* [BUG] NULL pointer dereference in udf_sb_free_partitions
@ 2013-01-12 22:00 James Hogan
2013-01-14 5:19 ` Namjae Jeon
0 siblings, 1 reply; 5+ messages in thread
From: James Hogan @ 2013-01-12 22:00 UTC (permalink / raw)
To: Jan Kara, linux-fsdevel, linux-kernel
[-- Attachment #1: Type: text/plain, Size: 12052 bytes --]
Hi,
I've encountered a reproducable kernel bug which makes the screen switch
to a console and display the kernel log below. This is what I did:
* Insert a particular DVD-R I have which appears to be corrupt. It then
makes the DVD drive make some unpleasant noises (my TV also makes
unpleasant noises when it's inserted).
* I go to mount it in KDE, it continues making noises and outputs some
of the errors in the kernel log below (things like Mechanical
positioning error, which makes sense since it's making unusual
noises)..
* After a while it says the mount failed.
* After a while I typed the eject command, and pressed eject button
* After a while longer the DVD is eventually ejected and at that point
the kernel log is displayed on screen.
* I can use VT switch to get back to desktop. i tried running sync as I
wanted the log to be saved, but it never returned, although most other
things seemed to continue working. Rebooted fine.
First observed on v3.7 vanilla kernel (tried twice, happened both
times), now running v3.8-rc3 and it happened when I tried it again.
I haven't tried debugging it any further, but am happy to provide more
info as required or test patches.
Cheers
James
(told it to mount)
[ 1300.219641] sr 8:0:0:0: [sr0] Unhandled sense code
[ 1300.219652] sr 8:0:0:0: [sr0]
[ 1300.219658] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[ 1300.219664] sr 8:0:0:0: [sr0]
[ 1300.219668] Sense Key : Hardware Error [current]
[ 1300.219675] Info fld=0x119368
[ 1300.219680] sr 8:0:0:0: [sr0]
[ 1300.219686] Add. Sense: Mechanical positioning error
[ 1300.219692] sr 8:0:0:0: [sr0] CDB:
[ 1300.219695] Read(10): 28 00 00 11 93 68 00 00 01 00
[ 1300.219711] end_request: I/O error, dev sr0, sector 4607392
[ 1300.219766] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=1151848, location=1151576
[ 1300.219780] UDF-fs: error (device sr0): __udf_read_inode: (ino 1151848) failed !bh
[ 1310.294257] sr 8:0:0:0: [sr0] Unhandled sense code
[ 1310.294268] sr 8:0:0:0: [sr0]
[ 1310.294274] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[ 1310.294279] sr 8:0:0:0: [sr0]
[ 1310.294283] Sense Key : Hardware Error [current]
[ 1310.294289] Info fld=0x119367
[ 1310.294294] sr 8:0:0:0: [sr0]
[ 1310.294300] Add. Sense: Mechanical positioning error
[ 1310.294305] sr 8:0:0:0: [sr0] CDB:
[ 1310.294308] Read(10): 28 00 00 11 93 67 00 00 01 00
[ 1310.294324] end_request: I/O error, dev sr0, sector 4607388
[ 1310.294388] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=1151847, location=1151575
[ 1310.294400] UDF-fs: error (device sr0): __udf_read_inode: (ino 1151847) failed !bh
[ 1320.324070] sr 8:0:0:0: [sr0] Unhandled sense code
[ 1320.324081] sr 8:0:0:0: [sr0]
[ 1320.324087] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[ 1320.324093] sr 8:0:0:0: [sr0]
[ 1320.324097] Sense Key : Hardware Error [current]
[ 1320.324104] Info fld=0x119366
[ 1320.324109] sr 8:0:0:0: [sr0]
[ 1320.324115] Add. Sense: Mechanical positioning error
[ 1320.324121] sr 8:0:0:0: [sr0] CDB:
[ 1320.324124] Read(10): 28 00 00 11 93 66 00 00 01 00
[ 1320.324140] end_request: I/O error, dev sr0, sector 4607384
[ 1320.324195] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=1151846, location=1151574
[ 1320.324208] UDF-fs: error (device sr0): __udf_read_inode: (ino 1151846) failed !bh
[ 1330.432689] sr 8:0:0:0: [sr0] Unhandled sense code
[ 1330.432701] sr 8:0:0:0: [sr0]
[ 1330.432706] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[ 1330.432712] sr 8:0:0:0: [sr0]
[ 1330.432716] Sense Key : Hardware Error [current]
[ 1330.432722] Info fld=0x119365
[ 1330.432728] sr 8:0:0:0: [sr0]
[ 1330.432733] Add. Sense: Mechanical positioning error
[ 1330.432739] sr 8:0:0:0: [sr0] CDB:
[ 1330.432742] Read(10): 28 00 00 11 93 65 00 00 01 00
[ 1330.432758] end_request: I/O error, dev sr0, sector 4607380
[ 1330.432814] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=1151845, location=1151573
[ 1330.432827] UDF-fs: error (device sr0): __udf_read_inode: (ino 1151845) failed !bh
[ 1330.432842] UDF-fs: Failed to read VAT inode from the last recorded block (1151848), retrying with the last block of the device (2295103).
