From owner-freebsd-fs@freebsd.org Mon Feb 19 10:58:11 2018 Return-Path: Delivered-To: freebsd-fs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1C91CF1A100 for ; Mon, 19 Feb 2018 10:58:11 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 82A816E22E; Mon, 19 Feb 2018 10:58:10 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from tom.home (kib@localhost [127.0.0.1]) by kib.kiev.ua (8.15.2/8.15.2) with ESMTPS id w1JAvwFa035207 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 19 Feb 2018 12:58:01 +0200 (EET) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua w1JAvwFa035207 Received: (from kostik@localhost) by tom.home (8.15.2/8.15.2/Submit) id w1JAvw6D035206; Mon, 19 Feb 2018 12:57:58 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Mon, 19 Feb 2018 12:57:58 +0200 From: Konstantin Belousov To: Allan Jude Cc: freebsd-fs , Kirk McKusick , markj@freebsd.org Subject: Re: UFS panic when attempting to mount wrong device Message-ID: <20180219105758.GX94212@kib.kiev.ua> References: <8be41fc8-ea0a-da87-da89-68f531f1cb88@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8be41fc8-ea0a-da87-da89-68f531f1cb88@freebsd.org> User-Agent: Mutt/1.9.3 (2018-01-21) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on tom.home X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 10:58:11 -0000 On Sun, Feb 18, 2018 at 08:14:48PM -0500, Allan Jude wrote: > I accidentally forgot to specify -t cd9660 when mounting a CD image, and > UFS panicked the machine: > > Unread portion of the kernel message buffer: > panic: vtopde on a uva/gpa 0x0 > cpuid = 1 > KDB: stack backtrace: > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame > 0xfffffe0034409550 > vpanic() at vpanic+0x18d/frame 0xfffffe00344095b0 > vpanic() at vpanic/frame 0xfffffe0034409630 > pmap_kextract() at pmap_kextract+0x121/frame 0xfffffe0034409660 > free() at free+0x5e/frame 0xfffffe00344096a0 > ffs_mount() at ffs_mount+0xe2f/frame 0xfffffe0034409840 > vfs_donmount() at vfs_donmount+0xf56/frame 0xfffffe0034409a80 > sys_nmount() at sys_nmount+0x72/frame 0xfffffe0034409ac0 > amd64_syscall() at amd64_syscall+0x79b/frame 0xfffffe0034409bf0 > fast_syscall_common() at fast_syscall_common+0x101/frame 0x7fffffffd990 > > > > (kgdb) bt > #0 __curthread () at ./machine/pcpu.h:230 > #1 doadump (textdump=1) at > /zroot/zfs_zstd/head/sys/kern/kern_shutdown.c:347 > #2 0xffffffff80ac9242 in kern_reboot (howto=260) at > /zroot/zfs_zstd/head/sys/kern/kern_shutdown.c:416 > #3 0xffffffff80ac980d in vpanic (fmt=, > ap=0xfffffe00344095f0) at /zroot/zfs_zstd/head/sys/kern/kern_shutdown.c:812 > #4 0xffffffff80ac9620 in kassert_panic (fmt=0xffffffff81157632 "vtopde > on a uva/gpa 0x%0lx") at /zroot/zfs_zstd/head/sys/kern/kern_shutdown.c:698 > #5 0xffffffff80f683a1 in vtopde (va=0) at > /zroot/zfs_zstd/head/sys/amd64/amd64/pmap.c:835 > #6 pmap_kextract (va=0) at /zroot/zfs_zstd/head/sys/amd64/amd64/pmap.c:2237 > #7 0xffffffff80aa3f2e in vtoslab (va=0) at > /zroot/zfs_zstd/head/sys/vm/uma_int.h:455 > #8 free (addr=0x8, mtp=0xffffffff8189bb20 ) at > /zroot/zfs_zstd/head/sys/kern/kern_malloc.c:701 > #9 0xffffffff80dc278f in ffs_mountfs (devvp=, > mp=, td=) > at /zroot/zfs_zstd/head/sys/ufs/ffs/ffs_vfsops.c:1047 > #10 ffs_mount (mp=0xfffff80085dda000) at > /zroot/zfs_zstd/head/sys/ufs/ffs/ffs_vfsops.c:531 > #11 0xffffffff80b8ebc6 in vfs_domount_first (td=, > fspath=0xfffff80003723800 "/mnt", vp=0xfffff80085baf938, vfsp= out>, > fsflags=, optlist=) at > /zroot/zfs_zstd/head/sys/kern/vfs_mount.c:827 > #12 vfs_domount (td=, fstype=, > fspath=, fsflags=, optlist=) > at /zroot/zfs_zstd/head/sys/kern/vfs_mount.c:1117 > #13 vfs_donmount (td=0xfffff800139c6560, fsflags=, > fsoptions=0xfffff800054d6e00) at > /zroot/zfs_zstd/head/sys/kern/vfs_mount.c:684 > #14 0xffffffff80b8dc42 in sys_nmount (td=0xfffff800139c6560, > uap=0xfffff800139c6918) at /zroot/zfs_zstd/head/sys/kern/vfs_mount.c:427 > #15 0xffffffff80f7ed0b in syscallenter (td=0xfffff800139c6560) at > /zroot/zfs_zstd/head/sys/amd64/amd64/../../kern/subr_syscall.c:134 > #16 amd64_syscall (td=0xfffff800139c6560, traced=0) at > /zroot/zfs_zstd/head/sys/amd64/amd64/trap.c:935 > #17 0xffffffff80f5a66d in fast_syscall_common () at > /zroot/zfs_zstd/head/sys/amd64/amd64/exception.S:480 > #18 0x0000000800c78000 in ?? () > > > That that maybe a double free? More likely, a free of the uninitialized pointer. Try this. diff --git a/sys/ufs/ffs/ffs_subr.c b/sys/ufs/ffs/ffs_subr.c index 40db8bf01b1..4e167d98b65 100644 --- a/sys/ufs/ffs/ffs_subr.c +++ b/sys/ufs/ffs/ffs_subr.c @@ -174,8 +174,12 @@ ffs_sbget(void *devfd, struct fs **fsp, off_t altsuperblock, *fsp = NULL; if (altsuperblock != -1) { - if ((ret = readsuper(devfd, fsp, altsuperblock, readfunc)) != 0) + if ((ret = readsuper(devfd, fsp, altsuperblock, readfunc)) + != 0) { + if (*fsp != NULL) + (*fsp)->fs_csp = NULL; return (ret); + } } else { for (i = 0; sblock_try[i] != -1; i++) { if ((ret = readsuper(devfd, fsp, sblock_try[i], @@ -183,10 +187,15 @@ ffs_sbget(void *devfd, struct fs **fsp, off_t altsuperblock, break; if (ret == ENOENT) continue; + if (*fsp != NULL) + (*fsp)->fs_csp = NULL; return (ret); } - if (sblock_try[i] == -1) + if (sblock_try[i] == -1) { + if (*fsp != NULL) + (*fsp)->fs_csp = NULL; return (ENOENT); + } } /* * If not filling in summary information, NULL out fs_csp and return.