Date: Tue, 14 Sep 2010 06:00:10 GMT From: jhell <jhell@DataIX.net> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/150544: Panic, when viewing the list of ZFS snapshots Message-ID: <201009140600.o8E60AlS077728@freefall.freebsd.org>
index | next in thread | raw e-mail
The following reply was made to PR kern/150544; it has been noted by GNATS. From: jhell <jhell@DataIX.net> To: "Vladislav V. Prodan" <universite@ukr.net> Cc: Subject: Re: kern/150544: Panic, when viewing the list of ZFS snapshots Date: Tue, 14 Sep 2010 01:56:36 -0400 This is a multi-part message in MIME format. --------------000303020304060701070902 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/13/2010 18:06, Vladislav V. Prodan wrote: >> Number: 150544 >> Category: kern >> Synopsis: Panic, when viewing the list of ZFS snapshots >> Confidential: no >> Severity: non-critical >> Priority: low >> Responsible: freebsd-bugs >> State: open >> Quarter: >> Keywords: >> Date-Required: >> Class: sw-bug >> Submitter-Id: current-users >> Arrival-Date: Mon Sep 13 22:10:01 UTC 2010 >> Closed-Date: >> Last-Modified: >> Originator: Vladislav V. Prodan >> Release: 9.0-CURRENT amd64 >> Organization: >> Environment: > > http://img835.imageshack.us/img835/1779/capture09142010005524.jpg >> Fix: *UNKNOWN* > Priority of this should be changed to *HIGH* & Severity changed to *Critical*. New synopsis: [ZFS][HIGH][CRIT] amd64 & i386 stable/8-ZFSv15 & HEAD-ZFSv15, Panic, during ls(1) while in snapshot directories. People BCC'd, pjd@ mm@ avg@ stable@ current@ to grab some more attention. Backtraces: I have two available vmcore.37 & 38 along with core.txt.37 & 38. Backtrace 37 attached. Background: Because a normal user can access snapshot directories(.zfs) they have the ability to crash a machine running HEAD or stable/8 with ZFSv15 patches. Workaround: Do not snapshot global readable directories or chmod go-rwx /path/to where the snapshot directory (.zfs) is. Systems effected thus far: FreeBSD/i386 8.1-STABLE r212590M (ZFSv15 patches) FreeBSD 9.0-CURRENT ? ? Possibly 8.1-RELEASE (ZFSv15 patches) Regards, - -- jhell,v -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (FreeBSD) iQEcBAEBAgAGBQJMjw6UAAoJEJBXh4mJ2FR+JUUH/jEQ3NRYhwedW1dbSTNb0bvr LHEWoBz1S+sOERzu5Qlu4Q7QLvbOp2qiUfTmf120DedgxyTKlsRc45I90X7RCp8E LuqfHO6n3aVuXO/9luwqUzHYIgI8KVUTDTiN3wa7HB89NYbpe2BRVhJo16QXoQCf emDXtOcdX7DJWsetrdeTJ/zdCWG1tkEjVtM1KATVLOvx4QXfvxvgYISvGFXPdCWm Cuzb6GoQ/qtSH+dMQKNUppcvhllJRG/uEV0ot0XL35tI3Cj5f5dJqfqAu+kNkGrT eZPbeuDghcFFyK+uLgb9CdGzxAj8k0sJoGL2bOKqC/ZTyYnbNrvN01nA6E2zEsw= =5Ujk -----END PGP SIGNATURE----- --------------000303020304060701070902 Content-Type: text/plain; name="backtrace.txt" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="backtrace.txt" Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x80 fault code = supervisor read, page not present instruction pointer = 0x20:0x80922145 stack pointer = 0x28:0xb4593738 frame pointer = 0x28:0xb4593748 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 7073 (ls) trap number = 12 panic: page fault cpuid = 0 KDB: stack backtrace: db_trace_self_wrapper(8098bd66,b45935d8,80669da9,809ae1aa,0,...) at 0x804e1e38 = db_trace_self_wrapper+0x26 kdb_backtrace(809ae1aa,0,8096e958,b45935e4,0,...) at 0x8069652a = kdb_backtrace+0x29 panic(8096e958,809af581,92eec168,1,1,...) at 0x80669da9 = panic+0x114 trap_fatal(87c10570,0,1,0,8ebdf074,...) at 0x8090cca7 = trap_fatal+0x320 trap_pfault(8a01,b459368c,81673760,b45936a4,92c997f8,...) at 0x8090ceef = trap_pfault+0x23c trap(b45936f8) at 0x8090d7c7 = trap+0x3f9 