From owner-freebsd-current  Tue Feb 18  9:32:17 2003
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7D47C37B401; Tue, 18 Feb 2003 09:32:13 -0800 (PST)
Received: from freebsd.org.ru (sweet.etrust.ru [194.84.67.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id BB9F543FB1; Tue, 18 Feb 2003 09:32:11 -0800 (PST)
	(envelope-from osa@freebsd.org.ru)
Received: by freebsd.org.ru (Postfix, from userid 1000)
	id 4B3B3FC; Tue, 18 Feb 2003 20:32:07 +0300 (MSK)
Date: Tue, 18 Feb 2003 20:32:07 +0300
From: "Sergey A. Osokin" <osa@freebsd.org.ru>
To: "Thomas E. Zander" <riggs@rrr.de>
Cc: FreeBSD-gnats-submit@FreeBSD.org, current@FreeBSD.org
Subject: Re: kern/48381: using mv(1) on smbfs crashes 5.0 kernel
Message-ID: <20030218173207.GA59887@freebsd.org.ru>
Reply-To: osa@FreeBSD.org.ru
References: <200302171445.h1HEjWDD001080@trillian.mugiri.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200302171445.h1HEjWDD001080@trillian.mugiri.au>
User-Agent: Mutt/1.4i
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

On Mon, Feb 17, 2003 at 10:45:32PM +0800, Thomas E. Zander wrote:

I can reproduce it on my system.
FreeBSD 5.0-CURRENT #0: Tue Feb 18 18:43:57 MSK 2003

> >Description:
> On a mounted network-filesystem using mount_smbfs, using of the command
> mv /file/on/the/smbfs /file/on/a/local/fs
> freezes the system for about 10 seconds, then immidiate reboot.
> No kernel panic is shown, no dump, also no chance to backtrace the problem.
> Instead using of cp && rm is flawless.
> >How-To-Repeat:
> Just take a 5.0-R and use mv(1) on a smbfs
> >Fix:
> 
> Since I wasn't able to do a trace or gdb -k after the crash, it is difficult to give an idea of how to fix it.
> Sorry.
> >Release-Note:
> >Audit-Trail:

%gdb -k kernel.debug /usr/crash/vmcore.0
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-undermydesk-freebsd"...
panic: bwrite: buffer is not busy???
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0xe0
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc027b9f4
stack pointer           = 0x10:0xcdcb5774
frame pointer           = 0x10:0xcdcb57e4
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 616 (mv)
trap number             = 12
panic: page fault

syncing disks, buffers remaining... panic: bwrite: buffer is not busy???
Uptime: 2m7s
Dumping 255 MB
ata0: resetting devices ..
ata0: mask=03 ostat0=50 ostat2=00
ad0: ATAPI 00 00
ata0-slave: ATAPI 00 00
ata0: mask=03 stat0=50 stat1=00
ad0: ATA 01 a5
ata0: devices=01
ad0: success setting PIO4 on generic chip
done
 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240
---
#0  doadump () at ../../../kern/kern_shutdown.c:239
239             dumping++;
(kgdb) bt
#0  doadump () at ../../../kern/kern_shutdown.c:239
#1  0xc01dc5d9 in boot (howto=260) at ../../../kern/kern_shutdown.c:371
#2  0xc01dc843 in panic () at ../../../kern/kern_shutdown.c:542
#3  0xc02204d2 in bwrite (bp=0xc7729880) at ../../../kern/vfs_bio.c:842
#4  0xc0221c91 in vfs_bio_awrite (bp=0xc7729880) at ../../../kern/vfs_bio.c:1724
#5  0xc0229627 in vop_stdfsync (ap=0xcdcb556c) at ../../../kern/vfs_default.c:755
#6  0xc01a56e0 in spec_fsync (ap=0xcdcb556c) at ../../../fs/specfs/spec_vnops.c:422
#7  0xc01a4bb8 in spec_vnoperate (ap=0x0) at ../../../fs/specfs/spec_vnops.c:123
#8  0xc0293ee7 in ffs_sync (mp=0xc25ac200, waitfor=2, cred=0xc0eb2f00, td=0xc03563c0)
    at vnode_if.h:612
#9  0xc0236e4b in sync (td=0xc03563c0, uap=0x0) at ../../../kern/vfs_syscalls.c:138
#10 0xc01dc1bc in boot (howto=256) at ../../../kern/kern_shutdown.c:280
#11 0xc01dc843 in panic () at ../../../kern/kern_shutdown.c:542
#12 0xc02f1152 in trap_fatal (frame=0xcdcb5734, eva=0) at ../../../i386/i386/trap.c:844
#13 0xc02f0e32 in trap_pfault (frame=0xcdcb5734, usermode=0, eva=224)
    at ../../../i386/i386/trap.c:758
#14 0xc02f0920 in trap (frame=
      {tf_fs = -1070596072, tf_es = 327696, tf_ds = 16, tf_edi = 0, tf_esi = 24, tf_ebp = -842311708, tf_isp = -842311840, tf_ebx = -934060032, tf_edx = -1029007968, tf_ecx = -934059330, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1071138316, tf_cs = 8, tf_eflags = 66118, tf_esp = 255, tf_ss = 2765}) at ../../../i386/i386/trap.c:445
#15 0xc02e0ad8 in calltrap () at {standard input}:96
#16 0xc027a86a in ffs_hashalloc (ip=0xc2aa95a0, cg=-934060032, pref=0, size=32768, 
    allocator=0xc027b720 <ffs_nodealloccg>) at ../../../ufs/ffs/ffs_alloc.c:1154
#17 0xc0279f9e in ffs_valloc (pvp=0xc2aab000, mode=32768, cred=0xc2b9d400, vpp=0xcdcb5878)
    at ../../../ufs/ffs/ffs_alloc.c:856
#18 0xc02a1f6c in ufs_makeinode (mode=32768, dvp=0xc2aab000, vpp=0xcdcb5be0, cnp=0xcdcb5bf4)
    at ../../../ufs/ufs/ufs_vnops.c:2356
#19 0xc029ec09 in ufs_create (ap=0xcdcb5a10) at ../../../ufs/ufs/ufs_vnops.c:197
#20 0xc02a24e8 in ufs_vnoperate (ap=0x0) at ../../../ufs/ufs/ufs_vnops.c:2787
#21 0xc023e60f in vn_open_cred (ndp=0xcdcb5bcc, flagp=0xcdcb5ccc, cmode=0, cred=0xc2b9d400)
    at vnode_if.h:114
#22 0xc023e469 in vn_open (ndp=0x0, flagp=0x0, cmode=0) at ../../../kern/vfs_vnops.c:86
#23 0xc0237c98 in kern_open (td=0xc25a94b0, path=0x0, pathseg=UIO_USERSPACE, flags=3586, mode=0)
    at ../../../kern/vfs_syscalls.c:663
#24 0xc0237b30 in open (td=0x0, uap=0x0) at ../../../kern/vfs_syscalls.c:628
#25 0xc02f147a in syscall (frame=
      {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = -1077938544, tf_esi = -1077938544, tf_ebp = -1077940040, tf_isp = -842310284, tf_ebx = -1077940000, tf_edx = -1077938704, tf_ecx = 0, tf_eax = 5, tf_trapno = 12, tf_err = 2, tf_eip = 134520703, tf_cs = 31, tf_eflags = 518, tf_esp = -1077940116, tf_ss = 47}) at ../../../i386/i386/trap.c:1033
#26 0xc02e0b2d in Xint0x80_syscall () at {standard input}:138
---Can't read userspace from dump, or kernel process---

(kgdb) up 16
#16 0xc027a86a in ffs_hashalloc (ip=0xc2aa95a0, cg=-934060032, pref=0, size=32768, 
    allocator=0xc027b720 <ffs_nodealloccg>) at ../../../ufs/ffs/ffs_alloc.c:1154
1154            result = (*allocator)(ip, cg, pref, size);
(kgdb) p *allocator
$1 = {ufs2_daddr_t (struct inode *, int, ufs2_daddr_t, int)} 0xc027b720 <ffs_nodealloccg>
(kgdb) up 1
#17 0xc0279f9e in ffs_valloc (pvp=0xc2aab000, mode=32768, cred=0xc2b9d400, vpp=0xcdcb5878)
    at ../../../ufs/ffs/ffs_alloc.c:856
856             ino = (ino_t)ffs_hashalloc(pip, cg, ipref, mode,
(kgdb) p cg
$2 = 16

Any idea?

-- 

Rgdz,                        /"\  ASCII RIBBON CAMPAIGN
Sergey Osokin aka oZZ,       \ /    AGAINST HTML MAIL
http://ozz.pp.ru/             X          AND NEWS
                             / \

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message