Date: Sat, 25 Oct 2025 23:59:22 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 290519] [fusefs]: page fault triggered by asynchronous notification before mount Message-ID: <bug-290519-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290519 Bug ID: 290519 Summary: [fusefs]: page fault triggered by asynchronous notification before mount Product: Base System Version: 16.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: asomers@FreeBSD.org If a FUSE daemon for some reason doesn't call nmount promptly after opening /dev/fuse , and then sends an asynchronous notification message, a page fault will result. I haven't observed this behavior from any real file system, but I can produce it with the test suite. I also suspect that the same page fault may be reachable after unmounting the file system, a path that is more likely to be reachable by a real file system with a real user. The stack trace looks like this: #0 __curthread () at /usr/home/somers/src/freebsd.org/src/sys/amd64/include/pcpu_aux.h:57 #1 doadump (textdump=textdump@entry=0) at /usr/home/somers/src/freebsd.org/src/sys/kern/kern_shutdown.c:399 #2 0xffffffff804ab9fa in db_dump (dummy=<optimized out>, dummy2=<optimized out>, dummy3=<optimized out>, dummy4=<optimized out>) at /usr/home/somers/src/freebsd.org/src/sys/ddb/db_command.c:596 #3 0xffffffff804ab7ed in db_command (last_cmdp=<optimized out>, cmd_table=<optimized out>, dopager=true) at /usr/home/somers/src/freebsd.org/src/sys/ddb/db_command.c:508 #4 0xffffffff804ab4ad in db_command_loop () at /usr/home/somers/src/freebsd.org/src/sys/ddb/db_command.c:555 #5 0xffffffff804aeea6 in db_trap (type=<optimized out>, code=<optimized out>) at /usr/home/somers/src/freebsd.org/src/sys/ddb/db_main.c:267 #6 0xffffffff80bdff2f in kdb_trap (type=type@entry=3, code=code@entry=0, tf=tf@entry=0xfffffe00d83dc900) at /usr/home/somers/src/freebsd.org/src/sys/kern/subr_kdb.c:790 #7 0xffffffff810e24ee in trap (frame=<optimized out>) at /usr/home/somers/src/freebsd.org/src/sys/amd64/amd64/trap.c:614 #8 <signal handler called> #9 kdb_enter (why=<optimized out>, msg=<optimized out>) at /usr/home/somers/src/freebsd.org/src/sys/kern/subr_kdb.c:556 #10 0xffffffff80b9068b in vpanic (fmt=0xffffffff81267110 "%s", ap=ap@entry=0xfffffe00d83dcb30) at /usr/home/somers/src/freebsd.org/src/sys/kern/kern_shutdown.c:962 #11 0xffffffff80b904f3 in panic ( fmt=0xffffffff81d9fad0 <cnputs_mtx> "\026\226\034\201\377\377\377\377") at /usr/home/somers/src/freebsd.org/src/sys/kern/kern_shutdown.c:887 #12 0xffffffff810e2fdc in trap_fatal (frame=<optimized out>, eva=<optimized out>) at /usr/home/somers/src/freebsd.org/src/sys/amd64/amd64/trap.c:969 #13 0xffffffff810e2fdc in trap_pfault (frame=0xfffffe00d83dcbd0, usermode=false, signo=<optimized out>, ucode=<optimized out>) #14 <signal handler called> #15 0xffffffff80c881ff in vfs_ref (mp=mp@entry=0x0) at /usr/home/somers/src/freebsd.org/src/sys/kern/vfs_mount.c:530 #16 0xffffffff82a13d4a in fuse_device_write (dev=<optimized out>, uio=0xfffffe00d83dcda8, ioflag=<optimized out>) at /usr/home/somers/src/freebsd.org/src/sys/fs/fuse/fuse_device.c:555 #17 0xffffffff80a0abd3 in devfs_write_f (fp=0xfffff8001d15d230, uio=0xfffffe00d83dcda8, cred=<optimized out>, flags=0, td=0xfffff8001d144780) at /usr/home/somers/src/freebsd.org/src/sys/fs/devfs/devfs_vnops.c:1960 #18 0xffffffff80c0ca61 in fo_write (fp=0xfffff8001d15d230, uio=0xfffffe00d83dcda8, active_cred=0xffffffff81e5bce8 <w_locklistdata+234328>, flags=0, td=0xfffff8001d144780) at /usr/home/somers/src/freebsd.org/src/sys/sys/file.h:370 #19 dofilewrite (td=td@entry=0xfffff8001d144780, fd=fd@entry=3, fp=0xfffff8001d15d230, auio=auio@entry=0xfffffe00d83dcda8, offset=offset@entry=-1, flags=flags@entry=0) at /usr/home/somers/src/freebsd.org/src/sys/kern/sys_generic.c:565 #20 0xffffffff80c0c437 in kern_writev (td=0xfffff8001d144780, fd=3, auio=0xfffffe00d83dcda8) at /usr/home/somers/src/freebsd.org/src/sys/kern/sys_generic.c:492 #21 sys_write (td=0xfffff8001d144780, uap=<optimized out>) at /usr/home/somers/src/freebsd.org/src/sys/kern/sys_generic.c:407 #22 0xffffffff810e3989 in syscallenter (td=0xfffff8001d144780) at /usr/home/somers/src/freebsd.org/src/sys/amd64/amd64/../../kern/subr_syscall.c:193 #23 amd64_syscall (td=0xfffff8001d144780, traced=0) at /usr/home/somers/src/freebsd.org/src/sys/amd64/amd64/trap.c:1208 #24 <signal handler called> #25 0x00002e362005119a in ?? () -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-290519-227>