* Panic on shutdown in ntfs_put_super
@ 2022-02-02 22:46 Ronan Pigott
0 siblings, 0 replies; only message in thread
From: Ronan Pigott @ 2022-02-02 22:46 UTC (permalink / raw)
To: ntfs3
Dear maintainers,
I have a reproducible panic on shutdown in the ntfs3 module. It happens
when I shutdown while I have an ntfs file system mounted, but does not
happen if I manually umount the partition before poweroff. I recovered
the following stack trace from a picture I took of my screen:
R13: ffffffffc0775c3d R14: ffff990700042200 R15: 00[...]
FS: 00007f5eed0f0a40(0000) GS:ffff990a6e50000(0000)
CS: 0010 DS: 0000 ES: 0000 CR0: 000000000000033
CR2: 00007f5eeda906cb CR3: 00000001037a6001 CR4: 00[...]
Call Trace:
<TASK>
ntfs_put_super+0x2d/0x70 [ntfs3 49778e649db467d967[...]
generic_shutdown_super+0x71/0x120
kill_block_super+0x21/0x50
deactivate_locked_super+0x33/0xa0
cleanup_mnt+0x131/0x190
task_work_run+0x59/0x90
exit_to_user_mode_prepare+0x17e/0x180
syscll_exit_to_user_mode+0x23/0x50
do_syscall_64+0x69/0x90
? do_user_addr_fault+0x1d7/0x6a0
? exc_page_fault+0x72/0x180
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f5eedb2161b
Code: 18 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 90 f[...]
[...]
</TASK>
The ellipsized portions are outside the image frame. My kernel version
was 5.16.3-arch1-1, but it has been reproducible as long as I have used
the ntfs3 module.
When built with debug symbols, I get the following (truncated) output
from objdump:
$ objdump -j.text --disassemble=ntfs_put_super -S fs/ntfs3/ntfs3.ko
Disassembly of section .text:
static void ntfs_put_super(struct super_block *sb)
{
29c10: e8 00 00 00 00 call 29c15 <ntfs_put_super+0x5>
29c15: 41 54 push %r12
struct ntfs_sb_info *sbi = sb->s_fs_info;
/* Mark rw ntfs as clear, if possible. */
ntfs_set_state(sbi, NTFS_DIRTY_CLEAR);
29c17: 31 f6 xor %esi,%esi
{
29c19: 55 push %rbp
29c1a: 53 push %rbx
struct ntfs_sb_info *sbi = sb->s_fs_info;
29c1b: 48 8b af 98 03 00 00 mov 0x398(%rdi),%rbp
{
29c22: 48 89 fb mov %rdi,%rbx
ntfs_set_state(sbi, NTFS_DIRTY_CLEAR);
29c25: 48 89 ef mov %rbp,%rdi
29c28: e8 00 00 00 00 call 29c2d <ntfs_put_super+0x1d>
put_mount_options(sbi->options);
29c2d: 4c 8b a5 f8 04 00 00 mov 0x4f8(%rbp),%r12
kfree(options->nls_name);
29c34: 49 8b 3c 24 mov (%r12),%rdi
29c38: e8 00 00 00 00 call 29c3d <ntfs_put_super+0x2d>
unload_nls(options->nls);
29c3d: 49 8b 7c 24 08 mov 0x8(%r12),%rdi // CRASH HERE
[...]
The last line is the ntfs_put_super+0x2d intsruction from the stack trace.
So it appears that options->nls_name does not crash, but options->nls
does? I'm not sure how to investigate further, so I'm mailing this list.
Thanks,
Ronan
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-02-02 22:52 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-02 22:46 Panic on shutdown in ntfs_put_super Ronan Pigott
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.