lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130112220015.GA2387@balrog>
Date: Sat, 12 Jan 2013 22:00:15 +0000
From: James Hogan <james@...anarts.com>
To: Jan Kara <jack@...e.cz>, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [BUG] NULL pointer dereference in udf_sb_free_partitions
Hi,
I've encountered a reproducable kernel bug which makes the screen switch
to a console and display the kernel log below. This is what I did:
* Insert a particular DVD-R I have which appears to be corrupt. It then
makes the DVD drive make some unpleasant noises (my TV also makes
unpleasant noises when it's inserted).
* I go to mount it in KDE, it continues making noises and outputs some
of the errors in the kernel log below (things like Mechanical
positioning error, which makes sense since it's making unusual
noises)..
* After a while it says the mount failed.
* After a while I typed the eject command, and pressed eject button
* After a while longer the DVD is eventually ejected and at that point
the kernel log is displayed on screen.
* I can use VT switch to get back to desktop. i tried running sync as I
wanted the log to be saved, but it never returned, although most other
things seemed to continue working. Rebooted fine.
First observed on v3.7 vanilla kernel (tried twice, happened both
times), now running v3.8-rc3 and it happened when I tried it again.
I haven't tried debugging it any further, but am happy to provide more
info as required or test patches.
Cheers
James
(told it to mount)
[ 1300.219641] sr 8:0:0:0: [sr0] Unhandled sense code
[ 1300.219652] sr 8:0:0:0: [sr0]
[ 1300.219658] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[ 1300.219664] sr 8:0:0:0: [sr0]
[ 1300.219668] Sense Key : Hardware Error [current]
[ 1300.219675] Info fld=0x119368
[ 1300.219680] sr 8:0:0:0: [sr0]
[ 1300.219686] Add. Sense: Mechanical positioning error
[ 1300.219692] sr 8:0:0:0: [sr0] CDB:
[ 1300.219695] Read(10): 28 00 00 11 93 68 00 00 01 00
[ 1300.219711] end_request: I/O error, dev sr0, sector 4607392
[ 1300.219766] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=1151848, location=1151576
[ 1300.219780] UDF-fs: error (device sr0): __udf_read_inode: (ino 1151848) failed !bh
[ 1310.294257] sr 8:0:0:0: [sr0] Unhandled sense code
[ 1310.294268] sr 8:0:0:0: [sr0]
[ 1310.294274] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[ 1310.294279] sr 8:0:0:0: [sr0]
[ 1310.294283] Sense Key : Hardware Error [current]
[ 1310.294289] Info fld=0x119367
[ 1310.294294] sr 8:0:0:0: [sr0]
[ 1310.294300] Add. Sense: Mechanical positioning error
[ 1310.294305] sr 8:0:0:0: [sr0] CDB:
[ 1310.294308] Read(10): 28 00 00 11 93 67 00 00 01 00
[ 1310.294324] end_request: I/O error, dev sr0, sector 4607388
[ 1310.294388] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=1151847, location=1151575
[ 1310.294400] UDF-fs: error (device sr0): __udf_read_inode: (ino 1151847) failed !bh
[ 1320.324070] sr 8:0:0:0: [sr0] Unhandled sense code
[ 1320.324081] sr 8:0:0:0: [sr0]
[ 1320.324087] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[ 1320.324093] sr 8:0:0:0: [sr0]
[ 1320.324097] Sense Key : Hardware Error [current]
[ 1320.324104] Info fld=0x119366
[ 1320.324109] sr 8:0:0:0: [sr0]
[ 1320.324115] Add. Sense: Mechanical positioning error
[ 1320.324121] sr 8:0:0:0: [sr0] CDB:
[ 1320.324124] Read(10): 28 00 00 11 93 66 00 00 01 00
[ 1320.324140] end_request: I/O error, dev sr0, sector 4607384
[ 1320.324195] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=1151846, location=1151574
[ 1320.324208] UDF-fs: error (device sr0): __udf_read_inode: (ino 1151846) failed !bh
[ 1330.432689] sr 8:0:0:0: [sr0] Unhandled sense code
[ 1330.432701] sr 8:0:0:0: [sr0]
[ 1330.432706] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[ 1330.432712] sr 8:0:0:0: [sr0]
[ 1330.432716] Sense Key : Hardware Error [current]
[ 1330.432722] Info fld=0x119365
[ 1330.432728] sr 8:0:0:0: [sr0]
[ 1330.432733] Add. Sense: Mechanical positioning error
[ 1330.432739] sr 8:0:0:0: [sr0] CDB:
[ 1330.432742] Read(10): 28 00 00 11 93 65 00 00 01 00
[ 1330.432758] end_request: I/O error, dev sr0, sector 4607380
[ 1330.432814] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=1151845, location=1151573
[ 1330.432827] UDF-fs: error (device sr0): __udf_read_inode: (ino 1151845) failed !bh
[ 1330.432842] UDF-fs: Failed to read VAT inode from the last recorded block (1151848), retrying with the last block of the device (2295103).
