Date: Mon, 01 Feb 2016 14:27:03 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 206820] [ext2fs] Panic when writing to ext3fs mounted as ext2fs Message-ID: <bug-206820-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206820 Bug ID: 206820 Summary: [ext2fs] Panic when writing to ext3fs mounted as ext2fs Product: Base System Version: 9.3-STABLE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: ardovm@yahoo.it I encountered two panics on the very same operation: writing files to a ext3fs formatted USB drive that is mounted as ext2fs. The filesystem is created by a shell script, issuing the following commands: # mkfs.ext3 /dev/da0s1 # tune2fs -O ^dir_index /dev/da0s1 # mount -t ext2fs /dev/da0s1 /mnt And files are extracted from a tar archive (produced by gnu tar): # ssh linuxhost 'cat filesystem.tar.bz2' | tar -C /mnt -xjf -' My system is a 9-STABLE updated this morning. # uname -a FreeBSD myhost 9.3-STABLE FreeBSD 9.3-STABLE #144 r295117M: Mon Feb 1 09:31:54 CET 2016 root@myhost:/usr/obj/usr/src/sys/GENERIC i386 Both panics are triggered by function ext2_i2ei at /usr/src/sys/modules/ext2fs/../../fs/ext2fs/ext2_inode_cnv.c:152 Here is an excerpt of the backtrace: [...] #7 0xc0f9fee7 in calltrap () at /usr/src/sys/i386/i386/exception.s:173 #8 0xd00f5759 in ext2_i2ei (ip=0xcab8f100, ei=0xe17e0f80) at /usr/src/sys/modules/ext2fs/../../fs/ext2fs/ext2_inode_cnv.c:152 #9 0xd00f4a56 in ext2_update (vp=0xce0f38e0, waitfor=1) at /usr/src/sys/modules/ext2fs/../../fs/ext2fs/ext2_inode.c:91 #10 0xd00fad12 in ext2_makeinode (mode=8, dvp=0xcc69f11c, vpp=0xeffeab88, cnp=0xeffeab9c) at /usr/src/sys/modules/ext2fs/../../fs/ext2fs/ext2_vnops.c:1586 #11 0xc0fdd612 in VOP_CREATE_APV (vop=0xd00fe3a0, a=0xeffeaae8) at vnode_if.c:260 #12 0xc0b9d989 in vn_open_cred (ndp=0xeffeab5c, flagp=0xeffeac24, cmode=<value optimized out>, vn_open_flags=0, cred=0xc9ee7100, fp=0xcafea508) at vnode_if.h:109 #13 0xc0b9de6b in vn_open (ndp=0xeffeab5c, flagp=0xeffeac24, cmode=493, fp=0xcafea508) at /usr/src/sys/kern/vfs_vnops.c:113 #14 0xc0b99460 in kern_openat (td=0xc8420900, fd=-100, path=0x284a61a0 <Address 0x284a61a0 out of bounds>, pathseg=UIO_USERSPACE, flags=2562, mode=493) at /usr/src/sys/kern/vfs_syscalls.c:1128 #15 0xc0b998b5 in kern_open (td=0xc8420900, path=0x284a61a0 <Address 0x284a61a0 out of bounds>, pathseg=UIO_USERSPACE, flags=2561, mode=493) at /usr/src/sys/kern/vfs_syscalls.c:1079 #16 0xc0b998f0 in sys_open (td=0xc8420900, uap=0xeffeaccc) at /usr/src/sys/kern/vfs_syscalls.c:1055 #17 0xc0fb6869 in syscall (frame=0xeffead08) at subr_syscall.c:142 #18 0xc0f9ff8c in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:279 When kgdb'ing into frame 8, the pointer to ei seems not to be valid: (kgdb) frame 8 #8 0xd00f5759 in ext2_i2ei (ip=0xcab8f100, ei=0xe17e0f80) at /usr/src/sys/modules/ext2fs/../../fs/ext2fs/ext2_inode_cnv.c:152 152 ei->e2di_ctime_extra = NSEC_TO_XTIME(ip->i_ctimensec); (kgdb) print *ip $1 = {i_vnode = 0xce0f38e0, i_ump = 0xccadc240, i_flag = 0, i_number = 122888, i_e2fs = 0xc7798c00, i_modrev = 62488400780442, i_count = 0, i_endoff = 0, i_diroff = 0, i_offset = 0, i_block_group = 60, i_next_alloc_block = 0, i_next_alloc_goal = 0, i_mode = 33261, i_nlink = 1, i_uid = 0, i_gid = 0, i_size = 0, i_blocks = 0, i_atime = 1454332232, i_mtime = 1454332232, i_ctime = 1454332232, i_birthtime = 1454332232, i_mtimensec = 700120000, i_atimensec = 700120000, i_ctimensec = 700120000, i_birthnsec = 700118000, i_gen = 1784569991, i_flags = 0, i_db = {0 <repeats 12 times>}, i_ib = {0, 0, 0}, i_ext_cache = {ec_start = 0, ec_blk = 0, ec_len = 0, ec_type = 0}} (kgdb) print *ei Cannot access memory at address 0xe17e0f80 Some information from the previous frame: (kgdb) frame 9 #9 0xd00f4a56 in ext2_update (vp=0xce0f38e0, waitfor=1) at /usr/src/sys/modules/ext2fs/../../fs/ext2fs/ext2_inode.c:91 91 ext2_i2ei(ip, (struct ext2fs_dinode *)((char *)bp->b_data + (kgdb) print bp $2 = (struct buf *) 0xe112a8a8 (kgdb) print *bp $3 = {b_bufobj = 0xcbe062e4, b_bcount = 1024, b_caller1 = 0x0, b_data = 0xe17e0c00 "íA", b_error = 0, b_iocmd = 2 '\002', b_ioflags = 2 '\002', b_iooffset = 503319552, b_resid = 0, b_iodone = 0, b_blkno = 983046, b_offset = 503319552, b_bobufs = {tqe_next = 0x0, tqe_prev = 0xe1231828}, b_left = 0xe12317f0, b_right = 0x0, b_vflags = 0, b_freelist = {tqe_next = 0x0, tqe_prev = 0xe123183c}, b_qindex = 2, b_flags = 2684354720, b_xflags = 1 '\001', b_lock = {lock_object = { lo_name = 0xc10fe54f "bufwait", lo_flags = 108199936, lo_data = 0, lo_witness = 0x0}, lk_lock = 3359770880, lk_exslpfail = 0, lk_timo = 0, lk_pri = 96}, b_bufsize = 1024, b_runningbufspace = 0, b_kvabase = 0xe17e0000 "#", b_kvaalloc = 0x0, b_kvasize = 16384, b_lblkno = 983046, b_vp = 0xcbe06238, b_dirtyoff = 0, b_dirtyend = 0, b_rcred = 0x0, b_wcred = 0x0, b_saveaddr = 0xe17e0000, b_pager = { pg_reqpage = 0}, b_cluster = {cluster_head = {tqh_first = 0x0, tqh_last = 0xe11ad6f0}, cluster_entry = {tqe_next = 0x0, tqe_prev = 0xe11ad6f0}}, b_pages = {0xc51334b0, 0x0 <repeats 31 times>}, b_npages = 1, b_dep = {lh_first = 0x0}, b_fsprivate1 = 0x0, b_fsprivate2 = 0x0, b_fsprivate3 = 0x0, b_pin_count = 0} Please tell me what information I can provide, to help tracking this problem down. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-206820-8>