From nobody@www.freebsd.org  Wed May 15 06:51:59 2002
Return-Path: <nobody@www.freebsd.org>
Received: from nwww.freebsd.org (www.FreeBSD.org [216.136.204.117])
	by hub.freebsd.org (Postfix) with ESMTP id 5490137B404
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 15 May 2002 06:51:59 -0700 (PDT)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by nwww.freebsd.org (8.12.2/8.12.2) with ESMTP id g4FDpwhG044485
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 15 May 2002 06:51:58 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.2/8.12.2/Submit) id g4FDpw1N044484;
	Wed, 15 May 2002 06:51:58 -0700 (PDT)
Message-Id: <200205151351.g4FDpw1N044484@www.freebsd.org>
Date: Wed, 15 May 2002 06:51:58 -0700 (PDT)
From: Yoshihide Sonoda <yshd@na.rim.or.jp>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Panic on nullfs
X-Send-Pr-Version: www-1.0

>Number:         38107
>Category:       kern
>Synopsis:       Panic on nullfs
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 15 07:00:02 PDT 2002
>Closed-Date:    Mon Jun 02 03:40:49 PDT 2003
>Last-Modified:  Mon Jun 02 03:40:49 PDT 2003
>Originator:     Yoshihide Sonoda
>Release:        FreeBSD 4.6-PRERELEASE i386
>Organization:
>Environment:
FreeBSD raptor.sokohiki.org 4.6-PRERELEASE FreeBSD 4.6-PRERELEASE #10: Tue May 14 22:21:13 JST 2002     yoshi@raptor.sokohiki.org:/usr/obj/usr/src/sys/raptor  i386

>Description:
Buring make release as a working directory using NULLFS and
dd was execluted, my system crashed.

Panic messages and Stack trace:

GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
SMP 2 cpus
IdlePTD at phsyical address 0x0049c000
initial pcb at physical address 0x003814a0
panicstr: from debugger
panic messages:
---
Fatal trap 12: page fault while in kernel mode
mp_lock = 01000002; cpuid = 1; lapic.id = 01000000
fault virtual address   = 0x2c
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc0175c4e
stack pointer           = 0x10:0xe3a1edc8
frame pointer           = 0x10:0xe3a1edc8
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 855 (dd)
interrupt mask          = none <- SMP: XXX


Fatal trap 12: page fault while in kernel mode
mp_lock = 01000003; cpuid = 1; lapic.id = 01000000
fault virtual address   = 0xc7077528
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc026871c
stack pointer           = 0x10:0xe3a1ebd0
frame pointer           = 0x10:0xe3a1ebfc
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 855 (dd)
interrupt mask          = none <- SMP: XXX
panic: from debugger
mp_lock = 01000003; cpuid = 1; lapic.id = 01000000
panic: from debugger
mp_lock = 01000004; cpuid = 1; lapic.id = 01000000
boot() called on cpu#1
Uptime: 1h5m47s

dumping to dev #ad/0x20001, offset 1542064
dump ata0: resetting devices .. done
(snip)
---
#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
487             if (dumping++) {
(kgdb) bt
#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
#1  0xc0181da8 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:316
#2  0xc0182229 in panic (fmt=0xc02fa424 "from debugger")
    at /usr/src/sys/kern/kern_shutdown.c:595
#3  0xc013e161 in db_panic (addr=-1072210866, have_addr=0, count=-1, 
    modif=0xe3a1ec2c "") at /usr/src/sys/ddb/db_command.c:435
#4  0xc013e0ff in db_command (last_cmdp=0xc033cc44, cmd_table=0xc033ca84, 
    aux_cmd_tablep=0xc037c258) at /usr/src/sys/ddb/db_command.c:333
#5  0xc013e1c6 in db_command_loop () at /usr/src/sys/ddb/db_command.c:457
#6  0xc0140397 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_trap.c:71
#7  0xc02c3874 in kdb_trap (type=12, code=0, regs=0xe3a1ed88)
    at /usr/src/sys/i386/i386/db_interface.c:158
#8  0xc02d7d4e in trap_fatal (frame=0xe3a1ed88, eva=44)
    at /usr/src/sys/i386/i386/trap.c:961
#9  0xc02d79cd in trap_pfault (frame=0xe3a1ed88, usermode=0, eva=44)
    at /usr/src/sys/i386/i386/trap.c:859
#10 0xc02d7513 in trap (frame={tf_fs = 24, tf_es = -475987952, 
      tf_ds = -475987952, tf_edi = -636677888, tf_esi = -636677888, 
      tf_ebp = -475927096, tf_isp = -475927116, tf_ebx = -622865920, 
      tf_edx = 1074030202, tf_ecx = -475926876, tf_eax = 0, tf_trapno = 12, 
      tf_err =sss 0, tf_eip = -1072210866, tf_cs = 8, tf_eflags = 66118, 
      tf_esp = -475926928, tf_ss = -1071936935})
    at /usr/src/sys/i386/i386/trap.c:458
#11 0xc0175c4e in devsw (dev=0x0) at /usr/src/sys/kern/kern_conf.c:76
#12 0xc01b8a59 in vn_ioctl (fp=0xc3296500, com=1074030202, data=0xe3a1eea4 "", 
    p=0xda0d1100) at /usr/src/sys/kern/vfs_vnops.c:600
#13 0xc01922ea in ioctl (p=0xda0d1100, uap=0xe3a1ef80)
    at /usr/src/sys/sys/file.h:177
#14 0xc02d80c9 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, 
      tf_edi = -1077937344, tf_esi = -1077937368, tf_ebp = -1077937548, 
      tf_isp = -475926572, tf_ebx = 134591680, tf_edx = 4194303, 
      tf_ecx = 4194303, tf_eax = 54, tf_trapno = 12, tf_err = 2, 
      tf_eip = 134522172, tf_cs = 31, tf_eflags = 659, tf_esp = -1077937688, 
      tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1167
#15 0xc02c47fb in Xint0x80_syscall ()
#16 0x8048fc1 in ?? ()
#17 0x8048eee in ?? ()
#18 0x8048135 in ?? ()

>How-To-Repeat:
It will happen, if it reads from the device file on NULLFS
by the dd command.

# mkdir /nullfs
# mount_null /dev /nullfs
# cd /nullfs
# dd if=./zero of=test.dat bs=512 count=1

>Fix:
Sorry, I don't know.

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->suspended 
State-Changed-By: jon 
State-Changed-When: Fri Jul 19 01:34:59 PDT 2002 
State-Changed-Why:  
1) don't do that.  Instead, use mount_devfs a second time. 
2) From the man page of mount_nullfs: 
THIS FILESYSTEM TYPE IS NOT YET FULLY SUPPORTED (READ: IT DOESN'T WORK) 
AND USING IT MAY, IN FACT, DESTROY DATA ON YOUR SYSTEM. 

but, we encourage you to track down the bug and fix it... 


http://www.freebsd.org/cgi/query-pr.cgi?pr=38107 

From: Hiten Pandya <hmp@FreeBSD.ORG>
To: bug-followup@FreeBSD.ORG
Cc:  
Subject: re: kern/38107
Date: Thu, 15 May 2003 21:49:12 -0700

 The issue might be fixed by the patch available in PR kern/51583.
 
 	-- Hiten (hmp@FreeBSD.ORG)
State-Changed-From-To: suspended->closed 
State-Changed-By: maxim 
State-Changed-When: Mon Jun 2 03:39:24 PDT 2003 
State-Changed-Why:  
Please take a look at kern/51583, it probably consists a patch for 
the problem. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=38107 
>Unformatted:
