[Bug 206820] [ext2fs] Panic when writing to ext3fs mounted as ext2fs

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Feb 1 14:27:03 UTC 2016 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206820

            Bug ID: 206820
           Summary: [ext2fs] Panic when writing to ext3fs mounted as
                    ext2fs
           Product: Base System
           Version: 9.3-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: ardovm at yahoo.it

I encountered two panics on the very same operation: writing files to a ext3fs
formatted USB drive that is mounted as ext2fs.

The filesystem is created by a shell script, issuing the following commands:

# mkfs.ext3 /dev/da0s1
# tune2fs -O ^dir_index /dev/da0s1
# mount -t ext2fs /dev/da0s1 /mnt

And files are extracted from a tar archive (produced by gnu tar):

# ssh linuxhost 'cat filesystem.tar.bz2' | tar -C /mnt -xjf -'

My system is a 9-STABLE updated this morning.

# uname -a 
FreeBSD myhost 9.3-STABLE FreeBSD 9.3-STABLE #144 r295117M: Mon Feb  1 09:31:54
CET 2016     root at myhost:/usr/obj/usr/src/sys/GENERIC  i386

Both panics are triggered by function ext2_i2ei at
/usr/src/sys/modules/ext2fs/../../fs/ext2fs/ext2_inode_cnv.c:152

Here is an excerpt of the backtrace:

[...]
#7  0xc0f9fee7 in calltrap () at /usr/src/sys/i386/i386/exception.s:173
#8  0xd00f5759 in ext2_i2ei (ip=0xcab8f100, ei=0xe17e0f80)
    at /usr/src/sys/modules/ext2fs/../../fs/ext2fs/ext2_inode_cnv.c:152
#9  0xd00f4a56 in ext2_update (vp=0xce0f38e0, waitfor=1)
    at /usr/src/sys/modules/ext2fs/../../fs/ext2fs/ext2_inode.c:91
#10 0xd00fad12 in ext2_makeinode (mode=8, dvp=0xcc69f11c, vpp=0xeffeab88, 
    cnp=0xeffeab9c)
    at /usr/src/sys/modules/ext2fs/../../fs/ext2fs/ext2_vnops.c:1586
#11 0xc0fdd612 in VOP_CREATE_APV (vop=0xd00fe3a0, a=0xeffeaae8)
    at vnode_if.c:260
#12 0xc0b9d989 in vn_open_cred (ndp=0xeffeab5c, flagp=0xeffeac24, 
    cmode=<value optimized out>, vn_open_flags=0, cred=0xc9ee7100, 
    fp=0xcafea508) at vnode_if.h:109
#13 0xc0b9de6b in vn_open (ndp=0xeffeab5c, flagp=0xeffeac24, cmode=493, 
    fp=0xcafea508) at /usr/src/sys/kern/vfs_vnops.c:113
#14 0xc0b99460 in kern_openat (td=0xc8420900, fd=-100, 
    path=0x284a61a0 <Address 0x284a61a0 out of bounds>, 
    pathseg=UIO_USERSPACE, flags=2562, mode=493)
    at /usr/src/sys/kern/vfs_syscalls.c:1128
#15 0xc0b998b5 in kern_open (td=0xc8420900, 
    path=0x284a61a0 <Address 0x284a61a0 out of bounds>, 
    pathseg=UIO_USERSPACE, flags=2561, mode=493)
    at /usr/src/sys/kern/vfs_syscalls.c:1079
#16 0xc0b998f0 in sys_open (td=0xc8420900, uap=0xeffeaccc)
    at /usr/src/sys/kern/vfs_syscalls.c:1055
#17 0xc0fb6869 in syscall (frame=0xeffead08) at subr_syscall.c:142
#18 0xc0f9ff8c in Xint0x80_syscall ()
    at /usr/src/sys/i386/i386/exception.s:279

When kgdb'ing into frame 8, the pointer to ei seems not to be valid:

