Date: Mon, 19 Feb 2018 13:28:41 -0500 From: Allan Jude <allanjude@freebsd.org> To: Konstantin Belousov <kostikbel@gmail.com> Cc: freebsd-fs <freebsd-fs@freebsd.org>, Kirk McKusick <mckusick@mckusick.com>, markj@freebsd.org Subject: Re: UFS panic when attempting to mount wrong device Message-ID: <a77e28c0-c603-eec0-bd3e-108582d17e89@freebsd.org> In-Reply-To: <20180219105758.GX94212@kib.kiev.ua> References: <8be41fc8-ea0a-da87-da89-68f531f1cb88@freebsd.org> <20180219105758.GX94212@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --My8zo2MOJZ7wdu4Et3CUvDw2dr9u572Jy Content-Type: multipart/mixed; boundary="CDvnTA209LuMR3FIm0zWIhTD6JwlIecH9"; protected-headers="v1" From: Allan Jude <allanjude@freebsd.org> To: Konstantin Belousov <kostikbel@gmail.com> Cc: freebsd-fs <freebsd-fs@freebsd.org>, Kirk McKusick <mckusick@mckusick.com>, markj@freebsd.org Message-ID: <a77e28c0-c603-eec0-bd3e-108582d17e89@freebsd.org> Subject: Re: UFS panic when attempting to mount wrong device References: <8be41fc8-ea0a-da87-da89-68f531f1cb88@freebsd.org> <20180219105758.GX94212@kib.kiev.ua> In-Reply-To: <20180219105758.GX94212@kib.kiev.ua> --CDvnTA209LuMR3FIm0zWIhTD6JwlIecH9 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 2018-02-19 05:57, Konstantin Belousov wrote: > On Sun, Feb 18, 2018 at 08:14:48PM -0500, Allan Jude wrote: >> I accidentally forgot to specify -t cd9660 when mounting a CD image, a= nd >> UFS panicked the machine: >> >> Unread portion of the kernel message buffer: >> panic: vtopde on a uva/gpa 0x0 >> cpuid =3D 1 >> KDB: stack backtrace: >> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame >> 0xfffffe0034409550 >> vpanic() at vpanic+0x18d/frame 0xfffffe00344095b0 >> vpanic() at vpanic/frame 0xfffffe0034409630 >> pmap_kextract() at pmap_kextract+0x121/frame 0xfffffe0034409660 >> free() at free+0x5e/frame 0xfffffe00344096a0 >> ffs_mount() at ffs_mount+0xe2f/frame 0xfffffe0034409840 >> vfs_donmount() at vfs_donmount+0xf56/frame 0xfffffe0034409a80 >> sys_nmount() at sys_nmount+0x72/frame 0xfffffe0034409ac0 >> amd64_syscall() at amd64_syscall+0x79b/frame 0xfffffe0034409bf0 >> fast_syscall_common() at fast_syscall_common+0x101/frame 0x7fffffffd99= 0 >> >> >> >> (kgdb) bt >> #0 __curthread () at ./machine/pcpu.h:230 >> #1 doadump (textdump=3D1) at >> /zroot/zfs_zstd/head/sys/kern/kern_shutdown.c:347 >> #2 0xffffffff80ac9242 in kern_reboot (howto=3D260) at >> /zroot/zfs_zstd/head/sys/kern/kern_shutdown.c:416 >> #3 0xffffffff80ac980d in vpanic (fmt=3D<optimized out>, >> ap=3D0xfffffe00344095f0) at /zroot/zfs_zstd/head/sys/kern/kern_shutdow= n.c:812 >> #4 0xffffffff80ac9620 in kassert_panic (fmt=3D0xffffffff81157632 "vto= pde >> on a uva/gpa 0x%0lx") at /zroot/zfs_zstd/head/sys/kern/kern_shutdown.c= :698 >> #5 0xffffffff80f683a1 in vtopde (va=3D0) at >> /zroot/zfs_zstd/head/sys/amd64/amd64/pmap.c:835 >> #6 pmap_kextract (va=3D0) at /zroot/zfs_zstd/head/sys/amd64/amd64/pma= p.c:2237 >> #7 0xffffffff80aa3f2e in vtoslab (va=3D0) at >> /zroot/zfs_zstd/head/sys/vm/uma_int.h:455 >> #8 free (addr=3D0x8, mtp=3D0xffffffff8189bb20 <M_UFSMNT>) at >> /zroot/zfs_zstd/head/sys/kern/kern_malloc.c:701 >> #9 0xffffffff80dc278f in ffs_mountfs (devvp=3D<optimized out>, >> mp=3D<optimized out>, td=3D<optimized out>) >> at /zroot/zfs_zstd/head/sys/ufs/ffs/ffs_vfsops.c:1047 >> #10 ffs_mount (mp=3D0xfffff80085dda000) at >> /zroot/zfs_zstd/head/sys/ufs/ffs/ffs_vfsops.c:531 >> #11 0xffffffff80b8ebc6 in vfs_domount_first (td=3D<optimized out>, >> fspath=3D0xfffff80003723800 "/mnt", vp=3D0xfffff80085baf938, vfsp=3D<o= ptimized >> out>, >> fsflags=3D<optimized out>, optlist=3D<optimized out>) at >> /zroot/zfs_zstd/head/sys/kern/vfs_mount.c:827 >> #12 vfs_domount (td=3D<optimized out>, fstype=3D<optimized out>, >> fspath=3D<optimized out>, fsflags=3D<optimized out>, optlist=3D<optimi= zed out>) >> at /zroot/zfs_zstd/head/sys/kern/vfs_mount.c:1117 >> #13 vfs_donmount (td=3D0xfffff800139c6560, fsflags=3D<optimized out>, >> fsoptions=3D0xfffff800054d6e00) at >> /zroot/zfs_zstd/head/sys/kern/vfs_mount.c:684 >> #14 0xffffffff80b8dc42 in sys_nmount (td=3D0xfffff800139c6560, >> uap=3D0xfffff800139c6918) at /zroot/zfs_zstd/head/sys/kern/vfs_mount.c= :427 >> #15 0xffffffff80f7ed0b in syscallenter (td=3D0xfffff800139c6560) at >> /zroot/zfs_zstd/head/sys/amd64/amd64/../../kern/subr_syscall.c:134 >> #16 amd64_syscall (td=3D0xfffff800139c6560, traced=3D0) at >> /zroot/zfs_zstd/head/sys/amd64/amd64/trap.c:935 >> #17 0xffffffff80f5a66d in fast_syscall_common () at >> /zroot/zfs_zstd/head/sys/amd64/amd64/exception.S:480 >> #18 0x0000000800c78000 in ?? () >> >> >> That that maybe a double free? > More likely, a free of the uninitialized pointer. Try this. >=20 > diff --git a/sys/ufs/ffs/ffs_subr.c b/sys/ufs/ffs/ffs_subr.c > index 40db8bf01b1..4e167d98b65 100644 > --- a/sys/ufs/ffs/ffs_subr.c > +++ b/sys/ufs/ffs/ffs_subr.c > @@ -174,8 +174,12 @@ ffs_sbget(void *devfd, struct fs **fsp, off_t alts= uperblock, > =20 > *fsp =3D NULL; > if (altsuperblock !=3D -1) { > - if ((ret =3D readsuper(devfd, fsp, altsuperblock, readfunc)) !=3D 0)= > + if ((ret =3D readsuper(devfd, fsp, altsuperblock, readfunc)) > + !=3D 0) { > + if (*fsp !=3D NULL) > + (*fsp)->fs_csp =3D NULL; > return (ret); > + } > } else { > for (i =3D 0; sblock_try[i] !=3D -1; i++) { > if ((ret =3D readsuper(devfd, fsp, sblock_try[i], > @@ -183,10 +187,15 @@ ffs_sbget(void *devfd, struct fs **fsp, off_t alt= superblock, > break; > if (ret =3D=3D ENOENT) > continue; > + if (*fsp !=3D NULL) > + (*fsp)->fs_csp =3D NULL; > return (ret); > } > - if (sblock_try[i] =3D=3D -1) > + if (sblock_try[i] =3D=3D -1) { > + if (*fsp !=3D NULL) > + (*fsp)->fs_csp =3D NULL; > return (ENOENT); > + } > } > /* > * If not filling in summary information, NULL out fs_csp and return.= >=20 This first patch solved the panic, but returns the wrong error message: # mount /dev/cd0 /mnt mount: /dev/cd0: No such file or directory It does exist, and `mount -t cd9660 /dev/cd0 /mnt` works I think we should return EINVAL in this case instead of ENOENT? --=20 Allan Jude --CDvnTA209LuMR3FIm0zWIhTD6JwlIecH9-- --My8zo2MOJZ7wdu4Et3CUvDw2dr9u572Jy Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJaixdcAAoJEBmVNT4SmAt+ZsIP+wTKIEbt5Ox/T2qWQOTN3pOH 7xePZJCitLuq6JClFuJmvmTvLfaTxVAv6O3SkjeqJaArHjHF+A1I1WSSWNe3NNNj yCBBedXUwcqPYdzwqxCl6IIur0Ozs+XYizg7CGK0EswPINPYwe1euJNmcyt+buex P3yEalCEB2lPdtBohZLc6QD/4OHj2+8xRUTxk6penluGP8gXZc4mR9uxxenf/Hvr WtZ0eRmlCdiCxbpBfYp5ql8DNxmuqycq9kfkRa7jFwLiCtMIwf8Tzz0EhIGAKg/A i5dkU96WwKTuaIjDw5wZpUf50OEhXVqvqTRydSchM/IacujxXwF/s0W62kfegW+O ftEOnCeOJzx8iSbXhqAm9j22se3oI8LPckpvflToZoelrTy15/Geq9MD/s7oitum 7vRxMsHzBUnl//3ld5rbIvjw7+FfcfJYuEcKMWYTAJtmfHDyvg4jhxRMgkUVDrqt U2eYIzJhBdA37P2PEvrXvfwvCL/IDjFcN08AQQzGaUO9fTGvfUjaJ00wP6zVZzKk jfOZiY52C5ROw6jAYxgTGkYis//wTUcYSlrjA4RACIQs/gOuw+ApX3UJIzjTRPln 89SNKFco43BGVU6ql4lPsdnXKAY9JT7X0qwTdjQOoHU8ecJDLp15mDgxBT4mzgiH GJk2/9BFVXrmIkpEc6oM =+GwP -----END PGP SIGNATURE----- --My8zo2MOJZ7wdu4Et3CUvDw2dr9u572Jy--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a77e28c0-c603-eec0-bd3e-108582d17e89>