From owner-freebsd-current@FreeBSD.ORG  Sun Nov 23 09:46:06 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A77F016A4CE
	for <freebsd-current@freebsd.org>;
	Sun, 23 Nov 2003 09:46:06 -0800 (PST)
Received: from morphy.iki.fi (baana-pppoes-213-139-166-84.suomi.net
	[213.139.166.84])
	by mx1.FreeBSD.org (Postfix) with SMTP id A043743FDD
	for <freebsd-current@freebsd.org>;
	Sun, 23 Nov 2003 09:46:04 -0800 (PST)
	(envelope-from morphy@morphy.iki.fi)
Received: (qmail 50821 invoked by uid 0); 23 Nov 2003 17:39:12 -0000
Received: from muhveli.int.morphy.iki.fi (HELO morphy.iki.fi)
	(qmailr@192.168.100.2)
	by morphy.int.morphy.iki.fi with SMTP; 23 Nov 2003 17:39:12 -0000
Received: (qmail 53270 invoked by uid 1000); 23 Nov 2003 17:38:05 -0000
Date: Sun, 23 Nov 2003 19:38:04 +0200
From: "Mikko S. Hyvarinen" <morphy@morphy.iki.fi>
To: freebsd-current@freebsd.org
Message-ID: <20031123173804.GA53232@muhveli.morphy.iki.fi>
References: <86u14von9h.fsf@borg.borderworlds.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <86u14von9h.fsf@borg.borderworlds.dk>
User-Agent: Mutt/1.4.1i
Subject: Re: Panic when trying to mount cd9660 as udf
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Nov 2003 17:46:06 -0000

On Sun, Nov 23, 2003 at 03:02:34AM +0100, Christian Laursen wrote:
> By accident, I tried to mount a CD as UDF, and got the follwoing panic:
> 
> Fatal trap 12: page fault while in kernel mode
> cpuid = 0; apic id = 00
> fault virtual address   = 0x0
> fault code              = supervisor read, page not present
> instruction pointer     = 0x8:0xc06c2f6c
> stack pointer           = 0x10:0xcda4bac0
> frame pointer           = 0x10:0xcda4bacc
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, def32 1, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 530 (mount_udf)
> 
> This seems to be easily reproducable. First I got it on my workstation
> running 5.2-BETA, and I then reproduced it on my test machine which runs
> -CURRENT from 4 days ago:
> 
> FreeBSD cardassian.borderworlds.dk 5.1-CURRENT FreeBSD 5.1-CURRENT #0: Wed Nov 19 04:22:32 CET 2003     root@cardassian.borderworlds.dk:/usr/obj/usr/src/sys/GENERIC  i386
> 
> The output in this mail is from the test machine.
> 
> This is the backtrace I got from the resulting crashdump:
> 
> #0  doadump () at /usr/src/sys/kern/kern_shutdown.c:240
> #1  0xc066d6fb in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:372
> #2  0xc066dafd in panic () at /usr/src/sys/kern/kern_shutdown.c:550
> #3  0xc048ac32 in db_panic () at /usr/src/sys/ddb/db_command.c:450
> #4  0xc048ab92 in db_command (last_cmdp=0xc0938360, cmd_table=0xc08c3c00, 
>     aux_cmd_tablep=0xc08baa04, aux_cmd_tablep_end=0xc08baa1c)
>     at /usr/src/sys/ddb/db_command.c:346
> #5  0xc048acd5 in db_command_loop () at /usr/src/sys/ddb/db_command.c:472
> #6  0xc048dcd5 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_trap.c:73
> #7  0xc0812dcc in kdb_trap (type=12, code=0, regs=0xcda4ba80)
>     at /usr/src/sys/i386/i386/db_interface.c:171
> #8  0xc08294d6 in trap_fatal (frame=0xcda4ba80, eva=0)
>     at /usr/src/sys/i386/i386/trap.c:816
> #9  0xc0829182 in trap_pfault (frame=0xcda4ba80, usermode=0, eva=0)
>     at /usr/src/sys/i386/i386/trap.c:735
> #10 0xc0828d23 in trap (frame=
>       {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = -1040053552, tf_esi = 1, tf_ebp = -844842292, tf_isp = -844842324, tf_ebx = 0, tf_edx = 4, tf_ecx = 1, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1066651796, tf_cs = 8, tf_eflags = 66182, tf_esp = 6, tf_ss = 0}) at /usr/src/sys/i386/i386/trap.c:420
> #11 0xc0814818 in calltrap () at {standard input}:94
> #12 0xc06c3913 in vfs_mount_destroy (mp=0x0, td=0x0)
>     at /usr/src/sys/kern/vfs_mount.c:537
> #13 0xc06c472f in vfs_domount (td=0xc20c7dc0, fstype=0xc2020ad0 "udf", 
>     fspath=0xc2020ab0 "/mnt", fsflags=1, fsdata=0xc2020c00, compat=0)
>     at /usr/src/sys/kern/vfs_mount.c:938
> #14 0xc06c3a39 in vfs_nmount (td=0x0, fsflags=0, fsoptions=0x0)
>     at /usr/src/sys/kern/vfs_mount.c:581
> #15 0xc06c353d in nmount (td=0x0, uap=0xcda4bd10)
>     at /usr/src/sys/kern/vfs_mount.c:407
> #16 0xc0829870 in syscall (frame=
>       {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = -1077940702, tf_esi = 8, tf_ebp = -1077940972, tf_isp = -844841612, tf_ebx = 5, tf_edx = -1077940736, tf_ecx = 10, tf_eax = 378, tf_trapno = 12, tf_err = 2, tf_eip = 671876783, tf_cs = 31, tf_eflags = 582, tf_esp = -1077942196, tf_ss = 47})
>     at /usr/src/sys/i386/i386/trap.c:1010
> #17 0xc081486d in Xint0x80_syscall () at {standard input}:136

