Date: Sun, 23 Feb 2020 20:22:05 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 244350] [6] [Kernel panic: getblk: size(75776) > maxbcachebuf(65536)] observed while mouting the UFS USB drive on FreeBSD13-CURRENT, FreeBSD 12.1-RELEASE r354233 and FreeBSD 12.1-STABLE r358121 Message-ID: <bug-244350-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244350 Bug ID: 244350 Summary: [6] [Kernel panic: getblk: size(75776) > maxbcachebuf(65536)] observed while mouting the UFS USB drive on FreeBSD13-CURRENT, FreeBSD 12.1-RELEASE r354233 and FreeBSD 12.1-STABLE r358121 Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: neerajpal09@gmail.com Created attachment 211872 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=211872&action=edit Contains PoC UFS image and detailed logs includes 13-current, 12.1-release and 12.1-stable Hi there, Kernel Panic is observed while mounting the usb drive which contains malicious UFS filesystem image. But if the automount is configured or user has ability to mount the usb drive then during mount kernel panic occurs. No user authentication and interaction is needed in case of automount is configured, tested with "/etc/fstab". Just flash the attached UFS image to usb drive and plug the usb drive to FreeBSD 13-CURRENT, 12.1-RELEASE, or 12.1-STABLE, then mount it. [Kernel Log - FreeBSD 13-CURRENT] freebsd dumped core - see /var/crash/vmcore.3 Wed Feb 19 18:42:20 UTC 2020 FreeBSD freebsd 13.0-CURRENT FreeBSD 13.0-CURRENT #0: Wed Feb 19 01:58:08 UTC 2020 root@freebsd:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64 panic: getblk: size(75776) > maxbcachebuf(65536) GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"... Unread portion of the kernel message buffer: panic: getblk: size(75776) > maxbcachebuf(65536) cpuid = 2 time = 1582135933 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0039ea3320 vpanic() at vpanic+0x185/frame 0xfffffe0039ea3380 panic() at panic+0x43/frame 0xfffffe0039ea33e0 getblkx() at getblkx+0x807/frame 0xfffffe0039ea34b0 breadn_flags() at breadn_flags+0x44/frame 0xfffffe0039ea3520 ffs_use_bread() at ffs_use_bread+0x70/frame 0xfffffe0039ea3590 ffs_sbget() at ffs_sbget+0x24f/frame 0xfffffe0039ea3600 ffs_mount() at ffs_mount+0xdf3/frame 0xfffffe0039ea37b0 vfs_domount() at vfs_domount+0x83c/frame 0xfffffe0039ea39e0 vfs_donmount() at vfs_donmount+0x911/frame 0xfffffe0039ea3a80 sys_nmount() at sys_nmount+0x69/frame 0xfffffe0039ea3ac0 amd64_syscall() at amd64_syscall+0x168/frame 0xfffffe0039ea3bf0 fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0039ea3bf0 --- syscall (378, FreeBSD ELF64, sys_nmount), rip = 0x8002f7a1a, rsp = 0x7fffffffd3b8, rbp = 0x7fffffffd920 --- KDB: enter: panic Uptime: 39m54s Dumping 258 out of 4062 MB:..7%..13%..25%..31%..44%..56%..62%..75%..81%..93% [Attachments] + UFS filesystem image + detailed logs from FreeBSD 13-CURRENT, 12.1-RELEASE, and 12.1-STABLE. -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-244350-227>