NetBSD Problem Report #52728
From tsutsui@ceres.dti.ne.jp Wed Nov 15 13:46:36 2017
Return-Path: <tsutsui@ceres.dti.ne.jp>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id B0E587A185
for <gnats-bugs@gnats.NetBSD.org>; Wed, 15 Nov 2017 13:46:36 +0000 (UTC)
Message-Id: <201711151346.vAFDkTIg012890@ceres.dti.ne.jp>
Date: Wed, 15 Nov 2017 22:46:29 +0900 (JST)
From: Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
Reply-To: tsutsui@ceres.dti.ne.jp
To: gnats-bugs@NetBSD.org
Cc: tsutsui@ceres.dti.ne.jp
Subject: "mount -u /dev/ /" triggers kernel panic
X-Send-Pr-Version: 3.95
>Number: 52728
>Category: kern
>Synopsis: "mount -u /dev/ /" triggers kernel panic
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Nov 15 13:50:00 +0000 2017
>Closed-Date: Sun Feb 23 00:19:59 +0000 2020
>Last-Modified: Sun Feb 23 00:19:59 +0000 2020
>Originator: Izumi Tsutsui
>Release: NetBSD 8.0_BETA
>Organization:
>Environment:
System: NetBSD 8.0_BETA (GENERIC.201711070830Z), also happens on atari
Architecture: i386
Machine: i386
>Description:
"mount -u /dev/ /" command (which happens on NetBSD/atari dot.profile
script in sysinst.fs, which is missing sysctl(8) command to determine
root partition) triggers kernel panic, at least on single user.
This is also reproducible on NetBSD/i386 8.0_BETA.
>How-To-Repeat:
- boot NetBSD/i386 (or maybe any port) to single user
- type "mount -u /dev/ /" on root shell
--- panic messages typed from i386 screen ---
# uname -a
NetBSD 8.0_BETA NetBSD 8.0_BETA (GENERIC.201711070830Z) i386
# mount -u /dev/ /
mount_ffs: "/dev/" is a non-resolved or relative path.
mount_ffs: using "/dev" instead.
uvm_fault(0xc2ee3c6c, 0, 1) -> 0xe
fatal page fault in supervisor mode
trap type 6 code 0 eip 0xc086a503 cs 0x8 eflags 0x10212 cr2 0xc ilevel 0 esp 0xbfb1ef9c
curlwp 0xc2f08020 pid 11 lid 1 lowest kstack 0xdb4ec2c0
kernel: supervisor trap page fault, code=0
Stopped in pid 11.1 (mount_ffs) at netbsd:ffs_mount+0xa1: movl c(%edx),%ecx
db{0}> bt
ffs_mount(c2f03008,bfb1eb9c,c2a0a198,db4eef30,c2f03008,db4eef0c,c0991343,c2f0300
8,bfb1eb9c,c2a0a198) at netbsd:ffs_mount+0xa1
VFS_MOUNT(c2f03008,bfb1eb9c,c2a0a198,db4eef30,10000,c2a0a198,1,c124df60,5001,c12
4df00) at netbsd:VFS_MOUNT+0x34
do_sys_mount(c2f08020,dbffa4,0,bfb1eb9c,10000,bfb1eb94,0,4,db4eef60,db4eef9c) at
netbsd:do_sys_mount+0x51a
sys___mount50(c2f08020,db4eef68,db4eef60,c2ee3c6c,ad3f1000,db4eef60,db4eef68,19a
,0,0) at netbsd:sys___mount50_0x4d
syscall() at netbsd:syscall+0x1ed
--- syscall (number 410) ---
ad3a1687:
db{0}>
--- end of quote ---
>Fix:
N/A
>Release-Note:
>Audit-Trail:
From: David Holland <dholland-bugs@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/52728: "mount -u /dev/ /" triggers kernel panic
Date: Wed, 15 Nov 2017 18:22:43 +0000
On Wed, Nov 15, 2017 at 01:50:01PM +0000, Izumi Tsutsui wrote:
> >Number: 52728
> - boot NetBSD/i386 (or maybe any port) to single user
> - type "mount -u /dev/ /" on root shell
oy :-/
> Stopped in pid 11.1 (mount_ffs) at netbsd:ffs_mount+0xa1: movl c(%edx),%ecx
> db{0}> bt
> ffs_mount(c2f03008,bfb1eb9c,c2a0a198,db4eef30,c2f03008,db4eef0c,c0991343,c2f0300
> 8,bfb1eb9c,c2a0a198) at netbsd:ffs_mount+0xa1
If someone has time to wade into it, figuring out where in ffs_mount
this is would be helpful. There's no obvious issue, and with -u the
passed-in device should mostly be ignored.