calltrap() at 0x808f0f0c = calltrap+0x6 --- trap 0xc, eip = 0x80922145, esp = 0xb4593738, ebp = 0xb4593748 --- VOP_LOCK1_APV(80d0fea0,b459375c,b459375c,80a13f80,8b65da78,...) at 0x80922145 = VOP_LOCK1_APV+0x3e _vn_lock(8b65da78,80400,80cee192,1b5,8b65da78,...) at 0x806fdfbc = _vn_lock+0x3d gfs_file_create(54,86e1c53c,86d90000,80d0fea0,18,...) at 0x80c08ea6 = gfs_file_create+0x65 gfs_dir_create(54,86e1c53c,86d90000,80d0fea0,0,...) at 0x80c08f2d = gfs_dir_create+0x2c zfsctl_mknode_shares(86e1c53c,80cee192,308,356,925c2bdc,...) at 0x80c82773 = zfsctl_mknode_shares+0x52 gfs_dir_lookup(86e1c53c,b45938c0,b4593b74,888e8700,0,...) at 0x80c08d69 = gfs_dir_lookup+0x216 zfsctl_root_lookup(86e1c53c,b45938c0,b4593b74,0,0,...) at 0x80c829f1 = zfsctl_root_lookup+0x10a zfsctl_freebsd_root_lookup(b4593a34,b45939e8,200000,b4593b88,b4593a54,...) at 0x80c83029 = zfsctl_freebsd_root_lookup+0xb0 VOP_LOOKUP_APV(80cfbb00,b4593a34,809908ef,1f6,0,...) at 0x80922801 = VOP_LOOKUP_APV+0x48 lookup(b4593b5c,87e53800,400,b4593b7c,0,...) at 0x806e59b4 = lookup+0x5fb namei(b4593b5c,b4593afc,60,0,92eec000,...) at 0x806e68ce = namei+0x57d kern_statat_vnhook(92eec000,200,ffffff9c,304043b8,0,...) at 0x806f6269 = kern_statat_vnhook+0x6c kern_statat(92eec000,200,ffffff9c,304043b8,0,...) at 0x806f63d3 = kern_statat+0x3c kern_lstat(92eec000,304043b8,0,b4593c18,5188ce43,...) at 0x806f640b = kern_lstat+0x36 lstat(92eec000,b4593cf8,c,c,c,...) at 0x806f649f = lstat+0x2b syscall(b4593d38) at 0x8090d1b8 = syscall+0x2ab Xint0x80_syscall() at 0x808f0f71 = Xint0x80_syscall+0x21 --- syscall (190, FreeBSD ELF32, lstat), eip = 0x301c3f73, esp = 0x7fbfe54c, ebp = 0x7fbfe5d8 --- Uptime: 1h2m13s Physical memory: 1009 MB Dumping 458 MB: 443 427 411 395 379 363 347 331 315 299 283 267 251 235 219 203 187 171 155 139 123 107 91 75 59 43 27 11 Reading symbols from /boot/kernel/linprocfs.ko...Reading symbols from /boot/kernel/linprocfs.ko.symbols...done. done. Loaded symbols for /boot/kernel/linprocfs.ko Reading symbols from /boot/kernel/linux.ko...Reading symbols from /boot/kernel/linux.ko.symbols...done. done. Loaded symbols for /boot/kernel/linux.ko Reading symbols from /boot/kernel/linsysfs.ko...Reading symbols from /boot/kernel/linsysfs.ko.symbols...done. done. Loaded symbols for /boot/kernel/linsysfs.ko Reading symbols from /boot/kernel/zfs.ko...Reading symbols from /boot/kernel/zfs.ko.symbols...done. done. Loaded symbols for /boot/kernel/zfs.ko Reading symbols from /boot/kernel/opensolaris.ko...Reading symbols from /boot/kernel/opensolaris.ko.symbols...done. done. Loaded symbols for /boot/kernel/opensolaris.ko Reading symbols from /boot/kernel/lindev.ko...Reading symbols from /boot/kernel/lindev.ko.symbols...done. done. Loaded symbols for /boot/kernel/lindev.ko Reading symbols from /boot/kernel/aio.ko...Reading symbols from /boot/kernel/aio.ko.symbols...done. done. Loaded symbols for /boot/kernel/aio.ko Reading symbols from /boot/kernel/cpufreq.ko...Reading symbols from /boot/kernel/cpufreq.ko.symbols...done. done. Loaded symbols for /boot/kernel/cpufreq.ko Reading symbols from /boot/kernel/ksyms.ko...Reading symbols from /boot/kernel/ksyms.ko.symbols...done. done. Loaded symbols for /boot/kernel/ksyms.ko Reading symbols from /boot/kernel/mqueuefs.ko...Reading symbols from /boot/kernel/mqueuefs.ko.symbols...done. done. Loaded symbols for /boot/kernel/mqueuefs.ko #0 doadump () at pcpu.h:231 231 pcpu.h: No such file or directory. in pcpu.h (kgdb) #0 doadump () at pcpu.h:231 #1 0x80669b51 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:416 #2 0x80669de5 