[ 1340.483225] sr 8:0:0:0: [sr0] Unhandled sense code
[ 1340.483237] sr 8:0:0:0: [sr0]
[ 1340.483242] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[ 1340.483247] sr 8:0:0:0: [sr0]
[ 1340.483251] Sense Key : Hardware Error [current]
[ 1340.483257] Info fld=0x23053f
[ 1340.483263] sr 8:0:0:0: [sr0]
[ 1340.483268] Add. Sense: Mechanical positioning error
[ 1340.483273] sr 8:0:0:0: [sr0] CDB:
[ 1340.483276] Read(10): 28 00 00 23 05 3f 00 00 01 00
[ 1340.483292] end_request: I/O error, dev sr0, sector 9180412
[ 1340.483373] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=2295103, location=2294831
[ 1340.483385] UDF-fs: error (device sr0): __udf_read_inode: (ino 2295103) failed !bh
some point around here I tried to eject
[ 1350.533357] sr 8:0:0:0: [sr0] Unhandled sense code
[ 1350.533368] sr 8:0:0:0: [sr0]
[ 1350.533374] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[ 1350.533380] sr 8:0:0:0: [sr0]
[ 1350.533384] Sense Key : Hardware Error [current]
[ 1350.533390] Info fld=0x23053e
[ 1350.533395] sr 8:0:0:0: [sr0]
[ 1350.533400] Add. Sense: Mechanical positioning error
[ 1350.533406] sr 8:0:0:0: [sr0] CDB:
[ 1350.533409] Read(10): 28 00 00 23 05 3e 00 00 01 00
[ 1350.533425] end_request: I/O error, dev sr0, sector 9180408
[ 1350.533488] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=2295102, location=2294830
[ 1350.533501] UDF-fs: error (device sr0): __udf_read_inode: (ino 2295102) failed !bh
[ 1360.581244] sr 8:0:0:0: [sr0] Unhandled sense code
[ 1360.581255] sr 8:0:0:0: [sr0]
[ 1360.581260] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[ 1360.581266] sr 8:0:0:0: [sr0]
[ 1360.581270] Sense Key : Hardware Error [current]
[ 1360.581277] Info fld=0x23053d
[ 1360.581282] sr 8:0:0:0: [sr0]
[ 1360.581287] Add. Sense: Mechanical positioning error
[ 1360.581293] sr 8:0:0:0: [sr0] CDB:
[ 1360.581296] Read(10): 28 00 00 23 05 3d 00 00 01 00
[ 1360.581312] end_request: I/O error, dev sr0, sector 9180404
[ 1360.581365] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=2295101, location=2294829
[ 1360.581377] UDF-fs: error (device sr0): __udf_read_inode: (ino 2295101) failed !bh
[ 1377.505817] sr 8:0:0:0: [sr0] Unhandled sense code
[ 1377.505828] sr 8:0:0:0: [sr0]
[ 1377.505834] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[ 1377.505840] sr 8:0:0:0: [sr0]
[ 1377.505844] Sense Key : Hardware Error [current]
[ 1377.505850] Info fld=0x23053c
[ 1377.505856] sr 8:0:0:0: [sr0]
[ 1377.505862] Add. Sense: Mechanical positioning error
[ 1377.505867] sr 8:0:0:0: [sr0] CDB:
[ 1377.505870] Read(10): 28 00 00 23 05 3c 00 00 01 00
[ 1377.505886] end_request: I/O error, dev sr0, sector 9180400
[ 1377.505953] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=2295100, location=2294828
[ 1377.505966] UDF-fs: error (device sr0): __udf_read_inode: (ino 2295100) failed !bh
finally it ejected
[ 1384.719455] sr 8:0:0:0: [sr0] Device not ready
[ 1384.719467] sr 8:0:0:0: [sr0]
[ 1384.719473] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[ 1384.719479] sr 8:0:0:0: [sr0]
[ 1384.719482] Sense Key : Not Ready [current]
[ 1384.719490] sr 8:0:0:0: [sr0]
[ 1384.719496] Add. Sense: Medium not present
[ 1384.719501] sr 8:0:0:0: [sr0] CDB:
[ 1384.719506] Read(10): 28 00 00 00 00 28 00 00 01 00
[ 1384.719522] end_request: I/O error, dev sr0, sector 160
[ 1384.719572] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=40, location=40
[ 1384.719585] UDF-fs: error (device sr0): udf_process_sequence: Block 40 of volume descriptor sequence is corrupted or we could not read it
[ 1384.719624] BUG: unable to handle kernel NULL pointer dereference at 0000000000000054
[ 1384.719789] IP: [<ffffffffa06b80d1>] udf_sb_free_partitions+0x71/0x140 [udf]
[ 1384.719937] PGD 0
[ 1384.719982] Oops: 0000 [#1] SMP
