Bug 835084

Summary: trying to mount an empty partition (between 2048 and 203775 bytes) causes a hang in isofs driver, using 100% CPU
Product: [Fedora] Fedora Reporter: Richard W.M. Jones <rjones>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 17CC: gansalmon, itamar, jonathan, kernel-maint, madhu.chinakonda, mbooth, rjones, sdake, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 835019 Environment:
Last Closed: 2012-06-25 20:42:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 834896    

Description Richard W.M. Jones 2012-06-25 13:50:29 UTC 
+++ This bug was initially created as a clone of Bug #835019 +++

If you try to mount an empty partition, the mount command hangs
using 100% of CPU and being unkillable.  Stack trace points to
a problem in the isofs driver.

Here is a simple reproducer:

size=2048
guestfish -x -v <<EOF
  sparse test1.img $size
  run
  mount /dev/sda /
EOF

Any size between 2048 and 203775 (== 199*1024 - 1) will
give the same problem.  Sizes under 2048 hit bug 835019.
Sizes over 203775 cause the mount to return an error.

Stack trace of mount, capturing using sysrq + t:

[    7.761017] mount           R  running task        0   116    115 0x00000000
[    7.761017]  ffff88001c8c9ac8 0000000000000082 ffff88001c899700 ffff88001c8c9fd8
[    7.761017]  ffff88001c8c9fd8 ffff88001c8c9fd8 ffff88001ee14500 ffff88001c899700
[    7.761017]  0000000000000000 ffff88001c8c8000 0000000000000030 ffff88001dc24560
[    7.761017] Call Trace:
[    7.761017]  [<ffffffff8108671a>] __cond_resched+0x2a/0x40
[    7.761017]  [<ffffffff815ef820>] _cond_resched+0x30/0x40
[    7.761017]  [<ffffffff8111d2eb>] find_lock_page+0x3b/0x80
[    7.761017]  [<ffffffff8111d9df>] find_or_create_page+0x3f/0xb0
[    7.761017]  [<ffffffff811acf12>] __getblk+0xf2/0x2a0
[    7.761017]  [<ffffffff811ad113>] __bread+0x13/0xb0
[    7.761017]  [<ffffffff81247b30>] isofs_fill_super+0x240/0xf40
[    7.761017]  [<ffffffff8118055b>] mount_bdev+0x1cb/0x210
[    7.761017]  [<ffffffff812478f0>] ? isofs_iget+0x8a0/0x8a0
[    7.761017]  [<ffffffff8116b611>] ? __kmalloc_track_caller+0x51/0x180
[    7.761017]  [<ffffffff81246bd5>] isofs_mount+0x15/0x20
[    7.761017]  [<ffffffff81181063>] mount_fs+0x43/0x1b0
[    7.761017]  [<ffffffff8113de80>] ? __alloc_percpu+0x10/0x20
[    7.761017]  [<ffffffff81199bc7>] vfs_kern_mount+0x67/0xf0
[    7.761017]  [<ffffffff8119a6e4>] do_kern_mount+0x54/0x110
[    7.761017]  [<ffffffff8119bf4a>] do_mount+0x26a/0x840
[    7.761017]  [<ffffffff8113832b>] ? strndup_user+0x5b/0x80
[    7.761017]  [<ffffffff8119c65d>] sys_mount+0x8d/0xe0
[    7.761017]  [<ffffffff815f8ae9>] system_call_fastpath+0x16/0x1b
Comment 1 Richard W.M. Jones 2012-06-25 19:38:01 UTC 
Thanks to Jeff Moyer who suggested the following patch:

https://lkml.org/lkml/2012/6/25/306

which fixes this bug.
Comment 2 Josh Boyer 2012-06-25 20:42:45 UTC 
We'll fix these with one bug.

*** This bug has been marked as a duplicate of bug 835019 ***