linux/fs/btrfs
slyich@gmail.com 45ea6095c8 btrfs: fix double-free 'tree_root' in 'btrfs_mount()'
On error path 'tree_root' is treed in 'free_fs_info()'.
No need to free it explicitely. Noticed by SLUB in debug mode:

Complete reproducer under usermode linux (discovered on real
machine):

    bdev=/dev/ubda
    btr_root=/btr
    /mkfs.btrfs $bdev
    mount $bdev $btr_root
    mkdir $btr_root/subvols/
    cd $btr_root/subvols/
    /btrfs su cr foo
    /btrfs su cr bar
    mount $bdev -osubvol=subvols/foo $btr_root/subvols/bar
    umount $btr_root/subvols/bar

which gives

device fsid 4d55aa28-45b1-474b-b4ec-da912322195e devid 1 transid 7 /dev/ubda
=============================================================================
BUG kmalloc-2048: Object already free
-----------------------------------------------------------------------------

INFO: Allocated in btrfs_mount+0x389/0x7f0 age=0 cpu=0 pid=277
INFO: Freed in btrfs_mount+0x51c/0x7f0 age=0 cpu=0 pid=277
INFO: Slab 0x0000000062886200 objects=15 used=9 fp=0x0000000070b4d2d0 flags=0x4081
INFO: Object 0x0000000070b4d2d0 @offset=21200 fp=0x0000000070b4a968
...
Call Trace:
70b31948:  [<6008c522>] print_trailer+0xe2/0x130
70b31978:  [<6008c5aa>] object_err+0x3a/0x50
70b319a8:  [<6008e242>] free_debug_processing+0x142/0x2a0
70b319e0:  [<600ebf6f>] btrfs_mount+0x55f/0x7f0
70b319f8:  [<6008e5c1>] __slab_free+0x221/0x2d0

Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Cc: Arne Jansen <sensille@gmx.net>
Cc: Chris Mason <chris.mason@oracle.com>
Cc: David Sterba <dsterba@suse.cz>
Signed-off-by: Chris Mason <chris.mason@oracle.com>
2011-11-07 16:08:01 -05:00
..
acl.c Btrfs: fix return value of btrfs_get_acl() 2011-10-20 18:10:47 +02:00
async-thread.c Btrfs: don't walk around with task->state != TASK_RUNNING 2010-05-25 10:34:58 -04:00
async-thread.h Btrfs: fix deadlock on async thread startup 2009-10-05 09:44:45 -04:00
backref.c Btrfs: fix the new inspection ioctls for 32 bit compat 2011-11-06 03:08:49 -05:00
backref.h btrfs: added helper functions to iterate backrefs 2011-09-29 12:54:27 +02:00
btrfs_inode.h Btrfs: calculate checksum space correctly 2011-10-19 15:12:31 -04:00
compat.h Btrfs: drop remaining LINUX_KERNEL_VERSION checks and compat code 2009-01-06 09:38:55 -05:00
compression.c btrfs: separate superblock items out of fs_info 2011-11-06 03:04:01 -05:00
compression.h btrfs: rename variables clashing with global function names 2011-05-02 13:57:19 +02:00
ctree.c Btrfs: fix array bound checking 2011-10-20 18:10:41 +02:00
ctree.h Merge branch 'for-chris' of git://github.com/sensille/linux into integration 2011-11-06 03:05:08 -05:00
delayed-inode.c Btrfs: fix delayed insertion reservation 2011-11-06 03:04:20 -05:00
delayed-inode.h atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
delayed-ref.c btrfs: remove old unused commented out code 2011-05-06 12:34:10 +02:00
delayed-ref.h btrfs: remove all unused functions 2011-05-06 12:34:03 +02:00
dir-item.c Btrfs: remove redundant code for dir item lookup 2011-08-01 14:30:48 -04:00
disk-io.c Btrfs: check for a null fs root when writing to the backup root log 2011-11-06 18:50:56 -05:00
disk-io.h Merge branch 'for-chris' of git://github.com/sensille/linux into integration 2011-11-06 03:05:08 -05:00
export.c Merge branch 'ino-alloc' of git://repo.or.cz/linux-btrfs-devel into inode_numbers 2011-05-21 09:27:38 -04:00
export.h NFS support for btrfs - v3 2008-09-25 11:04:06 -04:00
extent_io.c Merge git://git.jan-o-sch.net/btrfs-unstable into integration 2011-11-06 03:07:10 -05:00
extent_io.h Merge git://git.jan-o-sch.net/btrfs-unstable into integration 2011-11-06 03:07:10 -05:00
extent_map.c Btrfs: clean up code for merging extent maps 2011-08-01 14:30:50 -04:00
extent_map.h btrfs: drop gfp parameter from alloc_extent_map 2011-05-02 13:57:21 +02:00
extent-tree.c Merge git://git.jan-o-sch.net/btrfs-unstable into integration 2011-11-06 03:07:10 -05:00
file-item.c btrfs: separate superblock items out of fs_info 2011-11-06 03:04:01 -05:00
file.c Btrfs: use the inode's mapping mask for allocating pages 2011-10-19 15:12:45 -04:00
free-space-cache.c Btrfs: use the global reserve when truncating the free space cache inode 2011-11-06 03:03:50 -05:00
free-space-cache.h btrfs: remove all unused functions 2011-05-06 12:34:03 +02:00
hash.h Btrfs: remove crc32c.h and use libcrc32c directly. 2009-06-10 11:29:53 -04:00
inode-item.c Btrfs: BUG_ON is deleted from the caller of btrfs_truncate_item & btrfs_extend_item 2011-05-23 13:24:39 -04:00
inode-map.c Btrfs: handle enospc accounting for free space inodes 2011-10-19 15:12:42 -04:00
inode-map.h Btrfs: Support reading/writing on disk free ino cache 2011-04-25 16:46:11 +08:00
inode.c Merge git://git.jan-o-sch.net/btrfs-unstable into integration 2011-11-06 03:07:10 -05:00
ioctl.c Btrfs: fix the new inspection ioctls for 32 bit compat 2011-11-06 03:08:49 -05:00
ioctl.h Btrfs: fix the new inspection ioctls for 32 bit compat 2011-11-06 03:08:49 -05:00
Kconfig btrfs: Add lzo compression support 2010-12-22 23:15:47 +08:00
locking.c Btrfs: switch the btrfs tree locks to reader/writer 2011-07-27 12:46:46 -04:00
locking.h Btrfs: switch the btrfs tree locks to reader/writer 2011-07-27 12:46:46 -04:00
lzo.c Btrfs: Avoid accessing unmapped kernel address 2011-02-16 15:37:58 -05:00
Makefile Merge git://git.jan-o-sch.net/btrfs-unstable into integration 2011-11-06 03:07:10 -05:00
ordered-data.c Btrfs: add initial tracepoint support for btrfs 2011-03-28 05:37:33 -04:00
ordered-data.h btrfs: Allow to add new compression algorithm 2010-12-22 23:15:45 +08:00
orphan.c Btrfs: fixup return code for btrfs_del_orphan_item 2010-12-09 13:57:15 -05:00
print-tree.c btrfs: fix oops on failure path 2011-10-20 18:10:50 +02:00
print-tree.h Btrfs: Create extent_buffer interface for large blocksizes 2008-09-25 11:03:56 -04:00
reada.c Btrfs: rename btrfs_bio multi -> bbio for consistency 2011-11-06 03:11:21 -05:00
relocation.c btrfs: check file extent backref offset underflow 2011-10-20 18:10:31 +02:00
root-tree.c btrfs: make btrfs_set_root_node void 2011-08-01 14:30:44 -04:00
scrub.c Btrfs: fix a potential btrfs_bio leak on scrub fixups 2011-11-06 03:11:29 -05:00
struct-funcs.c Btrfs: stop using highmem for extent_buffers 2011-07-27 12:46:45 -04:00
super.c btrfs: fix double-free 'tree_root' in 'btrfs_mount()' 2011-11-07 16:08:01 -05:00
sysfs.c btrfs: Remove unused sysfs code 2011-06-17 14:54:18 -04:00
transaction.c Btrfs: fix race during transaction joins 2011-11-06 03:26:19 -05:00
transaction.h Merge branch 'for-chris' of 2011-05-28 07:00:39 -04:00
tree-defrag.c btrfs: drop unused parameter from btrfs_release_path 2011-05-02 13:57:22 +02:00
tree-log.c btrfs: separate superblock items out of fs_info 2011-11-06 03:04:01 -05:00
tree-log.h btrfs: remove unused function prototypes 2011-05-04 14:01:26 +02:00
version.h Update Btrfs files for in-kernel usage 2008-09-25 15:41:59 -04:00
volumes.c Merge git://git.jan-o-sch.net/btrfs-unstable into integration 2011-11-06 03:07:10 -05:00
volumes.h Merge git://git.jan-o-sch.net/btrfs-unstable into integration 2011-11-06 03:07:10 -05:00
xattr.c Btrfs: fix regression in re-setting a large xattr 2011-10-19 15:12:56 -04:00
xattr.h fs/vfs/security: pass last path component to LSM on inode creation 2011-02-01 11:12:29 -05:00
zlib.c zlib: slim down zlib_deflate() workspace when possible 2011-03-22 17:44:17 -07:00