NetBSD Problem Report #45504
From www@NetBSD.org Thu Oct 20 01:38:07 2011
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id 0A27163D5EB
for <gnats-bugs@gnats.NetBSD.org>; Thu, 20 Oct 2011 01:38:07 +0000 (UTC)
Message-Id: <20111020013806.0408063D517@www.NetBSD.org>
Date: Thu, 20 Oct 2011 01:38:06 +0000 (UTC)
From: smj@cirr.com
Reply-To: smj@cirr.com
To: gnats-bugs@NetBSD.org
Subject: A user large file write on fast sata drives can cause a kernel panic
X-Send-Pr-Version: www-1.0
>Number: 45504
>Category: kern
>Synopsis: A user large file write on fast sata drives can cause a kernel panic
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Oct 20 01:40:00 +0000 2011
>Originator: Stephen Jones
>Release: 5.1.0
>Organization:
>Environment:
NetBSD vps 5.1.0_PATCH NetBSD 5.1.0_PATCH (XEN3_DOM0) #0: Wed Sep 28 05:40:32 UTC 2011 root@:/var/netbsd/usr/src/sys/arch/amd64/compile/XEN3_DOM0 amd64
>Description:
On particularly fast SATA drives a user can consistently cause a kernel panic by copying or creating large files (2-5GB sizes were tested).
uvm_fault(0xffffffff80bfffc0, 0xffffffff81400000, 1) -> e
fatal page fault in supervisor mode
trap type 6 code 0 rip ffffffff804fb673 cs e030 rflags 10286 cr2 ffffffff81400028 cpl 0 rsp ffffa0006ce638d0
kernel: page fault trap, code=0
Stopped in pid 4889.1 (cp) at netbsd:pmap_kenter_pa+0x173: movq 0(%rax),
%rsi
pmap_kenter_pa() at netbsd:pmap_kenter_pa+0x173
ubc_alloc() at netbsd:ubc_alloc+0x25d
ubc_uiomove() at netbsd:ubc_uiomove+0xba
ffs_write() at netbsd:ffs_write+0x5c2
VOP_WRITE() at netbsd:VOP_WRITE+0x2d
vn_write() at netbsd:vn_write+0xce
dofilewrite() at netbsd:dofilewrite+0x7f
sys_write() at netbsd:sys_write+0x72
syscall() at netbsd:syscall+0xb4
ds 0
es 0x3920
fs 0
gs 0xdd38
rdi 0xffffa0006752c000
rsi 0xcbe05000
rbp 0xffffa0006ce63900
rbx 0xcbe05
rdx 0x7f8000000000
rcx 0
rax 0xffffffff81400028
r8 0xffffffff80bab900 cpu_info_primary
r9 0xffffa0000615d9c0
r10 0xffffa00007cdf160
r11 0xffffa0006ce63920
r12 0x3
r13 0x7fd00033a960
r14 0xffffa00067a9dd38
r15 0xffffa0006752c000
rip 0xffffffff804fb673 pmap_kenter_pa+0x173
cs 0xe030
rflags 0x10286
rsp 0xffffa0006ce638d0
ss 0xe02b
netbsd:pmap_kenter_pa+0x173: movq 0(%rax),%rsi
db>
db> bt
pmap_kenter_pa() at netbsd:pmap_kenter_pa+0x173
ubc_alloc() at netbsd:ubc_alloc+0x25d
ubc_uiomove() at netbsd:ubc_uiomove+0xba
ffs_write() at netbsd:ffs_write+0x5c2
VOP_WRITE() at netbsd:VOP_WRITE+0x2d
vn_write() at netbsd:vn_write+0xce
dofilewrite() at netbsd:dofilewrite+0x7f
sys_write() at netbsd:sys_write+0x72
syscall() at netbsd:syscall+0xb4
db> trace
pmap_kenter_pa() at netbsd:pmap_kenter_pa+0x173
ubc_alloc() at netbsd:ubc_alloc+0x25d
ubc_uiomove() at netbsd:ubc_uiomove+0xba
ffs_write() at netbsd:ffs_write+0x5c2
VOP_WRITE() at netbsd:VOP_WRITE+0x2d
vn_write() at netbsd:vn_write+0xce
dofilewrite() at netbsd:dofilewrite+0x7f
sys_write() at netbsd:sys_write+0x72
syscall() at netbsd:syscall+0xb4
db> reboot
syncing disks... 12 11 done
unmounting file systems...
unmounting /proc (procfs)...uvm_fault(0xffffffff80bfffc0, 0xffffffff81400000, 1) -> e
fatal page fault in supervisor mode
trap type 6 code 0 rip ffffffff804fb673 cs e030 rflags 10282 cr2 ffffffff814000a8 cpl 6 rsp ffffa0006ce630e0
kernel: page fault trap, code=0
Stopped in pid 4889.1 (cp) at netbsd:pmap_kenter_pa+0x173: movq 0(%rax),
%rsi
pmap_kenter_pa() at netbsd:pmap_kenter_pa+0x173
uvm_km_alloc() at netbsd:uvm_km_alloc+0x169
pool_grow() at netbsd:pool_grow+0x36
pool_get() at netbsd:pool_get+0x68
pool_cache_put_slow() at netbsd:pool_cache_put_slow+0x1d0
pool_cache_put_paddr() at netbsd:pool_cache_put_paddr+0xe1
vnfree() at netbsd:vnfree+0x5b
vrelel() at netbsd:vrelel+0x3f9
vflush() at netbsd:vflush+0x2d7
procfs_unmount() at netbsd:procfs_unmount+0x2b
dounmount() at netbsd:dounmount+0xd5
vfs_unmountall() at netbsd:vfs_unmountall+0x7c
cpu_reboot() at netbsd:cpu_reboot+0xe1
db_reboot_cmd() at netbsd:db_reboot_cmd+0x47
db_command() at netbsd:db_command+0xb0
db_command_loop() at netbsd:db_command_loop+0xe9
db_trap() at netbsd:db_trap+0xdd
kdb_trap() at netbsd:kdb_trap+0xc2
trap() at netbsd:trap+0x345
>How-To-Repeat:
The panic does not occur when using a drive such as a ST3250620AS, but using a faster drive such as a HDS725050KLA360 a user just needs to attempt to create a file of at least 2-5GB in size.
>Fix:
unknown
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home