Hi,

I get a similar backtrace when trying to mount a genuine UDF filesystem (DVD-ROM)
as UDF - and it happens every time with all the DVD-ROMs I have. Seems to be the
same offender as in your case
This is -current from sources dated november 15th.

Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x0
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc05ab4bc
stack pointer           = 0x10:0xe8153a8c
frame pointer           = 0x10:0xe8153a98
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 843 (mount_udf)
trap number             = 12
panic: page fault

#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:240
#1  0xc05524f9 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:372
#2  0xc05528d8 in panic () at /usr/src/sys/kern/kern_shutdown.c:550
#3  0xc071c3d6 in trap_fatal (frame=0xe8153a4c, eva=0) at /usr/src/sys/i386/i386/trap.c:821
#4  0xc071c072 in trap_pfault (frame=0xe8153a4c, usermode=0, eva=0) at /usr/src/sys/i386/i386/trap.c:735
#5  0xc071bbcd in trap (frame=
      {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = -963579664, tf_esi = 1, tf_ebp = -401261928, tf_isp = -401261960, tf_ebx = 0, tf_edx = -963570612, tf_ecx = -960873344, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1067797316, tf_cs = 8, tf_eflags = 66194, tf_esp = 6, tf_ss = 0})
    at /usr/src/sys/i386/i386/trap.c:420
#6  0xc070ce58 in calltrap () at {standard input}:94
#7  0xc05abe63 in vfs_mount_destroy (mp=0x0, td=0x0) at /usr/src/sys/kern/vfs_mount.c:537
#8  0xc05ace3d in vfs_domount (td=0xc6ba3c80, fstype=0xc690f0f0 "udf", fspath=0xc298f960 "/vol/dvd0", fsflags=1, fsdata=0xc68c22d0, compat=0)
    at /usr/src/sys/kern/vfs_mount.c:938
#9  0xc05abf89 in vfs_nmount (td=0x0, fsflags=0, fsoptions=0x0) at /usr/src/sys/kern/vfs_mount.c:581
#10 0xc05aba8d in nmount (td=0x0, uap=0xe8153d10) at /usr/src/sys/kern/vfs_mount.c:407
#11 0xc071c760 in syscall (frame=
      {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = -1077940737, tf_esi = 8, tf_ebp = -1077941040, tf_isp = -401261196, tf_ebx = 5, tf_edx = -1077940992, tf_ecx = 11, tf_eax = 378, tf_trapno = 12, tf_err = 2, tf_eip = 671876671, tf_cs = 31, tf_eflags = 582, tf_esp = -1077942260, tf_ss = 47})
    at /usr/src/sys/i386/i386/trap.c:1010
#12 0xc070cead in Xint0x80_syscall () at {standard input}:136

Perhaps someone has a clue as to what broke this.

Regards,
 MSH