Date: Wed, 15 May 2002 06:51:58 -0700 (PDT) From: Yoshihide Sonoda <yshd@na.rim.or.jp> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/38107: Panic on nullfs Message-ID: <200205151351.g4FDpw1N044484@www.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 38107
>Category: kern
>Synopsis: Panic on nullfs
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed May 15 07:00:02 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator: Yoshihide Sonoda
>Release: FreeBSD 4.6-PRERELEASE i386
>Organization:
>Environment:
FreeBSD raptor.sokohiki.org 4.6-PRERELEASE FreeBSD 4.6-PRERELEASE #10: Tue May 14 22:21:13 JST 2002 yoshi@raptor.sokohiki.org:/usr/obj/usr/src/sys/raptor i386
>Description:
Buring make release as a working directory using NULLFS and
dd was execluted, my system crashed.
Panic messages and Stack trace:
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
SMP 2 cpus
IdlePTD at phsyical address 0x0049c000
initial pcb at physical address 0x003814a0
panicstr: from debugger
panic messages:
---
Fatal trap 12: page fault while in kernel mode
mp_lock = 01000002; cpuid = 1; lapic.id = 01000000
fault virtual address = 0x2c
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc0175c4e
stack pointer = 0x10:0xe3a1edc8
frame pointer = 0x10:0xe3a1edc8
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 855 (dd)
interrupt mask = none <- SMP: XXX
Fatal trap 12: page fault while in kernel mode
mp_lock = 01000003; cpuid = 1; lapic.id = 01000000
fault virtual address = 0xc7077528
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc026871c
stack pointer = 0x10:0xe3a1ebd0
frame pointer = 0x10:0xe3a1ebfc
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 855 (dd)
interrupt mask = none <- SMP: XXX
panic: from debugger
mp_lock = 01000003; cpuid = 1; lapic.id = 01000000
panic: from debugger
mp_lock = 01000004; cpuid = 1; lapic.id = 01000000
boot() called on cpu#1
Uptime: 1h5m47s
dumping to dev #ad/0x20001, offset 1542064
dump ata0: resetting devices .. done
(snip)
---
#0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
487 if (dumping++) {
(kgdb) bt
#0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
#1 0xc0181da8 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:316
#2 0xc0182229 in panic (fmt=0xc02fa424 "from debugger")
at /usr/src/sys/kern/kern_shutdown.c:595
#3 0xc013e161 in db_panic (addr=-1072210866, have_addr=0, count=-1,
modif=0xe3a1ec2c "") at /usr/src/sys/ddb/db_command.c:435
#4 0xc013e0ff in db_command (last_cmdp=0xc033cc44, cmd_table=0xc033ca84,
aux_cmd_tablep=0xc037c258) at /usr/src/sys/ddb/db_command.c:333
#5 0xc013e1c6 in db_command_loop () at /usr/src/sys/ddb/db_command.c:457
#6 0xc0140397 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_trap.c:71
#7 0xc02c3874 in kdb_trap (type=12, code=0, regs=0xe3a1ed88)
at /usr/src/sys/i386/i386/db_interface.c:158
#8 0xc02d7d4e in trap_fatal (frame=0xe3a1ed88, eva=44)
at /usr/src/sys/i386/i386/trap.c:961
#9 0xc02d79cd in trap_pfault (frame=0xe3a1ed88, usermode=0, eva=44)
at /usr/src/sys/i386/i386/trap.c:859
#10 0xc02d7513 in trap (frame={tf_fs = 24, tf_es = -475987952,
tf_ds = -475987952, tf_edi = -636677888, tf_esi = -636677888,
tf_ebp = -475927096, tf_isp = -475927116, tf_ebx = -622865920,
tf_edx = 1074030202, tf_ecx = -475926876, tf_eax = 0, tf_trapno = 12,
tf_err =sss 0, tf_eip = -1072210866, tf_cs = 8, tf_eflags = 66118,
tf_esp = -475926928, tf_ss = -1071936935})
at /usr/src/sys/i386/i386/trap.c:458
#11 0xc0175c4e in devsw (dev=0x0) at /usr/src/sys/kern/kern_conf.c:76
#12 0xc01b8a59 in vn_ioctl (fp=0xc3296500, com=1074030202, data=0xe3a1eea4 "",
p=0xda0d1100) at /usr/src/sys/kern/vfs_vnops.c:600
#13 0xc01922ea in ioctl (p=0xda0d1100, uap=0xe3a1ef80)
at /usr/src/sys/sys/file.h:177
#14 0xc02d80c9 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47,
tf_edi = -1077937344, tf_esi = -1077937368, tf_ebp = -1077937548,
tf_isp = -475926572, tf_ebx = 134591680, tf_edx = 4194303,
tf_ecx = 4194303, tf_eax = 54, tf_trapno = 12, tf_err = 2,
tf_eip = 134522172, tf_cs = 31, tf_eflags = 659, tf_esp = -1077937688,
tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1167
#15 0xc02c47fb in Xint0x80_syscall ()
#16 0x8048fc1 in ?? ()
#17 0x8048eee in ?? ()
#18 0x8048135 in ?? ()
>How-To-Repeat:
It will happen, if it reads from the device file on NULLFS
by the dd command.
# mkdir /nullfs
# mount_null /dev /nullfs
# cd /nullfs
# dd if=./zero of=test.dat bs=512 count=1
>Fix:
Sorry, I don't know.
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205151351.g4FDpw1N044484>