126287 – [ufs] [panic] Kernel panics while mounting an UFS filesystem with snapshot enabled

Bug 126287 - [ufs] [panic] Kernel panics while mounting an UFS filesystem with snapshot enabled

Summary: [ufs] [panic] Kernel panics while mounting an UFS filesystem with snapshot en...

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	7.0-STABLE
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-08-05 22:40 UTC by Carel Bram
Modified:	2022-01-26 16:20 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
vfs_mount.diff (399 bytes, patch) 2008-08-06 10:24 UTC, Mateusz Guzik	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Carel Bram 2008-08-05 22:40:03 UTC

After compiling a new version of Free BSD 3 weeks ago, the system crashed
during the reboot. Further investigation pointed out that mounting UFS
filesystems with snapshots enabled caused the crash. Mounting the
filesystems without snapshot enabled circumvented the problem. But snapshots
do not work anymore.

How-To-Repeat: Mount ufs filesystems with snapshot enabled.

Comment 1 Mark Linimon freebsd_committer

2008-08-06 01:14:52 UTC

Responsible Changed
From-To: freebsd-bugs->freebsd-fs

Over to maintainer(s).

Comment 2 Remko Lodder 2008-08-06 07:54:14 UTC

On Tue, August 5, 2008 11:36 pm, Carel Braam wrote:
Hello Carel,

This information is a bit narrow. If the kernel panics, you should be able
to get a kernelcoredump. Please follow the procedure at
http://www.freebsd.org/doc/en/books/developers-handbook/kerneldebug.html.

Thanks,
Remko

-- 
/"\   Best regards,                      | remko@FreeBSD.org
\ /   Remko Lodder                       | remko@EFnet
 X    http://www.evilcoder.org/          |
/ \   ASCII Ribbon Campaign              | Against HTML Mail and News

Comment 3 Mateusz Guzik 2008-08-06 10:24:16 UTC

Hi,

function vfs_deleteopt() was called with NULL pointer (opts) used in
TAILQ_FOREACH_SAFE macro -- I believe that simple `if (opts == NULL)
return; ' in that function is ok to fix this. (Take a look at
attachment.)

At least the kernel does not panic. ;)

Thanks,
--
Mateusz Guzik

Comment 4 Mateusz Guzik 2008-08-06 11:15:00 UTC

Something weird happened to my attachment, I'll paste it here:

--- sys/kern/vfs_mount.c.orig	2008-08-06 11:14:16.000000000 +0200
+++ sys/kern/vfs_mount.c	2008-08-06 11:14:32.000000000 +0200
@@ -196,10 +196,13 @@
 void
 vfs_deleteopt(struct vfsoptlist *opts, const char *name)
 {
 	struct vfsopt *opt, *temp;

+	if (opts == NULL)
+		return;
+
 	TAILQ_FOREACH_SAFE(opt, opts, link, temp)  {
 		if (strcmp(opt->name, name) == 0)
 			vfs_freeopt(opts, opt);
 	}
 }

Again, it should work fine ;)

Thanks,
--
Mateusz Guzik

Comment 5 Kostik Belousov 2008-08-06 14:34:41 UTC

On Wed, Aug 06, 2008 at 10:20:05AM +0000, Mateusz Guzik wrote:
> The following reply was made to PR kern/126287; it has been noted by GNATS.
> 
> From: "Mateusz Guzik" <mjguzik@gmail.com>
> To: bug-followup@freebsd.org
> Cc:  
> Subject: Re: kern/126287: [ufs] [panic] Kernel panics while mounting an UFS filesystem with snapshot enabled
> Date: Wed, 6 Aug 2008 12:15:00 +0200
> 
>  Something weird happened to my attachment, I'll paste it here:
>  
>  --- sys/kern/vfs_mount.c.orig	2008-08-06 11:14:16.000000000 +0200
>  +++ sys/kern/vfs_mount.c	2008-08-06 11:14:32.000000000 +0200
>  @@ -196,10 +196,13 @@
>   void
>   vfs_deleteopt(struct vfsoptlist *opts, const char *name)
>   {
>   	struct vfsopt *opt, *temp;
>  
>  +	if (opts == NULL)
>  +		return;
>  +
>   	TAILQ_FOREACH_SAFE(opt, opts, link, temp)  {
>   		if (strcmp(opt->name, name) == 0)
>   			vfs_freeopt(opts, opt);
>   	}
>   }
>  
>  Again, it should work fine ;)
>  
>  Thanks,
>  --
>  Mateusz Guzik


The PR lacks the backtrace (preferrable the ddb output or "bt full" from
kgdb) for the panic. Please, show me the backtrace.

