Date: Mon, 01 Feb 2016 14:27:03 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 206820] [ext2fs] Panic when writing to ext3fs mounted as ext2fs Message-ID: <bug-206820-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206820 Bug ID: 206820 Summary: [ext2fs] Panic when writing to ext3fs mounted as ext2fs Product: Base System Version: 9.3-STABLE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: ardovm@yahoo.it I encountered two panics on the very same operation: writing files to a ext= 3fs formatted USB drive that is mounted as ext2fs. The filesystem is created by a shell script, issuing the following commands: # mkfs.ext3 /dev/da0s1 # tune2fs -O ^dir_index /dev/da0s1 # mount -t ext2fs /dev/da0s1 /mnt And files are extracted from a tar archive (produced by gnu tar): # ssh linuxhost 'cat filesystem.tar.bz2' | tar -C /mnt -xjf -' My system is a 9-STABLE updated this morning. # uname -a=20 FreeBSD myhost 9.3-STABLE FreeBSD 9.3-STABLE #144 r295117M: Mon Feb 1 09:3= 1:54 CET 2016 root@myhost:/usr/obj/usr/src/sys/GENERIC i386 Both panics are triggered by function ext2_i2ei at /usr/src/sys/modules/ext2fs/../../fs/ext2fs/ext2_inode_cnv.c:152 Here is an excerpt of the backtrace: [...] #7 0xc0f9fee7 in calltrap () at /usr/src/sys/i386/i386/exception.s:173 #8 0xd00f5759 in ext2_i2ei (ip=3D0xcab8f100, ei=3D0xe17e0f80) at /usr/src/sys/modules/ext2fs/../../fs/ext2fs/ext2_inode_cnv.c:152 #9 0xd00f4a56 in ext2_update (vp=3D0xce0f38e0, waitfor=3D1) at /usr/src/sys/modules/ext2fs/../../fs/ext2fs/ext2_inode.c:91 #10 0xd00fad12 in ext2_makeinode (mode=3D8, dvp=3D0xcc69f11c, vpp=3D0xeffea= b88,=20 cnp=3D0xeffeab9c) at /usr/src/sys/modules/ext2fs/../../fs/ext2fs/ext2_vnops.c:1586 #11 0xc0fdd612 in VOP_CREATE_APV (vop=3D0xd00fe3a0, a=3D0xeffeaae8) at vnode_if.c:260 #12 0xc0b9d989 in vn_open_cred (ndp=3D0xeffeab5c, flagp=3D0xeffeac24,=20 cmode=3D<value optimized out>, vn_open_flags=3D0, cred=3D0xc9ee7100,=20 fp=3D0xcafea508) at vnode_if.h:109 #13 0xc0b9de6b in vn_open (ndp=3D0xeffeab5c, flagp=3D0xeffeac24, cmode=3D49= 3,=20 fp=3D0xcafea508) at /usr/src/sys/kern/vfs_vnops.c:113 #14 0xc0b99460 in kern_openat (td=3D0xc8420900, fd=3D-100,=20 path=3D0x284a61a0 <Address 0x284a61a0 out of bounds>,=20 pathseg=3DUIO_USERSPACE, flags=3D2562, mode=3D493) at /usr/src/sys/kern/vfs_syscalls.c:1128 #15 0xc0b998b5 in kern_open (td=3D0xc8420900,=20 path=3D0x284a61a0 <Address 0x284a61a0 out of bounds>,=20 pathseg=3DUIO_USERSPACE, flags=3D2561, mode=3D493) at /usr/src/sys/kern/vfs_syscalls.c:1079 #16 0xc0b998f0 in sys_open (td=3D0xc8420900, uap=3D0xeffeaccc) at /usr/src/sys/kern/vfs_syscalls.c:1055 #17 0xc0fb6869 in syscall (frame=3D0xeffead08) at subr_syscall.c:142 #18 0xc0f9ff8c in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:279 When kgdb'ing into frame 8, the pointer to ei seems not to be valid: (kgdb) frame 8 #8 0xd00f5759 in ext2_i2ei (ip=3D0xcab8f100, ei=3D0xe17e0f80) at /usr/src/sys/modules/ext2fs/../../fs/ext2fs/ext2_inode_cnv.c:152 152 ei->e2di_ctime_extra =3D NSEC_TO_XTIME(ip->i_ctimensec); (kgdb) print *ip $1 =3D {i_vnode =3D 0xce0f38e0, i_ump =3D 0xccadc240, i_flag =3D 0, i_numbe= r =3D 122888,=20 i_e2fs =3D 0xc7798c00, i_modrev =3D 62488400780442, i_count =3D 0, i_endo= ff =3D 0,=20 i_diroff =3D 0, i_offset =3D 0, i_block_group =3D 60, i_next_alloc_block = =3D 0,=20 i_next_alloc_goal =3D 0, i_mode =3D 33261, i_nlink =3D 1, i_uid =3D 0, i_= gid =3D 0,=20 i_size =3D 0, i_blocks =3D 0, i_atime =3D 1454332232, i_mtime =3D 1454332= 232,=20 i_ctime =3D 1454332232, i_birthtime =3D 1454332232, i_mtimensec =3D 70012= 0000,=20 i_atimensec =3D 700120000, i_ctimensec =3D 700120000, i_birthnsec =3D 700= 118000,=20 i_gen =3D 1784569991, i_flags =3D 0, i_db =3D {0 <repeats 12 times>}, i_i= b =3D {0,=20 0, 0}, i_ext_cache =3D {ec_start =3D 0, ec_blk =3D 0, ec_len =3D 0, ec_= type =3D 0}} (kgdb) print *ei Cannot access memory at address 0xe17e0f80 Some information from the previous frame: (kgdb) frame 9 #9 0xd00f4a56 in ext2_update (vp=3D0xce0f38e0, waitfor=3D1) at /usr/src/sys/modules/ext2fs/../../fs/ext2fs/ext2_inode.c:91 91 ext2_i2ei(ip, (struct ext2fs_dinode *)((char *)bp->b_data + (kgdb) print bp $2 =3D (struct buf *) 0xe112a8a8 (kgdb) print *bp=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 $3 =3D {b_bufobj =3D 0xcbe062e4, b_bcount =3D 1024, b_caller1 =3D 0x0,=20 b_data =3D 0xe17e0c00 "=C3=ADA", b_error =3D 0, b_iocmd =3D 2 '\002',=20 b_ioflags =3D 2 '\002', b_iooffset =3D 503319552, b_resid =3D 0, b_iodone= =3D 0,=20 b_blkno =3D 983046, b_offset =3D 503319552, b_bobufs =3D {tqe_next =3D 0x= 0,=20 tqe_prev =3D 0xe1231828}, b_left =3D 0xe12317f0, b_right =3D 0x0, b_vfl= ags =3D 0,=20 b_freelist =3D {tqe_next =3D 0x0, tqe_prev =3D 0xe123183c}, b_qindex =3D = 2,=20 b_flags =3D 2684354720, b_xflags =3D 1 '\001', b_lock =3D {lock_object = =3D { lo_name =3D 0xc10fe54f "bufwait", lo_flags =3D 108199936, lo_data =3D= 0,=20 lo_witness =3D 0x0}, lk_lock =3D 3359770880, lk_exslpfail =3D 0, lk_t= imo =3D 0,=20 lk_pri =3D 96}, b_bufsize =3D 1024, b_runningbufspace =3D 0,=20 b_kvabase =3D 0xe17e0000 "#", b_kvaalloc =3D 0x0, b_kvasize =3D 16384,=20 b_lblkno =3D 983046, b_vp =3D 0xcbe06238, b_dirtyoff =3D 0, b_dirtyend = =3D 0,=20 b_rcred =3D 0x0, b_wcred =3D 0x0, b_saveaddr =3D 0xe17e0000, b_pager =3D { pg_reqpage =3D 0}, b_cluster =3D {cluster_head =3D {tqh_first =3D 0x0,= =20 tqh_last =3D 0xe11ad6f0}, cluster_entry =3D {tqe_next =3D 0x0,=20 tqe_prev =3D 0xe11ad6f0}}, b_pages =3D {0xc51334b0, 0x0 <repeats 31 t= imes>},=20 b_npages =3D 1, b_dep =3D {lh_first =3D 0x0}, b_fsprivate1 =3D 0x0,=20 b_fsprivate2 =3D 0x0, b_fsprivate3 =3D 0x0, b_pin_count =3D 0} Please tell me what information I can provide, to help tracking this problem down. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-206820-8>