Date: Tue, 30 May 2006 02:23:51 GMT From: Kirk Russell <kirk@ba23.org> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/98116: Crash with sparse files and execve() Message-ID: <200605300223.k4U2NoGU013369@www.freebsd.org> Resent-Message-ID: <200605300230.k4U2UFkB098445@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 98116 >Category: kern >Synopsis: Crash with sparse files and execve() >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue May 30 02:30:15 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Kirk Russell >Release: 6.1-RELEASE i386 >Organization: http://www.ba23.org/ >Environment: FreeBSD amd.on.kr 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Mon May 29 19:39:51 EDT 2006 root@amd.on.kr:/usr/src/sys/i386/compile/GENERIC i386 >Description: I can reproduce this issue on an alpha AS2100, so it should be a generic kernel issue. It would appear that when I try to exec(), a sparse file, the kernel will crash. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd". Unread portion of the kernel message buffer: panic: vnode_pager_getpages: unexpected missing page: firstaddr: -1, foff: 0x000000000, vnp_size: 0x000005000 Uptime: 4m45s Dumping 127 MB (2 chunks) chunk 0: 1MB (159 pages) ... ok chunk 1: 127MB (32492 pages) 111 95 79 63 47 31 15 #0 doadump () at pcpu.h:165 165 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) bt #0 doadump () at pcpu.h:165 #1 0xc064dee1 in boot (howto=260) at ../../../kern/kern_shutdown.c:402 #2 0xc064e178 in panic ( fmt=0xc08bbde2 "vnode_pager_getpages: unexpected missing page: firstaddr: %jd, foff: 0x%jx%08jx, vnp_size: 0x%jx%08jx") at ../../../kern/kern_shutdown.c:558 #3 0xc07cad09 in vnode_pager_generic_getpages (vp=0xc1ce1990, m=0xcaa84af0, bytecount=16384, reqpage=0) at ../../../vm/vnode_pager.c:812 #4 0xc07a3b91 in ffs_getpages (ap=0xcaa84aa8) at ../../../ufs/ffs/ffs_vnops.c:787 #5 0xc0853755 in VOP_GETPAGES_APV (vop=0x0, a=0x0) at vnode_if.c:2110 #6 0xc07ca743 in vnode_pager_getpages (object=0xc1ce3738, m=0x0, count=0, reqpage=0) at vnode_if.h:1084 #7 0xc06347f0 in exec_map_first_page (imgp=0xcaa84be8) at vm_pager.h:130 #8 0xc0633b68 in do_execve (td=0xc1bd8d80, args=0xcaa84cb4, mac_p=0x0) at ../../../kern/kern_exec.c:394 #9 0xc06338d4 in kern_execve (td=0xc1bd8d80, args=0xcaa84cb4, mac_p=0x0) at ../../../kern/kern_exec.c:258 #10 0xc06337de in execve (td=0xc1bd8d80, uap=0x0) at ../../../kern/kern_exec.c:186 #11 0xc08420ab in syscall (frame= {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 671408800, tf_esi = -1077940828, tf_ebp = -1077940920, tf_isp = -894939804, tf_ebx = 1, tf_edx = -1, tf_ecx = 2, tf_eax = 59, tf_trapno = 12, tf_err = 2, tf_eip = 671914907, tf_cs = 51,---Type <return> to continue, or q <return> to quit--- tf_eflags = 662, tf_esp = -1077940996, tf_ss = 59}) at ../../../i386/i386/trap.c:981 #12 0xc0830cef in Xint0x80_syscall () at ../../../i386/i386/exception.s:200 #13 0x00000033 in ?? () Previous frame inner to this frame (corrupt stack?) (kgdb) frame 6 #6 0xc07ca743 in vnode_pager_getpages (object=0xc1ce3738, m=0x0, count=0, reqpage=0) at vnode_if.h:1084 1084 a.a_offset = offset; (kgdb) print offset No symbol "offset" in current context. (kgdb) print a.a_offset No symbol "a" in current context. (kgdb) print a No symbol "a" in current context. (kgdb) bt #0 doadump () at pcpu.h:165 #1 0xc064dee1 in boot (howto=260) at ../../../kern/kern_shutdown.c:402 #2 0xc064e178 in panic ( fmt=0xc08bbde2 "vnode_pager_getpages: unexpected missing page: firstaddr: %jd, foff: 0x%jx%08jx, vnp_size: 0x%jx%08jx") at ../../../kern/kern_shutdown.c:558 #3 0xc07cad09 in vnode_pager_generic_getpages (vp=0xc1ce1990, m=0xcaa84af0, bytecount=16384, reqpage=0) at ../../../vm/vnode_pager.c:812 #4 0xc07a3b91 in ffs_getpages (ap=0xcaa84aa8) at ../../../ufs/ffs/ffs_vnops.c:787 #5 0xc0853755 in VOP_GETPAGES_APV (vop=0x0, a=0x0) at vnode_if.c:2110 #6 0xc07ca743 in vnode_pager_getpages (object=0xc1ce3738, m=0x0, count=0, reqpage=0) at vnode_if.h:1084 #7 0xc06347f0 in exec_map_first_page (imgp=0xcaa84be8) at vm_pager.h:130 #8 0xc0633b68 in do_execve (td=0xc1bd8d80, args=0xcaa84cb4, mac_p=0x0) at ../../../kern/kern_exec.c:394 #9 0xc06338d4 in kern_execve (td=0xc1bd8d80, args=0xcaa84cb4, mac_p=0x0) at ../../../kern/kern_exec.c:258 #10 0xc06337de in execve (td=0xc1bd8d80, uap=0x0) at ../../../kern/kern_exec.c:186 #11 0xc08420ab in syscall (frame= {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 671408800, tf_esi = -1077940828, tf_ebp = -1077940920, tf_isp = -894939804, tf_ebx = 1, tf_edx = -1, tf_ecx = 2, tf_eax = 59, tf_trapno = 12, tf_err = 2, tf_eip = 671914907, tf_cs = 51,---Type <return> to continue, or q <return> to quit--- tf_eflags = 662, tf_esp = -1077940996, tf_ss = 59}) at ../../../i386/i386/trap.c:981 #12 0xc0830cef in Xint0x80_syscall () at ../../../i386/i386/exception.s:200 #13 0x00000033 in ?? () Copyright (c) 1992-2006 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 6.1-RELEASE #0: Mon May 29 19:39:51 EDT 2006 root@amd.on.kr:/usr/src/sys/i386/compile/GENERIC Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: AMD Athlon(tm) Processor (1210.79-MHz 686-class CPU) Origin = "AuthenticAMD" Id = 0x642 Stepping = 2 Features=0x183f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR> AMD Features=0xc0440800<SYSCALL,<b18>,MMX+,3DNow+,3DNow> real memory = 134135808 (127 MB) avail memory = 121704448 (116 MB) kbd1 at kbdmux0 acpi0: <ASUS A7V-133> on motherboard acpi0: Power Button (fixed) Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0xe408-0xe40b on acpi0 cpu0: <ACPI CPU> on acpi0 acpi_throttle0: <ACPI CPU Throttling> on cpu0 acpi_button0: <Power Button> on acpi0 pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0 pci0: <ACPI PCI bus> on pcib0 agp0: <VIA 82C8363 (Apollo KT133x/KM133) host to PCI bridge> mem 0xe6000000-0xe7ffffff at device 0.0 on pci0 pcib1: <PCI-PCI bridge> at device 1.0 on pci0 pci1: <PCI bus> on pcib1 isab0: <PCI-ISA bridge> at device 4.0 on pci0 isa0: <ISA bus> on isab0 atapci0: <VIA 82C686B UDMA100 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xd800-0xd80f at device 4.1 on pci0 ata0: <ATA channel 0> on atapci0 ata1: <ATA channel 1> on atapci0 uhci0: <VIA 83C572 USB controller> port 0xd000-0xd01f irq 5 at device 4.3 on pci0 uhci0: [GIANT-LOCKED] usb0: <VIA 83C572 USB controller> on uhci0 usb0: USB revision 1.0 uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered pci0: <bridge> at device 4.4 (no driver attached) ahc0: <Adaptec 2940 SCSI adapter> port 0xa400-0xa4ff mem 0xe5000000-0xe5000fff irq 5 at device 9.0 on pci0 ahc0: [GIANT-LOCKED] aic7870: Single Channel A, SCSI Id=7, 16/253 SCBs fxp0: <Intel 82559 Pro/100 Ethernet> port 0xa000-0xa03f mem 0xe4800000-0xe4800fff,0xe4000000-0xe40fffff irq 10 at device 10.0 on pci0 miibus0: <MII bus> on fxp0 inphy0: <i82555 10/100 media interface> on miibus0 inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto fxp0: Ethernet address: 00:04:ac:d3:7e:2f ahc1: <Adaptec 2940 Ultra SCSI adapter> port 0x9800-0x98ff