From stephane@freebsd-fr.org  Tue Feb 10 22:09:27 2009
Return-Path: <stephane@freebsd-fr.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D68F1106566C
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 10 Feb 2009 22:09:27 +0000 (UTC)
	(envelope-from stephane@freebsd-fr.org)
Received: from smtp21.services.sfr.fr (smtp21.services.sfr.fr [93.17.128.1])
	by mx1.freebsd.org (Postfix) with ESMTP id 67A9B8FC17
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 10 Feb 2009 22:09:27 +0000 (UTC)
	(envelope-from stephane@freebsd-fr.org)
Received: from smtp21.services.sfr.fr (msfrf2107 [10.18.25.21])
	by msfrf2105.sfr.fr (SMTP Server) with ESMTP id 9401C70150E4
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 10 Feb 2009 22:54:58 +0100 (CET)
Received: from filter.sfr.fr (localhost [127.0.0.1])
	by msfrf2107.sfr.fr (SMTP Server) with ESMTP id B7E76700009E
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 10 Feb 2009 22:54:56 +0100 (CET)
Received: from sequoia.mondomaineamoi.megalo (182.217.97-84.rev.gaoland.net [84.97.217.182])
	by msfrf2107.sfr.fr (SMTP Server) with ESMTP id 7830B700008C
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 10 Feb 2009 22:54:56 +0100 (CET)
Received: from sequoia.mondomaineamoi.megalo (localhost [127.0.0.1])
	by sequoia.mondomaineamoi.megalo (8.14.3/8.14.2) with ESMTP id n1ALstQc001886
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 10 Feb 2009 22:54:56 +0100 (CET)
	(envelope-from stephane@sequoia.mondomaineamoi.megalo)
Received: (from stephane@localhost)
	by sequoia.mondomaineamoi.megalo (8.14.3/8.14.2/Submit) id n1ALst7G001885;
	Tue, 10 Feb 2009 22:54:55 +0100 (CET)
	(envelope-from stephane)
Message-Id: <200902102154.n1ALst7G001885@sequoia.mondomaineamoi.megalo>
Date: Tue, 10 Feb 2009 22:54:55 +0100 (CET)
From: Stephane Legrand <stephleg@free.fr>
Reply-To: Stephane Legrand <stephleg@free.fr>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Immediate crash after plug of an USB key
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         131575
>Category:       kern
>Synopsis:       [geom_label] [msdosfs] [umass] Immediate crash after plug of an USB key
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lulf
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb 10 22:10:03 UTC 2009
>Closed-Date:    Thu Mar 19 06:07:08 UTC 2009
>Last-Modified:  Thu Mar 19 06:07:08 UTC 2009
>Originator:     Stephane Legrand
>Release:        FreeBSD 7.1-STABLE i386
>Organization:
>Environment:
System: FreeBSD 7.1-STABLE FreeBSD 7.1-STABLE #20: Sat Jan 10 15:24:24 CET 2009 i386

GNOME 2.24.3

>Description:

After having plugged an USB key, i had an immediate crash.

Here is the backtrace : 

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address	= 0xc8538000
fault code		= supervisor read, page not present
instruction pointer	= 0x20:0xc07df8ea
stack pointer	        = 0x28:0xe4276b84
frame pointer	        = 0x28:0xe4276b8c
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 2 (g_event)
trap number		= 12
panic: page fault
cpuid = 0
Uptime: 3h27m9s
Physical memory: 1002 MB
Dumping 224 MB: 209 193 177 161 145 129 113 97 81 65 49 33 17 1

