Created attachment 228627 [details] An ext2 file system with a damaged root i-node. ext2fs is willing to mount a file system whose root i-node is a symbolic link, which soon causes a panic. It would be better if ext2_root() or ext2_vget(ino=2) checked the inode type. I've attached a demo ext3 disk image, whose root i-node's mode says it is a symbolic link, and whose size is 60 bytes. # uname -a FreeBSD stock14 14.0-CURRENT FreeBSD 14.0-CURRENT #0 main-n248636-d20e9e02db3: Thu Aug 12 05:47:18 UTC 2021 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64 # gunzip ext38.img.gz # mdconfig -f ext38.img md0 # mount -t ext2fs -o ro /dev/md0 /mnt # cp /mnt/a /dev/null panic: invalid lock request for crossmp cpuid = 0 time = 1634045804 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0063aea5b0 vpanic() at vpanic+0x187/frame 0xfffffe0063aea610 panic() at panic+0x43/frame 0xfffffe0063aea670 crossmp_vop_lock1() at crossmp_vop_lock1+0xaf/frame 0xfffffe0063aea6b0 _vn_lock() at _vn_lock+0x54/frame 0xfffffe0063aea710 lookup() at lookup+0xc2/frame 0xfffffe0063aea7b0 namei() at namei+0x388/frame 0xfffffe0063aea870 kern_statat() at kern_statat+0x12d/frame 0xfffffe0063aea9c0 sys_fstatat() at sys_fstatat+0x2f/frame 0xfffffe0063aeaac0 amd64_syscall() at amd64_syscall+0x12e/frame 0xfffffe0063aeabf0 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0063aeabf0
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=ced21728223016429242d1f7cd5e8a160c8a88cb commit ced21728223016429242d1f7cd5e8a160c8a88cb Author: Fedor Uporov <fsu@FreeBSD.org> AuthorDate: 2021-12-24 14:11:25 +0000 Commit: Fedor Uporov <fsu@FreeBSD.org> CommitDate: 2021-12-30 06:14:45 +0000 Add more accurate check for root inode Check that root inode has links and is directory. PR: 259105 Reported by: Robert Morris MFC after: 2 weeks sys/fs/ext2fs/ext2_inode_cnv.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-)