[Bug 244348] [4] Kernel panic observed while plugging the UFS USB drive on FreeBSD13-CURRENT, FreeBSD 12.1-RELEASE r354233 and FreeBSD 12.1-STABLE r358121

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sun Feb 23 20:09:07 UTC 2020 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244348

            Bug ID: 244348
           Summary: [4] Kernel panic observed while plugging the UFS USB
                    drive on FreeBSD13-CURRENT, FreeBSD 12.1-RELEASE
                    r354233 and FreeBSD 12.1-STABLE r358121
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs at FreeBSD.org
          Reporter: neerajpal09 at gmail.com

Created attachment 211870
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=211870&action=edit
Contains PoC UFS image and detailed logs includes 13-current, 12.1-release and
12.1-stable

Hi there,

Kernel Panic is observed while attaching the usb drive which contains malicious
UFS filesystem image. No user authentication and interaction is needed.

Just flash the attached UFS image to usb drive and plug the usb drive to
FreeBSD 13-CURRENT, 12.1-RELEASE, or 12.1-STABLE.


[Kernel Log - FreeBSD 13-CURRENT]

freebsd dumped core - see /var/crash/vmcore.7

Wed Feb 19 16:14:54 UTC 2020

FreeBSD freebsd 13.0-CURRENT FreeBSD 13.0-CURRENT #0: Wed Feb 19
01:58:08 UTC 2020
root at freebsd:/usr/obj/usr/src/amd64.amd64/sys/GENERIC  amd64

panic: vm_fault_lookup: fault on nofault entry, addr: 0xfffffe003e5f2000

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...

Unread portion of the kernel message buffer:
Superblock check-hash failed: recorded check-hash 0xf58a2f26 !=
computed check-hash 0xccc24ec4 (Ignored)
panic: vm_fault_lookup: fault on nofault entry, addr: 0xfffffe003e5f2000
cpuid = 2
time = 1582128715
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe002c7794e0
vpanic() at vpanic+0x185/frame 0xfffffe002c779540
panic() at panic+0x43/frame 0xfffffe002c7795a0
vm_fault() at vm_fault+0x1a98/frame 0xfffffe002c7796d0
vm_fault_trap() at vm_fault_trap+0x6e/frame 0xfffffe002c779710
trap_pfault() at trap_pfault+0x1f3/frame 0xfffffe002c779790
trap() at trap+0x2a7/frame 0xfffffe002c7798c0
calltrap() at calltrap+0x8/frame 0xfffffe002c7798c0
--- trap 0xc, rip = 0xffffffff8106816e, rsp = 0xfffffe002c779990, rbp
= 0xfffffe002c779990 ---
memset_erms() at memset_erms+0xde/frame 0xfffffe002c779990
ffs_sbget() at ffs_sbget+0x354/frame 0xfffffe002c779a00
g_label_ufs_taste_common() at g_label_ufs_taste_common+0x79/frame
0xfffffe002c779a40
g_label_taste() at g_label_taste+0x2ac/frame 0xfffffe002c779b50
g_new_provider_event() at g_new_provider_event+0xaa/frame 0xfffffe002c779b70
g_run_events() at g_run_events+0x176/frame 0xfffffe002c779bb0
fork_exit() at fork_exit+0x80/frame 0xfffffe002c779bf0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe002c779bf0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
Uptime: 2m17s
Dumping 314 out of 4062 MB:..6%..11%..21%..31%..41%..51%..61%..72%..82%..92%

[Attachments]
+ UFS filesystem image
+ detailed logs from FreeBSD 13-CURRENT, 12.1-RELEASE, and 12.1-STABLE.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list