NetBSD Problem Report #49142
From glguida@cr3.tlbflush.org Fri Aug 22 16:32:06 2014
Return-Path: <glguida@cr3.tlbflush.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id A8D31AEA71
for <gnats-bugs@gnats.NetBSD.org>; Fri, 22 Aug 2014 16:32:06 +0000 (UTC)
Message-Id: <20140822151256.B46AE1DCE76@cr3.tlbflush.org>
Date: Fri, 22 Aug 2014 16:12:56 +0100 (BST)
From: Gianluca Guida <glguida@tlbflush.org>
Reply-To: Gianluca Guida <glguida@tlbflush.org>
To: gnats-bugs@NetBSD.org
Subject: Panic in ext2fs_loadvnode mounting an ext2fs filesystem.
X-Send-Pr-Version: 3.95
>Number: 49142
>Category: kern
>Synopsis: panic in ext2fs_loadvnode mounting an ext2fs filesystem.
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: hannken
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Aug 22 16:35:00 +0000 2014
>Closed-Date: Fri Aug 22 19:49:00 +0000 2014
>Last-Modified: Fri Aug 22 19:49:00 +0000 2014
>Originator: Gianluca Guida
>Release: NetBSD 7.99.1
>Organization:
>Environment:
System: NetBSD cr3.tlbflush.org 7.99.1 NetBSD 7.99.1 (CR3) #2: Fri Aug 22 15:26:25 BST 2014 glguida@cr3.tlbflush.org:/usr/obj/sys/arch/amd64/compile/CR3 amd64
Architecture: x86_64
Machine: amd64
>Description:
Shortly after mounting an ext2fs partition from a USB disk -- which
might be quite old -- I get reliably a kernel panic due to a trap in
ext2fs_laodvnode().
Further analysis of the generated core shows:
GNU gdb (GDB) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64--netbsd".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/obj/sys/arch/amd64/compile/CR3/netbsd.gdb...done.
0xffffffff80597385 in cpu_reboot (howto=howto@entry=260,
bootstr=bootstr@entry=0x0) at /usr/src/sys/arch/amd64/amd64/machdep.c:671
671 dumpsys();
#0 0xffffffff80597385 in cpu_reboot (howto=howto@entry=260,
bootstr=bootstr@entry=0x0) at /usr/src/sys/arch/amd64/amd64/machdep.c:671
#1 0xffffffff80745744 in vpanic (fmt=fmt@entry=0xffffffff80babc7d "trap",
ap=ap@entry=0xfffffe8040af07e0) at /usr/src/sys/kern/subr_prf.c:340
#2 0xffffffff807457ff in panic (fmt=fmt@entry=0xffffffff80babc7d "trap")
at /usr/src/sys/kern/subr_prf.c:256
#3 0xffffffff80790b8f in trap (frame=0xfffffe8040af0900)
at /usr/src/sys/arch/amd64/amd64/trap.c:298
#4 0xffffffff80100fde in alltraps ()
#5 0xffffffff802d1511 in ext2fs_loadvnode (mp=0xfffffe811cd3a008,
vp=0xfffffe811a7ada98, key=<optimized out>, key_len=<optimized out>,
new_key=<optimized out>) at /usr/src/sys/ufs/ext2fs/ext2fs_vfsops.c:1028
#6 0xffffffff80857ca1 in vcache_get (mp=0xfffffe811cd3a008,
key=key@entry=0xfffffe8040af0ae0, key_len=key_len@entry=8,
vpp=vpp@entry=0xfffffe8040af0b08) at /usr/src/sys/kern/vfs_vnode.c:1295
#7 0xffffffff807ce271 in ufs_vget (mp=<optimized out>, ino=2,
vpp=0xfffffe8040af0b08) at /usr/src/sys/ufs/ufs/ufs_vfsops.c:107
#8 0xffffffff807ce23c in ufs_root (mp=<optimized out>, vpp=0xfffffe8040af0b68)
at /usr/src/sys/ufs/ufs/ufs_vfsops.c:93
#9 0xffffffff8084d4da in VFS_ROOT (mp=mp@entry=0xfffffe811cd3a008,
a=a@entry=0xfffffe8040af0b68) at /usr/src/sys/kern/vfs_subr.c:956
#10 0xffffffff80847357 in lookup_once (state=state@entry=0xfffffe8040af0ce0,
searchdir=0xfffffe81077be948,
newsearchdir_ret=newsearchdir_ret@entry=0xfffffe8040af0c40,
foundobj_ret=foundobj_ret@entry=0xfffffe8040af0c48)
at /usr/src/sys/kern/vfs_lookup.c:1092
#11 0xffffffff80847f0b in namei_oneroot (isnfsd=0, inhibitmagic=0,
neverfollow=0, state=<optimized out>) at /usr/src/sys/kern/vfs_lookup.c:1213
#12 namei_tryemulroot (state=state@entry=0xfffffe8040af0ce0,
neverfollow=neverfollow@entry=0, inhibitmagic=inhibitmagic@entry=0,
isnfsd=isnfsd@entry=0) at /usr/src/sys/kern/vfs_lookup.c:1467
#13 0xffffffff808492cb in namei (ndp=ndp@entry=0xfffffe8040af0d58)
at /usr/src/sys/kern/vfs_lookup.c:1503
#14 0xffffffff8084e548 in fd_nameiat (fdat=fdat@entry=-100,
ndp=ndp@entry=0xfffffe8040af0d58, l=<optimized out>)
at /usr/src/sys/kern/vfs_syscalls.c:180
#15 0xffffffff80852cf0 in do_sys_statat (l=<optimized out>,
fdat=fdat@entry=-100,
userpath=0x7f7ff7b050e0 <error: Cannot access memory at address 0x7f7ff7b050e0>, nd_flag=nd_flag@entry=64, sb=sb@entry=0xfffffe8040af0e00)
at /usr/src/sys/kern/vfs_syscalls.c:3041
#16 0xffffffff80852da0 in sys___stat50 (l=<optimized out>,
uap=0xfffffe8040af0f00, retval=<optimized out>)
at /usr/src/sys/kern/vfs_syscalls.c:3066
#17 0xffffffff8075f73a in sy_call (rval=0xfffffe8040af0eb8,
uap=0xfffffe8040af0f00, l=0xfffffe8107a552c0,
sy=0xffffffff80e69d10 <sysent+7024>) at /usr/src/sys/sys/syscallvar.h:61
#18 sy_invoke (code=439, rval=0xfffffe8040af0eb8, uap=0xfffffe8040af0f00,
l=0xfffffe8107a552c0, sy=0xffffffff80e69d10 <sysent+7024>)
at /usr/src/sys/sys/syscallvar.h:85
#19 syscall (frame=0xfffffe8040af0f00) at /usr/src/sys/arch/x86/x86/syscall.c:156
#20 0xffffffff80100691 in Xsyscall ()
On Frame 5, we find that the cause is a null reference to vp->v_mount.