in panic (fmt=Variable "fmt" is not available. ) at /usr/src/sys/kern/kern_shutdown.c:590 #3 0x8090cca7 in trap_fatal (frame=0xb45936f8, eva=128) at /usr/src/sys/i386/i386/trap.c:938 #4 0x8090ceef in trap_pfault (frame=0xb45936f8, usermode=0, eva=128) at /usr/src/sys/i386/i386/trap.c:851 #5 0x8090d7c7 in trap (frame=0xb45936f8) at /usr/src/sys/i386/i386/trap.c:533 #6 0x808f0f0c in calltrap () at /usr/src/sys/i386/i386/exception.s:166 #7 0x80922145 in VOP_LOCK1_APV (vop=0x0, a=0xb459375c) at vnode_if.c:1986 #8 0x806fdfbc in _vn_lock (vp=0x8b65da78, flags=525312, file=0x80cee192 "/usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/gfs.c", line=437) at vnode_if.h:859 #9 0x80c08ea6 in gfs_file_create (size=84, pvp=0x86e1c53c, vfsp=0x86d90000, ops=0x80d0fea0) at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/gfs.c:437 #10 0x80c08f2d in gfs_dir_create (struct_size=84, pvp=0x86e1c53c, vfsp=0x86d90000, ops=0x80d0fea0, entries=0x0, inode_cb=0, maxlen=256, readdir_cb=0, lookup_cb=0) at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/gfs.c:496 #11 0x80c82773 in zfsctl_mknode_shares (pvp=0x86e1c53c) at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c:1146 #12 0x80c08d69 in gfs_dir_lookup (dvp=0x86e1c53c, nm=0xb45938c0 "shares", vpp=0xb4593b74, cr=0x888e8700, flags=0, direntflags=0x0, realpnp=0x0) at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/gfs.c:777 #13 0x80c829f1 in zfsctl_root_lookup (dvp=0x86e1c53c, nm=0xb45938c0 "shares", vpp=0xb4593b74, pnp=0x0, flags=Variable "flags" is not available. ) at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c:506 #14 0x80c83029 in zfsctl_freebsd_root_lookup (ap=0xb4593a34) at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c:541 #15 0x80922801 in VOP_LOOKUP_APV (vop=0x80cfbb00, a=0xb4593a34) at vnode_if.c:123 #16 0x806e59b4 in lookup (ndp=0xb4593b5c) at vnode_if.h:54 #17 0x806e68ce in namei (ndp=0xb4593b5c) at /usr/src/sys/kern/vfs_lookup.c:269 #18 0x806f6269 in kern_statat_vnhook (td=0x92eec000, flag=512, fd=-100, path=0x304043b8 <Address 0x304043b8 out of bounds>, pathseg=UIO_USERSPACE, sbp=0xb4593c18, hook=0) at /usr/src/sys/kern/vfs_syscalls.c:2346 #19 0x806f63d3 in kern_statat (td=0x92eec000, flag=512, fd=-100, path=0x304043b8 <Address 0x304043b8 out of bounds>, pathseg=UIO_USERSPACE, sbp=0xb4593c18) at /usr/src/sys/kern/vfs_syscalls.c:2327 #20 0x806f640b in kern_lstat (td=0x92eec000, path=0x304043b8 <Address 0x304043b8 out of bounds>, pathseg=UIO_USERSPACE, sbp=0xb4593c18) at /usr/src/sys/kern/vfs_syscalls.c:2400 #21 0x806f649f in lstat (td=0x92eec000, uap=0xb4593cf8) at /usr/src/sys/kern/vfs_syscalls.c:2390 #22 0x8090d1b8 in syscall (frame=0xb4593d38) at /usr/src/sys/i386/i386/trap.c:1111 #23 0x808f0f71 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:264 #24 0x00000033 in ?? () Previous frame inner to this frame (corrupt stack?) (kgdb) --------------000303020304060701070902 Content-Type: application/octet-stream; name="backtrace.txt.sig" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="backtrace.txt.sig" iQEcBAABAgAGBQJMjw6UAAoJEJBXh4mJ2FR+pk4H/22ORXAmvGRUZIf11X0Doc66WQndsI+D 2dwQIBwSDs7DWXqt98A2g0w8I7ZfleZdSUeOBpQXifncG5MsMqS7Abhl9PoGUsMTubH0R6Gv +0wUYP+Nt607mOsKk46lG3FyrG2W4yt6h9fInJ3/NOY8nHaJOIZz3i/KS+5/SoRsWCPqVoH+ sZVgBjErAnyDfeoqq9ZTVgJJtG5tnjdxUmKHFB07FzZDwUlpwx/2l7PcBQUNWch8wqZSveTN zB4KdTTCOMaRsSOQDb74JoF9lecb2+bLHapzg0xWKp3MIrmpqE9nSr4nXEKlL2OaqApfDxFC tMQ2a+qtAeU3USDDmW2mnKk= --------------000303020304060701070902--help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201009140600.o8E60AlS077728>