From owner-freebsd-current@FreeBSD.ORG Sun Nov 9 21:15:59 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6C97728D for ; Sun, 9 Nov 2014 21:15:59 +0000 (UTC) Received: from mail-vc0-x22b.google.com (mail-vc0-x22b.google.com [IPv6:2607:f8b0:400c:c03::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 23EA72D1 for ; Sun, 9 Nov 2014 21:15:59 +0000 (UTC) Received: by mail-vc0-f171.google.com with SMTP id id10so36088vcb.2 for ; Sun, 09 Nov 2014 13:15:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=5jwajaLbgYCAPbb+TyVqrqNEGysmJVh8S6i4DBv+pJw=; b=iQQD/84QykVotRinXJSkEQZ42sG2giqgZ586VaUemwNt3hkZYbNCTrS4/mUXXqgSz2 Tjf3qYFzfN5QS8AfQ9nMjgrqKeMAv+Y0/seIWiGTlGxIjTLTRUpvCbU2DLAwC98/AlgK JefdASIxC6O+klaiOv4plPM8wl7+hIKvbejfRKi2XWUSdlwft8knEku2fj2SomR5dzdD 52H1r1dLk87RSX8+57l0ux+1mVcXV7doq7ABT1pZAjJaVmEP+lModofiepwPb58rOelH 96y2y05aanOMKLPC8lG+ZIW2AquzoRRIUxSGun/gkAtsN2K8KZ4yK9FRczCZx1OO9SC8 Kb8w== X-Received: by 10.52.234.230 with SMTP id uh6mr15145227vdc.10.1415567757959; Sun, 09 Nov 2014 13:15:57 -0800 (PST) MIME-Version: 1.0 Received: by 10.31.136.76 with HTTP; Sun, 9 Nov 2014 13:15:17 -0800 (PST) From: Henry Hu Date: Sun, 9 Nov 2014 16:15:17 -0500 Message-ID: Subject: Fatal trap 12 in fuse_vnop_create and patch To: FreeBSD CURRENT Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Nov 2014 21:15:59 -0000 Hi, I've hit a crash in the fuse module when doing a rsync to an ntfs volume mounted with ntfs-3g. The crash is the same as ones reported before, in https://lists.freebsd.org/pipermail/freebsd-current/2013-October/045993.htm= l and there are other similar reports: http://www.bsdforen.de/threads/probleme-mit-rsync-und-sshfs.29323/ After digging it a bit, I found that the problem is in fuse_vnop_create(). Check https://github.com/freebsd/freebsd/blame/master/sys/fs/fuse/fuse_vnops.c#L3= 37 . At line 337, it checks if vap->va_type is VREG, and if it is not, it goes to label bringup. Then, feo is assigned with fdip->answ and used. But fdip which points to fdi is initialized after the goto. As a result, when vap->va_type !=3D VREG= , fdi is not initialized and feo is invalid. I made the following patch and it works for me. In my case, the problematic file is a socket. Index: fuse_vnops.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- fuse_vnops.c (=E7=89=88=E6=9C=AC 274059) +++ fuse_vnops.c (=E5=B7=A5=E4=BD=9C=E5=89=AF=E6=9C=AC) @@ -336,7 +336,8 @@ /* XXX: Will we ever want devices ? */ if ((vap->va_type !=3D VREG)) { MPASS(vap->va_type !=3D VFIFO); - goto bringup; + printf("unsupported vatype: %d\n", vap->va_type); + return EINVAL; } debug_printf("parent nid =3D %ju, mode =3D %x\n", (uintmax_t)parent= nid, mode); @@ -364,7 +365,7 @@ debug_printf("create: got err=3D%d from daemon\n", err); goto out; } -bringup: + feo =3D fdip->answ; if ((err =3D fuse_internal_checkentry(feo, VREG))) { But I think that fuse filesystems may support file types other than VREG, so maybe we should remove that check completely? --=20 Cheers, Henry