kern/119280: Moving a file from ntfs-3g mounted partition results in page fault while in kernel mode

Manolis Kiagias sonicy at otenet.gr
Wed Jan 2 16:20:01 PST 2008 

>Number:         119280
>Category:       kern
>Synopsis:       Moving a file from ntfs-3g mounted partition results in page fault while in kernel mode
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 03 00:20:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Manolis Kiagias
>Release:        7.0-RC1
>Organization:
>Environment:
FreeBSD aquarius.dyndns.org 7.0-RC1 FreeBSD 7.0-RC1 #2: Mon Dec 31 10:30:47 EET 2007     root at aquarius.dyndns.org:/usr/obj/usr/src/sys/AQUARIUS  i386
>Description:
Attempting to move (using mv) a file from a partition mounted with ntfs-3g results  in kernel panic. This is not from a USB mounted disk, just another partition on the same disk where FreeBSD is installed.


Script started on Thu Jan  3 02:01:33 2008
[root at aquarius:AQUARIUS]# kgdb kernel.debug /var/crash/vmcore.0


[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]

GNU gdb 6.1.1 [FreeBSD]

Copyright 2004 Free Software Foundation, Inc.

GDB is free software, covered by the GNU General Public License, and you are

welcome to change it and/or distribute copies of it under certain conditions.

Type "show copying" to see the conditions.

There is absolutely no warranty for GDB.  Type "show warranty" for details.

This GDB was configured as "i386-marcel-freebsd".



Unread portion of the kernel message buffer:





Fatal trap 12: page fault while in kernel mode

cpuid = 1; apic id = 01

fault virtual address	= 0x8c

fault code		= supervisor read, page not present

instruction pointer	= 0x20:0xc055af88

stack pointer	        = 0x28:0xe6ae0aa4

frame pointer	        = 0x28:0xe6ae0ab8

code segment		= base 0x0, limit 0xfffff, type 0x1b

			= DPL 0, pres 1, def32 1, gran 1

processor eflags	= interrupt enabled, resume, IOPL = 0

current process		= 851 (mv)

trap number		= 12

panic: page fault

cpuid = 1

Uptime: 4m9s

Dumping 1023 MB (2 chunks)

  chunk 0: 1MB (159 pages) ... ok

  chunk 1: 1023MB (261872 pages) 1007 991 975 959 943 927 911 895 879 863 847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15



#0  doadump () at pcpu.h:195

195		__asm __volatile("movl %%fs:0,%0" : "=r" (td));

(kgdb) list *0xc055af88

0xc055af88 is in _sx_xunlock (/usr/src/sys/kern/kern_sx.c:315).

310		_sx_assert(sx, SA_XLOCKED, file, line);

311		curthread->td_locks--;

312		WITNESS_UNLOCK(&sx->lock_object, LOP_EXCLUSIVE, file, line);

313		LOCK_LOG_LOCK("XUNLOCK", &sx->lock_object, 0, sx->sx_recurse, file,

314		    line);

315		if (!sx_recursed(sx))

316			lock_profile_release_lock(&sx->lock_object);

317		__sx_xunlock(sx, curthread, file, line);

318	}

319	

(kgdb) backtrace

#0  doadump () at pcpu.h:195

#1  0xc05532a7 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409

#2  0xc0553569 in panic (fmt=Variable "fmt" is not available.

) at /usr/src/sys/kern/kern_shutdown.c:563

#3  0xc07bc4ac in trap_fatal (frame=0xe6ae0a64, eva=140)

    at /usr/src/sys/i386/i386/trap.c:899

#4  0xc07bc710 in trap_pfault (frame=0xe6ae0a64, usermode=0, eva=140)

    at /usr/src/sys/i386/i386/trap.c:812

#5  0xc07bd092 in trap (frame=0xe6ae0a64) at /usr/src/sys/i386/i386/trap.c:490

#6  0xc07a3a2b in calltrap () at /usr/src/sys/i386/i386/exception.s:139

#7  0xc055af88 in _sx_xunlock (sx=0x78, file=0xc106f564 "fuse_vnops.c", 

    line=2912) at /usr/src/sys/kern/kern_sx.c:311

#8  0xc106a9d7 in ?? ()

#9  0x00000078 in ?? ()

#10 0xc106f564 in ?? ()

#11 0x00000b60 in ?? ()

#12 0x00000000 in ?? ()

#13 0x00000000 in ?? ()

#14 0x00000000 in ?? ()

#15 0xc086d080 in vop_default_desc ()

#16 0x00000078 in ?? ()

#17 0xc4705880 in ?? ()

#18 0x00000000 in ?? ()

#19 0xc4a95cc0 in ?? ()

---Type <return> to continue, or q <return> to quit---

#20 0xe6ae0be8 in ?? ()

#21 0xe6ae0c34 in ?? ()

#22 0xe6ae0bc0 in ?? ()

#23 0x00000012 in ?? ()

#24 0xc4705880 in ?? ()

#25 0xe6ae0bc0 in ?? ()

#26 0xc47fdc00 in ?? ()

#27 0x00000000 in ?? ()

#28 0xe6ae0bdc in ?? ()

#29 0xc4705880 in ?? ()

#30 0x00000001 in ?? ()

#31 0xc470132c in ?? ()

#32 0x00000001 in ?? ()

#33 0xc4701300 in ?? ()

#34 0xc47fd400 in ?? ()

#35 0xc4705880 in ?? ()

#36 0x00000000 in ?? ()

#37 0xc4a72dd0 in ?? ()

#38 0xe6ae0b54 in ?? ()

#39 0xc05c9798 in vhold (vp=0x0) at /usr/src/sys/kern/vfs_subr.c:2238

#40 0xc07d2156 in VOP_RENAME_APV (vop=0x0, a=0x0) at vnode_if.c:1184

#41 0xc05d55a1 in kern_rename (td=0xc4705880, 

    from=0xbfbfedd3 <Address 0xbfbfedd3 out of bounds>, 

---Type <return> to continue, or q <return> to quit---

    to=0xbfbfe848 <Address 0xbfbfe848 out of bounds>, pathseg=UIO_USERSPACE)

    at vnode_if.h:625

#42 0xc05d5759 in rename (td=0xc4705880, uap=0xe6ae0cfc)

    at /usr/src/sys/kern/vfs_syscalls.c:3292

#43 0xc07bca65 in syscall (frame=0xe6ae0d38)

    at /usr/src/sys/i386/i386/trap.c:1035

#44 0xc07a3a90 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:196

#45 0x00000033 in ?? ()

Previous frame inner to this frame (corrupt stack?)

(kgdb) quit

[root at aquarius:AQUARIUS]# exit


exit


Script done on Thu Jan  3 02:02:58 2008

>How-To-Repeat:
Mount an NTFS partition using ntfs-3g 
Try to move a file from the NTFS partition to e.g. a user's home directory.

Copying, creating and deleting files in the NTFS create no problem.
Moving a file from ufs to NTFS, a message is shown:

mv foobar.zip set flags (00000000): Invalid argument

but the move completes successfully.
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list