mem 0xe3800000-0xe3800fff irq 11 at device 11.0 on pci0 ahc1: [GIANT-LOCKED] aic7880: Ultra Wide Channel A, SCSI Id=7, 16/253 SCBs pci0: <display, VGA> at device 12.0 (no driver attached) ahc2: <Adaptec 2944 Ultra SCSI adapter> port 0x9000-0x90ff mem 0xe1000000-0xe1000fff irq 5 at device 13.0 on pci0 ahc2: [GIANT-LOCKED] aic7880: Ultra Wide Channel A, SCSI Id=7, 16/253 SCBs atapci1: <Promise PDC20265 UDMA100 controller> port 0x8800-0x8807,0x8400-0x8403,0x8000-0x8007,0x7800-0x7803,0x7400-0x743f mem 0xe0800000-0xe081ffff irq 11 at devi ce 17.0 on pci0 ata2: <ATA channel 0> on atapci1 ata3: <ATA channel 1> on atapci1 fdc0: <floppy drive controller> port 0x3f2-0x3f5,0x3f7 irq 6 drq 2 on acpi0 fdc0: [FAST] fd0: <1440-KB 3.5" drive> on fdc0 drive 0 ppc0: <ECP parallel printer port> port 0x378-0x37f,0x778-0x77b irq 7 drq 3 on acpi0 ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode ppc0: FIFO with 16/16/8 bytes threshold ppbus0: <Parallel port bus> on ppc0 plip0: <PLIP network interface> on ppbus0 lpt0: <Printer> on ppbus0 lpt0: Interrupt-driven port ppi0: <Parallel I/O> on ppbus0 sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 sio0: type 16550A sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0 sio1: type 16550A atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0 atkbd0: <AT Keyboard> irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] psm0: <PS/2 Mouse> irq 12 on atkbdc0 psm0: [GIANT-LOCKED] psm0: model Generic PS/2 mouse, device ID 0 pmtimer0 on isa0 orm0: <ISA Option ROMs> at iomem 0xc0000-0xcbfff,0xcc000-0xcc7ff,0xd0000-0xd47ff,0xd8000-0xd87ff on isa0 sc0: <System console> at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 Timecounter "TSC" frequency 1210791126 Hz quality 800 Timecounters tick every 1.000 msec Waiting 5 seconds for SCSI devices to settle ad0: 8063MB <Maxtor 90845D4 GAS54112> at ata0-master UDMA33 acd0: CDROM <FX4820T/D03A> at ata1-slave UDMA33 da0 at ahc1 bus 0 target 0 lun 0 da0: <COMPAQPC WDE9100W 1.01> Fixed Direct Access SCSI-2 device da0: 40.000MB/s transfers (20.000MHz, offset 8, 16bit), Tagged Queueing Enabled da0: 8678MB (17773500 512 byte sectors: 255H 63S/T 1106C) Trying to mount root from ufs:/dev/da0s1a >How-To-Repeat: $ cat bstg0002.c #include <unistd.h> #include <err.h> #include <errno.h> #include <fcntl.h> #include <string.h> #include <sys/stat.h> int main() { extern char **environ; int fd; char *tk[3] = { "/tmp/afile", NULL, NULL }; unlink(tk[0]); /* create a (sparse) file of zeroes */ if ((fd = open(tk[0], O_CREAT|O_RDWR, 0777)) == -1) { errx(1, "%s: %s", "open", strerror(errno)); } else if (ftruncate(fd, 20480) == -1) { errx(1, "%s: %s", "ftruncate", strerror(errno)); } else if (close(fd) == -1) { errx(1, "%s: %s", "close", strerror(errno)); } /* we expect the exec() to fail because file is all zeroes */ execve(tk[0], tk, environ); warn("%s", strerror(errno)); return 0; } $ cc -Wall bstg0002.c $ ./a.out Dump header from device /dev/da0s1b Architecture: i386 Architecture Version: 2 Dump Length: 133742592B (127 MB) Blocksize: 512 Dumptime: Mon May 29 20:13:53 2006 Hostname: amd.on.kr Magic: FreeBSD Kernel Dump Version String: FreeBSD 6.1-RELEASE #0: Mon May 29 19:39:51 EDT 2006 root@amd.on.kr:/usr/src/sys/i386/compile/GENERIC Panic String: vnode_pager_getpages: unexpected missing page: firstaddr: -1, foff: 0x000000000, vnp_size: 0x000005000 Dump Parity: 587650072 Bounds: 5 Dump Status: good >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200605300223.k4U2NoGU013369>