Bug 195767 - [unionfs] unionfs_relookup_for_delete passing null pointer to strlen
Summary: [unionfs] unionfs_relookup_for_delete passing null pointer to strlen
Status: Closed Not Accepted
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 10.1-RELEASE
Hardware: i386 Any
: --- Affects Some People
Assignee: freebsd-bugs (Nobody)
Depends on:
Reported: 2014-12-07 05:27 UTC by Mahmoud Al-Qudsi
Modified: 2014-12-24 00:56 UTC (History)
1 user (show)

See Also:

backtrace screenshot (360.28 KB, image/jpeg)
2014-12-07 05:27 UTC, Mahmoud Al-Qudsi
no flags Details
panic screenshot (313.69 KB, image/jpeg)
2014-12-07 05:29 UTC, Mahmoud Al-Qudsi
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Mahmoud Al-Qudsi 2014-12-07 05:27:53 UTC
Created attachment 150294 [details]
backtrace screenshot

This is a bug that may have been present in earlier versions of FreeBSD, but since upgrading to FreeBSD 10.1-RELEASE I can regularly reproduce.

The environment is a custom live CD, configured with a preloaded ufs.gz base bootstrap image that mounts a ufs.uzip file as the new root, creates a malloc-based virtual disk, and overlays it over the existing RO ufs.uzip image via unionfs.

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address= 0x0
fault code= supervisor read, page not present
current process= 2626 (rmdir)

[ thread pid 2626 tid 100065 ]
Stopped at strlen+0xd: movl 0(%ecx),%eax

db> bt
tracing pid 2626 tid 100065 td 0xc8dfe620
--- syscall (137, FreeBSD ELF32, sys_rmdir)
Comment 1 Mahmoud Al-Qudsi 2014-12-07 05:29:08 UTC
Created attachment 150295 [details]
panic screenshot
Comment 2 Mahmoud Al-Qudsi 2014-12-24 00:56:32 UTC
Caused by kernel module mismatch.