kern/85440: untaring into a too small / crashes the system

Harald Schmalzbauer harry at schmalzbauer.de
Mon Aug 29 15:10:17 GMT 2005 

>Number:         85440
>Category:       kern
>Synopsis:       untaring into a too small / crashes the system
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 29 15:10:16 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Harald Schmalzbauer
>Release:        FreeBSD 6.0-BETA2 i386
>Organization:
>Environment:
System: FreeBSD cale.flintsbach.schmalzbauer.de 6.0-BETA2 FreeBSD 6.0-BETA2 #0: Thu Aug 18 05:29:38 CEST 2005 root@:/usr/obj/usr/src/sys/CALE i386


	
>Description:
	While doing some tests I forgot that O had nothing mounted into /mnt,
	so I extracted a tar archive into / mountpoint.
	Although ther's plenty of free memory, and alos plenty of swap
	the system died when / was full. I know that it's a big mistake and if
	one does such things as superuser the -m n% (8) protection doesn't
	intercept, so it's riky anyway but the machine shouldn't crash IMHO.
>How-To-Repeat:
	Extract a tar archive into / mountpoint which is bigger that root
	filesystem has free.
	Here's the panic:

Aug 2a9 15:59:10 cale kernel: pid 13870 (bsdtar), uid 0 inumber 19217 uon : filesystem ltfull
dtar), uid 0 inu cale kernel: pid 13870 (bs
                mber 19218 on : 
Falesystem full
  tal trap 12: page fault while in kernel mode
fault virtual address   = 0x0
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc075f787
stack pointer           = 0x28:0xdbe5fb3c
frame pointer           = 0x28:0xdbe5fb68
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 888 (kdeinit)
[thread pid 888 tid 100156 ]
Stopped at      generic_bcopy+0x23:     repe movsb      (%esi),%es:(%edi)
db> 
db> trace
Tracing pid 888 tid 100156 td 0xc3037300
generic_bcopy(c2066038,dbe5fb84,64,dbe5fb9c,dbe5fba0) at generic_bcopy+0x23
ptcread(c2bed800,dbe5fcb0,4,0,0) at ptcread+0x190
devfs_read_f(c30915e8,dbe5fcb0,c30fcb80,0,c3037300) at devfs_read_f+0xd4
dofileread(c3037300,b,c30915e8,dbe5fcb0,ffffffff) at dofileread+0xa7
kern_readv(c3037300,b,dbe5fcb0,bfbfd760,400) at kern_readv+0x60
read(c3037300,dbe5fd04,c,dbe5fd2c,c05cde66) at read+0x4f
syscall(805003b,2910003b,bfbf003b,805c000,820b400) at syscall+0x370
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (3, FreeBSD ELF32, read), eip = 0x293cc8cf, esp = 0xbfbfd71c, ebp = 0xbfbfd738 ---
db> 

>Fix:

	


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list