[ 1340.483225] sr 8:0:0:0: [sr0] Unhandled sense code
[ 1340.483237] sr 8:0:0:0: [sr0]
[ 1340.483242] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[ 1340.483247] sr 8:0:0:0: [sr0]
[ 1340.483251] Sense Key : Hardware Error [current]
[ 1340.483257] Info fld=0x23053f
[ 1340.483263] sr 8:0:0:0: [sr0]
[ 1340.483268] Add. Sense: Mechanical positioning error
[ 1340.483273] sr 8:0:0:0: [sr0] CDB:
[ 1340.483276] Read(10): 28 00 00 23 05 3f 00 00 01 00
[ 1340.483292] end_request: I/O error, dev sr0, sector 9180412
[ 1340.483373] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=2295103, location=2294831
[ 1340.483385] UDF-fs: error (device sr0): __udf_read_inode: (ino 2295103) failed !bh
some point around here I tried to eject
[ 1350.533357] sr 8:0:0:0: [sr0] Unhandled sense code
[ 1350.533368] sr 8:0:0:0: [sr0]
[ 1350.533374] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[ 1350.533380] sr 8:0:0:0: [sr0]
[ 1350.533384] Sense Key : Hardware Error [current]
[ 1350.533390] Info fld=0x23053e
[ 1350.533395] sr 8:0:0:0: [sr0]
[ 1350.533400] Add. Sense: Mechanical positioning error
[ 1350.533406] sr 8:0:0:0: [sr0] CDB:
[ 1350.533409] Read(10): 28 00 00 23 05 3e 00 00 01 00
[ 1350.533425] end_request: I/O error, dev sr0, sector 9180408
[ 1350.533488] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=2295102, location=2294830
[ 1350.533501] UDF-fs: error (device sr0): __udf_read_inode: (ino 2295102) failed !bh
[ 1360.581244] sr 8:0:0:0: [sr0] Unhandled sense code
[ 1360.581255] sr 8:0:0:0: [sr0]
[ 1360.581260] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[ 1360.581266] sr 8:0:0:0: [sr0]
[ 1360.581270] Sense Key : Hardware Error [current]
[ 1360.581277] Info fld=0x23053d
[ 1360.581282] sr 8:0:0:0: [sr0]
[ 1360.581287] Add. Sense: Mechanical positioning error
[ 1360.581293] sr 8:0:0:0: [sr0] CDB:
[ 1360.581296] Read(10): 28 00 00 23 05 3d 00 00 01 00
[ 1360.581312] end_request: I/O error, dev sr0, sector 9180404
[ 1360.581365] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=2295101, location=2294829
[ 1360.581377] UDF-fs: error (device sr0): __udf_read_inode: (ino 2295101) failed !bh
[ 1377.505817] sr 8:0:0:0: [sr0] Unhandled sense code
[ 1377.505828] sr 8:0:0:0: [sr0]
[ 1377.505834] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[ 1377.505840] sr 8:0:0:0: [sr0]
[ 1377.505844] Sense Key : Hardware Error [current]
[ 1377.505850] Info fld=0x23053c
[ 1377.505856] sr 8:0:0:0: [sr0]
[ 1377.505862] Add. Sense: Mechanical positioning error
[ 1377.505867] sr 8:0:0:0: [sr0] CDB:
[ 1377.505870] Read(10): 28 00 00 23 05 3c 00 00 01 00
[ 1377.505886] end_request: I/O error, dev sr0, sector 9180400
[ 1377.505953] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=2295100, location=2294828
[ 1377.505966] UDF-fs: error (device sr0): __udf_read_inode: (ino 2295100) failed !bh
finally it ejected
[ 1384.719455] sr 8:0:0:0: [sr0] Device not ready
[ 1384.719467] sr 8:0:0:0: [sr0]
[ 1384.719473] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[ 1384.719479] sr 8:0:0:0: [sr0]
[ 1384.719482] Sense Key : Not Ready [current]
[ 1384.719490] sr 8:0:0:0: [sr0]
[ 1384.719496] Add. Sense: Medium not present
[ 1384.719501] sr 8:0:0:0: [sr0] CDB:
[ 1384.719506] Read(10): 28 00 00 00 00 28 00 00 01 00
[ 1384.719522] end_request: I/O error, dev sr0, sector 160
[ 1384.719572] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=40, location=40
[ 1384.719585] UDF-fs: error (device sr0): udf_process_sequence: Block 40 of volume descriptor sequence is corrupted or we could not read it
[ 1384.719624] BUG: unable to handle kernel NULL pointer dereference at 0000000000000054
[ 1384.719789] IP: [<ffffffffa06b80d1>] udf_sb_free_partitions+0x71/0x140 [udf]
[ 1384.719937] PGD 0
[ 1384.719982] Oops: 0000 [#1] SMP
[ 1384.720057] Modules linked in: nls_utf8 udf crc_itu_t tcp_lp be2iscsi iscsi_boot_sysfs bnx2i cnic uio cxgb4i ip6t_REJECT cxgb4 cxgb3i nf_conntrack_ipv6 cxgb3 bnep nf_defrag_ipv6 mdio libcxgbi nf_conntrack_ipv4 nf_defrag_ipv4 xt_state ib_iser nf_conntrack bluetooth rdma_cm ib_addr iw_cm ib_cm ib_sa ib_mad rfkill ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi it87 ip6table_filter ip6_tables hwmon_vid xfs libcrc32c snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_seq kvm snd_seq_device snd_pcm joydev snd_page_alloc snd_timer sp5100_tco snd edac_core r8169 soundcore shpchp pcspkr i2c_piix4 k10temp mii serio_raw edac_mce_amd microcode wmi nfsd auth_rpcgss nfs_acl lockd sunrpc binfmt_misc uinput ata_generic pata_acpi dm_crypt pata_jmicron pata_atiixp radeon i2c_algo_bit drm_kms_helper ttm drm i2c_core
[ 1384.721771] CPU 3
[ 1384.721818] Pid: 3684, comm: mount Not tainted 3.8.0-rc3 #107 Gigabyte Technology Co., Ltd. GA-890GPA-UD3H/GA-890GPA-UD3H
[ 1384.722023] RIP: 0010:[<ffffffffa06b80d1>] [<ffffffffa06b80d1>] udf_sb_free_partitions+0x71/0x140 [udf]
[ 1384.722210] RSP: 0018:ffff8801b7afbb38 EFLAGS: 00010246
[ 1384.722310] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000056
[ 1384.722441] RDX: 00000000000000bc RSI: 0000000000000046 RDI: ffff8801b096ec00
[ 1384.722572] RBP: ffff8801b7afbb58 R08: 000000000000000a R09: 00000000000005a5
[ 1384.722704] R10: 0000000000000000 R11: 00000000000005a4 R12: ffff8801b7afbcd4
[ 1384.722834] R13: 0000000000000000 R14: ffff880165d073c0 R15: 0000000000000024
[ 1384.722967] FS: 00007f46f5224840(0000) GS:ffff88020fcc0000(0000) knlGS:0000000000000000
[ 1384.723116] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 1384.723223] CR2: 0000000000000054 CR3: 00000001a2ff0000 CR4: 00000000000007e0
[ 1384.723354] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1384.723485] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1384.723617] Process mount (pid: 3684, threadinfo ffff8801b7afa000, task ffff880166280000)
[ 1384.723765] Stack:
[ 1384.723805] ffff8801b096ec00 ffff8801b7afbcd4 ffff8801d1fabc98 0000000000000010
[ 1384.723958] ffff8801b7afbbb8 ffffffffa06b96b5 ffff880165d07540 0000000b00005395
[ 1384.724110] 00007ffffffff000 00028802036a8340 ffff8801b7afbc30 ffff880165d073c0
[ 1384.724260] Call Trace:
[ 1384.724319] [<ffffffffa06b96b5>] udf_check_anchor_block+0x125/0x130 [udf]
[ 1384.724455] [<ffffffffa06b9721>] udf_scan_anchors+0x61/0x1c0 [udf]
[ 1384.724578] [<ffffffff811ce79c>] ? ioctl_by_bdev+0x3c/0x50
[ 1384.724689] [<ffffffffa06b9a1e>] udf_load_vrs+0x19e/0x2e0 [udf]
[ 1384.724808] [<ffffffffa06b9d00>] udf_fill_super+0x1a0/0x610 [udf]
[ 1384.724936] [<ffffffff8119af55>] mount_bdev+0x1c5/0x210
[ 1384.725041] [<ffffffffa06b9b60>] ? udf_load_vrs+0x2e0/0x2e0 [udf]
[ 1384.725164] [<ffffffffa06b7075>] udf_mount+0x15/0x20 [udf]
[ 1384.725271] [<ffffffff8119bc43>] mount_fs+0x43/0x1b0
[ 1384.725371] [<ffffffff811b531f>] vfs_kern_mount+0x6f/0x100
[ 1384.725479] [<ffffffff811b7706>] do_mount+0x216/0xa70
[ 1384.725580] [<ffffffff81135764>] ? __get_free_pages+0x14/0x50
[ 1384.730093] [<ffffffff811b735a>] ? copy_mount_options+0x3a/0x180
[ 1384.734657] [<ffffffff811b7fee>] sys_mount+0x8e/0xe0
[ 1384.739261] [<ffffffff8164bf19>] system_call_fastpath+0x16/0x1b
[ 1384.743932] Code: 66 3d 11 25 0f 84 b8 00 00 00 41 0f b7 46 28 41 83 c5 01 44 39 e8 0f 8e 89 00 00 00 49 63 dd b9 56 00 00 00 48 0f af d9 49 03 1e <0f> b7 43 54 a8 02 74 b7 48 8b 3b e8 7f 9b af e0 0f b7 43 54 a8
[ 1384.754014] RIP [<ffffffffa06b80d1>] udf_sb_free_partitions+0x71/0x140 [udf]
[ 1384.758925] RSP <ffff8801b7afbb38>
[ 1384.763755] CR2: 0000000000000054
[ 1384.787502] ---[ end trace 95272ca777accb4e ]---
[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [BUG] NULL pointer dereference in udf_sb_free_partitions
2013-01-12 22:00 [BUG] NULL pointer dereference in udf_sb_free_partitions James Hogan
@ 2013-01-14 5:19 ` Namjae Jeon
2013-01-14 15:18 ` Jan Kara
2013-01-14 21:06 ` James Hogan
0 siblings, 2 replies; 5+ messages in thread
From: Namjae Jeon @ 2013-01-14 5:19 UTC (permalink / raw)
To: James Hogan; +Cc: Jan Kara, linux-fsdevel, linux-kernel
2013/1/13, James Hogan <james@albanarts.com>:
> Hi,
>
> I've encountered a reproducable kernel bug which makes the screen switch
> to a console and display the kernel log below. This is what I did:
>
> * Insert a particular DVD-R I have which appears to be corrupt. It then
> makes the DVD drive make some unpleasant noises (my TV also makes
> unpleasant noises when it's inserted).