[ 1384.720057] Modules linked in: nls_utf8 udf crc_itu_t tcp_lp be2iscsi iscsi_boot_sysfs bnx2i cnic uio cxgb4i ip6t_REJECT cxgb4 cxgb3i nf_conntrack_ipv6 cxgb3 bnep nf_defrag_ipv6 mdio libcxgbi nf_conntrack_ipv4 nf_defrag_ipv4 xt_state ib_iser nf_conntrack bluetooth rdma_cm ib_addr iw_cm ib_cm ib_sa ib_mad rfkill ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi it87 ip6table_filter ip6_tables hwmon_vid xfs libcrc32c snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_seq kvm snd_seq_device snd_pcm joydev snd_page_alloc snd_timer sp5100_tco snd edac_core r8169 soundcore shpchp pcspkr i2c_piix4 k10temp mii serio_raw edac_mce_amd microcode wmi nfsd auth_rpcgss nfs_acl lockd sunrpc binfmt_misc uinput ata_generic pata_acpi dm_crypt pata_jmicron pata_atiixp radeon i2c_algo_bit drm_kms_helper ttm drm i2c_core
[ 1384.721771] CPU 3
[ 1384.721818] Pid: 3684, comm: mount Not tainted 3.8.0-rc3 #107 Gigabyte Technology Co., Ltd. GA-890GPA-UD3H/GA-890GPA-UD3H
[ 1384.722023] RIP: 0010:[<ffffffffa06b80d1>] [<ffffffffa06b80d1>] udf_sb_free_partitions+0x71/0x140 [udf]
[ 1384.722210] RSP: 0018:ffff8801b7afbb38 EFLAGS: 00010246
[ 1384.722310] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000056
[ 1384.722441] RDX: 00000000000000bc RSI: 0000000000000046 RDI: ffff8801b096ec00
[ 1384.722572] RBP: ffff8801b7afbb58 R08: 000000000000000a R09: 00000000000005a5
[ 1384.722704] R10: 0000000000000000 R11: 00000000000005a4 R12: ffff8801b7afbcd4
[ 1384.722834] R13: 0000000000000000 R14: ffff880165d073c0 R15: 0000000000000024
[ 1384.722967] FS: 00007f46f5224840(0000) GS:ffff88020fcc0000(0000) knlGS:0000000000000000
[ 1384.723116] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 1384.723223] CR2: 0000000000000054 CR3: 00000001a2ff0000 CR4: 00000000000007e0
[ 1384.723354] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1384.723485] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1384.723617] Process mount (pid: 3684, threadinfo ffff8801b7afa000, task ffff880166280000)
[ 1384.723765] Stack:
[ 1384.723805] ffff8801b096ec00 ffff8801b7afbcd4 ffff8801d1fabc98 0000000000000010
[ 1384.723958] ffff8801b7afbbb8 ffffffffa06b96b5 ffff880165d07540 0000000b00005395
[ 1384.724110] 00007ffffffff000 00028802036a8340 ffff8801b7afbc30 ffff880165d073c0
[ 1384.724260] Call Trace:
[ 1384.724319] [<ffffffffa06b96b5>] udf_check_anchor_block+0x125/0x130 [udf]
[ 1384.724455] [<ffffffffa06b9721>] udf_scan_anchors+0x61/0x1c0 [udf]
[ 1384.724578] [<ffffffff811ce79c>] ? ioctl_by_bdev+0x3c/0x50
[ 1384.724689] [<ffffffffa06b9a1e>] udf_load_vrs+0x19e/0x2e0 [udf]
[ 1384.724808] [<ffffffffa06b9d00>] udf_fill_super+0x1a0/0x610 [udf]
[ 1384.724936] [<ffffffff8119af55>] mount_bdev+0x1c5/0x210
[ 1384.725041] [<ffffffffa06b9b60>] ? udf_load_vrs+0x2e0/0x2e0 [udf]
[ 1384.725164] [<ffffffffa06b7075>] udf_mount+0x15/0x20 [udf]
[ 1384.725271] [<ffffffff8119bc43>] mount_fs+0x43/0x1b0
[ 1384.725371] [<ffffffff811b531f>] vfs_kern_mount+0x6f/0x100
[ 1384.725479] [<ffffffff811b7706>] do_mount+0x216/0xa70
[ 1384.725580] [<ffffffff81135764>] ? __get_free_pages+0x14/0x50
[ 1384.730093] [<ffffffff811b735a>] ? copy_mount_options+0x3a/0x180
[ 1384.734657] [<ffffffff811b7fee>] sys_mount+0x8e/0xe0
[ 1384.739261] [<ffffffff8164bf19>] system_call_fastpath+0x16/0x1b
[ 1384.743932] Code: 66 3d 11 25 0f 84 b8 00 00 00 41 0f b7 46 28 41 83 c5 01 44 39 e8 0f 8e 89 00 00 00 49 63 dd b9 56 00 00 00 48 0f af d9 49 03 1e <0f> b7 43 54 a8 02 74 b7 48 8b 3b e8 7f 9b af e0 0f b7 43 54 a8
[ 1384.754014] RIP [<ffffffffa06b80d1>] udf_sb_free_partitions+0x71/0x140 [udf]
[ 1384.758925] RSP <ffff8801b7afbb38>
[ 1384.763755] CR2: 0000000000000054
[ 1384.787502] ---[ end trace 95272ca777accb4e ]---
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists