Date: Wed, 17 Jan 2024 18:22:24 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 276408] panic: Assertion error == EJUSTRETURN failed at msdosfs_vnops.c:1195 Message-ID: <bug-276408-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D276408 Bug ID: 276408 Summary: panic: Assertion error =3D=3D EJUSTRETURN failed at msdosfs_vnops.c:1195 Product: Base System Version: 13.2-STABLE Hardware: Any OS: Any Status: New Keywords: crash Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: jfc@mit.edu I used rsync to copy data to a FAT32 filesystem. My system crashed with an assertion failure in msdosfs_rename. I think the problem is bad error recovery. The first three lines of the core.txt below were in the message buffer but were not copied to /var/log/messages. They must have all happened in quick succession. So the kernel marked the filesystem read-only due to an error and the rename failed in an impossible way as a result. My kernel is 13.2-STABLE up through commit 4c4633fdffbe. The filesystem was mounted with -L zh_CN.UTF-8. This probably does not matter. The data is on ~10 year old USB drive that was mostly used with Windows. I am trying to clone the disk to reproduce the crash. /mnt: Freeing unused sector 7185542 6 fffff001 /dev/da13s1: remounting read-only due to corruption panic: Assertion error =3D=3D EJUSTRETURN failed at /usr/home/jfc/freebsd/src/sys/fs/msdosfs/msdosfs_vnops.c:1195 cpuid =3D 1 time =3D 1705507114 KDB: stack backtrace: #0 0xffffffff80c1a1d5 at kdb_backtrace+0x65 #1 0xffffffff80bcf522 at vpanic+0x152 #2 0xffffffff80bcf323 at panic+0x43 #3 0xffffffff80a78775 at msdosfs_rename+0xc45 #4 0xffffffff8115c81d at VOP_RENAME_APV+0x3d #5 0xffffffff80cc02de at kern_renameat+0x3ee #6 0xffffffff8108aec0 at amd64_syscall+0x140 #7 0xffffffff810601eb at fast_syscall_common+0xf8 [...] #4 0xffffffff80bcf323 in panic (fmt=3D<unavailable>) at /usr/home/jfc/freebsd/src/sys/kern/kern_shutdown.c:845 ap =3D {{gp_offset =3D 32, fp_offset =3D 48,=20 overflow_arg_area =3D 0xfffffe05a6054a90,=20 reg_save_area =3D 0xfffffe05a6054a30}} #5 0xffffffff80a78775 in msdosfs_rename (ap=3D<optimized out>) at /usr/home/jfc/freebsd/src/sys/fs/msdosfs/msdosfs_vnops.c:1195 toname =3D "2014VA~1JPG" oldname =3D "2014VA~1NRU" tdvp =3D 0xfffff806c7001000 fdvp =3D 0xfffff806c7001000 fvp =3D 0xfffff806791725b8 tvp =3D 0x0 tcnp =3D 0xfffffe05a6054c48 fcnp =3D 0xfffffe05a6054d20 pmp =3D 0xfffff8123e23de00 error =3D <optimized out> checkpath_locked =3D <optimized out> newparent =3D <optimized out> doingdirectory =3D <optimized out> blkoff =3D 2720 scn =3D 146065 nip =3D <optimized out> vp =3D <optimized out> fdip =3D 0xfffff8144ffc0400 fip =3D 0xfffff825f2a81d00 tdip =3D 0xfffff8144ffc0400 tip =3D <optimized out> to_diroffset =3D 2720 wait_scn =3D <optimized out> cn =3D <optimized out> bn =3D <optimized out> bp =3D <optimized out> dotdotp =3D <optimized out> pcl =3D <optimized out> #6 0xffffffff8115c81d in VOP_RENAME_APV ( vop=3D0xffffffff81aaf600 <msdosfs_vnodeops>, a=3Da@entry=3D0xfffffe05a6= 054d78) at vnode_if.c:1672 rc =3D <optimized out> #7 0xffffffff80cc02de in VOP_RENAME (fdvp=3D<unavailable>,=20 fvp=3D<optimized out>, tdvp=3D<optimized out>, tvp=3D<unavailable>,=20 fcnp=3D<optimized out>, tcnp=3D<optimized out>) at ./vnode_if.h:853 a =3D {a_gen =3D {a_desc =3D 0xffffffff81b4ed70 <vop_rename_desc>},= =20 a_fdvp =3D 0xfffff806c7001000, a_fvp =3D 0xfffff806791725b8,=20 a_fcnp =3D 0xfffffe05a6054d20, a_tdvp =3D 0xfffff806c7001000,=20 a_tvp =3D 0xfffff806a87c9000, a_tcnp =3D 0xfffffe05a6054c48} #8 kern_renameat (td=3D0xfffffe03b0400020, oldfd=3D-100,=20 old=3D0x820c39d00 <error: Cannot access memory at address 0x820c39d00>,= =20 newfd=3D-100,=20 new=3D0x820c3a500 <error: Cannot access memory at address 0x820c3a500>,= =20 