Bug 200987 - oops when trying to mount UDF filesystem
Summary: oops when trying to mount UDF filesystem
Status: RESOLVED CODE_FIX
Alias: None
Product: File System
Classification: Unclassified
Component: UDF (show other bugs)
Hardware: x86-64 Linux
: P1 normal
Assignee: Jan Kara
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-08-31 19:42 UTC by Viacheslav Gagara
Modified: 2018-09-04 07:18 UTC (History)
1 user (show)

See Also:
Kernel Version: 4.18.5
Subsystem:
Regression: No
Bisected commit-id:

Attachments
.config (128.45 KB, text/x-mpsub)
2018-08-31 19:42 UTC, Viacheslav Gagara 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Viacheslav Gagara 2018-08-31 19:42:33 UTC 
Created attachment 278219 [details]
.config

On gentoo distro with latest stable 4.18.5 vanilla kernel I got kernel oops msg when trying to mount UDF fs. (when doing it as non-root user usually this causes system hang).

Here is my dmesg output:

[  332.944741] BUG: unable to handle kernel paging request at ffffffffffffffa4
[  332.944744] PGD 360c067 P4D 360c067 PUD 360e067 PMD 0 
[  332.944747] Oops: 0000 [#1] SMP PTI
[  332.944750] CPU: 3 PID: 6840 Comm: mount Not tainted 4.18.5 #1
[  332.944751] Hardware name: FUJITSU LIFEBOOK E544/FJNB281, BIOS Version 1.04 07/30/2014
[  332.944757] RIP: 0010:udf_get_pblock_virt15+0x3f/0x120
[  332.944758] Code: 01 4e 8d 04 c0 41 39 70 1c 0f 82 f3 00 00 00 41 56 41 55 41 54 55 49 89 fc 53 4d 8b b1 80 00 00 00 89 d3 41 0f b7 50 20 89 cd <45> 0f b6 46 a4 48 89 d0 41 83 e0 07 41 80 f8 03 0f 84 87 00 00 00 
[  332.944778] RSP: 0018:ffffc90002a83cd8 EFLAGS: 00010246
[  332.944780] RAX: ffff880364d47180 RBX: 0000000000000001 RCX: 0000000000000000
[  332.944781] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88038d23f000
[  332.944782] RBP: 0000000000000000 R08: ffff880364d471d8 R09: ffff880364d473c0
[  332.944783] R10: ffff8803a5877800 R11: 0000000000000000 R12: ffff88038d23f000
[  332.944784] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff822181f8
[  332.944786] FS:  00007f8bf1774780(0000) GS:ffff88041f2c0000(0000) knlGS:0000000000000000
[  332.944787] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  332.944788] CR2: ffffffffffffffa4 CR3: 000000039b39e001 CR4: 00000000001606e0
[  332.944789] Call Trace:
[  332.944793]  udf_read_ptagged+0x21/0x40
[  332.944795]  udf_fill_super+0x3e9/0x6b0
[  332.944797]  ? udf_load_vrs+0x211/0x3c0
[  332.944799]  ? udf_load_vrs+0x3c0/0x3c0
[  332.944803]  mount_bdev+0x16e/0x1a0
[  332.944805]  mount_fs+0x30/0x150
[  332.944808]  vfs_kern_mount.part.25+0x4f/0xf0
[  332.944811]  do_mount+0x5d0/0xc70
[  332.944814]  ? _copy_from_user+0x37/0x60
[  332.944818]  ? memdup_user+0x39/0x60
[  332.944820]  ksys_mount+0x7b/0xd0
[  332.944822]  __x64_sys_mount+0x1c/0x20
[  332.944824]  do_syscall_64+0x43/0xf0
[  332.944829]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  332.944831] RIP: 0033:0x7f8bf107af5a
[  332.944831] Code: 48 8b 0d 31 cf 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d fe ce 2b 00 f7 d8 64 89 01 48 
[  332.944852] RSP: 002b:00007ffc48badd98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  332.944853] RAX: ffffffffffffffda RBX: 0000560e75d884b0 RCX: 00007f8bf107af5a
[  332.944854] RDX: 0000560e75d8eda0 RSI: 0000560e75d8b3a0 RDI: 0000560e75d88690
[  332.944855] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007f8bf1339390
[  332.944856] R10: 00000000c0ed0001 R11: 0000000000000246 R12: 0000560e75d88690
[  332.944857] R13: 0000560e75d8eda0 R14: 0000000000000000 R15: 00007f8bf1594ec4
[  332.944859] Modules linked in: ipt_MASQUERADE nf_conntrack_netlink iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype xt_conntrack nf_nat nf_conntrack br_netfilter bnep uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_common snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec_hdmi snd_hda_intel snd_hda_codec snd_hwdep snd_hda_core iwlmvm iwlwifi snd_pcm x86_pkg_temp_thermal r8169 xhci_pci xhci_hcd psmouse coretemp snd_timer snd soundcore fujitsu_laptop efivarfs
[  332.944878] CR2: ffffffffffffffa4
[  332.944880] ---[ end trace b1020a583e75a165 ]---
[  332.944882] RIP: 0010:udf_get_pblock_virt15+0x3f/0x120
[  332.944883] Code: 01 4e 8d 04 c0 41 39 70 1c 0f 82 f3 00 00 00 41 56 41 55 41 54 55 49 89 fc 53 4d 8b b1 80 00 00 00 89 d3 41 0f b7 50 20 89 cd <45> 0f b6 46 a4 48 89 d0 41 83 e0 07 41 80 f8 03 0f 84 87 00 00 00 
[  332.944903] RSP: 0018:ffffc90002a83cd8 EFLAGS: 00010246
[  332.944904] RAX: ffff880364d47180 RBX: 0000000000000001 RCX: 0000000000000000
[  332.944905] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88038d23f000
[  332.944906] RBP: 0000000000000000 R08: ffff880364d471d8 R09: ffff880364d473c0
[  332.944907] R10: ffff8803a5877800 R11: 0000000000000000 R12: ffff88038d23f000
[  332.944908] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff822181f8
[  332.944909] FS:  00007f8bf1774780(0000) GS:ffff88041f2c0000(0000) knlGS:0000000000000000
[  332.944911] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  332.944912] CR2: ffffffffffffffa4 CR3: 000000039b39e001 CR4: 00000000001606e0


Original bug: https://bugs.gentoo.org/664706
Comment 1 Jan Kara 2018-09-03 09:26:59 UTC 
Thanks for report! The problem seems to be that VAT inode (sbi->s_vat_inode) is NULL but we call partition mapping function that assumes VAT is present. Can you try 4.19-rc2 kernel please? There's a fix of UDF partition parsing code that could be related - it should eventually appear in stable releases as well but that will take a week or so.

If 4.19-rc2 does not help, I will need the filesystem image for download somewhere so that I can try it out myself and debug what goes wrong. Thanks!
Comment 2 Viacheslav Gagara 2018-09-03 20:01:18 UTC 
Fixed in 4.19-rc2. Works fine for me.
Thanks for support!
Comment 3 Jan Kara 2018-09-04 07:18:24 UTC 
Thanks for verification! Closing the bug.
Note You need to log in before you can comment on or make changes to this bug.