(Also, it looks like doing this might, if it doesn't crash first,
reach the call to set_statvfs_info near the bottom with a wrong path,
which is probably not desirable; but that doesn't seem to be the
crash.)
--
David A. Holland
dholland@netbsd.org
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/52728 CVS commit: src/sys/ufs/ffs
Date: Wed, 15 Nov 2017 16:21:18 -0500
Module Name: src
Committed By: christos
Date: Wed Nov 15 21:21:18 UTC 2017
Modified Files:
src/sys/ufs/ffs: ffs_vfsops.c
Log Message:
PR/52728: Izumi Tsutsui: "mount -u /dev/ /" triggers kernel panic
Simplify the control flow of the mount code and make sure that the
mountfrom argument can be converted to a block device in the update
case.
XXX: pullup-8
To generate a diff of this commit:
cvs rdiff -u -r1.354 -r1.355 src/sys/ufs/ffs/ffs_vfsops.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
To: gnats-bugs@NetBSD.org
Cc: tsutsui@ceres.dti.ne.jp
Subject: Re: kern/52728: "mount -u /dev/ /" triggers kernel panic
Date: Thu, 16 Nov 2017 23:35:08 +0900
Note the panic also occurs on NetBSD/amd64 7.1 GENERIC.
--- logged via serial console ---
> boot -s
14221568+654648+594632 [1027320+719300]=0x116d090
Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017
The NetBSD Foundation, Inc. All rights reserved.
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California. All rights reserved.
NetBSD 7.1 (GENERIC.201703111743Z)
total memory = 4029 MB
avail memory = 3894 MB
kern.module.path=/stand/amd64/7.1/modules
RTC BIOS diagnostic error 0x11<memory_size>
mainbus0 (root)
[..snip..]
boot device: wd0
root on wd0a dumps on wd0b
root file system type: ffs
Enter pathname of shell or RETURN for /bin/sh:
Terminal type is vt100.
We recommend that you create a non-root account and use su(1) for root access.
# mount -u /dev/ /
mount_ffs: uvm_fault(0xfffffe81075f2a10, 0x0, 1) -> e
fatal page fault in supervisor mode
trap type 6 code 0 rip ffffffff80339a1b cs 8 rflags 10212 cr2 18 ilevel 0 rsp fffffe8040582d60
curlwp 0xfffffe8119ecd640 pid 9.1 lowest kstack 0xfffffe80405802c0
kernel: page fault trap, code=0
Stopped in pid 9.1 (mount_ffs) at netbsd:ffs_mount+0xbf: cmpq %rax,18(
%rcx)
db{0}> bt
ffs_mount() at netbsd:ffs_mount+0xbf
VFS_MOUNT() at netbsd:VFS_MOUNT+0x34
do_sys_mount() at netbsd:do_sys_mount+0x485
sys___mount50() at netbsd:sys___mount50+0x33
syscall() at netbsd:syscall+0x9a
--- syscall (number 410) ---
7f7ff7083caa:
db{0}>
---
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/52728 CVS commit: [netbsd-8] src/sys/ufs/ffs
Date: Wed, 11 Apr 2018 14:49:08 +0000
Module Name: src
Committed By: martin
Date: Wed Apr 11 14:49:08 UTC 2018
Modified Files:
src/sys/ufs/ffs [netbsd-8]: ffs_vfsops.c
Log Message:
Pull up following revision(s) (requested by christos in ticket #738):
sys/ufs/ffs/ffs_vfsops.c: revision 1.355
PR/52728: Izumi Tsutsui: "mount -u /dev/ /" triggers kernel panic
Simplify the control flow of the mount code and make sure that the
mountfrom argument can be converted to a block device in the update
case.
To generate a diff of this commit:
cvs rdiff -u -r1.353.4.1 -r1.353.4.2 src/sys/ufs/ffs/ffs_vfsops.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Wed, 11 Apr 2018 20:16:02 +0000
State-Changed-Why:
fixed and pulled up, thanks
State-Changed-From-To: closed->needs-pullups
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Wed, 11 Apr 2018 20:37:05 +0000
State-Changed-Why:
take that back, this needs to get into -7
State-Changed-From-To: needs-pullups->closed
State-Changed-By: tsutsui@NetBSD.org
State-Changed-When: Sun, 23 Feb 2020 00:19:59 +0000
State-Changed-Why:
netbsd-7 will be EOL soon.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.