Site Navigation

Date:      Tue, 2 Dec 2008 22:39:39 +0200
From:      Kostik Belousov <kostikbel@gmail.com>
To:        Steven Hartland <killing@multiplay.co.uk>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: unionfs kernel panic on 7.1-PRERELEASE
Message-ID:  <20081202203939.GD3045@deviant.kiev.zoral.com.ua>
In-Reply-To: <29A6B82D99A749799B4D662ABAE6A960@multiplay.co.uk>
References:  <29A6B82D99A749799B4D662ABAE6A960@multiplay.co.uk>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

--FCPLy5NpE1Kdjj9y
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Dec 02, 2008 at 04:42:58PM -0000, Steven Hartland wrote:
> Not sure where to go with this one any help appreciated:-
> FreeBSD dedicated11.multiplay.co.uk 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE=
=20
> #4: Tue Dec  2 16:53:30 UTC 2008=20
> root@dedicated11.multiplay.co.uk:/usr/obj/usr/src/sys/MULTIPLAY  i386
>=20
> kgdb kernel /var/crash/vmcore.1
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you =
are
> welcome to change it and/or distribute copies of it under certain=20
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for detail=
s.
> This GDB was configured as "i386-marcel-freebsd"...
>=20
> Unread portion of the kernel message buffer:
>=20
>=20
> Fatal trap 12: page fault while in kernel mode
> cpuid =3D 0; apic id =3D 00
> fault virtual address   =3D 0x150
> fault code              =3D supervisor read, page not present
> instruction pointer     =3D 0x20:0xc0624115
> stack pointer           =3D 0x28:0xe62c3b80
> frame pointer           =3D 0x28:0xe62c3ba8
> code segment            =3D base 0x0, limit 0xfffff, type 0x1b
>                        =3D DPL 0, pres 1, def32 1, gran 1
> processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
> current process         =3D 763 (srcds_i686)
> trap number             =3D 12
> panic: page fault
> cpuid =3D 0
> Uptime: 2m5s
> Physical memory: 1007 MB
> Dumping 53 MB: 38 22 6
>=20
>=20
> warning: kld_current_sos: Can't read filename: Input/output error
>=20
> Reading symbols from /boot/kernel/acpi.ko...Reading symbols from=20
> /boot/kernel/acpi.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/acpi.ko
> Reading symbols from /boot/kernel/linprocfs.ko...Reading symbols from=20
> /boot/kernel/linprocfs.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/linprocfs.ko
> Reading symbols from /boot/kernel/linux.ko...Reading symbols from=20
> /boot/kernel/linux.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/linux.ko
> Reading symbols from /boot/kernel/unionfs.ko...Reading symbols from=20
> /boot/kernel/unionfs.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/unionfs.ko
> #0  doadump () at pcpu.h:196
> 196     pcpu.h: No such file or directory.
>        in pcpu.h
> (kgdb) list *0xc0624115
> 0xc0624115 is in getvnode (/usr/src/sys/kern/vfs_syscalls.c:3969).
> 3964            fp =3D NULL;
> 3965            if (fdp =3D=3D NULL)
> 3966                    error =3D EBADF;
> 3967            else {
> 3968                    FILEDESC_SLOCK(fdp);
> 3969                    if ((u_int)fd >=3D fdp->fd_nfiles ||
> 3970                        (fp =3D fdp->fd_ofiles[fd]) =3D=3D NULL)
> 3971                            error =3D EBADF;
> 3972                    else if (fp->f_vnode =3D=3D NULL) {
> 3973                            fp =3D NULL;
> (kgdb) bt
> #0  doadump () at pcpu.h:196
> #1  0xc05a0937 in boot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c=
:418
> #2  0xc05a0c09 in panic (fmt=3DVariable "fmt" is not available.
> ) at /usr/src/sys/kern/kern_shutdown.c:574
