From owner-freebsd-fs@FreeBSD.ORG Fri Dec 28 18:56:02 2007 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 316DC16A417; Fri, 28 Dec 2007 18:56:02 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from relay02.kiev.sovam.com (relay02.kiev.sovam.com [62.64.120.197]) by mx1.freebsd.org (Postfix) with ESMTP id A068113C459; Fri, 28 Dec 2007 18:56:01 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from [212.82.216.226] (helo=deviant.kiev.zoral.com.ua) by relay02.kiev.sovam.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.67) (envelope-from ) id 1J8KN8-000NkD-6n; Fri, 28 Dec 2007 20:56:00 +0200 Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1]) by deviant.kiev.zoral.com.ua (8.14.2/8.14.2) with ESMTP id lBSItrpU041287; Fri, 28 Dec 2007 20:55:53 +0200 (EET) (envelope-from kostikbel@gmail.com) Received: (from kostik@localhost) by deviant.kiev.zoral.com.ua (8.14.2/8.14.2/Submit) id lBSItrvp041286; Fri, 28 Dec 2007 20:55:53 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: deviant.kiev.zoral.com.ua: kostik set sender to kostikbel@gmail.com using -f Date: Fri, 28 Dec 2007 20:55:53 +0200 From: Kostik Belousov To: Andriy Gapon Message-ID: <20071228185553.GW57756@deviant.kiev.zoral.com.ua> References: <47729D3C.8050301@icyb.net.ua> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="i1KFSYFbl/HTybMx" Content-Disposition: inline In-Reply-To: <47729D3C.8050301@icyb.net.ua> User-Agent: Mutt/1.4.2.3i X-Scanner-Signature: 8a658898c353158d5b622bcbe36a9e12 X-DrWeb-checked: yes X-SpamTest-Envelope-From: kostikbel@gmail.com X-SpamTest-Group-ID: 00000000 X-SpamTest-Info: Profiles 1973 [Dec 28 2007] X-SpamTest-Info: helo_type=3 X-SpamTest-Info: {received from trusted relay: not dialup} X-SpamTest-Method: none X-SpamTest-Method: Local Lists X-SpamTest-Rate: 0 X-SpamTest-Status: Not detected X-SpamTest-Status-Extended: not_detected X-SpamTest-Version: SMTP-Filter Version 3.0.0 [0255], KAS30/Release Cc: freebsd-fs@freebsd.org, andrew@dobrohot.org, bug-followup@freebsd.org Subject: Re: kern/118322: [panic] Sometimes (seldom), "panic:page fault" happens after KDE automount occur when I insert CD/DVD X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Dec 2007 18:56:02 -0000 --i1KFSYFbl/HTybMx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 26, 2007 at 08:28:12PM +0200, Andriy Gapon wrote: >=20 > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D118322 >=20 > This panic looks like dereferencing a NULL pointer to a structure: > > fault virtual address =3D 0x2c > 44 is exactly an offset of 'perm' field in file_entry structure and > fentry is a field of 'struct file_entry *' type in udf_node structure. >=20 > >From the code it seems that fentry field can not be NULL during "normal" > life-cycle of udf_node. Memory allocation is properly checked for errors. Yes, allocations are checked, but look at the series of the if()s after the partially constructed vnode is put onto the hash. In the case any of the if() fail, the vnode is simply vput()ed. This leaves the vnode allocated and on the hash etc, while the unode->fentry is NULL. There, the vnode can be found by the namei, that I believe causes the panic. The difference between UFS and UDF code there is the ufs_inactive() routine that is defined for UFS, and that reclaims the vnode when it is in half-baked state. Please, try the patch below (only compile-tested). Note: it seems that the system shall say something before the panic (see the printf()s before the vput() in the code). diff --git a/sys/fs/udf/udf_vfsops.c b/sys/fs/udf/udf_vfsops.c index d08226b..373ee4d 100644 --- a/sys/fs/udf/udf_vfsops.c +++ b/sys/fs/udf/udf_vfsops.c @@ -630,6 +630,7 @@ udf_vget(struct mount *mp, ino_t ino, int flags, struct= vnode **vpp) devvp =3D udfmp->im_devvp; if ((error =3D RDSECTOR(devvp, sector, udfmp->bsize, &bp)) !=3D 0) { printf("Cannot read sector %d\n", sector); + vgone(vp); vput(vp); brelse(bp); *vpp =3D NULL; @@ -639,6 +640,7 @@ udf_vget(struct mount *mp, ino_t ino, int flags, struct= vnode **vpp) fe =3D (struct file_entry *)bp->b_data; if (udf_checktag(&fe->tag, TAGID_FENTRY)) { printf("Invalid file entry!\n"); + vgone(vp); vput(vp); brelse(bp); *vpp =3D NULL; @@ -649,6 +651,7 @@ udf_vget(struct mount *mp, ino_t ino, int flags, struct= vnode **vpp) M_NOWAIT | M_ZERO); if (unode->fentry =3D=3D NULL) { printf("Cannot allocate file entry block\n"); + vgone(vp); vput(vp); brelse(bp); *vpp =3D NULL; --i1KFSYFbl/HTybMx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFHdUa4C3+MBN1Mb4gRAjhxAKCMfNkz755UcajtcsdTxEPFfSd5WACfbrGi WIw9PQ8fvva2pDoVTwC4dZE= =zPak -----END PGP SIGNATURE----- --i1KFSYFbl/HTybMx--