Date: Tue, 7 Nov 2000 12:21:21 -0800 (PST) From: eugene@nsb.sovam.com To: FreeBSD-gnats-submit@freebsd.org Subject: kern/22667: kernel panic when attepmt to remove file with big UID Message-ID: <200011072021.MAA10065@alj.me.ru>
next in thread | raw e-mail | index | archive | help
>Number: 22667
>Category: kern
>Synopsis: kernel panic when attepmt to remove file with big UID
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Nov 07 12:30:01 PST 2000
>Closed-Date:
>Last-Modified:
>Originator: Eugene Aleynikov
>Release: FreeBSD 3.4-RELEASE i386
>Organization:
>Environment:
dual Pentium2 box with aha2940 and 512Mb memory
>Description:
Awter power outage filesystem was corrupted and multiple special files were found with invalid time and uid/gid. (uids and gids were very big possible long uint size.) fsck was working unusually long (3 times longer) but didnt find anything bad and marked filesystem as clean. Filesystem was mounted with nodev flag for safety and any attempt to remove thoose bad files was causing kernel panic.
Here's information from crash dump:
Fatal trap 12: page fault while in kernel mode
mp_lock = 01000002; cpuid = 1; lapic.id = 00000000
fault virtual address = 0x28
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc0179eb1
stack pointer = 0x10:0xd2ef9cbc
frame pointer = 0x10:0xd2ef9cc4
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 51461 (rm)
interrupt mask = <- SMP: XXX
trap number = 12
panic: page fault
mp_lock = 01000002; cpuid = 1; lapic.id = 00000000
boot() called on cpu#1
backtrace:
#0 0xc0148f63 in boot ()
#1 0xc014921b in panic ()
#2 0xc01d28ab in trap_fatal ()
#3 0xc01d254b in trap_pfault ()
#4 0xc01d21c2 in trap ()
#5 0xc0179eb1 in spec_strategy ()
#6 0xc0179635 in spec_vnoperate ()
#7 0xc01a52f1 in ufs_vnoperatespec ()
#8 0xc019b2a0 in ffs_indirtrunc ()
#9 0xc019ae30 in ffs_truncate ()
#10 0xc019fb05 in ufs_inactive ()
#11 0xc01a52f1 in ufs_vnoperatespec ()
#12 0xc016ddd6 in vput ()
#13 0xc0171519 in unlink ()
#14 0xc01d2b1f in syscall ()
#15 0xc01c18cc in Xint0x80_syscall ()
----
every time we attempted to remove any of that files kernel crash was similar to this and backtrace was the same.
I browsed cvs tree and didnt find any changes related to this issue so i believe that problem still exists in 4.x
>How-To-Repeat:
I dont know since it was fs dabame by power outage. But you can try this:
Create special file and tweak it's *time and uid/gid parameters through fsdb,
make uid/gid as big as possible. Then mount fs and try to delete that file.
>Fix:
There's no fix. You can only clean thoose inodes through fsdb and only by hands because fsdb closes stdin after every command - this makes scripting impossible.
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011072021.MAA10065>