[Bug 221501] [msdosfs] panic 11.0-RELEASE by mounting a malformed msdosfs image

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221501

Ed Maste <emaste at freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|New                         |Open

--- Comment #4 from Ed Maste <emaste at freebsd.org> ---
Confirmed on FreeBSD/arm64 -current

root at od1000:~/fuzzbsd/results/freebsd_11.0/msdos/12 # mount -t msdosfs /dev/md0
/mnt
panic: vm_fault_hold: fault on nofault entry, addr: 0xffff0000e6ee1000
cpuid = 1
time = 1502812161
KDB: stack backtrace:
...
panic() at vm_fault_hold+0x1d90
         pc = 0xffff00000030f31c  lr = 0xffff000000595894
         sp = 0xffff00010a9fc0c0  fp = 0xffff00010a9fc220

vm_fault_hold() at vm_fault+0x70
         pc = 0xffff000000595894  lr = 0xffff000000593ab4
         sp = 0xffff00010a9fc230  fp = 0xffff00010a9fc260

vm_fault() at data_abort+0x100
         pc = 0xffff000000593ab4  lr = 0xffff0000005faacc
         sp = 0xffff00010a9fc270  fp = 0xffff00010a9fc320

data_abort() at do_el1h_sync+0xfc
         pc = 0xffff0000005faacc  lr = 0xffff0000005fa8d8
         sp = 0xffff00010a9fc330  fp = 0xffff00010a9fc360

do_el1h_sync() at handle_el1h_sync+0x74
         pc = 0xffff0000005fa8d8  lr = 0xffff0000005e3874
         sp = 0xffff00010a9fc370  fp = 0xffff00010a9fc480

handle_el1h_sync() at fillinusemap+0x224
         pc = 0xffff0000005e3874  lr = 0xffff000000200ca4
         sp = 0xffff00010a9fc490  fp = 0xffff00010a9fc570

fillinusemap() at msdosfs_mount+0xd78
         pc = 0xffff000000200ca4  lr = 0xffff000000203a84
         sp = 0xffff00010a9fc580  fp = 0xffff00010a9fc710

msdosfs_mount() at vfs_donmount+0xd0c
         pc = 0xffff000000203a84  lr = 0xffff0000003c2c58
         sp = 0xffff00010a9fc720  fp = 0xffff00010a9fc960

-- 
You are receiving this mail because:
You are the assignee for the bug.