From owner-freebsd-bugs@freebsd.org Mon Aug 14 03:25:20 2017 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C5A9DDCE11F for ; Mon, 14 Aug 2017 03:25:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B348E6A1A3 for ; Mon, 14 Aug 2017 03:25:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v7E3PKT9055685 for ; Mon, 14 Aug 2017 03:25:20 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 221501] [msdosfs] panic 11.0-RELEASE by mounting a malformed msdosfs image Date: Mon, 14 Aug 2017 03:25:20 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: open.source@ribose.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Aug 2017 03:25:20 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D221501 --- Comment #3 from open.source@ribose.com --- (In reply to Conrad Meyer from comment #1) # kgdb GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain condition= s. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"... #0 sched_switch (td=3D0xfffff80003519000, newtd=3D0xfffff800032ffa00, flag= s=3D) at /usr/src/sys/kern/sched_ule.c:1973 1973 cpuid =3D PCPU_GET(cpuid); (kgdb) l *(msdosfs_mount+0x10f6) 0xffffffff8098e8f6 is in msdosfs_mount (/usr/src/sys/fs/msdosfs/msdosfs_vfsops.c:730). 725=20=20=20=20=20 726 /* 727 * Have the inuse map filled in. 728 */ 729 MSDOSFS_LOCK_MP(pmp); 730 error =3D fillinusemap(pmp); 731 MSDOSFS_UNLOCK_MP(pmp); 732 if (error !=3D 0) 733 goto error_exit; 734=20=20=20=20=20 Current language: auto; currently minimal (kgdb) crash backtrace: # kgdb /boot/kernel/kernel /var/crash/vmcore.0=20 GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain condition= s. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"... Unread portion of the kernel message buffer: panic: vm_fault: fault on nofault entry, addr: fffffe003d2dd000 cpuid =3D 0 KDB: stack backtrace: #0 0xffffffff80b24077 at kdb_backtrace+0x67 #1 0xffffffff80ad93e2 at vpanic+0x182 #2 0xffffffff80ad9253 at panic+0x43 #3 0xffffffff80e12601 at vm_fault_hold+0x2721 #4 0xffffffff80e0fe98 at vm_fault+0x78 #5 0xffffffff80fa0e39 at trap_pfault+0xf9 #6 0xffffffff80fa04cc at trap+0x26c #7 0xffffffff80f84141 at calltrap+0x8 #8 0xffffffff8098e8f6 at msdosfs_mount+0x10f6 #9 0xffffffff80ba1ae0 at vfs_donmount+0xf90 #10 0xffffffff80ba0b22 at sys_nmount+0x72 #11 0xffffffff80fa168e at amd64_syscall+0x4ce #12 0xffffffff80f8442b at Xfast_syscall+0xfb Uptime: 1m38s Dumping 101 out of 991 MB:..16%..32%..48%..63%..79%..95% #0 doadump (textdump=3D) at pcpu.h:221 221 pcpu.h: No such file or directory. in pcpu.h (kgdb) bt #0 doadump (textdump=3D) at pcpu.h:221 #1 0xffffffff80ad8e69 in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:366 #2 0xffffffff80ad941b in vpanic (fmt=3D, ap=3D) at /usr/src/sys/kern/kern_shutdown.c:759 #3 0xffffffff80ad9253 in panic (fmt=3D0x0) at /usr/src/sys/kern/kern_shutdown.c:690 #4 0xffffffff80e12601 in vm_fault_hold (map=3D, vaddr=3D, fault_type=3D,=20 fault_flags=3D, m_hold=3D) at /usr/src/sys/vm/vm_fault.c:330 #5 0xffffffff80e0fe98 in vm_fault (map=3D0xfffff80003000000, vaddr=3D, fault_type=3D1 '\001', fault_flags=3D) at /usr/src/sys/vm/vm_fault.c:273 #6 0xffffffff80fa0e39 in trap_pfault (frame=3D0xfffffe0000230410, usermode= =3D0) at /usr/src/sys/amd64/amd64/trap.c:741 #7 0xffffffff80fa04cc in trap (frame=3D0xfffffe0000230410) at /usr/src/sys/amd64/amd64/trap.c:442 #8 0xffffffff80f84141 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:236 #9 0xffffffff8098abdb in fillinusemap (pmp=3D) at /usr/src/sys/fs/msdosfs/msdosfs_fat.c:904 #10 0xffffffff8098e8f6 in msdosfs_mount (mp=3D0xfffff800038bf000) at /usr/src/sys/fs/msdosfs/msdosfs_vfsops.c:730 #11 0xffffffff80ba1ae0 in vfs_donmount (td=3D, fsflags=3D, fsoptions=3D) at /usr/src/sys/kern/vfs_mount.c:818 #12 0xffffffff80ba0b22 in sys_nmount (td=3D0xfffff800038cd500, uap=3D0xfffffe0000230a40) at /usr/src/sys/kern/vfs_mount.c:417 #13 0xffffffff80fa168e in amd64_syscall (td=3D, traced= =3D0) at subr_syscall.c:135 #14 0xffffffff80f8442b in Xfast_syscall () at /usr/src/sys/amd64/amd64/exception.S:396 #15 0x0000000800a70f6a in ?? () Previous frame inner to this frame (corrupt stack?) Current language: auto; currently minimal (kgdb) --=20 You are receiving this mail because: You are the assignee for the bug.=