NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
kern/49142: Panic in ext2fs_loadvnode mounting an ext2fs filesystem.
>Number: 49142
>Category: kern
>Synopsis: panic in ext2fs_loadvnode mounting an ext2fs filesystem.
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Aug 22 16:35:00 +0000 2014
>Originator: Gianluca Guida
>Release: NetBSD 7.99.1
>Organization:
>Environment:
System: NetBSD cr3.tlbflush.org 7.99.1 NetBSD 7.99.1 (CR3) #2: Fri Aug 22
15:26:25 BST 2014
glguida%cr3.tlbflush.org@localhost:/usr/obj/sys/arch/amd64/compile/CR3 amd64
Architecture: x86_64
Machine: amd64
>Description:
Shortly after mounting an ext2fs partition from a USB disk -- which
might be quite old -- I get reliably a kernel panic due to a trap in
ext2fs_laodvnode().
Further analysis of the generated core shows:
GNU gdb (GDB) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64--netbsd".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/obj/sys/arch/amd64/compile/CR3/netbsd.gdb...done.
0xffffffff80597385 in cpu_reboot (howto=howto@entry=260,
bootstr=bootstr@entry=0x0) at /usr/src/sys/arch/amd64/amd64/machdep.c:671
671 dumpsys();
#0 0xffffffff80597385 in cpu_reboot (howto=howto@entry=260,
bootstr=bootstr@entry=0x0) at /usr/src/sys/arch/amd64/amd64/machdep.c:671
#1 0xffffffff80745744 in vpanic (fmt=fmt@entry=0xffffffff80babc7d "trap",
ap=ap@entry=0xfffffe8040af07e0) at /usr/src/sys/kern/subr_prf.c:340
#2 0xffffffff807457ff in panic (fmt=fmt@entry=0xffffffff80babc7d "trap")
at /usr/src/sys/kern/subr_prf.c:256
#3 0xffffffff80790b8f in trap (frame=0xfffffe8040af0900)
at /usr/src/sys/arch/amd64/amd64/trap.c:298
#4 0xffffffff80100fde in alltraps ()
#5 0xffffffff802d1511 in ext2fs_loadvnode (mp=0xfffffe811cd3a008,
vp=0xfffffe811a7ada98, key=<optimized out>, key_len=<optimized out>,
new_key=<optimized out>) at /usr/src/sys/ufs/ext2fs/ext2fs_vfsops.c:1028
#6 0xffffffff80857ca1 in vcache_get (mp=0xfffffe811cd3a008,
key=key@entry=0xfffffe8040af0ae0, key_len=key_len@entry=8,
vpp=vpp@entry=0xfffffe8040af0b08) at /usr/src/sys/kern/vfs_vnode.c:1295
#7 0xffffffff807ce271 in ufs_vget (mp=<optimized out>, ino=2,
vpp=0xfffffe8040af0b08) at /usr/src/sys/ufs/ufs/ufs_vfsops.c:107
#8 0xffffffff807ce23c in ufs_root (mp=<optimized out>, vpp=0xfffffe8040af0b68)
at /usr/src/sys/ufs/ufs/ufs_vfsops.c:93
#9 0xffffffff8084d4da in VFS_ROOT (mp=mp@entry=0xfffffe811cd3a008,
a=a@entry=0xfffffe8040af0b68) at /usr/src/sys/kern/vfs_subr.c:956
#10 0xffffffff80847357 in lookup_once (state=state@entry=0xfffffe8040af0ce0,
searchdir=0xfffffe81077be948,
newsearchdir_ret=newsearchdir_ret@entry=0xfffffe8040af0c40,
foundobj_ret=foundobj_ret@entry=0xfffffe8040af0c48)
at /usr/src/sys/kern/vfs_lookup.c:1092
#11 0xffffffff80847f0b in namei_oneroot (isnfsd=0, inhibitmagic=0,
neverfollow=0, state=<optimized out>) at /usr/src/sys/kern/vfs_lookup.c:1213
