Bug 31112

Summary: NULL pointer dereference in __mark_inode_dirty
Product: File System Reporter: Torsten Hilbrich (torsten.hilbrich)
Component: VFSAssignee: fs_vfs
Status: RESOLVED CODE_FIX    
Severity: normal CC: cebbert, udknight
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: v2.6.38 Subsystem:
Regression: Yes Bisected commit-id:
Attachments: Kernel log showing the problem
Kernel configuration used for bisecting the problem

Description Torsten Hilbrich 2011-03-15 07:27:00 UTC 
Created attachment 50852 [details]
Kernel log showing the problem

I noticed a bug with writes to block devices that disappeared (like removed USB sticks). The bug with introduced with:

commit aaead25b954879e1a708ff2f3602f494c18d20b5
Author: Christoph Hellwig <hch@lst.de>
Date:   Mon Oct 4 14:25:33 2010 +0200

    writeback: always use sb->s_bdi for writeback purposes

and I just checked that it is still present in v2.6.38. The last released version without that problem was v2.6.35.

Here are the steps I'm able to reproduce the problem:

- insert an USB stick with one partition and ext2 file system
- mount it: mount /dev/sdb1 /mnt
- open a handle to the stick: cat > /mnt/foo
- start writing to the file by pressing <Return> once
- remove the stick
- continue writing by pressing <Return> again
- kernel panic happens

I will attach the kernel log of the described session and the configuration I used for tracking it to the named commit.

The problem was already reported on lkml by other people:

- https://lkml.org/lkml/2011/2/28/272 (Patch included)
- https://lkml.org/lkml/2010/12/9/436

Torsten
Comment 1 Torsten Hilbrich 2011-03-15 07:27:42 UTC 
Created attachment 50862 [details]
Kernel configuration used for bisecting the problem
Comment 2 Chuck Ebbert 2011-03-25 02:52:01 UTC 
Should be fixed by 95f28604a65b1c40b6c6cd95e58439cd7ded3add, now queued for 2.6.38.2
Comment 3 Wang YanQing 2011-06-29 08:58:16 UTC 
Ok, if this OOPS had been fixed, who is the duty to change the bug status?
Comment 4 Torsten Hilbrich 2011-06-29 17:08:34 UTC 
I verified the bug to be fixed by this commit, see http://lkml.org/lkml/2011/3/15/159.