> #3  0xc072eb8c in trap_fatal (frame=3D0xe62c3b40, eva=3D336) at=20
> /usr/src/sys/i386/i386/trap.c:939
> #4  0xc072ee10 in trap_pfault (frame=3D0xe62c3b40, usermode=3D0, eva=3D33=
6) at=20
> /usr/src/sys/i386/i386/trap.c:852
> #5  0xc072f7cc in trap (frame=3D0xe62c3b40) at=20
> /usr/src/sys/i386/i386/trap.c:530
> #6  0xc071563b in calltrap () at /usr/src/sys/i386/i386/exception.s:159
> #7  0xc0624115 in getvnode (fdp=3D0xc40b4d00, fd=3D4, fpp=3D0xe62c3c70) a=
t=20
> /usr/src/sys/kern/vfs_syscalls.c:3969
> #8  0xc3e2a13d in getdents_common (td=3D0xc408f460, args=3D0xe62c3cfc,=20
> is64bit=3D0) at /usr/src/sys/modules/linux/../../compat/linux/linux_file.=
c:446
> #9  0xc072f165 in syscall (frame=3D0xe62c3d38) at=20
> /usr/src/sys/i386/i386/trap.c:1090
> #10 0xc07156a0 in Xint0x80_syscall () at=20
> /usr/src/sys/i386/i386/exception.s:255
> #11 0x00000033 in ?? ()
> Previous frame inner to this frame (corrupt stack?)
>=20
>=20
> (kgdb) frame 7
> #7  0xc0624115 in getvnode (fdp=3D0xc40b4d00, fd=3D4, fpp=3D0xe62c3c70) a=
t=20
> /usr/src/sys/kern/vfs_syscalls.c:3969
> 3969                    if ((u_int)fd >=3D fdp->fd_nfiles ||
> (kgdb) print *fdp
> $1 =3D {fd_ofiles =3D 0x140, fd_ofileflags =3D 0x154 <Address 0x154 out o=
f=20
> bounds>, fd_cdir =3D 0x168, fd_rdir =3D 0x17c, fd_jdir =3D 0x18c, fd_nfil=
es =3D=20
> 512, fd_map =3D 0xc3bed560, fd_lastfile =3D 4,
>  fd_freefile =3D 5, fd_cmask =3D 18, fd_refcnt =3D 1, fd_holdcnt =3D 1, f=
d_sx =3D=20
>  {lock_object =3D {lo_name =3D 0xc076e1c2 "filedesc structure", lo_type =
=3D=20
> 0xc076e1c2 "filedesc structure", lo_flags =3D 37421056,
>      lo_witness_data =3D {lod_list =3D {stqe_next =3D 0x0}, lod_witness =
=3D 0x0}},=20
>      sx_lock =3D 17, sx_recurse =3D 0}, fd_kqlist =3D {slh_first =3D 0x0}=
,=20
> fd_holdleaderscount =3D 0, fd_holdleaderswakeup =3D 0}
> (kgdb) print fd
> $2 =3D 4
> (kgdb) print fdp->fd_ofiles
> $3 =3D (struct file **) 0x140
> (kgdb) print fdp->fd_ofiles[fd]
> Cannot access memory at address 0x150
> (kgdb) print fdp->fd_ofiles[0]
> Cannot access memory at address 0x140
> (kgdb) print *fdp->fd_ofiles
> Cannot access memory at address 0x140
>=20
> 0xc3e2a13d is in getdents_common=20
> (/usr/src/sys/modules/linux/../../compat/linux/linux_file.c:446).
> 441                     nbytes =3D sizeof(linux_dirent);
> 442                     justone =3D 1;
> 443             } else
> 444                     justone =3D 0;
> 445
> 446             if ((error =3D getvnode(td->td_proc->p_fd, args->fd, &fp)=
) !=3D=20
> 0)
> 447                     return (error);
> 448
> 449             if ((fp->f_flag & FREAD) =3D=3D 0) {
> 450                     fdrop(fp, td);
>=20
> (kgdb) print *args
> $5 =3D {fd_l_ =3D 0xe62c3cfc "\004", fd =3D 4, fd_r_ =3D 0xe62c3d00 "=9C!=
\020\b",=20
> dirent_l_ =3D 0xe62c3d00 "=9C!\020\b", dirent =3D 0x81021b0, dirent_r_ =
=3D=20
> 0xe62c3d04 "", count_l_ =3D 0xe62c3d04 "", count =3D 4096,
>  count_r_ =3D 0xe62c3d08 "=9C!\020\b?? (\234\235??"}

Is it reproducable ?

The start of *fdp structure looks very suspicious,
fd_ofiles =3D 0x140, fd_ofileflags =3D 0x154, fd_cdir =3D 0x168, fd_rdir =
=3D 0x17c,
fd_jdir =3D 0x18c
The values are consequently increasing by 0x14, except fd_jdir, and
pointer values are wrong for kernel.

--FCPLy5NpE1Kdjj9y
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)

iEYEARECAAYFAkk1nQsACgkQC3+MBN1Mb4gVpwCdHk1NtUqQTWChA84F2MSsIG4P
giQAn0LgFL/NzLWhosL0KSzIAe7KXG7W
=d90K
-----END PGP SIGNATURE-----

--FCPLy5NpE1Kdjj9y--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081202203939.GD3045>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact