Date: Fri, 28 Dec 2007 20:55:53 +0200 From: Kostik Belousov <kostikbel@gmail.com> To: Andriy Gapon <avg@icyb.net.ua> Cc: freebsd-fs@freebsd.org, andrew@dobrohot.org, bug-followup@freebsd.org Subject: Re: kern/118322: [panic] Sometimes (seldom), "panic:page fault" happens after KDE automount occur when I insert CD/DVD Message-ID: <20071228185553.GW57756@deviant.kiev.zoral.com.ua> In-Reply-To: <47729D3C.8050301@icyb.net.ua> References: <47729D3C.8050301@icyb.net.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
--i1KFSYFbl/HTybMx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 26, 2007 at 08:28:12PM +0200, Andriy Gapon wrote: >=20 > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D118322 >=20 > This panic looks like dereferencing a NULL pointer to a structure: > > fault virtual address =3D 0x2c > 44 is exactly an offset of 'perm' field in file_entry structure and > fentry is a field of 'struct file_entry *' type in udf_node structure. >=20 > >From the code it seems that fentry field can not be NULL during "normal" > life-cycle of udf_node. Memory allocation is properly checked for errors. Yes, allocations are checked, but look at the series of the if()s after the partially constructed vnode is put onto the hash. In the case any of the if() fail, the vnode is simply vput()ed. This leaves the vnode allocated and on the hash etc, while the unode->fentry is NULL. There, the vnode can be found by the namei, that I believe causes the panic. The difference between UFS and UDF code there is the ufs_inactive() routine that is defined for UFS, and that reclaims the vnode when it is in half-baked state. Please, try the patch below (only compile-tested). Note: it seems that the system shall say something before the panic (see the printf()s before the vput() in the code). diff --git a/sys/fs/udf/udf_vfsops.c b/sys/fs/udf/udf_vfsops.c index d08226b..373ee4d 100644 --- a/sys/fs/udf/udf_vfsops.c +++ b/sys/fs/udf/udf_vfsops.c @@ -630,6 +630,7 @@ udf_vget(struct mount *mp, ino_t ino, int flags, struct= vnode **vpp) devvp =3D udfmp->im_devvp; if ((error =3D RDSECTOR(devvp, sector, udfmp->bsize, &bp)) !=3D 0) { printf("Cannot read sector %d\n", sector); + vgone(vp); vput(vp); brelse(bp); *vpp =3D NULL; @@ -639,6 +640,7 @@ udf_vget(struct mount *mp, ino_t ino, int flags, struct= vnode **vpp) fe =3D (struct file_entry *)bp->b_data; if (udf_checktag(&fe->tag, TAGID_FENTRY)) { printf("Invalid file entry!\n"); + vgone(vp); vput(vp); brelse(bp); *vpp =3D NULL; @@ -649,6 +651,7 @@ udf_vget(struct mount *mp, ino_t ino, int flags, struct= vnode **vpp) M_NOWAIT | M_ZERO); if (unode->fentry =3D=3D NULL) { printf("Cannot allocate file entry block\n"); + vgone(vp); vput(vp); brelse(bp); *vpp =3D NULL; --i1KFSYFbl/HTybMx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFHdUa4C3+MBN1Mb4gRAjhxAKCMfNkz755UcajtcsdTxEPFfSd5WACfbrGi WIw9PQ8fvva2pDoVTwC4dZE= =zPak -----END PGP SIGNATURE----- --i1KFSYFbl/HTybMx--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071228185553.GW57756>