Comment 6 Mateusz Guzik 2008-08-06 14:52:24 UTC

2008/8/6 Kostik Belousov <kostikbel@gmail.com>:
> On Wed, Aug 06, 2008 at 10:20:05AM +0000, Mateusz Guzik wrote:
>> The following reply was made to PR kern/126287; it has been noted by GNATS.
>>
>> From: "Mateusz Guzik" <mjguzik@gmail.com>
>> To: bug-followup@freebsd.org
>> Cc:
>> Subject: Re: kern/126287: [ufs] [panic] Kernel panics while mounting an UFS filesystem with snapshot enabled
>> Date: Wed, 6 Aug 2008 12:15:00 +0200
>>
>>  Something weird happened to my attachment, I'll paste it here:
>>
>>  --- sys/kern/vfs_mount.c.orig        2008-08-06 11:14:16.000000000 +0200
>>  +++ sys/kern/vfs_mount.c     2008-08-06 11:14:32.000000000 +0200
>>  @@ -196,10 +196,13 @@
>>   void
>>   vfs_deleteopt(struct vfsoptlist *opts, const char *name)
>>   {
>>       struct vfsopt *opt, *temp;
>>
>>  +    if (opts == NULL)
>>  +            return;
>>  +
>>       TAILQ_FOREACH_SAFE(opt, opts, link, temp)  {
>>               if (strcmp(opt->name, name) == 0)
>>                       vfs_freeopt(opts, opt);
>>       }
>>   }
>>
>>  Again, it should work fine ;)
>
> The PR lacks the backtrace (preferrable the ddb output or "bt full" from
> kgdb) for the panic. Please, show me the backtrace.
>

Sorry, I don't have currently access to fbsd 7, so here is backtrace
from CURRENT(crashed by mount -o snapshot /somefilesystem):

[..]
#11 0xc06e1e5b in calltrap () at
/srv/build/CURRENT/src/sys/i386/i386/exception.s:165
#12 0xc05c86d4 in vfs_deleteopt (opts=0x0, name=0xc074ef52 "snapshot")
at /srv/build/CURRENT/src/sys/kern/vfs_mount.c:195
#13 0xc068d689 in ffs_mount (mp=0xc29f52a0, td=0xc2875af0) at
/srv/build/CURRENT/src/sys/ufs/ffs/ffs_vfsops.c:172
#14 0xc05cb1d8 in vfs_donmount (td=0xc2875af0, fsflags=0,
fsoptions=0xc261db80) at /srv/build/CURRENT/src/sys/kern/vfs_mount.c:1010
#15 0xc05cc3bb in nmount (td=0xc2875af0, uap=0xcd3a7cf8) at
/srv/build/CURRENT/src/sys/kern/vfs_mount.c:417
#16 0xc06f9157 in syscall (frame=0xcd3a7d38) at
/srv/build/CURRENT/src/sys/i386/i386/trap.c:1081
#17 0xc06e1ef0 in Xint0x80_syscall () at
/srv/build/CURRENT/src/sys/i386/i386/exception.s:261

Thanks,
--
Mateusz Guzik

Comment 7 Kostik Belousov 2008-08-06 15:48:20 UTC

On Wed, Aug 06, 2008 at 03:52:24PM +0200, Mateusz Guzik wrote:
> Sorry, I don't have currently access to fbsd 7, so here is backtrace
> from CURRENT(crashed by mount -o snapshot /somefilesystem):


I very much doubt that original submitter has mean this problem.
But thanks for noting the issue. I prefer the following change,
committed as r181345:

diff --git a/sys/ufs/ffs/ffs_vfsops.c b/sys/ufs/ffs/ffs_vfsops.c
index 5ee123a..4d9754e 100644
--- a/sys/ufs/ffs/ffs_vfsops.c
+++ b/sys/ufs/ffs/ffs_vfsops.c
@@ -169,7 +169,8 @@ ffs_mount(struct mount *mp, struct thread *td)
 		 * persist "snapshot" in the options list.
 		 */
 		vfs_deleteopt(mp->mnt_optnew, "snapshot");
-		vfs_deleteopt(mp->mnt_opt, "snapshot");
+		if (mp->mnt_opt != NULL)
+			vfs_deleteopt(mp->mnt_opt, "snapshot");
 	}
 
 	MNT_ILOCK(mp);

Comment 8 Dag-Erling Smørgrav 2008-08-08 00:09:11 UTC

Kostik Belousov <kostikbel@gmail.com> writes:
> @@ -169,7 +169,8 @@ ffs_mount(struct mount *mp, struct thread *td)
>  		 * persist "snapshot" in the options list.
>  		 */
>  		vfs_deleteopt(mp->mnt_optnew, "snapshot");
> -		vfs_deleteopt(mp->mnt_opt, "snapshot");
> +		if (mp->mnt_opt !=3D NULL)
> +			vfs_deleteopt(mp->mnt_opt, "snapshot");
>  	}
>=20=20
>  	MNT_ILOCK(mp);

I would suggest also adding a KASSERT to vfs_deleteopt().

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no

Comment 9 Eitan Adler freebsd_committer

2017-12-31 08:01:34 UTC

For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped

Comment 10 jack khan 2019-12-21 13:41:18 UTC

MARKED AS SPAM