kernel.org List-ID: To: =?UTF-8?B?RHXFoWFuIMSMb2xpxIc=?= Cc: reiserfs-devel This is a multi-part message in MIME format. --------------010607030907090902090608 Content-Type: text/plain; charset="utf-8"; format="flowed" Content-Transfer-Encoding: 8bit Try this one in addition. Thanks, Edward. On 12/18/2016 01:17 PM, Dušan Čolić wrote: > It's OK now, mounts read-only on error. > > What about that BUG on mount? > > On Sat, Dec 17, 2016 at 10:45 PM, Edward Shishkin > wrote: >> Please, check if this help. >> Apply from reiser4 directory. >> >> Thanks, >> Edward. >> >> >> On 12/17/2016 10:08 PM, Dušan Čolić wrote: >>> When mounting reiser4 partitions I get the following bug, but the >>> system keeps working, even as reiser4 remounted partition as read >>> only. >>> >>> All R4 partitions are ccreg40. >>> >>> Thanks >>> >>> Dushan >>> >>> cat /etc/fstab | grep -v "#" >>> >>> >>> /dev/sda1 /boot ext2 noauto,noatime 1 2 >>> /dev/md123 none swap sw 0 >>> 0 >>> /dev/sda2 / reiser4 noatime,onerror=remount-ro >>> 0 0 >>> /dev/md125 /mnt/backup reiser4 >>> noatime,noauto,onerror=remount-ro 0 0 >>> /dev/md126 /mnt/media reiser4 >>> noatime,users,onerror=remount-ro 0 0 >>> /dev/md127 /usr/portage reiser4 >>> noatime,onerror=remount-ro 0 0 >>> /dev/dvdrom /mnt/cdrom auto noauto,ro 0 0 >>> shm /dev/shm tmpfs nodev,nosuid,noexec 0 0 >>> >>> >>> cat /proc/mdstat >>> Personalities : [raid1] >>> md122 : active raid1 sdc1[1] sdb1[0] >>> 104320 blocks [2/2] [UU] >>> >>> md123 : active raid1 sdc2[1] sdb2[0] >>> 594304 blocks [2/2] [UU] >>> >>> md124 : active raid1 sdc5[1] sdb5[0] >>> 9775424 blocks [2/2] [UU] >>> >>> md125 : active raid1 sdc6[1] sdb6[0] >>> 68364480 blocks [2/2] [UU] >>> >>> md126 : active raid1 sdc7[1] sdb7[0] >>> 403110912 blocks [2/2] [UU] >>> >>> md127 : active raid1 sdc8[1] sdb8[0] >>> 6433920 blocks [2/2] [UU] >>> >>> df >>> >>> Filesystem 1K-blocks Used Available Use% Mounted on >>> /dev/sda2 37017728 30413152 6604576 83% / >>> tmpfs 680644 1012 679632 1% /run >>> dev 10240 0 10240 0% /dev >>> shm 3403212 1284 3401928 1% /dev/shm >>> cgroup_root 10240 0 10240 0% /sys/fs/cgroup >>> /dev/md126 383034100 350741596 32292504 92% /mnt/media >>> /dev/md127 6113484 5605344 508140 92% /usr/portage >>> none 3403212 12 3403200 1% /run/user/1001 >>> none 3403212 0 3403212 0% /run/user/1000 >>> /dev/md125 64959612 52568760 12390852 81% /mnt/backup >>> >>> >>> dmesg >>> >>> [ 2.057469] reiser4[swapper/0(1)]: try_init_format40 >>> (fs/reiser4/plugin/disk_format/disk_format40.c:303)[vpf-1364]: >>> NOTICE: Warning: mounting sda2 with fatal errors, >>> forcing read-only mount. >>> [ 2.060544] reiser4: sda2: found disk format 4.0.1. >>> [ 2.062410] >>> ================================================================== >>> [ 2.063993] BUG: KASAN: use-after-free in >>> init_format_format40+0x401/0x750 at addr ffff8801d0fc0850 >>> [ 2.065616] Read of size 4 by task