Date: Sun, 23 Feb 2020 20:26:49 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 244351] [7] Kernel panic observed while plugging the UFS USB drive on FreeBSD13-CURRENT, FreeBSD 12.1-RELEASE r354233 and FreeBSD 12.1-STABLE r358121 Message-ID: <bug-244351-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244351 Bug ID: 244351 Summary: [7] Kernel panic observed while plugging the UFS USB drive on FreeBSD13-CURRENT, FreeBSD 12.1-RELEASE r354233 and FreeBSD 12.1-STABLE r358121 Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: neerajpal09@gmail.com Created attachment 211873 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=211873&action=edit Contains PoC UFS image and detailed logs includes 13-current, 12.1-release and 12.1-stable Hi there, Kernel Panic is observed while mounting the usb drive which contains malicious UFS filesystem image. But if the automount is configured or user has ability to mount the usb drive then during mount kernel panic occurs. No user authentication and interaction is needed in case of automount is configured, tested with "/etc/fstab". Just flash the attached UFS image to usb drive and plug the usb drive to FreeBSD 13-CURRENT, 12.1-RELEASE, or 12.1-STABLE, then mount it. [Kernel Log - FreeBSD 13-CURRENT] freebsd dumped core - see /var/crash/vmcore.4 Wed Feb 19 18:50:05 UTC 2020 FreeBSD freebsd 13.0-CURRENT FreeBSD 13.0-CURRENT #0: Wed Feb 19 01:58:08 UTC 2020 root@freebsd:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64 panic: usermode va fffffdffb39cb000 GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"... Unread portion of the kernel message buffer: panic: usermode va fffffdffb39cb000 cpuid = 0 time = 1582138127 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0039f1d3d0 vpanic() at vpanic+0x185/frame 0xfffffe0039f1d430 panic() at panic+0x43/frame 0xfffffe0039f1d490 pmap_pinit0() at pmap_pinit0/frame 0xfffffe0039f1d4a0 allocbuf() at allocbuf+0x1fc/frame 0xfffffe0039f1d500 getblkx() at getblkx+0x6d9/frame 0xfffffe0039f1d5d0 getblk() at getblk+0x22/frame 0xfffffe0039f1d600 ffs_mount() at ffs_mount+0x1be0/frame 0xfffffe0039f1d7b0 vfs_domount() at vfs_domount+0x83c/frame 0xfffffe0039f1d9e0 vfs_donmount() at vfs_donmount+0x911/frame 0xfffffe0039f1da80 sys_nmount() at sys_nmount+0x69/frame 0xfffffe0039f1dac0 amd64_syscall() at amd64_syscall+0x168/frame 0xfffffe0039f1dbf0 fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0039f1dbf0 --- syscall (378, FreeBSD ELF64, sys_nmount), rip = 0x8002f7a1a, rsp = 0x7fffffffd3b8, rbp = 0x7fffffffd920 --- KDB: enter: panic Uptime: 6m53s Dumping 262 out of 4062 MB:..7%..13%..25%..31%..43%..55%..61%..74%..86%..92% [Attachments] + UFS filesystem image + detailed logs from FreeBSD 13-CURRENT, 12.1-RELEASE, and 12.1-STABLE. -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-244351-227>