Bug 230286 - panic: lookup: ni_pathlen underflow to -3
Summary: panic: lookup: ni_pathlen underflow to -3
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-bugs (Nobody)
Keywords: panic
Depends on:
Reported: 2018-08-02 04:39 UTC by Peter Holm
Modified: 2018-08-03 16:05 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Peter Holm freebsd_committer 2018-08-02 04:39:18 UTC
20180802 05:27:31 all (109/576): cmp.sh
panic: lookup: ni_pathlen underflow to -3

cpuid = 44
time = 1533180477
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00f68b7db0
vpanic() at vpanic+0x1a3/frame 0xfffffe00f68b7e10
doadump() at doadump/frame 0xfffffe00f68b7e90
lookup() at lookup+0x9c0/frame 0xfffffe00f68b7f30
namei() at namei+0x4fd/frame 0xfffffe00f68b7ff0
kern_mkdirat() at kern_mkdirat+0x92/frame 0xfffffe00f68b8200
amd64_syscall() at amd64_syscall+0x29c/frame 0xfffffe00f68b8330
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe00f68b8330
--- syscall (136, FreeBSD ELF64, sys_mkdir), rip = 0x80040f3ba, rsp = 0x7fffffffdef8, rbp = 0x7fffffffe740 ---

Details @ https://people.freebsd.org/~pho/stress/log/cmp-2.txt
Comment 1 Peter Holm freebsd_committer 2018-08-02 07:35:46 UTC
More debug info here: https://people.freebsd.org/~pho/stress/log/cmp-3.txt
Comment 2 Peter Holm freebsd_committer 2018-08-03 13:33:35 UTC
Seems to be introduced by r336876.
Comment 3 commit-hook freebsd_committer 2018-08-03 15:35:36 UTC
A commit references this bug:

Author: kib
Date: Fri Aug  3 15:35:29 UTC 2018
New revision: 337261
URL: https://svnweb.freebsd.org/changeset/base/337261

  Fix typo in copyinstr_smap, resulting in mis-handling of too long strings.

  Reported and tested by:	pho
  PR:	230286
  Sponsored by:	The FreeBSD Foundation