commit f38676c3e4001359b96576204e9024557ef5fd1b
Author: Theodore Ts'o <tytso@mit.edu>
Date:   Wed Oct 8 11:47:00 2014 -0400

    e2fsprogs: 1.42.11 regression in memory handling: use-after-free since commit 47fee2e "e2fsprogs: introduce ext2fs_close_free() helper"
    
    Hi Matthias,
    
    Thanks for reporting this.  I'm not 100% sure this will fix your
    problem, since your specific valgrind failures aren't reproducing for
    me.  That being said, I was able to find a valgrind failure, and after
    looking closely at the commit that you bisected things to, I found a
    bug which was introduced by commit 47fee2ef6a23a.
    
    Could you check and see if this fixes the problems you are seeing?
    
    Many thanks!!
    
    						- Ted
    
    commit ebdf895b43a1ce499e4d2556a201e2a753fc422f
    Author: Theodore Ts'o <tytso@mit.edu>
    Date:   Wed Oct 8 11:18:41 2014 -0400
    
        e2fsck: fix free pointer dereferences
    
        Commit 47fee2ef6a23a introduces some free pointer dereference bugs by
        not clearing ctx->fs after calling ext2fs_close_free().
    
        Reported-by: Matthias Andree <mandree@FreeBSD.org>
        Cc: Lukas Czerner <lczerner@redhat.com>
        Signed-off-by: Theodore Ts'o <tytso@mit.edu>

diff --git a/e2fsck/unix.c b/e2fsck/unix.c
index 66debcd..10036e7 100644
--- ./e2fsck/unix.c
+++ ./e2fsck/unix.c
@@ -458,7 +458,7 @@ static void check_if_skip(e2fsck_t ctx)
 	}
 	log_out(ctx, "\n");
 skip:
-	ext2fs_close_free(&fs);
+	ext2fs_close_free(&ctx->fs);
 	e2fsck_free_context(ctx);
 	exit(FSCK_OK);
 }
@@ -1462,7 +1462,7 @@ failure:
 		/*
 		 * Restart in order to reopen fs but this time start mmp.
 		 */
-		ext2fs_close_free(&fs);
+		ext2fs_close_free(&ctx->fs);
 		flags &= ~EXT2_FLAG_SKIP_MMP;
 		goto restart;
 	}
@@ -1692,7 +1692,7 @@ no_journal:
 				_("while resetting context"));
 			fatal_error(ctx, 0);
 		}
-		ext2fs_close_free(&fs);
+		ext2fs_close_free(&ctx->fs);
 		goto restart;
 	}
 	if (run_result & E2F_FLAG_ABORT)