Re: Panic when trying to mount cd9660 as udf

From: R. Imura <imura_at_ryu16.org>
Date: Sun, 23 Nov 2003 21:46:32 +0900
It seems that vfs_mount.c rev 1.113 breakes something.
It also breakes mount_udf -C.  Using rev 1.112 works fine with me.
A mail to current_at_ with subject "vfs_domount() ->...-> vfs_freeopts()
NULL pointer dereferencing" may also related to the same problem.

- R. Imura

On Sun, Nov 23, 2003 at 03:02:34AM +0100, Christian Laursen wrote:
> By accident, I tried to mount a CD as UDF, and got the follwoing panic:
> 
> Fatal trap 12: page fault while in kernel mode
> cpuid = 0; apic id = 00
> fault virtual address   = 0x0
> fault code              = supervisor read, page not present
> instruction pointer     = 0x8:0xc06c2f6c
> stack pointer           = 0x10:0xcda4bac0
> frame pointer           = 0x10:0xcda4bacc
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, def32 1, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 530 (mount_udf)
> 
> This seems to be easily reproducable. First I got it on my workstation
> running 5.2-BETA, and I then reproduced it on my test machine which runs
> -CURRENT from 4 days ago:
> 
> FreeBSD cardassian.borderworlds.dk 5.1-CURRENT FreeBSD 5.1-CURRENT #0: Wed Nov 19 04:22:32 CET 2003     root_at_cardassian.borderworlds.dk:/usr/obj/usr/src/sys/GENERIC  i386
> 
> The output in this mail is from the test machine.
> 
> This is the backtrace I got from the resulting crashdump:
> 
> #0  doadump () at /usr/src/sys/kern/kern_shutdown.c:240
> #1  0xc066d6fb in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:372
> #2  0xc066dafd in panic () at /usr/src/sys/kern/kern_shutdown.c:550
> #3  0xc048ac32 in db_panic () at /usr/src/sys/ddb/db_command.c:450
> #4  0xc048ab92 in db_command (last_cmdp=0xc0938360, cmd_table=0xc08c3c00, 
>     aux_cmd_tablep=0xc08baa04, aux_cmd_tablep_end=0xc08baa1c)
>     at /usr/src/sys/ddb/db_command.c:346
> #5  0xc048acd5 in db_command_loop () at /usr/src/sys/ddb/db_command.c:472
> #6  0xc048dcd5 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_trap.c:73
> #7  0xc0812dcc in kdb_trap (type=12, code=0, regs=0xcda4ba80)
>     at /usr/src/sys/i386/i386/db_interface.c:171
> #8  0xc08294d6 in trap_fatal (frame=0xcda4ba80, eva=0)
>     at /usr/src/sys/i386/i386/trap.c:816
> #9  0xc0829182 in trap_pfault (frame=0xcda4ba80, usermode=0, eva=0)
>     at /usr/src/sys/i386/i386/trap.c:735
> #10 0xc0828d23 in trap (frame=
>       {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = -1040053552, tf_esi = 1, tf_ebp = -844842292, tf_isp = -844842324, tf_ebx = 0, tf_edx = 4, tf_ecx = 1, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1066651796, tf_cs = 8, tf_eflags = 66182, tf_esp = 6, tf_ss = 0}) at /usr/src/sys/i386/i386/trap.c:420
> #11 0xc0814818 in calltrap () at {standard input}:94
> #12 0xc06c3913 in vfs_mount_destroy (mp=0x0, td=0x0)
>     at /usr/src/sys/kern/vfs_mount.c:537
> #13 0xc06c472f in vfs_domount (td=0xc20c7dc0, fstype=0xc2020ad0 "udf", 
>     fspath=0xc2020ab0 "/mnt", fsflags=1, fsdata=0xc2020c00, compat=0)
>     at /usr/src/sys/kern/vfs_mount.c:938
> #14 0xc06c3a39 in vfs_nmount (td=0x0, fsflags=0, fsoptions=0x0)
>     at /usr/src/sys/kern/vfs_mount.c:581
> #15 0xc06c353d in nmount (td=0x0, uap=0xcda4bd10)
>     at /usr/src/sys/kern/vfs_mount.c:407
> #16 0xc0829870 in syscall (frame=
>       {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = -1077940702, tf_esi = 8, tf_ebp = -1077940972, tf_isp = -844841612, tf_ebx = 5, tf_edx = -1077940736, tf_ecx = 10, tf_eax = 378, tf_trapno = 12, tf_err = 2, tf_eip = 671876783, tf_cs = 31, tf_eflags = 582, tf_esp = -1077942196, tf_ss = 47})
>     at /usr/src/sys/i386/i386/trap.c:1010
> #17 0xc081486d in Xint0x80_syscall () at {standard input}:136
> 
> -- 
> Best regards
>     Christian Laursen
Received on Sun Nov 23 2003 - 03:46:44 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:30 UTC