>
> * I go to mount it in KDE, it continues making noises and outputs some
> of the errors in the kernel log below (things like Mechanical
> positioning error, which makes sense since it's making unusual
> noises)..
>
> * After a while it says the mount failed.
>
> * After a while I typed the eject command, and pressed eject button
>
> * After a while longer the DVD is eventually ejected and at that point
> the kernel log is displayed on screen.
>
> * I can use VT switch to get back to desktop. i tried running sync as I
> wanted the log to be saved, but it never returned, although most other
> things seemed to continue working. Rebooted fine.
>
> First observed on v3.7 vanilla kernel (tried twice, happened both
> times), now running v3.8-rc3 and it happened when I tried it again.
>
> I haven't tried debugging it any further, but am happy to provide more
> info as required or test patches.
>
> Cheers
> James
>
>
> (told it to mount)
>
> [ 1300.219641] sr 8:0:0:0: [sr0] Unhandled sense code
> [ 1300.219652] sr 8:0:0:0: [sr0]
> [ 1300.219658] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
> [ 1300.219664] sr 8:0:0:0: [sr0]
> [ 1300.219668] Sense Key : Hardware Error [current]
> [ 1300.219675] Info fld=0x119368
> [ 1300.219680] sr 8:0:0:0: [sr0]
> [ 1300.219686] Add. Sense: Mechanical positioning error
> [ 1300.219692] sr 8:0:0:0: [sr0] CDB:
> [ 1300.219695] Read(10): 28 00 00 11 93 68 00 00 01 00
> [ 1300.219711] end_request: I/O error, dev sr0, sector 4607392
> [ 1300.219766] UDF-fs: error (device sr0): udf_read_tagged: read failed,
> block=1151848, location=1151576
> [ 1300.219780] UDF-fs: error (device sr0): __udf_read_inode: (ino 1151848)
> failed !bh
> [ 1310.294257] sr 8:0:0:0: [sr0] Unhandled sense code
> [ 1310.294268] sr 8:0:0:0: [sr0]
> [ 1310.294274] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
> [ 1310.294279] sr 8:0:0:0: [sr0]
> [ 1310.294283] Sense Key : Hardware Error [current]
> [ 1310.294289] Info fld=0x119367
> [ 1310.294294] sr 8:0:0:0: [sr0]
> [ 1310.294300] Add. Sense: Mechanical positioning error
> [ 1310.294305] sr 8:0:0:0: [sr0] CDB:
> [ 1310.294308] Read(10): 28 00 00 11 93 67 00 00 01 00
> [ 1310.294324] end_request: I/O error, dev sr0, sector 4607388
> [ 1310.294388] UDF-fs: error (device sr0): udf_read_tagged: read failed,
> block=1151847, location=1151575
> [ 1310.294400] UDF-fs: error (device sr0): __udf_read_inode: (ino 1151847)
> failed !bh
> [ 1320.324070] sr 8:0:0:0: [sr0] Unhandled sense code
> [ 1320.324081] sr 8:0:0:0: [sr0]
> [ 1320.324087] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
> [ 1320.324093] sr 8:0:0:0: [sr0]
> [ 1320.324097] Sense Key : Hardware Error [current]
> [ 1320.324104] Info fld=0x119366
> [ 1320.324109] sr 8:0:0:0: [sr0]
> [ 1320.324115] Add. Sense: Mechanical positioning error
> [ 1320.324121] sr 8:0:0:0: [sr0] CDB:
> [ 1320.324124] Read(10): 28 00 00 11 93 66 00 00 01 00
> [ 1320.324140] end_request: I/O error, dev sr0, sector 4607384
> [ 1320.324195] UDF-fs: error (device sr0): udf_read_tagged: read failed,
> block=1151846, location=1151574
> [ 1320.324208] UDF-fs: error (device sr0): __udf_read_inode: (ino 1151846)
> failed !bh
> [ 1330.432689] sr 8:0:0:0: [sr0] Unhandled sense code
> [ 1330.432701] sr 8:0:0:0: [sr0]
> [ 1330.432706] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
> [ 1330.432712] sr 8:0:0:0: [sr0]
> [ 1330.432716] Sense Key : Hardware Error [current]
> [ 1330.432722] Info fld=0x119365
> [ 1330.432728] sr 8:0:0:0: [sr0]
> [ 1330.432733] Add. Sense: Mechanical positioning error
> [ 1330.432739] sr 8:0:0:0: [sr0] CDB:
> [ 1330.432742] Read(10): 28 00 00 11 93 65 00 00 01 00
> [ 1330.432758] end_request: I/O error, dev sr0, sector 4607380
> [ 1330.432814] UDF-fs: error (device sr0): udf_read_tagged: read failed,
> block=1151845, location=1151573
> [ 1330.432827] UDF-fs: error (device sr0): __udf_read_inode: (ino 1151845)
> failed !bh
> [ 1330.432842] UDF-fs: Failed to read VAT inode from the last recorded block
> (1151848), retrying with the last block of the device (2295103).
