NULL pointer deref in snapshot/soft updates

From: Robert Watson <rwatson_at_FreeBSD.org> Date: Wed, 15 Sep 2004 11:51:32 -0400 (EDT) · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:12 UTC

Trace attached.  Having one of those mornings...

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert_at_fledge.watson.org      Principal Research Scientist, McAfee Research

...
Additional TCP options:.
Starting background file system checks in 60 seconds.

Wed Sep 15 11:34:12 EDT 2004

FreeBSD/i386 (hippy.rv.nailabs.com) (ttyd0)

login: 

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x0
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc0742edf
stack pointer           = 0x10:0xef1cda38
frame pointer           = 0x10:0xef1cdab0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 621 (fsck_ufs)
[thread 100114]
Stopped at      ffs_snapblkfree+0x97:   movl    0(%eax),%eax
db> trace
ffs_snapblkfree(c27a0800,c277ed68,4b4060,0,4000,4) at ffs_snapblkfree+0x97
ffs_snapremove(c2aabe70) at ffs_snapremove+0x5b5
softdep_releasefile(c2994ec4) at softdep_releasefile+0x34
ufs_inactive(ef1cdb6c,ef1cdb84,c0665e88,ef1cdb6c,c08b2000) at ufs_inactive+0xbb
ufs_vnoperate(ef1cdb6c) at ufs_vnoperate+0x13
vrele(c2aabe70,c2aabe70,ef1cdb9c,1,c26c8800) at vrele+0x138
ufs_close(ef1cdbbc,ef1cdbe4,c06702ec,ef1cdbbc,c08b1b00) at ufs_close+0xc7
ufs_vnoperate(ef1cdbbc) at ufs_vnoperate+0x13
vn_close(c2aabe70,1,c225d480,c273d640,0) at vn_close+0x40
vn_closefile(c2992bf4,c273d640) at vn_closefile+0xc2
fdrop_locked(c2992bf4,c273d640,0,ef1cdccc,c05f2763) at fdrop_locked+0xa8
fdrop(c2992bf4,c273d640,0,3,317) at fdrop+0x41
closef(c2992bf4,c273d640,0,c2ad6700,0) at closef+0x23f
close(c273d640,ef1cdd14,1,78,296) at close+0x169
syscall(2f,2f,bfbf002f,0,0) at syscall+0x283
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (6, FreeBSD ELF32, close), eip = 0x280d154b, esp = 0xbfbfec6c, ebp = 0xbfbfec98 ---
db> show pcpu
cpuid        = 2
curthread    = 0xc273d640: pid 621 "fsck_ufs"
curpcb       = 0xef1cdda0
fpcurthread  = none
idlethread   = 0xc2260640: pid 12 "idle: cpu2"
APIC ID      = 2
currentldt   = 0x30