Reading symbols from /boot/kernel/linprocfs.ko...Reading symbols from /boot/kernel/linprocfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/linprocfs.ko
Reading symbols from /boot/kernel/linux.ko...Reading symbols from /boot/kernel/linux.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/linux.ko
Reading symbols from /boot/kernel/linsysfs.ko...Reading symbols from /boot/kernel/linsysfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/linsysfs.ko
Reading symbols from /boot/kernel/snd_hda.ko...Reading symbols from /boot/kernel/snd_hda.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/snd_hda.ko
Reading symbols from /boot/kernel/sound.ko...Reading symbols from /boot/kernel/sound.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/sound.ko
Reading symbols from /boot/kernel/acpi.ko...Reading symbols from /boot/kernel/acpi.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/acpi.ko
Reading symbols from /boot/kernel/netgraph.ko...Reading symbols from /boot/kernel/netgraph.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/netgraph.ko
Reading symbols from /boot/kernel/ng_ether.ko...Reading symbols from /boot/kernel/ng_ether.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_ether.ko
Reading symbols from /boot/kernel/ng_pppoe.ko...Reading symbols from /boot/kernel/ng_pppoe.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_pppoe.ko
Reading symbols from /boot/kernel/ng_socket.ko...Reading symbols from /boot/kernel/ng_socket.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_socket.ko
Reading symbols from /boot/kernel/ipfw.ko...Reading symbols from /boot/kernel/ipfw.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ipfw.ko
Reading symbols from /usr/local/modules/fuse.ko...done.
Loaded symbols for /usr/local/modules/fuse.ko
Reading symbols from /boot/kernel/accf_http.ko...Reading symbols from /boot/kernel/accf_http.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/accf_http.ko
Reading symbols from /boot/kernel/i915.ko...done.
Loaded symbols for /boot/kernel/i915.ko
Reading symbols from /boot/kernel/drm.ko...done.
Loaded symbols for /boot/kernel/drm.ko
#0  doadump () at pcpu.h:196
196		__asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt
#0  doadump () at pcpu.h:196
#1  0xc0755d9f in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418
#2  0xc0756064 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:574
#3  0xc09ebf70 in trap_fatal (frame=0xe4276b44, eva=3360915456) at /usr/src/sys/i386/i386/trap.c:939
#4  0xc09ec1c0 in trap_pfault (frame=0xe4276b44, usermode=0, eva=3360915456) at /usr/src/sys/i386/i386/trap.c:852
#5  0xc09ecb1a in trap (frame=0xe4276b44) at /usr/src/sys/i386/i386/trap.c:530
#6  0xc09d47eb in calltrap () at /usr/src/sys/i386/i386/exception.s:159
#7  0xc07df8ea in strlcpy (dst=0xe4276c10 " Windows : ", 
    src=0xc8537e40 " Windows : \r\n\r\n1 : Spark (50 Mo)\r\n2 : Coccinella (37 Mo)\r\n3 : gajim (31 Mo) : lors des tests, peut monter  37 Mo\r\n4 : psi (25 Mo) : lors des tests, peut monter  40 Mo\r\n5 : pidgin (25 Mo)\r\n6 : Exodus"..., siz=12) at /usr/src/sys/libkern/strlcpy.c:64
#8  0xc07061e1 in g_label_msdosfs_taste (cp=0xc4ec7280, label=0xe4276c10 " Windows : ", size=64) at /usr/src/sys/geom/label/g_label_msdosfs.c:187
#9  0xc0705852 in g_label_taste (mp=0xc0b34640, pp=0xc5485480, flags=0) at /usr/src/sys/geom/label/g_label.c:313
#10 0xc07031a1 in g_new_provider_event (arg=0xc5485480, flag=0) at /usr/src/sys/geom/geom_subr.c:543
#11 0xc06ffe5f in g_run_events () at /usr/src/sys/geom/geom_event.c:211
#12 0xc07010b7 in g_event_procbody () at /usr/src/sys/geom/geom_kern.c:141
#13 0xc0733561 in fork_exit (callout=0xc070104c <g_event_procbody>, arg=0x0, frame=0xe4276d38) at /usr/src/sys/kern/kern_fork.c:804
#14 0xc09d4860 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:264


>How-To-Repeat:

I tried to reproduce by plugging the same key after the reboot but it didn't happened again.