> [ 1340.483225] sr 8:0:0:0: [sr0] Unhandled sense code
> [ 1340.483237] sr 8:0:0:0: [sr0]
> [ 1340.483242] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
> [ 1340.483247] sr 8:0:0:0: [sr0]
> [ 1340.483251] Sense Key : Hardware Error [current]
> [ 1340.483257] Info fld=0x23053f
> [ 1340.483263] sr 8:0:0:0: [sr0]
> [ 1340.483268] Add. Sense: Mechanical positioning error
> [ 1340.483273] sr 8:0:0:0: [sr0] CDB:
> [ 1340.483276] Read(10): 28 00 00 23 05 3f 00 00 01 00
> [ 1340.483292] end_request: I/O error, dev sr0, sector 9180412
> [ 1340.483373] UDF-fs: error (device sr0): udf_read_tagged: read failed,
> block=2295103, location=2294831
> [ 1340.483385] UDF-fs: error (device sr0): __udf_read_inode: (ino 2295103)
> failed !bh
>
> some point around here I tried to eject
>
> [ 1350.533357] sr 8:0:0:0: [sr0] Unhandled sense code
> [ 1350.533368] sr 8:0:0:0: [sr0]
> [ 1350.533374] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
> [ 1350.533380] sr 8:0:0:0: [sr0]
> [ 1350.533384] Sense Key : Hardware Error [current]
> [ 1350.533390] Info fld=0x23053e
> [ 1350.533395] sr 8:0:0:0: [sr0]
> [ 1350.533400] Add. Sense: Mechanical positioning error
> [ 1350.533406] sr 8:0:0:0: [sr0] CDB:
> [ 1350.533409] Read(10): 28 00 00 23 05 3e 00 00 01 00
> [ 1350.533425] end_request: I/O error, dev sr0, sector 9180408
> [ 1350.533488] UDF-fs: error (device sr0): udf_read_tagged: read failed,
> block=2295102, location=2294830
> [ 1350.533501] UDF-fs: error (device sr0): __udf_read_inode: (ino 2295102)
> failed !bh
> [ 1360.581244] sr 8:0:0:0: [sr0] Unhandled sense code
> [ 1360.581255] sr 8:0:0:0: [sr0]
> [ 1360.581260] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
> [ 1360.581266] sr 8:0:0:0: [sr0]
> [ 1360.581270] Sense Key : Hardware Error [current]
> [ 1360.581277] Info fld=0x23053d
> [ 1360.581282] sr 8:0:0:0: [sr0]
> [ 1360.581287] Add. Sense: Mechanical positioning error
> [ 1360.581293] sr 8:0:0:0: [sr0] CDB:
> [ 1360.581296] Read(10): 28 00 00 23 05 3d 00 00 01 00
> [ 1360.581312] end_request: I/O error, dev sr0, sector 9180404
> [ 1360.581365] UDF-fs: error (device sr0): udf_read_tagged: read failed,
> block=2295101, location=2294829
> [ 1360.581377] UDF-fs: error (device sr0): __udf_read_inode: (ino 2295101)
> failed !bh
> [ 1377.505817] sr 8:0:0:0: [sr0] Unhandled sense code
> [ 1377.505828] sr 8:0:0:0: [sr0]
> [ 1377.505834] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
> [ 1377.505840] sr 8:0:0:0: [sr0]
> [ 1377.505844] Sense Key : Hardware Error [current]
> [ 1377.505850] Info fld=0x23053c
> [ 1377.505856] sr 8:0:0:0: [sr0]
> [ 1377.505862] Add. Sense: Mechanical positioning error
> [ 1377.505867] sr 8:0:0:0: [sr0] CDB:
> [ 1377.505870] Read(10): 28 00 00 23 05 3c 00 00 01 00
> [ 1377.505886] end_request: I/O error, dev sr0, sector 9180400
> [ 1377.505953] UDF-fs: error (device sr0): udf_read_tagged: read failed,
> block=2295100, location=2294828
> [ 1377.505966] UDF-fs: error (device sr0): __udf_read_inode: (ino 2295100)
> failed !bh
>
> finally it ejected
>
> [ 1384.719455] sr 8:0:0:0: [sr0] Device not ready
> [ 1384.719467] sr 8:0:0:0: [sr0]
> [ 1384.719473] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
> [ 1384.719479] sr 8:0:0:0: [sr0]
> [ 1384.719482] Sense Key : Not Ready [current]
> [ 1384.719490] sr 8:0:0:0: [sr0]
> [ 1384.719496] Add. Sense: Medium not present
> [ 1384.719501] sr 8:0:0:0: [sr0] CDB:
> [ 1384.719506] Read(10): 28 00 00 00 00 28 00 00 01 00
> [ 1384.719522] end_request: I/O error, dev sr0, sector 160
> [ 1384.719572] UDF-fs: error (device sr0): udf_read_tagged: read failed,
> block=40, location=40
> [ 1384.719585] UDF-fs: error (device sr0): udf_process_sequence: Block 40 of
> volume descriptor sequence is corrupted or we could not read it
> [ 1384.719624] BUG: unable to handle kernel NULL pointer dereference at
> 0000000000000054
> [ 1384.719789] IP: [<ffffffffa06b80d1>] udf_sb_free_partitions+0x71/0x140
> [udf]
> [ 1384.719937] PGD 0
> [ 1384.719982] Oops: 0000 [#1] SMP
> [ 1384.720057] Modules linked in: nls_utf8 udf crc_itu_t tcp_lp be2iscsi
> iscsi_boot_sysfs bnx2i cnic uio cxgb4i ip6t_REJECT cxgb4 cxgb3i
> nf_conntrack_ipv6 cxgb3 bnep nf_defrag_ipv6 mdio libcxgbi nf_conntrack_ipv4
> nf_defrag_ipv4 xt_state ib_iser nf_conntrack bluetooth rdma_cm ib_addr iw_cm
> ib_cm ib_sa ib_mad rfkill ib_core iscsi_tcp libiscsi_tcp libiscsi
> scsi_transport_iscsi it87 ip6table_filter ip6_tables hwmon_vid xfs libcrc32c
> snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec
> snd_hwdep snd_seq kvm snd_seq_device snd_pcm joydev snd_page_alloc snd_timer
> sp5100_tco snd edac_core r8169 soundcore shpchp pcspkr i2c_piix4 k10temp mii
> serio_raw edac_mce_amd microcode wmi nfsd auth_rpcgss nfs_acl lockd sunrpc
> binfmt_misc uinput ata_generic pata_acpi dm_crypt pata_jmicron pata_atiixp
> radeon i2c_algo_bit drm_kms_helper ttm drm i2c_core
> [ 1384.721771] CPU 3
> [ 1384.721818] Pid: 3684, comm: mount Not tainted 3.8.0-rc3 #107 Gigabyte
> Technology Co., Ltd. GA-890GPA-UD3H/GA-890GPA-UD3H
> [ 1384.722023] RIP: 0010:[<ffffffffa06b80d1>] [<ffffffffa06b80d1>]
> udf_sb_free_partitions+0x71/0x140 [udf]
> [ 1384.722210] RSP: 0018:ffff8801b7afbb38 EFLAGS: 00010246
> [ 1384.722310] RAX: 0000000000000001 RBX: 0000000000000000 RCX:
> 0000000000000056
> [ 1384.722441] RDX: 00000000000000bc RSI: 0000000000000046 RDI:
> ffff8801b096ec00
> [ 1384.722572] RBP: ffff8801b7afbb58 R08: 000000000000000a R09:
> 00000000000005a5
> [ 1384.722704] R10: 0000000000000000 R11: 00000000000005a4 R12:
> ffff8801b7afbcd4
> [ 1384.722834] R13: 0000000000000000 R14: ffff880165d073c0 R15:
> 0000000000000024
> [ 1384.722967] FS: 00007f46f5224840(0000) GS:ffff88020fcc0000(0000)
> knlGS:0000000000000000
> [ 1384.723116] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> [ 1384.723223] CR2: 0000000000000054 CR3: 00000001a2ff0000 CR4:
> 00000000000007e0
> [ 1384.723354] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
> 0000000000000000
> [ 1384.723485] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
> 0000000000000400
> [ 1384.723617] Process mount (pid: 3684, threadinfo ffff8801b7afa000, task
> ffff880166280000)
> [ 1384.723765] Stack:
> [ 1384.723805] ffff8801b096ec00 ffff8801b7afbcd4 ffff8801d1fabc98
> 0000000000000010
> [ 1384.723958] ffff8801b7afbbb8 ffffffffa06b96b5 ffff880165d07540
> 0000000b00005395
> [ 1384.724110] 00007ffffffff000 00028802036a8340 ffff8801b7afbc30
> ffff880165d073c0
> [ 1384.724260] Call Trace:
> [ 1384.724319] [<ffffffffa06b96b5>] udf_check_anchor_block+0x125/0x130
> [udf]
> [ 1384.724455] [<ffffffffa06b9721>] udf_scan_anchors+0x61/0x1c0 [udf]
> [ 1384.724578] [<ffffffff811ce79c>] ? ioctl_by_bdev+0x3c/0x50
> [ 1384.724689] [<ffffffffa06b9a1e>] udf_load_vrs+0x19e/0x2e0 [udf]
> [ 1384.724808] [<ffffffffa06b9d00>] udf_fill_super+0x1a0/0x610 [udf]
> [ 1384.724936] [<ffffffff8119af55>] mount_bdev+0x1c5/0x210
> [ 1384.725041] [<ffffffffa06b9b60>] ? udf_load_vrs+0x2e0/0x2e0 [udf]
> [ 1384.725164] [<ffffffffa06b7075>] udf_mount+0x15/0x20 [udf]
> [ 1384.725271] [<ffffffff8119bc43>] mount_fs+0x43/0x1b0
> [ 1384.725371] [<ffffffff811b531f>] vfs_kern_mount+0x6f/0x100
> [ 1384.725479] [<ffffffff811b7706>] do_mount+0x216/0xa70
> [ 1384.725580] [<ffffffff81135764>] ? __get_free_pages+0x14/0x50
> [ 1384.730093] [<ffffffff811b735a>] ? copy_mount_options+0x3a/0x180
> [ 1384.734657] [<ffffffff811b7fee>] sys_mount+0x8e/0xe0
> [ 1384.739261] [<ffffffff8164bf19>] system_call_fastpath+0x16/0x1b
> [ 1384.743932] Code: 66 3d 11 25 0f 84 b8 00 00 00 41 0f b7 46 28 41 83 c5
> 01 44 39 e8 0f 8e 89 00 00 00 49 63 dd b9 56 00 00 00 48 0f af d9 49 03 1e
> <0f> b7 43 54 a8 02 74 b7 48 8b 3b e8 7f 9b af e0 0f b7 43 54 a8
> [ 1384.754014] RIP [<ffffffffa06b80d1>] udf_sb_free_partitions+0x71/0x140
> [udf]
> [ 1384.758925] RSP <ffff8801b7afbb38>
> [ 1384.763755] CR2: 0000000000000054
> [ 1384.787502] ---[ end trace 95272ca777accb4e ]---
>
Hi James.
There is missing exception handling in memory leak patch. (udf: Fix
memory leak when mounting)
So, Would you try to reproduce this problem with the below patch ?
Thanks.
---------------------------------------------------------------------------
Subject: [PATCH] UDF: Fix a null pointer dereference in udf_sb_free_partitions
This patch fixes a regression caused by commit bff943af6fe
"udf: Fix memory leak when mounting" due to which it was triggering
a kernel null point dereference in case of mount failed OR when allocating
memory to sbi->s_partmaps failed in function udf_sb_alloc_partition_maps.
Reported-by: James Hogan <james@albanarts.com>
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Ashish Sangwan <a.sangwan@samsung.com>
---
fs/udf/super.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/fs/udf/super.c b/fs/udf/super.c
index d44fb56..e9be396 100644
--- a/fs/udf/super.c
+++ b/fs/udf/super.c
@@ -307,7 +307,8 @@ static void udf_sb_free_partitions(struct super_block *sb)
{
struct udf_sb_info *sbi = UDF_SB(sb);
int i;
-
+ if (sbi->s_partmaps == NULL)
+ return;
for (i = 0; i < sbi->s_partitions; i++)
udf_free_partition(&sbi->s_partmaps[i]);
kfree(sbi->s_partmaps);
--
1.7.0.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [BUG] NULL pointer dereference in udf_sb_free_partitions
2013-01-14 5:19 ` Namjae Jeon
@ 2013-01-14 15:18 ` Jan Kara
2013-01-14 21:06 ` James Hogan
1 sibling, 0 replies; 5+ messages in thread
From: Jan Kara @ 2013-01-14 15:18 UTC (permalink / raw)
To: Namjae Jeon; +Cc: James Hogan, Jan Kara, linux-fsdevel, linux-kernel
On Mon 14-01-13 14:19:39, Namjae Jeon wrote:
> 2013/1/13, James Hogan <james@albanarts.com>:
> > Hi,
> >
> > I've encountered a reproducable kernel bug which makes the screen switch
> > to a console and display the kernel log below. This is what I did:
> >
> > * Insert a particular DVD-R I have which appears to be corrupt. It then
> > makes the DVD drive make some unpleasant noises (my TV also makes
> > unpleasant noises when it's inserted).
> >
> > * I go to mount it in KDE, it continues making noises and outputs some
> > of the errors in the kernel log below (things like Mechanical
> > positioning error, which makes sense since it's making unusual
> > noises)..
> >
> > * After a while it says the mount failed.
> >
> > * After a while I typed the eject command, and pressed eject button
> >
> > * After a while longer the DVD is eventually ejected and at that point
> > the kernel log is displayed on screen.
> >
> > * I can use VT switch to get back to desktop. i tried running sync as I
> > wanted the log to be saved, but it never returned, although most other
> > things seemed to continue working. Rebooted fine.
> >
> > First observed on v3.7 vanilla kernel (tried twice, happened both
> > times), now running v3.8-rc3 and it happened when I tried it again.
> >
> > I haven't tried debugging it any further, but am happy to provide more
> > info as required or test patches.