pathseg=3DUIO_USERSPACE) at /usr/home/jfc/freebsd/src/sys/kern/vfs_syscalls.c:3732 fromnd =3D { ni_dirp =3D 0x820c39d00 <error: Cannot access memory at address 0x820c39d00>, ni_segflg =3D UIO_USERSPACE,=20 ni_rightsneeded =3D 0xffffffff81a016b8 <cap_renameat_source_right= s>,=20 ni_startdir =3D 0xfffff806c7001000, ni_rootdir =3D 0xfffff801429a= a1e8,=20 ni_topdir =3D 0x0, ni_dirfd =3D -100, ni_lcf =3D 0, ni_filecaps = =3D { fc_rights =3D {cr_rights =3D {0, 0}}, fc_ioctls =3D 0x0,=20 fc_nioctls =3D -1, fc_fcntls =3D 0}, ni_vp =3D 0xfffff806791725= b8,=20 ni_dvp =3D 0xfffff806c7001000, ni_resflags =3D 0, ni_debugflags = =3D 3,=20 ni_loopcnt =3D 0, ni_pathlen =3D 1, ni_next =3D 0xfffff80175e1441= d "",=20 ni_cnd =3D {cn_origflags =3D 264208, cn_flags =3D 285476880,=20 cn_thread =3D 0xfffffe03b0400020, cn_cred =3D 0xfffff80d38c6cd0= 0,=20 cn_nameiop =3D DELETE, cn_lkflags =3D 2097152,=20 cn_pnbuf =3D 0xfffff80175e14400 ".2014ValentineBack.JPG.NrU9fM"= ,=20 cn_nameptr =3D 0xfffff80175e14400 ".2014ValentineBack.JPG.NrU9f= M",=20 cn_namelen =3D 29}, ni_cap_tracker =3D {tqh_first =3D 0x0,=20 tqh_last =3D 0xfffffe05a6054d60}, ni_dvp_seqc =3D 1977697309,=20 ni_vp_seqc =3D 4294965249} tond =3D { ni_dirp =3D 0x820c3a500 <error: Cannot access memory at address 0x820c3a500>, ni_segflg =3D UIO_USERSPACE,=20 ni_rightsneeded =3D 0xffffffff81a016c8 <cap_renameat_target_right= s>,=20 ni_startdir =3D 0xfffff806c7001000, ni_rootdir =3D 0xfffff801429a= a1e8,=20 ni_topdir =3D 0x0, ni_dirfd =3D -100, ni_lcf =3D 0, ni_filecaps = =3D { fc_rights =3D {cr_rights =3D {0, 0}}, fc_ioctls =3D 0x0,=20 fc_nioctls =3D -1, fc_fcntls =3D 0}, ni_vp =3D 0xfffff806a87c90= 00,=20 ni_dvp =3D 0xfffff806c7001000, ni_resflags =3D 0, ni_debugflags = =3D 3,=20 ni_loopcnt =3D 0, ni_pathlen =3D 1, ni_next =3D 0xfffff80142be0c1= 5 "",=20 ni_cnd =3D {cn_origflags =3D 526349, cn_flags =3D 285740045,=20 cn_thread =3D 0xfffffe03b0400020, cn_cred =3D 0xfffff80d38c6cd0= 0,=20 cn_nameiop =3D RENAME, cn_lkflags =3D 524288,=20 cn_pnbuf =3D 0xfffff80142be0c00 "2014ValentineBack.JPG",=20 cn_nameptr =3D 0xfffff80142be0c00 "2014ValentineBack.JPG",=20 cn_namelen =3D 21}, ni_cap_tracker =3D {tqh_first =3D 0x0,=20 tqh_last =3D 0xfffffe05a6054c88}, ni_dvp_seqc =3D 2160781574,=20 ni_vp_seqc =3D 4294967295} mp =3D 0xfffffe05fd4d8040 error =3D 0 fvp =3D 0xfffff806791725b8 tondflags =3D <optimized out> tvp =3D 0xfffff806a87c9000 tdvp =3D 0xfffff806c7001000 #9 0xffffffff8108aec0 in syscallenter (td=3D<optimized out>) at /usr/home/jfc/freebsd/src/sys/amd64/amd64/../../kern/subr_syscall.c:= 188 p =3D 0xfffffe04e1dcf008 sa =3D 0xfffffe03b04003f8 error =3D <optimized out> se =3D 0xffffffff81ac0670 <sysent+4096> sy_thr_static =3D true traced =3D <optimized out> _audit_entered =3D <optimized out> #10 amd64_syscall (td=3D0xfffffe03b0400020, traced=3D0) at /usr/home/jfc/freebsd/src/sys/amd64/amd64/trap.c:1181 ksi =3D {ksi_link =3D {tqe_next =3D 0xfffffe05a6054f30,=20 tqe_prev =3D 0xffffffff8108a018 <trap+1944>}, ksi_info =3D { si_signo =3D -1337982944, si_errno =3D -509, si_code =3D -15096= 01472,=20 si_pid =3D -507, si_uid =3D 2785365616, si_status =3D -507,=20 si_addr =3D 0x46, si_value =3D {sival_int =3D -1509601680,=20 sival_ptr =3D 0xfffffe05a6054e70, sigval_int =3D -1509601680,= =20 sigval_ptr =3D 0xfffffe05a6054e70}, _reason =3D {_fault =3D { _trapno =3D -2135248234}, _timer =3D {_timerid =3D -2135248= 234,=20 _overrun =3D -1}, _mesgq =3D {_mqd =3D -2135248234}, _poll = =3D { _band =3D -2135248234}, __spare__ =3D {__spare1__ =3D -2135= 248234,=20 __spare2__ =3D {-2114959976, -1, 70, 0, 0, 0, 1951529631}}}= },=20 ksi_flags =3D -1509601616,=20 ksi_sigq =3D 0xffffffff80b5f282 <handleevents+578>} --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-276408-227>