(gdb) frame 5
#5 0xffffffff802d1511 in ext2fs_loadvnode (mp=0xfffffe811cd3a008,
vp=0xfffffe811a7ada98, key=<optimized out>, key_len=<optimized out>,
new_key=<optimized out>) at /usr/src/sys/ufs/ext2fs/ext2fs_vfsops.c:1028
1028 ip->i_flag |= IN_MODIFIED;
(gdb) list
1023 if (ip->i_e2fs_gen == 0) {
1024 if (++ext2gennumber < (u_long)time_second)
1025 ext2gennumber = time_second;
1026 ip->i_e2fs_gen = ext2gennumber;
1027 if ((vp->v_mount->mnt_flag & MNT_RDONLY) == 0)
1028 ip->i_flag |= IN_MODIFIED;
1029 }
1030 uvm_vnp_setsize(vp, ext2fs_size(ip));
1031 *new_key = &ip->i_number;
1032 return 0;
(gdb) p vp->v_mount
$1 = (struct mount *) 0x0
The problem is due to the code trying to access vp->v_mount in this
function instead of mp which is passed as an argument.
vp->v_mount get later set as mp in vfs_insmntque(), called
after VFS_LOADVNODE() in vcache_get().
Attached patch fixes the issue.
>How-To-Repeat:
>Fix:
--- sys/ufs/ext2fs/ext2fs_vfsops.c 2014-08-22 15:26:03.000000000 +0100
+++ sys/ufs/ext2fs/ext2fs_vfsops.c.~1.183.~ 2014-08-20 17:23:28.000000000 +0100
@@ -1024,7 +1024,7 @@
if (++ext2gennumber < (u_long)time_second)
ext2gennumber = time_second;
ip->i_e2fs_gen = ext2gennumber;
- if ((mp->mnt_flag & MNT_RDONLY) == 0)
+ if ((vp->v_mount->mnt_flag & MNT_RDONLY) == 0)
ip->i_flag |= IN_MODIFIED;
}
uvm_vnp_setsize(vp, ext2fs_size(ip));
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: kern-bug-people->hannken
Responsible-Changed-By: hannken@NetBSD.org
Responsible-Changed-When: Fri, 22 Aug 2014 16:50:55 +0000
Responsible-Changed-Why:
Mine.
State-Changed-From-To: open->pending-pullups
State-Changed-By: hannken@NetBSD.org
State-Changed-When: Fri, 22 Aug 2014 16:54:19 +0000
State-Changed-Why:
Pullup to -7 requested: ticket #49
From: "Juergen Hannken-Illjes" <hannken@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/49142 CVS commit: src/sys/ufs/ext2fs
Date: Fri, 22 Aug 2014 16:49:30 +0000
Module Name: src
Committed By: hannken
Date: Fri Aug 22 16:49:30 UTC 2014
Modified Files:
src/sys/ufs/ext2fs: ext2fs_vfsops.c
Log Message:
Use mount from argument "mp", "vp->v_mount" is not valid here.
PR kern/49142 (panic in ext2fs_loadvnode mounting an ext2fs filesystem)
Needs pullup to -7
To generate a diff of this commit:
cvs rdiff -u -r1.183 -r1.184 src/sys/ufs/ext2fs/ext2fs_vfsops.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/49142 CVS commit: [netbsd-7] src/sys/ufs/ext2fs
Date: Fri, 22 Aug 2014 19:20:15 +0000
Module Name: src
Committed By: martin
Date: Fri Aug 22 19:20:15 UTC 2014
Modified Files:
src/sys/ufs/ext2fs [netbsd-7]: ext2fs_vfsops.c
Log Message:
Pull up following revision(s) (requested by hannken in ticket #49):
sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.184
Use mount from argument "mp", "vp->v_mount" is not valid here.
PR kern/49142 (panic in ext2fs_loadvnode mounting an ext2fs filesystem)
To generate a diff of this commit:
cvs rdiff -u -r1.183 -r1.183.2.1 src/sys/ufs/ext2fs/ext2fs_vfsops.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: pending-pullups->closed
State-Changed-By: hannken@NetBSD.org
State-Changed-When: Fri, 22 Aug 2014 19:49:00 +0000
State-Changed-Why:
Pulled up.
Thanks for the report and analysis.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home