> >
> > Cheers
> > James
> >
> >
> > (told it to mount)
> >
> > [ 1300.219641] sr 8:0:0:0: [sr0] Unhandled sense code
> > [ 1300.219652] sr 8:0:0:0: [sr0]
> > [ 1300.219658] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
> > [ 1300.219664] sr 8:0:0:0: [sr0]
> > [ 1300.219668] Sense Key : Hardware Error [current]
> > [ 1300.219675] Info fld=0x119368
> > [ 1300.219680] sr 8:0:0:0: [sr0]
> > [ 1300.219686] Add. Sense: Mechanical positioning error
> > [ 1300.219692] sr 8:0:0:0: [sr0] CDB:
> > [ 1300.219695] Read(10): 28 00 00 11 93 68 00 00 01 00
> > [ 1300.219711] end_request: I/O error, dev sr0, sector 4607392
> > [ 1300.219766] UDF-fs: error (device sr0): udf_read_tagged: read failed,
> > block=1151848, location=1151576
> > [ 1300.219780] UDF-fs: error (device sr0): __udf_read_inode: (ino 1151848)
> > failed !bh
> > [ 1310.294257] sr 8:0:0:0: [sr0] Unhandled sense code
> > [ 1310.294268] sr 8:0:0:0: [sr0]
> > [ 1310.294274] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
> > [ 1310.294279] sr 8:0:0:0: [sr0]
> > [ 1310.294283] Sense Key : Hardware Error [current]
> > [ 1310.294289] Info fld=0x119367
> > [ 1310.294294] sr 8:0:0:0: [sr0]
> > [ 1310.294300] Add. Sense: Mechanical positioning error
> > [ 1310.294305] sr 8:0:0:0: [sr0] CDB:
> > [ 1310.294308] Read(10): 28 00 00 11 93 67 00 00 01 00
> > [ 1310.294324] end_request: I/O error, dev sr0, sector 4607388
> > [ 1310.294388] UDF-fs: error (device sr0): udf_read_tagged: read failed,
> > block=1151847, location=1151575
> > [ 1310.294400] UDF-fs: error (device sr0): __udf_read_inode: (ino 1151847)
> > failed !bh
> > [ 1320.324070] sr 8:0:0:0: [sr0] Unhandled sense code
> > [ 1320.324081] sr 8:0:0:0: [sr0]
> > [ 1320.324087] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
> > [ 1320.324093] sr 8:0:0:0: [sr0]
> > [ 1320.324097] Sense Key : Hardware Error [current]
> > [ 1320.324104] Info fld=0x119366
> > [ 1320.324109] sr 8:0:0:0: [sr0]
> > [ 1320.324115] Add. Sense: Mechanical positioning error
> > [ 1320.324121] sr 8:0:0:0: [sr0] CDB:
> > [ 1320.324124] Read(10): 28 00 00 11 93 66 00 00 01 00
> > [ 1320.324140] end_request: I/O error, dev sr0, sector 4607384
> > [ 1320.324195] UDF-fs: error (device sr0): udf_read_tagged: read failed,
> > block=1151846, location=1151574
> > [ 1320.324208] UDF-fs: error (device sr0): __udf_read_inode: (ino 1151846)
> > failed !bh
> > [ 1330.432689] sr 8:0:0:0: [sr0] Unhandled sense code
> > [ 1330.432701] sr 8:0:0:0: [sr0]
> > [ 1330.432706] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
> > [ 1330.432712] sr 8:0:0:0: [sr0]
> > [ 1330.432716] Sense Key : Hardware Error [current]
> > [ 1330.432722] Info fld=0x119365
> > [ 1330.432728] sr 8:0:0:0: [sr0]
> > [ 1330.432733] Add. Sense: Mechanical positioning error
> > [ 1330.432739] sr 8:0:0:0: [sr0] CDB:
> > [ 1330.432742] Read(10): 28 00 00 11 93 65 00 00 01 00
> > [ 1330.432758] end_request: I/O error, dev sr0, sector 4607380
> > [ 1330.432814] UDF-fs: error (device sr0): udf_read_tagged: read failed,
> > block=1151845, location=1151573
> > [ 1330.432827] UDF-fs: error (device sr0): __udf_read_inode: (ino 1151845)
> > failed !bh
> > [ 1330.432842] UDF-fs: Failed to read VAT inode from the last recorded block
> > (1151848), retrying with the last block of the device (2295103).
> > [ 1340.483225] sr 8:0:0:0: [sr0] Unhandled sense code
> > [ 1340.483237] sr 8:0:0:0: [sr0]
> > [ 1340.483242] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
> > [ 1340.483247] sr 8:0:0:0: [sr0]
> > [ 1340.483251] Sense Key : Hardware Error [current]
> > [ 1340.483257] Info fld=0x23053f
> > [ 1340.483263] sr 8:0:0:0: [sr0]
> > [ 1340.483268] Add. Sense: Mechanical positioning error
> > [ 1340.483273] sr 8:0:0:0: [sr0] CDB:
> > [ 1340.483276] Read(10): 28 00 00 23 05 3f 00 00 01 00
> > [ 1340.483292] end_request: I/O error, dev sr0, sector 9180412
> > [ 1340.483373] UDF-fs: error (device sr0): udf_read_tagged: read failed,
> > block=2295103, location=2294831
> > [ 1340.483385] UDF-fs: error (device sr0): __udf_read_inode: (ino 2295103)
> > failed !bh
> >
> > some point around here I tried to eject
> >
> > [ 1350.533357] sr 8:0:0:0: [sr0] Unhandled sense code
> > [ 1350.533368] sr 8:0:0:0: [sr0]
> > [ 1350.533374] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
> > [ 1350.533380] sr 8:0:0:0: [sr0]
> > [ 1350.533384] Sense Key : Hardware Error [current]
> > [ 1350.533390] Info fld=0x23053e
> > [ 1350.533395] sr 8:0:0:0: [sr0]
> > [ 1350.533400] Add. Sense: Mechanical positioning error
> > [ 1350.533406] sr 8:0:0:0: [sr0] CDB:
> > [ 1350.533409] Read(10): 28 00 00 23 05 3e 00 00 01 00
> > [ 1350.533425] end_request: I/O error, dev sr0, sector 9180408
> > [ 1350.533488] UDF-fs: error (device sr0): udf_read_tagged: read failed,
> > block=2295102, location=2294830
> > [ 1350.533501] UDF-fs: error (device sr0): __udf_read_inode: (ino 2295102)
> > failed !bh
> > [ 1360.581244] sr 8:0:0:0: [sr0] Unhandled sense code
> > [ 1360.581255] sr 8:0:0:0: [sr0]
> > [ 1360.581260] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
> > [ 1360.581266] sr 8:0:0:0: [sr0]
> > [ 1360.581270] Sense Key : Hardware Error [current]
> > [ 1360.581277] Info fld=0x23053d
> > [ 1360.581282] sr 8:0:0:0: [sr0]
> > [ 1360.581287] Add. Sense: Mechanical positioning error
> > [ 1360.581293] sr 8:0:0:0: [sr0] CDB:
> > [ 1360.581296] Read(10): 28 00 00 23 05 3d 00 00 01 00
> > [ 1360.581312] end_request: I/O error, dev sr0, sector 9180404
> > [ 1360.581365] UDF-fs: error (device sr0): udf_read_tagged: read failed,
> > block=2295101, location=2294829
> > [ 1360.581377] UDF-fs: error (device sr0): __udf_read_inode: (ino 2295101)
> > failed !bh
> > [ 1377.505817] sr 8:0:0:0: [sr0] Unhandled sense code
> > [ 1377.505828] sr 8:0:0:0: [sr0]