(kgdb) frame 8
#8  0xd00f5759 in ext2_i2ei (ip=0xcab8f100, ei=0xe17e0f80)
    at /usr/src/sys/modules/ext2fs/../../fs/ext2fs/ext2_inode_cnv.c:152
152             ei->e2di_ctime_extra = NSEC_TO_XTIME(ip->i_ctimensec);
(kgdb) print *ip
$1 = {i_vnode = 0xce0f38e0, i_ump = 0xccadc240, i_flag = 0, i_number = 122888, 
  i_e2fs = 0xc7798c00, i_modrev = 62488400780442, i_count = 0, i_endoff = 0, 
  i_diroff = 0, i_offset = 0, i_block_group = 60, i_next_alloc_block = 0, 
  i_next_alloc_goal = 0, i_mode = 33261, i_nlink = 1, i_uid = 0, i_gid = 0, 
  i_size = 0, i_blocks = 0, i_atime = 1454332232, i_mtime = 1454332232, 
  i_ctime = 1454332232, i_birthtime = 1454332232, i_mtimensec = 700120000, 
  i_atimensec = 700120000, i_ctimensec = 700120000, i_birthnsec = 700118000, 
  i_gen = 1784569991, i_flags = 0, i_db = {0 <repeats 12 times>}, i_ib = {0, 
    0, 0}, i_ext_cache = {ec_start = 0, ec_blk = 0, ec_len = 0, ec_type = 0}}
(kgdb) print *ei
Cannot access memory at address 0xe17e0f80

Some information from the previous frame:

(kgdb) frame 9
#9  0xd00f4a56 in ext2_update (vp=0xce0f38e0, waitfor=1)
    at /usr/src/sys/modules/ext2fs/../../fs/ext2fs/ext2_inode.c:91
91              ext2_i2ei(ip, (struct ext2fs_dinode *)((char *)bp->b_data +
(kgdb) print bp
$2 = (struct buf *) 0xe112a8a8
(kgdb) print *bp                                                                
$3 = {b_bufobj = 0xcbe062e4, b_bcount = 1024, b_caller1 = 0x0, 
  b_data = 0xe17e0c00 "íA", b_error = 0, b_iocmd = 2 '\002', 
  b_ioflags = 2 '\002', b_iooffset = 503319552, b_resid = 0, b_iodone = 0, 
  b_blkno = 983046, b_offset = 503319552, b_bobufs = {tqe_next = 0x0, 
    tqe_prev = 0xe1231828}, b_left = 0xe12317f0, b_right = 0x0, b_vflags = 0, 
  b_freelist = {tqe_next = 0x0, tqe_prev = 0xe123183c}, b_qindex = 2, 
  b_flags = 2684354720, b_xflags = 1 '\001', b_lock = {lock_object = {
      lo_name = 0xc10fe54f "bufwait", lo_flags = 108199936, lo_data = 0, 
      lo_witness = 0x0}, lk_lock = 3359770880, lk_exslpfail = 0, lk_timo = 0, 
    lk_pri = 96}, b_bufsize = 1024, b_runningbufspace = 0, 
  b_kvabase = 0xe17e0000 "#", b_kvaalloc = 0x0, b_kvasize = 16384, 
  b_lblkno = 983046, b_vp = 0xcbe06238, b_dirtyoff = 0, b_dirtyend = 0, 
  b_rcred = 0x0, b_wcred = 0x0, b_saveaddr = 0xe17e0000, b_pager = {
    pg_reqpage = 0}, b_cluster = {cluster_head = {tqh_first = 0x0, 
      tqh_last = 0xe11ad6f0}, cluster_entry = {tqe_next = 0x0, 
      tqe_prev = 0xe11ad6f0}}, b_pages = {0xc51334b0, 0x0 <repeats 31 times>}, 
  b_npages = 1, b_dep = {lh_first = 0x0}, b_fsprivate1 = 0x0, 
  b_fsprivate2 = 0x0, b_fsprivate3 = 0x0, b_pin_count = 0}

Please tell me what information I can provide, to help tracking this problem
down.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list