#12 namei_tryemulroot (state=state@entry=0xfffffe8040af0ce0,
neverfollow=neverfollow@entry=0, inhibitmagic=inhibitmagic@entry=0,
isnfsd=isnfsd@entry=0) at /usr/src/sys/kern/vfs_lookup.c:1467
#13 0xffffffff808492cb in namei (ndp=ndp@entry=0xfffffe8040af0d58)
at /usr/src/sys/kern/vfs_lookup.c:1503
#14 0xffffffff8084e548 in fd_nameiat (fdat=fdat@entry=-100,
ndp=ndp@entry=0xfffffe8040af0d58, l=<optimized out>)
at /usr/src/sys/kern/vfs_syscalls.c:180
#15 0xffffffff80852cf0 in do_sys_statat (l=<optimized out>,
fdat=fdat@entry=-100,
userpath=0x7f7ff7b050e0 <error: Cannot access memory at address
0x7f7ff7b050e0>, nd_flag=nd_flag@entry=64, sb=sb@entry=0xfffffe8040af0e00)
at /usr/src/sys/kern/vfs_syscalls.c:3041
#16 0xffffffff80852da0 in sys___stat50 (l=<optimized out>,
uap=0xfffffe8040af0f00, retval=<optimized out>)
at /usr/src/sys/kern/vfs_syscalls.c:3066
#17 0xffffffff8075f73a in sy_call (rval=0xfffffe8040af0eb8,
uap=0xfffffe8040af0f00, l=0xfffffe8107a552c0,
sy=0xffffffff80e69d10 <sysent+7024>) at /usr/src/sys/sys/syscallvar.h:61
#18 sy_invoke (code=439, rval=0xfffffe8040af0eb8, uap=0xfffffe8040af0f00,
l=0xfffffe8107a552c0, sy=0xffffffff80e69d10 <sysent+7024>)
at /usr/src/sys/sys/syscallvar.h:85
#19 syscall (frame=0xfffffe8040af0f00) at
/usr/src/sys/arch/x86/x86/syscall.c:156
#20 0xffffffff80100691 in Xsyscall ()
On Frame 5, we find that the cause is a null reference to vp->v_mount.
(gdb) frame 5
#5 0xffffffff802d1511 in ext2fs_loadvnode (mp=0xfffffe811cd3a008,
vp=0xfffffe811a7ada98, key=<optimized out>, key_len=<optimized out>,
new_key=<optimized out>) at /usr/src/sys/ufs/ext2fs/ext2fs_vfsops.c:1028
1028 ip->i_flag |= IN_MODIFIED;
(gdb) list
1023 if (ip->i_e2fs_gen == 0) {
1024 if (++ext2gennumber < (u_long)time_second)
1025 ext2gennumber = time_second;
1026 ip->i_e2fs_gen = ext2gennumber;
1027 if ((vp->v_mount->mnt_flag & MNT_RDONLY) == 0)
1028 ip->i_flag |= IN_MODIFIED;
1029 }
1030 uvm_vnp_setsize(vp, ext2fs_size(ip));
1031 *new_key = &ip->i_number;
1032 return 0;
(gdb) p vp->v_mount
$1 = (struct mount *) 0x0
The problem is due to the code trying to access vp->v_mount in this
function instead of mp which is passed as an argument.
vp->v_mount get later set as mp in vfs_insmntque(), called
after VFS_LOADVNODE() in vcache_get().
Attached patch fixes the issue.
>How-To-Repeat:
>Fix:
--- sys/ufs/ext2fs/ext2fs_vfsops.c 2014-08-22 15:26:03.000000000 +0100
+++ sys/ufs/ext2fs/ext2fs_vfsops.c.~1.183.~ 2014-08-20 17:23:28.000000000
+0100
@@ -1024,7 +1024,7 @@
if (++ext2gennumber < (u_long)time_second)
ext2gennumber = time_second;
ip->i_e2fs_gen = ext2gennumber;
- if ((mp->mnt_flag & MNT_RDONLY) == 0)
+ if ((vp->v_mount->mnt_flag & MNT_RDONLY) == 0)
ip->i_flag |= IN_MODIFIED;
}
uvm_vnp_setsize(vp, ext2fs_size(ip));
>Unformatted:
Home |
Main Index |
Thread Index |
Old Index