swapper/0/1 >>> [ 2.067228] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.8.11-gentoo #3 >>> [ 2.068857] Hardware name: Gigabyte Technology Co., Ltd. To be >>> filled by O.E.M./B75-D3V, BIOS F5 07/04/2012 >>> [ 2.070566] ffff8801d08f4580 ffff8801d6327a20 ffffffff81424185 >>> ffff8801d6000600 >>> [ 2.072316] ffff8801d0fc0800 ffff8801d6327a48 ffffffff811ff90c >>> ffff8801d6327ad8 >>> [ 2.074078] ffff8801d0fc0800 ffff8801d0fc0800 ffff8801d6327ac8 >>> ffffffff811ffb79 >>> [ 2.075861] Call Trace: >>> [ 2.077616] [] dump_stack+0x4d/0x68 >>> [ 2.079402] [] kasan_object_err+0x1c/0x70 >>> [ 2.081216] [] kasan_report_error+0x1c9/0x4b0 >>> [ 2.083049] [] ? zget+0xdf/0x3c0 >>> [ 2.084876] [] kasan_report+0x34/0x40 >>> [ 2.086717] [] ? init_format_format40+0x401/0x750 >>> [ 2.088594] [] __asan_load4+0x61/0x80 >>> [ 2.090471] [] init_format_format40+0x401/0x750 >>> [ 2.092356] [] fill_super+0x14a/0x300 >>> [ 2.094224] [] mount_bdev+0x1bf/0x200 >>> [ 2.096073] [] ? reiser4_mount+0x20/0x20 >>> [ 2.097930] [] reiser4_mount+0x10/0x20 >>> [ 2.099785] [] mount_fs+0x2e/0xe0 >>> [ 2.101654] [] vfs_kern_mount+0x66/0x190 >>> [ 2.103528] [] do_mount+0x1d2/0x1080 >>> [ 2.105397] [] ? kasan_check_write+0x14/0x20 >>> [ 2.107295] [] ? strndup_user+0x54/0x70 >>> [ 2.109187] [] SyS_mount+0x66/0xb0 >>> [ 2.111089] [] mount_block_root+0x171/0x3ac >>> [ 2.113023] [] mount_root+0x77/0xd8 >>> [ 2.114955] [] prepare_namespace+0x135/0x16d >>> [ 2.116887] [] kernel_init_freeable+0x237/0x24b >>> [ 2.118811] [] kernel_init+0xe/0x120 >>> [ 2.120713] [] ret_from_fork+0x1f/0x40 >>> [ 2.122618] [] ? rest_init+0x80/0x80 >>> [ 2.124522] Object at ffff8801d0fc0800, in cache kmalloc-512 size: 512 >>> [ 2.126453] Allocated: >>> [ 2.128364] PID = 1 >>> [ 2.130261] [] save_stack_trace+0x26/0x50 >>> [ 2.132219] [] kasan_kmalloc.part.5+0x62/0xf0 >>> [ 2.134206] [] kasan_kmalloc+0x78/0xa0 >>> [ 2.136188] [] init_format_format40+0x1ac/0x750 >>> [ 2.138174] [] fill_super+0x14a/0x300 >>> [ 2.140144] [] mount_bdev+0x1bf/0x200 >>> [ 2.142096] [] reiser4_mount+0x10/0x20 >>> [ 2.144055] [] mount_fs+0x2e/0xe0 >>> [ 2.146028] [] vfs_kern_mount+0x66/0x190 >>> [ 2.148016] [] do_mount+0x1d2/0x1080 >>> [ 2.150014] [] SyS_mount+0x66/0xb0 >>> [ 2.152026] [] mount_block_root+0x171/0x3ac >>> [ 2.154055] [] mount_root+0x77/0xd8 >>> [ 2.156066] [] prepare_namespace+0x135/0x16d >>> [ 2.158074] [] kernel_init_freeable+0x237/0x24b >>> [ 2.160079] [] kernel_init+0xe/0x120 >>> [ 2.162020] [] ret_from_fork+0x1f/0x40 >>> [ 2.163918] Freed: >>> [ 2.165760] PID = 1 >>> [ 2.167562] [] save_stack_trace+0x26/0x50 >>> [ 2.169376] [] kasan_slab_free+0xb7/0x180 >>> [ 2.171150] [] kfree+0x6b/0x90 >>> [ 2.172895] [] init_format_format40+0x3f9/0x750 >>> [ 2.174616] [] fill_super+0x14a/0x300 >>> [ 2.176290] [] mount_bdev+0x1bf/0x200 >>> [ 2.177962] [] reiser4_mount+0x10/0x20 >>> [ 2.179633] [] mount_fs+0x2e/0xe0 >>> [ 2.181273] [] vfs_kern_mount+0x66/0x190 >>> [ 2.182910] [] do_mount+0x1d2/0x1080 >>> [ 2.184541] [] SyS_mount+0x66/0xb0 >>> [ 2.186171] [] mount_block_root+0x171/0x3ac >>> [ 2.187804] [] mount_root+0x77/0xd8 >>> [ 2.189430] [] prepare_namespace+0x135/0x16d >>> [ 2.191056] [] kernel_init_freeable+0x237/0x24b >>> [ 2.192683] [] kernel_init+0xe/0x120 >>> [ 2.194296] [] ret_from_fork+0x1f/0x40 >>> [ 2.195902] Memory state around the buggy address: >>> [ 2.197517] ffff8801d0fc0700: fc fc fc fc fc fc fc fc fc fc fc fc >>> fc fc fc fc >>> [ 2.199178] ffff8801d0fc0780: fc fc fc fc fc fc fc fc fc fc fc fc >>> fc fc fc fc >>> [ 2.200818] >ffff8801d0fc0800: fb fb fb fb fb fb fb fb fb fb fb fb >>> fb fb fb fb >>> [ 2.202460] ^ >>> [ 2.204114] ffff8801d0fc0880: fb fb fb fb fb fb fb fb fb fb fb fb >>> fb fb fb fb >>> [ 2.205804] ffff8801d0fc0900: fb fb fb fb fb fb fb fb fb fb fb fb >>> fb fb fb fb >>> [ 2.207471] >>> ================================================================== >>> [ 2.209162] Disabling lock debugging due to kernel taint >>> [ 2.210933] reiser4: sda2: use 'fsck.reiser4 --fix' to complete >>> disk format upgrade. >>> [ 2.212696] usb 1-1.4: new high-speed USB device number 3 using >>> ehci-pci >>> [ 2.214507] usb 2-1.5: new full-speed USB device number 3 using >>> ehci-pci >>> [ 2.234910] hid-generic 0003:051D:0002.0002: device has no >>> listeners, quitting >>> [ 2.312037] reiser4: sda2: using Hybrid Transaction Model. >>> [ 2.313880] VFS: Mounted root (reiser4 filesystem) readonly on device >>> 8:2. >>> [ 2.315949] Freeing unused kernel memory: 968K (ffffffff82086000 - >>> ffffffff82178000) >>> [ 2.317823] Write protecting the kernel read-only data: 16384k >>> [ 2.320900] Freeing unused kernel memory: 1636K (ffff880001a67000 - >>> ffff880001c00000) >>> [ 2.331114] Freeing unused kernel memory: 1848K (ffff880001e32000 - >>> ffff880002000000) >>> [ 2.334644] hub 1-1.4:1.0: USB hub found >>> [ 2.336766] hub 1-1.4:1.0: 2 ports detected >>> [ 2.624398] usb 1-1.4.2: new full-speed USB device number 4 using >>> ehci-pci >>> [ 5.221431] random: crng init done >>> [ 7.579186] Adding 594300k swap on /dev/md123. Priority:-1 >>> extents:1 across:594300k >>> [ 7.661464] reiser4: md126: found disk format 4.0.1. >>> [ 7.661541] >>> ================================================================== >>> [ 7.661546] BUG: KASAN: use-after-free in >>> init_format_format40+0x401/0x750 at addr ffff8801cfaf1350 >>> [ 7.661548] Read of size 4 by task mount/1662 >>> [ 7.661551] CPU: 0 PID: 1662 Comm: mount Tainted: G B >>> 4.8.11-gentoo #3 >>> [ 7.661552] Hardware name: Gigabyte Technology Co., Ltd. To be >>> filled by O.E.M./B75-D3V, BIOS F5 07/04/2012 >>> [ 7.661553] ffff8801ceef3580 ffff8801cf087b28 ffffffff81424185 >>> ffff8801d6000600 >>> [ 7.661556] ffff8801cfaf1300 ffff8801cf087b50 ffffffff811ff90c >>> ffff8801cf087be0 >>> [ 7.661559] ffff8801cfaf1300 ffff8801cfaf1300 ffff8801cf087bd0 >>> ffffffff811ffb79 >>> [ 7.661561] Call Trace: >>> [ 7.661565] [] dump_stack+0x4d/0x68 >>> [ 7.661569] [] kasan_object_err+0x1c/0x70 >>> [ 7.661571] [] kasan_report_error+0x1c9/0x4b0 >>> [ 7.661574] [] ? zget+0xdf/0x3c0 >>> [ 7.661577] [] kasan_report+0x34/0x40 >>> [ 7.661580] [] ? init_format_format40+0x401/0x750 >>> [ 7.661582] [] __asan_load4+0x61/0x80 >>> [ 7.661585] [] init_format_format40+0x401/0x750 >>> [ 7.661588] [] fill_super+0x14a/0x300 >>> [ 7.661591] [] mount_bdev+0x1bf/0x200 >>> [ 7.661593] [] ? reiser4_mount+0x20/0x20 >>> [ 7.661594] [] reiser4_mount+0x10/0x20 >>> [ 7.661597] [] mount_fs+0x2e/0xe0 >>> [ 7.661600] [] vfs_kern_mount+0x66/0x190 >>> [ 7.661602] [] do_mount+0x1d2/0x1080 >>> [ 7.661604] [] ? copy_mount_options+0x111/0x220 >>> [ 7.661606] [] ? copy_mount_options+0xfa/0x220 >>> [ 7.661608] [] SyS_mount+0x66/0xb0 >>> [ 7.661613] [] entry_SYSCALL_64_fastpath+0x13/0x8f >>> [ 7.661614] Object at ffff8801cfaf1300, in cache kmalloc-512 size: 512 >>> [ 7.661615] Allocated: >>> [ 7.661615] PID = 1662 >>> [ 7.661616] [] save_stack_trace+0x26/0x50 >>> [ 7.661620] [] kasan_kmalloc.part.5+0x62/0xf0 >>> [ 7.661622] [] kasan_kmalloc+0x78/0xa0 >>> [ 7.661625] [] init_format_format40+0x1ac/0x750 >>> [ 7.661628] [] fill_super+0x14a/0x300 >>> [ 7.661630] [] mount_bdev+0x1bf/0x200 >>> [ 7.661632] [] reiser4_mount+0x10/0x20 >>> [ 7.661634] [] mount_fs+0x2e/0xe0 >>> [ 7.661637] [] vfs_kern_mount+0x66/0x190 >>> [ 7.661639] [] do_mount+0x1d2/0x1080 >>> [ 7.661641] [] SyS_mount+0x66/0xb0 >>> [ 7.661643] [] entry_SYSCALL_64_fastpath+0x13/0x8f >>> [ 7.661646] Freed: >>> [ 7.661646] PID = 1662 >>> [ 7.661647] [] save_stack_trace+0x26/0x50 >>> [ 7.661649] [] kasan_slab_free+0xb7/0x180 >>> [ 7.661652] [] kfree+0x6b/0x90 >>> [ 7.661654] [] init_format_format40+0x3f9/0x750 >>> [ 7.661657] [] fill_super+0x14a/0x300 >>> [ 7.661659] [] mount_bdev+0x1bf/0x200 >>> [ 7.661662] [] reiser4_mount+0x10/0x20 >>> [ 7.661664] [] mount_fs+0x2e/0xe0 >>> [ 7.661666] [] vfs_kern_mount+0x66/0x190 >>> [ 7.661668] [] do_mount+0x1d2/0x1080 >>> [ 7.661670] [] SyS_mount+0x66/0xb0 >>> [ 7.661672] [] entry_SYSCALL_64_fastpath+0x13/0x8f >>> [ 7.661675] Memory state around the buggy address: >>> [ 7.661677] ffff8801cfaf1200: fb fb fb fb fb fb fb fb fb fb fb fb >>> fb fb fb fb >>> [ 7.661679] ffff8801cfaf1280: fc fc fc fc fc fc fc fc fc fc fc fc >>> fc fc fc fc >>> [ 7.661681] >ffff8801cfaf1300: fb fb fb fb fb fb fb fb fb fb fb fb >>> fb fb fb fb >>> [ 7.661681] ^ >>> [ 7.661683] ffff8801cfaf1380: fb fb fb fb fb fb fb fb fb fb fb fb >>> fb fb fb fb >>> [ 7.661684] ffff8801cfaf1400: fb fb fb fb fb fb fb fb fb fb fb fb >>> fb fb fb fb >>> [ 7.661685] >>> ================================================================== >>> [ 10.972840] rcu-perf:rcu_perf_writer 0 has 100 measurements >>> [ 11.016722] rcu-perf:Test complete >>> [ 26.835385] reiser4: md126: using Hybrid Transaction Model. >>> [ 26.857910] reiser4: md127: found disk format 4.0.1. >>> [ 26.857995] >>> ================================================================== >>> [ 26.858002] BUG: KASAN: use-after-free in >>> init_format_format40+0x401/0x750 at addr ffff8801cbf560d0 >>> [ 26.858003] Read of size 4 by task mount/1662 >>> [ 26.858006] CPU: 0 PID: 1662 Comm: mount Tainted: G B >>> 4.8.11-gentoo #3 >>> [ 26.858007] Hardware name: Gigabyte Technology Co., Ltd. To be >>> filled by O.E.M./B75-D3V, BIOS F5 07/04/2012 >>> [ 26.858009] ffff8801b9ded5c0 ffff8801cf087b28 ffffffff81424185 >>> ffff8801d6000600 >>> [ 26.858012] ffff8801cbf56080 ffff8801cf087b50 ffffffff811ff90c >>> ffff8801cf087be0 >>> [ 26.858014] ffff8801cbf56080 ffff8801cbf56080 ffff8801cf087bd0 >>> ffffffff811ffb79 >>> [ 26.858017] Call Trace: >>> [ 26.858020] [] dump_stack+0x4d/0x68 >>> [ 26.858024] [] kasan_object_err+0x1c/0x70 >>> [ 26.858027] [] kasan_report_error+0x1c9/0x4b0 >>> [ 26.858029] [] ? zget+0xdf/0x3c0 >>> [ 26.858032] [] kasan_report+0x34/0x40 >>> [ 26.858035] [] ? init_format_format40+0x401/0x750 >>> [ 26.858038] [] __asan_load4+0x61/0x80 >>> [ 26.858040] [] init_format_format40+0x401/0x750 >>> [ 26.858043] [] fill_super+0x14a/0x300 >>> [ 26.858046] [] mount_bdev+0x1bf/0x200 >>> [ 26.858048] [] ? reiser4_mount+0x20/0x20 >>> [ 26.858050] [] reiser4_mount+0x10/0x20 >>> [ 26.858052] [] mount_fs+0x2e/0xe0 >>> [ 26.858055] [] vfs_kern_mount+0x66/0x190 >>> [ 26.858057] [] do_mount+0x1d2/0x1080 >>> [ 26.858059] [] ? copy_mount_options+0xfa/0x220 >>> [ 26.858061] [] SyS_mount+0x66/0xb0 >>> [ 26.858065] [] entry_SYSCALL_64_fastpath+0x13/0x8f >>> [ 26.858067] Object at ffff8801cbf56080, in cache kmalloc-512 size: 512 >>> [ 26.858067] Allocated: >>> [ 26.858068] PID = 1662 >>> [ 26.858069] [] save_stack_trace+0x26/0x50 >>> [ 26.858072] [] kasan_kmalloc.part.5+0x62/0xf0 >>> [ 26.858075] [] kasan_kmalloc+0x78/0xa0 >>> [ 26.858077] [] init_format_format40+0x1ac/0x750 >>> [ 26.858080] [] fill_super+0x14a/0x300 >>> [ 26.858082] [] mount_bdev+0x1bf/0x200 >>> [ 26.858085] [] reiser4_mount+0x10/0x20 >>> [ 26.858087] [] mount_fs+0x2e/0xe0 >>> [ 26.858089] [] vfs_kern_mount+0x66/0x190 >>> [ 26.858091] [] do_mount+0x1d2/0x1080 >>> [ 26.858093] [] SyS_mount+0x66/0xb0 >>> [ 26.858095] [] entry_SYSCALL_64_fastpath+0x13/0x8f >>> [ 26.858098] Freed: >>> [ 26.858099] PID = 1662 >>> [ 26.858099] [] save_stack_trace+0x26/0x50 >>> [ 26.858102] [] kasan_slab_free+0xb7/0x180 >>> [ 26.858104] [] kfree+0x6b/0x90 >>> [ 26.858107] [] init_format_format40+0x3f9/0x750 >>> [ 26.858109] [] fill_super+0x14a/0x300 >>> [ 26.858111] [] mount_bdev+0x1bf/0x200 >>> [ 26.858114] [] reiser4_mount+0x10/0x20 >>> [ 26.858116] [] mount_fs+0x2e/0xe0 >>> [ 26.858118] [] vfs_kern_mount+0x66/0x190 >>> [ 26.858120] [] do_mount+0x1d2/0x1080 >>> [ 26.858122] [] SyS_mount+0x66/0xb0 >>> [ 26.858124] [] entry_SYSCALL_64_fastpath+0x13/0x8f >>> [ 26.858128] Memory state around the buggy address: >>> [ 26.858130] ffff8801cbf55f80: fc fc fc fc fc fc fc fc fc fc fc fc >>> fc fc fc fc >>> [ 26.858131] ffff8801cbf56000: fc fc fc fc fc fc fc fc fc fc fc fc >>> fc fc fc fc >>> [ 26.858133] >ffff8801cbf56080: fb fb fb fb fb fb fb fb fb fb fb fb >>> fb fb fb fb >>> [ 26.858134] ^ >>> [ 26.858135] ffff8801cbf56100: fb fb fb fb fb fb fb fb fb fb fb fb >>> fb fb fb fb >>> [ 26.858137] ffff8801cbf56180: fb fb fb fb fb fb fb fb fb fb fb fb >>> fb fb fb fb >>> [ 26.858137] >>> ================================================================== >>> [ 27.199941] reiser4: md127: using Hybrid Transaction Model. >>> >>> >>> [33530.203469] reiser4[mount(11677)]: try_init_format40 >>> (fs/reiser4/plugin/disk_format/disk_format40.c:303)[vpf-1364]: >>> NOTICE: Warning: mounting md125 with fatal errors, >>> forcing read-only mount. >>> [33530.203480] reiser4: md125: found disk format 4.0.1. >>> [33530.203564] >>> ================================================================== >>> [33530.203570] BUG: KASAN: use-after-free in >>> init_format_format40+0x401/0x750 at addr ffff88013164d810 >>> [33530.203571] Read of size 4 by task mount/11677 >>> [33530.203574] CPU: 0 PID: 11677 Comm: mount Tainted: G B >>> 4.8.11-gentoo #3 >>> [33530.203575] Hardware name: Gigabyte Technology Co., Ltd. To be >>> filled by O.E.M./B75-D3V, BIOS F5 07/04/2012 >>> [33530.203577] ffff88000e65ce80 ffff88000da87b28 ffffffff81424185 >>> ffff8801d6000600 >>> [33530.203580] ffff88013164d7c0 ffff88000da87b50 ffffffff811ff90c >>> ffff88000da87be0 >>> [33530.203582] ffff88013164d7c0 ffff88013164d7c0 ffff88000da87bd0 >>> ffffffff811ffb79 >>> [33530.203585] Call Trace: >>> [33530.203588] [] dump_stack+0x4d/0x68 >>> [33530.203592] [] kasan_object_err+0x1c/0x70 >>> [33530.203595] [] kasan_report_error+0x1c9/0x4b0 >>> [33530.203597] [] ? zget+0xdf/0x3c0 >>> [33530.203600] [] kasan_report+0x34/0x40 >>> [33530.203603] [] ? init_format_format40+0x401/0x750 >>> [33530.203605] [] __asan_load4+0x61/0x80 >>> [33530.203608] [] init_format_format40+0x401/0x750 >>> [33530.203610] [] fill_super+0x14a/0x300 >>> [33530.203613] [] mount_bdev+0x1bf/0x200 >>> [33530.203615] [] ? reiser4_mount+0x20/0x20 >>> [33530.203617] [] reiser4_mount+0x10/0x20 >>> [33530.203620] [] mount_fs+0x2e/0xe0 >>> [33530.203622] [] vfs_kern_mount+0x66/0x190 >>> [33530.203625] [] do_mount+0x1d2/0x1080 >>> [33530.203627] [] ? copy_mount_options+0x111/0x220 >>> [33530.203629] [] ? copy_mount_options+0xfa/0x220 >>> [33530.203631] [] SyS_mount+0x66/0xb0 >>> [33530.203635] [] entry_SYSCALL_64_fastpath+0x13/0x8f >>> [33530.203637] Object at ffff88013164d7c0, in cache kmalloc-512 size: 512 >>> [33530.203637] Allocated: >>> [33530.203638] PID = 11677 >>> [33530.203639] [] save_stack_trace+0x26/0x50 >>> [33530.203642] [] kasan_kmalloc.part.5+0x62/0xf0 >>> [33530.203645] [] kasan_kmalloc+0x78/0xa0 >>> [33530.203647] [] init_format_format40+0x1ac/0x750 >>> [33530.203650] [] fill_super+0x14a/0x300 >>> [33530.203652] [] mount_bdev+0x1bf/0x200 >>> [33530.203654] [] reiser4_mount+0x10/0x20 >>> [33530.203656] [] mount_fs+0x2e/0xe0 >>> [33530.203659] [] vfs_kern_mount+0x66/0x190 >>> [33530.203661] [] do_mount+0x1d2/0x1080 >>> [33530.203663] [] SyS_mount+0x66/0xb0 >>> [33530.203665] [] entry_SYSCALL_64_fastpath+0x13/0x8f >>> [33530.203668] Freed: >>> [33530.203669] PID = 11677 >>> [33530.203669] [] save_stack_trace+0x26/0x50 >>> [33530.203671] [] kasan_slab_free+0xb7/0x180 >>> [33530.203674] [] kfree+0x6b/0x90 >>> [33530.203676] [] init_format_format40+0x3f9/0x750 >>> [33530.203679] [] fill_super+0x14a/0x300 >>> [33530.203681] [] mount_bdev+0x1bf/0x200 >>> [33530.203683] [] reiser4_mount+0x10/0x20 >>> [33530.203685] [] mount_fs+0x2e/0xe0 >>> [33530.203688] [] vfs_kern_mount+0x66/0x190 >>> [33530.203690] [] do_mount+0x1d2/0x1080 >>> [33530.203692] [] SyS_mount+0x66/0xb0 >>> [33530.203694] [] entry_SYSCALL_64_fastpath+0x13/0x8f >>> [33530.203697] Memory state around the buggy address: >>> [33530.203699] ffff88013164d700: fc fc fc fc fc fc fc fc fc fc fc fc >>> fc fc fc fc >>> [33530.203701] ffff88013164d780: fc fc fc fc fc fc fc fc fb fb fb fb >>> fb fb fb fb >>> [33530.203703] >ffff88013164d800: fb fb fb fb fb fb fb fb fb fb fb fb >>> fb fb fb fb >>> [33530.203703] ^ >>> [33530.203705] ffff88013164d880: fb fb fb fb fb fb fb fb fb fb fb fb >>> fb fb fb fb >>> [33530.203707] ffff88013164d900: fb fb fb fb fb fb fb fb fb fb fb fb >>> fb fb fb fb >>> [33530.203707] >>> ================================================================== >>> [33533.485380] reiser4: md125: using Hybrid Transaction Model. >>> -- >>> To unsubscribe from this list: send the line "unsubscribe reiserfs-devel" >>> in >>> the body of a message to majordomo@vger.kernel.org >>> More majordomo info at http://vger.kernel.org/majordomo-info.html >> --------------010607030907090902090608 Content-Type: text/x-patch; name="reiser4-access-freed-memory-fixup.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="reiser4-access-freed-memory-fixup.patch" diff --git a/plugin/disk_format/disk_format40.c b/plugin/disk_format/disk_format40.c index 41d7bbc..68b2662 100644 --- a/plugin/disk_format/disk_format40.c +++ b/plugin/disk_format/disk_format40.c @@ -372,11 +372,11 @@ static int try_init_format40(struct super_block *super, reiser4_set_block_count(super, get_format40_block_count(sb_copy)); sbinfo->blocks_free = get_format40_free_blocks(sb_copy); sbinfo->version = get_format40_version(sb_copy); - kfree(sb_copy); if (update_backup_version(sb_copy)) printk("reiser4: %s: use 'fsck.reiser4 --fix' " "to complete disk format upgrade.\n", super->s_id); + kfree(sb_copy); sbinfo->fsuid = 0; sbinfo->fs_flags |= (1 << REISER4_ADG); /* hard links for directories --------------010607030907090902090608--