> > [ 1377.505834] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
> > [ 1377.505840] sr 8:0:0:0: [sr0]
> > [ 1377.505844] Sense Key : Hardware Error [current]
> > [ 1377.505850] Info fld=0x23053c
> > [ 1377.505856] sr 8:0:0:0: [sr0]
> > [ 1377.505862] Add. Sense: Mechanical positioning error
> > [ 1377.505867] sr 8:0:0:0: [sr0] CDB:
> > [ 1377.505870] Read(10): 28 00 00 23 05 3c 00 00 01 00
> > [ 1377.505886] end_request: I/O error, dev sr0, sector 9180400
> > [ 1377.505953] UDF-fs: error (device sr0): udf_read_tagged: read failed,
> > block=2295100, location=2294828
> > [ 1377.505966] UDF-fs: error (device sr0): __udf_read_inode: (ino 2295100)
> > failed !bh
> >
> > finally it ejected
> >
> > [ 1384.719455] sr 8:0:0:0: [sr0] Device not ready
> > [ 1384.719467] sr 8:0:0:0: [sr0]
> > [ 1384.719473] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
> > [ 1384.719479] sr 8:0:0:0: [sr0]
> > [ 1384.719482] Sense Key : Not Ready [current]
> > [ 1384.719490] sr 8:0:0:0: [sr0]
> > [ 1384.719496] Add. Sense: Medium not present
> > [ 1384.719501] sr 8:0:0:0: [sr0] CDB:
> > [ 1384.719506] Read(10): 28 00 00 00 00 28 00 00 01 00
> > [ 1384.719522] end_request: I/O error, dev sr0, sector 160
> > [ 1384.719572] UDF-fs: error (device sr0): udf_read_tagged: read failed,
> > block=40, location=40
> > [ 1384.719585] UDF-fs: error (device sr0): udf_process_sequence: Block 40 of
> > volume descriptor sequence is corrupted or we could not read it
> > [ 1384.719624] BUG: unable to handle kernel NULL pointer dereference at
> > 0000000000000054
> > [ 1384.719789] IP: [<ffffffffa06b80d1>] udf_sb_free_partitions+0x71/0x140
> > [udf]
> > [ 1384.719937] PGD 0
> > [ 1384.719982] Oops: 0000 [#1] SMP
> > [ 1384.720057] Modules linked in: nls_utf8 udf crc_itu_t tcp_lp be2iscsi
> > iscsi_boot_sysfs bnx2i cnic uio cxgb4i ip6t_REJECT cxgb4 cxgb3i
> > nf_conntrack_ipv6 cxgb3 bnep nf_defrag_ipv6 mdio libcxgbi nf_conntrack_ipv4
> > nf_defrag_ipv4 xt_state ib_iser nf_conntrack bluetooth rdma_cm ib_addr iw_cm
> > ib_cm ib_sa ib_mad rfkill ib_core iscsi_tcp libiscsi_tcp libiscsi
> > scsi_transport_iscsi it87 ip6table_filter ip6_tables hwmon_vid xfs libcrc32c
> > snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec
> > snd_hwdep snd_seq kvm snd_seq_device snd_pcm joydev snd_page_alloc snd_timer
> > sp5100_tco snd edac_core r8169 soundcore shpchp pcspkr i2c_piix4 k10temp mii
> > serio_raw edac_mce_amd microcode wmi nfsd auth_rpcgss nfs_acl lockd sunrpc
> > binfmt_misc uinput ata_generic pata_acpi dm_crypt pata_jmicron pata_atiixp
> > radeon i2c_algo_bit drm_kms_helper ttm drm i2c_core
> > [ 1384.721771] CPU 3
> > [ 1384.721818] Pid: 3684, comm: mount Not tainted 3.8.0-rc3 #107 Gigabyte
> > Technology Co., Ltd. GA-890GPA-UD3H/GA-890GPA-UD3H
> > [ 1384.722023] RIP: 0010:[<ffffffffa06b80d1>] [<ffffffffa06b80d1>]
> > udf_sb_free_partitions+0x71/0x140 [udf]
> > [ 1384.722210] RSP: 0018:ffff8801b7afbb38 EFLAGS: 00010246
> > [ 1384.722310] RAX: 0000000000000001 RBX: 0000000000000000 RCX:
> > 0000000000000056
> > [ 1384.722441] RDX: 00000000000000bc RSI: 0000000000000046 RDI:
> > ffff8801b096ec00
> > [ 1384.722572] RBP: ffff8801b7afbb58 R08: 000000000000000a R09:
> > 00000000000005a5
> > [ 1384.722704] R10: 0000000000000000 R11: 00000000000005a4 R12:
> > ffff8801b7afbcd4
> > [ 1384.722834] R13: 0000000000000000 R14: ffff880165d073c0 R15:
> > 0000000000000024
> > [ 1384.722967] FS: 00007f46f5224840(0000) GS:ffff88020fcc0000(0000)
> > knlGS:0000000000000000
> > [ 1384.723116] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> > [ 1384.723223] CR2: 0000000000000054 CR3: 00000001a2ff0000 CR4:
> > 00000000000007e0
> > [ 1384.723354] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
> > 0000000000000000
> > [ 1384.723485] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
> > 0000000000000400
> > [ 1384.723617] Process mount (pid: 3684, threadinfo ffff8801b7afa000, task
> > ffff880166280000)
> > [ 1384.723765] Stack:
> > [ 1384.723805] ffff8801b096ec00 ffff8801b7afbcd4 ffff8801d1fabc98
> > 0000000000000010
> > [ 1384.723958] ffff8801b7afbbb8 ffffffffa06b96b5 ffff880165d07540
> > 0000000b00005395
> > [ 1384.724110] 00007ffffffff000 00028802036a8340 ffff8801b7afbc30
> > ffff880165d073c0
> > [ 1384.724260] Call Trace:
> > [ 1384.724319] [<ffffffffa06b96b5>] udf_check_anchor_block+0x125/0x130
> > [udf]
> > [ 1384.724455] [<ffffffffa06b9721>] udf_scan_anchors+0x61/0x1c0 [udf]
> > [ 1384.724578] [<ffffffff811ce79c>] ? ioctl_by_bdev+0x3c/0x50
> > [ 1384.724689] [<ffffffffa06b9a1e>] udf_load_vrs+0x19e/0x2e0 [udf]
> > [ 1384.724808] [<ffffffffa06b9d00>] udf_fill_super+0x1a0/0x610 [udf]
> > [ 1384.724936] [<ffffffff8119af55>] mount_bdev+0x1c5/0x210
> > [ 1384.725041] [<ffffffffa06b9b60>] ? udf_load_vrs+0x2e0/0x2e0 [udf]
> > [ 1384.725164] [<ffffffffa06b7075>] udf_mount+0x15/0x20 [udf]
> > [ 1384.725271] [<ffffffff8119bc43>] mount_fs+0x43/0x1b0
> > [ 1384.725371] [<ffffffff811b531f>] vfs_kern_mount+0x6f/0x100
> > [ 1384.725479] [<ffffffff811b7706>] do_mount+0x216/0xa70
> > [ 1384.725580] [<ffffffff81135764>] ? __get_free_pages+0x14/0x50
> > [ 1384.730093] [<ffffffff811b735a>] ? copy_mount_options+0x3a/0x180
> > [ 1384.734657] [<ffffffff811b7fee>] sys_mount+0x8e/0xe0
> > [ 1384.739261] [<ffffffff8164bf19>] system_call_fastpath+0x16/0x1b
> > [ 1384.743932] Code: 66 3d 11 25 0f 84 b8 00 00 00 41 0f b7 46 28 41 83 c5
> > 01 44 39 e8 0f 8e 89 00 00 00 49 63 dd b9 56 00 00 00 48 0f af d9 49 03 1e
> > <0f> b7 43 54 a8 02 74 b7 48 8b 3b e8 7f 9b af e0 0f b7 43 54 a8
> > [ 1384.754014] RIP [<ffffffffa06b80d1>] udf_sb_free_partitions+0x71/0x140
> > [udf]
> > [ 1384.758925] RSP <ffff8801b7afbb38>
> > [ 1384.763755] CR2: 0000000000000054
> > [ 1384.787502] ---[ end trace 95272ca777accb4e ]---
> >
> Hi James.
