[Bug 244899] ZFS symlink xattr panic

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Wed Mar 18 22:55:34 UTC 2020 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244899

            Bug ID: 244899
           Summary: ZFS symlink xattr panic
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: bugs at FreeBSD.org
          Reporter: y.freebsd at paritcher.com

on ZFS, if a symlink target has more than 136 characters setting a xattr on the
symlink is broken. 

on 12.1 this causes that on the next mount of the dataset (or after not
`stat`ing the file for a while) the symlink returns "bad file descriptor".

on 13 CURRENT the call to `setextattr` causes a kernel panic.

Steps to Reproduce:

root at freebsd:~ # zpool create tester /dev/ada1
root at freebsd:~ # zfs create tester/test
root at freebsd:~ # ln -s
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
/tester/test/A
root at freebsd:~ # setextattr -h user A A /tester/test/A


on CURRENT this will cause a panic.
for 12.1:

root at freebsd:~ # zfs unmount tester/test
root at freebsd:~ # zfs mount tester/test
root at freebsd:~ # ls -l /tester/test/                                           
                                      ls: A: Bad file descriptor
total 0

kernel traceback:

panic: solaris assert: IS_SA_BONUSTYPE(bonustype) &&
SA_HDR_SIZE_MATCH_LAYOUT(hdr, tb) || !IS_SA_BONUSTYPE(bonustype) ||
(IS_SA_BONUSTYPE(bonustype) && hdr->sa_layout_info == 0), file:
/usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sa.c, line: 1512
cpuid = 0
time = 1584572024
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0025270530
vpanic() at vpanic+0x182/frame 0xfffffe0025270580
panic() at panic+0x43/frame 0xfffffe00252705e0
assfail() at assfail+0x1a/frame 0xfffffe00252705f0
sa_build_index() at sa_build_index+0x170/frame 0xfffffe0025270700
sa_build_layouts() at sa_build_layouts+0xc22/frame 0xfffffe0025270810
sa_modify_attrs() at sa_modify_attrs+0x4db/frame 0xfffffe0025270910
sa_attr_op() at sa_attr_op+0x4e2/frame 0xfffffe00252709b0
sa_bulk_update_impl() at sa_bulk_update_impl+0xa5/frame 0xfffffe00252709f0
sa_update() at sa_update+0x55/frame 0xfffffe0025270a40
zfs_make_xattrdir() at zfs_make_xattrdir+0x20a/frame 0xfffffe0025270ae0
zfs_get_xattrdir() at zfs_get_xattrdir+0xc1/frame 0xfffffe0025270bf0
zfs_lookup() at zfs_lookup+0x15b/frame 0xfffffe0025270cd0
zfs_setextattr() at zfs_setextattr+0x1ca/frame 0xfffffe0025271000
VOP_SETEXTATTR_APV() at VOP_SETEXTATTR_APV+0x38/frame 0xfffffe0025271020
extattr_set_vp() at extattr_set_vp+0x11d/frame 0xfffffe00252710f0
kern_extattr_set_path() at kern_extattr_set_path+0x10c/frame 0xfffffe0025271330
sys_extattr_set_link() at sys_extattr_set_link+0x29/frame 0xfffffe0025271350
amd64_syscall() at amd64_syscall+0x16d/frame 0xfffffe0025271470
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0025271470
--- syscall (412, FreeBSD ELF64, sys_extattr_set_link), rip = 0x8002e4eea, rsp
= 0x7fffffffd9e8, rbp = 0x7fffffffea90 ---
KDB: enter: panic
[ thread pid 690 tid 100429 ]
Stopped at      kdb_enter+0x37: movq    $0,0x10928e6(%rip)
db> 


if there is any other information i can provide please let me know

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list