>Fix:
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-geom 
Responsible-Changed-By: gavin 
Responsible-Changed-When: Wed Feb 11 11:45:49 UTC 2009 
Responsible-Changed-Why:  
I suspect this is something to do with geom_label, over to maintainer(s) 
to analyze further 

http://www.freebsd.org/cgi/query-pr.cgi?pr=131575 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/131575: commit references a PR
Date: Wed, 11 Feb 2009 18:13:35 +0000 (UTC)

 Author: lulf
 Date: Wed Feb 11 18:13:20 2009
 New Revision: 188492
 URL: http://svn.freebsd.org/changeset/base/188492
 
 Log:
   - Use the correct argument when determining the buffer size.
   
   PR:		kern/131575
   MFC after:	2 days
 
 Modified:
   head/sys/geom/label/g_label_msdosfs.c
 
 Modified: head/sys/geom/label/g_label_msdosfs.c
 ==============================================================================
 --- head/sys/geom/label/g_label_msdosfs.c	Wed Feb 11 17:33:36 2009	(r188491)
 +++ head/sys/geom/label/g_label_msdosfs.c	Wed Feb 11 18:13:20 2009	(r188492)
 @@ -186,7 +186,7 @@ g_label_msdosfs_taste(struct g_consumer 
  				    FAT_DES_ATTR_VOLUME_ID) {
  					strlcpy(label, pfat_entry->DIR_Name,
  					    MIN(size,
 -					    sizeof(pfat_bsbpb->BS_VolLab) + 1));
 +					    sizeof(pfat_entry->DIR_Name) + 1));
  					goto endofchecks;
  				}
  			} while((uint8_t *)(++pfat_entry) <
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: Ulf Lilleengen <ulf.lilleengen@gmail.com>
To: bug-followup@freebsd.org
Cc:  
Subject: Re: kern/131575: commit references a PR
Date: Wed, 11 Feb 2009 19:36:29 +0000

 I think this might fix the issue, as it was in this line was in 
 the backtrace.
 
 -- 
 Ulf Lilleengen

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/131575: commit references a PR
Date: Fri, 13 Feb 2009 19:49:52 +0000 (UTC)

 Author: lulf
 Date: Fri Feb 13 19:49:35 2009
 New Revision: 188596
 URL: http://svn.freebsd.org/changeset/base/188596
 
 Log:
   MFC r188492:
   - Use the correct argument when determining the buffer size.
   
   PR:		kern/131575
 
 Modified:
   stable/7/sys/   (props changed)
   stable/7/sys/contrib/pf/   (props changed)
   stable/7/sys/dev/ath/ath_hal/   (props changed)
   stable/7/sys/dev/cxgb/   (props changed)
   stable/7/sys/geom/label/g_label_msdosfs.c
 
 Modified: stable/7/sys/geom/label/g_label_msdosfs.c
 ==============================================================================
 --- stable/7/sys/geom/label/g_label_msdosfs.c	Fri Feb 13 19:25:35 2009	(r188595)
 +++ stable/7/sys/geom/label/g_label_msdosfs.c	Fri Feb 13 19:49:35 2009	(r188596)
 @@ -186,7 +186,7 @@ g_label_msdosfs_taste(struct g_consumer 
  				    FAT_DES_ATTR_VOLUME_ID) {
  					strlcpy(label, pfat_entry->DIR_Name,
  					    MIN(size,
 -					    sizeof(pfat_bsbpb->BS_VolLab) + 1));
 +					    sizeof(pfat_entry->DIR_Name) + 1));
  					goto endofchecks;
  				}
  			} while((uint8_t *)(++pfat_entry) <
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: linimon 
State-Changed-When: Thu Mar 19 06:06:26 UTC 2009 
State-Changed-Why:  
Committed and MFCed to 7 by lulf. 


Responsible-Changed-From-To: freebsd-geom->lulf 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Thu Mar 19 06:06:26 UTC 2009 
Responsible-Changed-Why:  

http://www.freebsd.org/cgi/query-pr.cgi?pr=131575 
>Unformatted:
