From owner-freebsd-current@FreeBSD.ORG Wed Sep 15 15:51:53 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F3A116A4CE for ; Wed, 15 Sep 2004 15:51:53 +0000 (GMT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id B626943D1D for ; Wed, 15 Sep 2004 15:51:52 +0000 (GMT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.13.1/8.13.1) with ESMTP id i8FFpWG4090539 for ; Wed, 15 Sep 2004 11:51:32 -0400 (EDT) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)i8FFpWfU090536 for ; Wed, 15 Sep 2004 11:51:32 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Wed, 15 Sep 2004 11:51:32 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: current@FreeBSD.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: NULL pointer deref in snapshot/soft updates X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Sep 2004 15:51:53 -0000 Trace attached. Having one of those mornings... Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Principal Research Scientist, McAfee Research ... Additional TCP options:. Starting background file system checks in 60 seconds. Wed Sep 15 11:34:12 EDT 2004 FreeBSD/i386 (hippy.rv.nailabs.com) (ttyd0) login: Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x0 fault code = supervisor read, page not present instruction pointer = 0x8:0xc0742edf stack pointer = 0x10:0xef1cda38 frame pointer = 0x10:0xef1cdab0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 621 (fsck_ufs) [thread 100114] Stopped at ffs_snapblkfree+0x97: movl 0(%eax),%eax db> trace ffs_snapblkfree(c27a0800,c277ed68,4b4060,0,4000,4) at ffs_snapblkfree+0x97 ffs_snapremove(c2aabe70) at ffs_snapremove+0x5b5 softdep_releasefile(c2994ec4) at softdep_releasefile+0x34 ufs_inactive(ef1cdb6c,ef1cdb84,c0665e88,ef1cdb6c,c08b2000) at ufs_inactive+0xbb ufs_vnoperate(ef1cdb6c) at ufs_vnoperate+0x13 vrele(c2aabe70,c2aabe70,ef1cdb9c,1,c26c8800) at vrele+0x138 ufs_close(ef1cdbbc,ef1cdbe4,c06702ec,ef1cdbbc,c08b1b00) at ufs_close+0xc7 ufs_vnoperate(ef1cdbbc) at ufs_vnoperate+0x13 vn_close(c2aabe70,1,c225d480,c273d640,0) at vn_close+0x40 vn_closefile(c2992bf4,c273d640) at vn_closefile+0xc2 fdrop_locked(c2992bf4,c273d640,0,ef1cdccc,c05f2763) at fdrop_locked+0xa8 fdrop(c2992bf4,c273d640,0,3,317) at fdrop+0x41 closef(c2992bf4,c273d640,0,c2ad6700,0) at closef+0x23f close(c273d640,ef1cdd14,1,78,296) at close+0x169 syscall(2f,2f,bfbf002f,0,0) at syscall+0x283 Xint0x80_syscall() at Xint0x80_syscall+0x1f --- syscall (6, FreeBSD ELF32, close), eip = 0x280d154b, esp = 0xbfbfec6c, ebp = 0xbfbfec98 --- db> show pcpu cpuid = 2 curthread = 0xc273d640: pid 621 "fsck_ufs" curpcb = 0xef1cdda0 fpcurthread = none idlethread = 0xc2260640: pid 12 "idle: cpu2" APIC ID = 2 currentldt = 0x30