Created attachment 82361 [details] The patch to fix the problem If ext4_mb_init() called from ext4_fill_super() (fs/ext4/super.c:3980 in the current ext4 git tree) fails and returns error code, ext4_fill_super() still returns 0. This happens because the return value of ext4_mb_init() is not assigned to 'ret' in the error path. So the previous value of 'ret' (0) is returned from ext4_fill_super(). This problem leads to a kernel oops in mount_fs() when the latter tries to access the struct dentry that the mount() callback returns ("sb = root->d_sb;" in fs/super.c:1180). The problem has been revealed with the help of the fault simulation facilities provided by KEDR Framework. Attached is a trivial patch that fixes the problem.
Patches should be sent with a Signed-off-by: line to the relevant list (See Documentation/SubmittingPatches) In this case linux-ext4@vger.kernel.org You don't need to be subscribed to submit to it.
A patch referencing this bug report has been merged in Linux v3.8-rc1: commit 07aa2ea13814ea60d12f7330b6d5ccfdb0c3ba4d Author: Lukas Czerner <lczerner@redhat.com> Date: Thu Nov 8 15:16:54 2012 -0500 ext4: fix error handling in ext4_fill_super()