> There is missing exception handling in memory leak patch. (udf: Fix
> memory leak when mounting)
> So, Would you try to reproduce this problem with the below patch ?
>
> Thanks.
>
> ---------------------------------------------------------------------------
> Subject: [PATCH] UDF: Fix a null pointer dereference in udf_sb_free_partitions
>
> This patch fixes a regression caused by commit bff943af6fe
> "udf: Fix memory leak when mounting" due to which it was triggering
> a kernel null point dereference in case of mount failed OR when allocating
> memory to sbi->s_partmaps failed in function udf_sb_alloc_partition_maps.
>
> Reported-by: James Hogan <james@albanarts.com>
> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
> Signed-off-by: Ashish Sangwan <a.sangwan@samsung.com>
Yeah, the patch makes sence. Thanks Namjae. I'll wait a while for James
to test it and then merge the patch.
Honza
> ---
> fs/udf/super.c | 3 ++-
> 1 files changed, 2 insertions(+), 1 deletions(-)
>
> diff --git a/fs/udf/super.c b/fs/udf/super.c
> index d44fb56..e9be396 100644
> --- a/fs/udf/super.c
> +++ b/fs/udf/super.c
> @@ -307,7 +307,8 @@ static void udf_sb_free_partitions(struct super_block *sb)
> {
> struct udf_sb_info *sbi = UDF_SB(sb);
> int i;
> -
> + if (sbi->s_partmaps == NULL)
> + return;
> for (i = 0; i < sbi->s_partitions; i++)
> udf_free_partition(&sbi->s_partmaps[i]);
> kfree(sbi->s_partmaps);
> --
> 1.7.0.4
--
Jan Kara <jack@suse.cz>
SUSE Labs, CR
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [BUG] NULL pointer dereference in udf_sb_free_partitions
2013-01-14 5:19 ` Namjae Jeon
2013-01-14 15:18 ` Jan Kara
@ 2013-01-14 21:06 ` James Hogan
2013-01-14 21:59 ` Jan Kara
1 sibling, 1 reply; 5+ messages in thread
From: James Hogan @ 2013-01-14 21:06 UTC (permalink / raw)
To: Namjae Jeon; +Cc: Jan Kara, linux-fsdevel, linux-kernel
Hi,
On Mon, Jan 14, 2013 at 02:19:39PM +0900, Namjae Jeon wrote:
> There is missing exception handling in memory leak patch. (udf: Fix
> memory leak when mounting)
> So, Would you try to reproduce this problem with the below patch ?
>
> Thanks.
>
> ---------------------------------------------------------------------------
> Subject: [PATCH] UDF: Fix a null pointer dereference in udf_sb_free_partitions
>
> This patch fixes a regression caused by commit bff943af6fe
> "udf: Fix memory leak when mounting" due to which it was triggering
> a kernel null point dereference in case of mount failed OR when allocating
> memory to sbi->s_partmaps failed in function udf_sb_alloc_partition_maps.
>
> Reported-by: James Hogan <james@albanarts.com>
> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
> Signed-off-by: Ashish Sangwan <a.sangwan@samsung.com>
v3.8-rc3 + your patch no longer crashes.
Tested-by: James Hogan <james@albanarts.com>
Thanks
James
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [BUG] NULL pointer dereference in udf_sb_free_partitions
2013-01-14 21:06 ` James Hogan
@ 2013-01-14 21:59 ` Jan Kara
0 siblings, 0 replies; 5+ messages in thread
From: Jan Kara @ 2013-01-14 21:59 UTC (permalink / raw)
To: James Hogan; +Cc: Namjae Jeon, Jan Kara, linux-fsdevel, linux-kernel
On Mon 14-01-13 21:06:37, James Hogan wrote:
> Hi,
>
> On Mon, Jan 14, 2013 at 02:19:39PM +0900, Namjae Jeon wrote:
> > There is missing exception handling in memory leak patch. (udf: Fix
> > memory leak when mounting)
> > So, Would you try to reproduce this problem with the below patch ?
> >
> > Thanks.
> >
> > ---------------------------------------------------------------------------
> > Subject: [PATCH] UDF: Fix a null pointer dereference in udf_sb_free_partitions
> >
> > This patch fixes a regression caused by commit bff943af6fe
> > "udf: Fix memory leak when mounting" due to which it was triggering
> > a kernel null point dereference in case of mount failed OR when allocating
> > memory to sbi->s_partmaps failed in function udf_sb_alloc_partition_maps.
> >
> > Reported-by: James Hogan <james@albanarts.com>
> > Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
> > Signed-off-by: Ashish Sangwan <a.sangwan@samsung.com>
>
> v3.8-rc3 + your patch no longer crashes.
>
> Tested-by: James Hogan <james@albanarts.com>
Thanks for confirmation. I've added the fix to my tree and will push it
to Linus soon.
Honza
--
Jan Kara <jack@suse.cz>
SUSE Labs, CR
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-01-14 21:59 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-01-12 22:00 [BUG] NULL pointer dereference in udf_sb_free_partitions James Hogan
2013-01-14 5:19 ` Namjae Jeon
2013-01-14 15:18 ` Jan Kara
2013-01-14 21:06 ` James Hogan
2013-01-14 21:59 ` Jan Kara
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).