From owner-freebsd-current@FreeBSD.ORG Mon Nov 8 11:36:10 2010 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C7D04106566B for ; Mon, 8 Nov 2010 11:36:10 +0000 (UTC) (envelope-from freebsd-current@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id 512F78FC19 for ; Mon, 8 Nov 2010 11:36:10 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1PFQ1A-0001hn-UZ for freebsd-current@freebsd.org; Mon, 08 Nov 2010 12:36:08 +0100 Received: from lara.cc.fer.hr ([161.53.72.113]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 08 Nov 2010 12:36:08 +0100 Received: from ivoras by lara.cc.fer.hr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 08 Nov 2010 12:36:08 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-current@freebsd.org From: Ivan Voras Date: Mon, 08 Nov 2010 12:35:55 +0100 Lines: 65 Message-ID: References: <4CD7C8FC.900@icyb.net.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: lara.cc.fer.hr User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.2.12) Gecko/20101102 Thunderbird/3.1.6 In-Reply-To: <4CD7C8FC.900@icyb.net.ua> X-Enigmail-Version: 1.1.2 Cc: freebsd-fs@freebsd.org Subject: Re: another fuse panic X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Nov 2010 11:36:10 -0000 On 11/08/10 10:55, Andriy Gapon wrote: > > JFYI. > Fatal trap 12: page fault while in kernel mode Can you find any set of circumstances which make this repeatable? This panic apparently goes like this: 1) used by devfs_open(): 47 static struct cdevsw fuse_cdevsw = { 48 .d_open = fusedev_open, 2) in fusedev_open(): 119 fdata = fdata_alloc(dev, td->td_ucred); 3) in fdata_alloc(): 297 data->daemoncred = crhold(cred); in other words, td->td_ucred from td passed to fusedev_open (presumably when the device is opened from the userland) appears to be NULL. I don't know if there is any normal set of circumstances under which this is expected. > cpuid = 1; apic id = 01 > fault virtual address = 0x0 > fault code = supervisor write data, page not present > instruction pointer = 0x20:0xffffffff80372a64 > stack pointer = 0x28:0xffffff81265486f0 > frame pointer = 0x28:0xffffff8126548700 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, long 1, def32 0, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 4080 (initial thread) > trap number = 12 > panic: page fault > cpuid = 1 > KDB: stack backtrace: > db_trace_self_wrapper() at 0xffffffff801b9b8a = db_trace_self_wrapper+0x2a > kdb_backtrace() at 0xffffffff803b36ba = kdb_backtrace+0x3a > panic() at 0xffffffff8037c8b2 = panic+0x1d2 > trap_fatal() at 0xffffffff8055b35d = trap_fatal+0x39d > trap_pfault() at 0xffffffff8055b638 = trap_pfault+0x2b8 > trap() at 0xffffffff8055bd33 = trap+0x603 > calltrap() at 0xffffffff80545f78 = calltrap+0x8 > --- trap 0xc, rip = 0xffffffff80372a64, rsp = 0xffffff81265486f0, rbp = > 0xffffff8126548700 --- > crhold() at 0xffffffff80372a64 = crhold+0x4 > fdata_alloc() at 0xffffffff80e17a9f = fdata_alloc+0xcf > fusedev_open() at 0xffffffff80e1896e = fusedev_open+0xae > devfs_open() at 0xffffffff802e8fa7 = devfs_open+0x117 > VOP_OPEN_APV() at 0xffffffff805bb0c4 = VOP_OPEN_APV+0x74 > vn_open_cred() at 0xffffffff804222bd = vn_open_cred+0x4ad > vn_open() at 0xffffffff804223dc = vn_open+0x1c > kern_openat() at 0xffffffff80420bad = kern_openat+0x15d > kern_open() at 0xffffffff80420f29 = kern_open+0x19 > open() at 0xffffffff80420f48 = open+0x18 > syscallenter() at 0xffffffff803c0f9e = syscallenter+0x3be > syscall() at 0xffffffff8055b6b1 = syscall+0x41 > Xfast_syscall() at 0xffffffff80546252 = Xfast_syscall+0xe2 > > NULL pointer is passed as an argument to crhold. >