Description:

Writing to some file on a broken VFAT partition causes kernel bug

Kernel version: v4.17-rc7

How to reproduce:

1. Compile kernel v4.17-rc7 with config attached
2. Unpack the vfat.img and mount it as vfat (suppose /mnt is the mount point)
3. Run `echo > /mnt/xyz`

What happens:

[    1.538155] ------------[ cut here ]------------
[    1.538274] kernel BUG at fs/fat/inode.c:162!
[    1.538693] invalid opcode: 0000 [#1] SMP NOPTI
[    1.538796] Modules linked in:
[    1.538996] CPU: 0 PID: 991 Comm: sh Not tainted 4.17.0-rc7 #2
[    1.539094] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.10.2-1ubuntu1 04/01/2014
[    1.539266] RIP: 0010:fat_get_block+0x200/0x230
[    1.539334] RSP: 0018:ffff906900a2fb78 EFLAGS: 00000246
[    1.539419] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffff906900a2fb88
[    1.539509] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[    1.539600] RBP: ffff8a379db508f8 R08: ffff906900a2fb90 R09: 0000000000000200
[    1.539690] R10: 0000000000000000 R11: ffff8a379db10958 R12: ffff8a379db10958
[    1.539781] R13: ffff8a379d590000 R14: 0000000000000001 R15: 0000000000000000
[    1.539904] FS:  0000000000fd38c0(0000) GS:ffff8a379f800000(0000)
knlGS:0000000000000000
[    1.540006] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    1.540082] CR2: 000000000056789c CR3: 000000001d598000 CR4: 00000000000006f0
[    1.540221] Call Trace:
[    1.540710]  __block_write_begin_int+0x134/0x550
[    1.540806]  ? fat_add_cluster+0x80/0x80
[    1.540869]  ? notify_change+0x383/0x400
[    1.540927]  ? fat_add_cluster+0x80/0x80
[    1.540982]  block_write_begin+0x3f/0xa0
[    1.541036]  ? do_truncate+0x84/0xc0
[    1.541088]  cont_write_begin+0x232/0x330
[    1.541146]  ? fat_add_cluster+0x80/0x80
[    1.541200]  ? path_openat+0x5f7/0x1620
[    1.541255]  fat_write_begin+0x2d/0x60
[    1.541310]  ? fat_add_cluster+0x80/0x80
[    1.541367]  generic_perform_write+0xb1/0x1b0
[    1.541431]  __generic_file_write_iter+0xfd/0x190
[    1.541497]  generic_file_write_iter+0xe1/0x1e0
[    1.541560]  __vfs_write+0xfc/0x160
[    1.541616]  vfs_write+0xa8/0x190
[    1.541667]  ksys_write+0x4d/0xb0
[    1.541718]  do_syscall_64+0x43/0xf0
[    1.541772]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[    1.541936] RIP: 0033:0x486804
[    1.541981] RSP: 002b:00007ffd17e241f8 EFLAGS: 00000246 ORIG_RAX:
0000000000000001
[    1.542081] RAX: ffffffffffffffda RBX: 0000000000fd38a0 RCX: 0000000000486804
[    1.542199] RDX: 0000000000000001 RSI: 0000000000fd6fc0 RDI: 0000000000000001
[    1.542283] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000fd6fc0
[    1.542367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000fd6fc0
[    1.542450] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffd17e24260
[    1.542573] Code: d0 00 00 00 49 89 44 24 18 49 89 54 24 30 49 8b
45 18 49 89 44 24 20 41 0f b6 45 14 e9 b9 fe ff ff 41 89 c2 e9 bb fe
ff ff 0f 0b <0f> 0b e8 79 87 dc ff 48 8b 4d b0 48 c7 c2 c8 bc 9f 91 be
01 00
[    1.542995] RIP: fat_get_block+0x200/0x230 RSP: ffff906900a2fb78
[    1.543289] ---[ end trace 0266ed39a6ec740a ]---

(full kernel log is attached)

--
Anatoly