blob: ad91c01071bd6c01b79707fee18a67a2fed26918 [file] [log] [blame]
From 0f7d77a58e0b9d9a861aa02fdb74111663a85a62 Mon Sep 17 00:00:00 2001
From: Ryusuke Konishi <>
Date: Wed, 10 Jun 2020 18:41:35 -0700
Subject: [PATCH] nilfs2: fix null pointer dereference at
commit 8301c719a2bd131436438e49130ee381d30933f5 upstream.
After commit c3aab9a0bd91 ("mm/filemap.c: don't initiate writeback if
mapping has no dirty pages"), the following null pointer dereference has
been reported on nilfs2:
BUG: kernel NULL pointer dereference, address: 00000000000000a8
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] SMP PTI
RIP: 0010:percpu_counter_add_batch+0xa/0x60
Call Trace:
nilfs_segctor_do_construct+0x10d3/0x2110 [nilfs2]
nilfs_segctor_construct+0x168/0x260 [nilfs2]
nilfs_segctor_thread+0x127/0x3b0 [nilfs2]
This crash turned out to be caused by set_page_writeback() call for
segment summary buffers at nilfs_segctor_prepare_write().
set_page_writeback() can call inc_wb_stat(inode_to_wb(inode),
WB_WRITEBACK) where inode_to_wb(inode) is NULL if the inode of
underlying block device does not have an associated wb.
This fixes the issue by calling inode_attach_wb() in advance to ensure
to associate the bdev inode with its wb.
Fixes: c3aab9a0bd91 ("mm/filemap.c: don't initiate writeback if mapping has no dirty pages")
Reported-by: Walton Hoops <>
Reported-by: Tomas Hlavaty <>
Reported-by: ARAI Shun-ichi <>
Reported-by: Hideki EIRAKU <>
Signed-off-by: Ryusuke Konishi <>
Signed-off-by: Andrew Morton <>
Tested-by: Ryusuke Konishi <>
Cc: <> [5.4+]
Signed-off-by: Linus Torvalds <>
Signed-off-by: Paul Gortmaker <>
diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c
index 445eef41bfaf..91b58c897f92 100644
--- a/fs/nilfs2/segment.c
+++ b/fs/nilfs2/segment.c
@@ -2780,6 +2780,8 @@ int nilfs_attach_log_writer(struct super_block *sb, struct nilfs_root *root)
if (!nilfs->ns_writer)
return -ENOMEM;
+ inode_attach_wb(nilfs->ns_bdev->bd_inode, NULL);
err = nilfs_segctor_start_thread(nilfs->ns_writer);
if (err) {