From owner-freebsd-hackers@FreeBSD.ORG  Tue Dec  2 21:15:53 2008
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F35AA10656DC
	for <freebsd-hackers@freebsd.org>; Tue,  2 Dec 2008 21:15:52 +0000 (UTC)
	(envelope-from kostikbel@gmail.com)
Received: from mail.terabit.net.ua (mail.terabit.net.ua [195.137.202.147])
	by mx1.freebsd.org (Postfix) with ESMTP id 899328FC28
	for <freebsd-hackers@freebsd.org>; Tue,  2 Dec 2008 21:15:52 +0000 (UTC)
	(envelope-from kostikbel@gmail.com)
Received: from skuns.zoral.com.ua ([91.193.166.194] helo=mail.zoral.com.ua)
	by mail.terabit.net.ua with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.63 (FreeBSD)) (envelope-from <kostikbel@gmail.com>)
	id 1L7c25-000FNr-K3; Tue, 02 Dec 2008 22:39:45 +0200
Received: from deviant.kiev.zoral.com.ua (root@deviant.kiev.zoral.com.ua
	[10.1.1.148])
	by mail.zoral.com.ua (8.14.2/8.14.2) with ESMTP id mB2KdfO7014096
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Tue, 2 Dec 2008 22:39:41 +0200 (EET)
	(envelope-from kostikbel@gmail.com)
Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1])
	by deviant.kiev.zoral.com.ua (8.14.3/8.14.3) with ESMTP id
	mB2KdfxA006847; Tue, 2 Dec 2008 22:39:41 +0200 (EET)
	(envelope-from kostikbel@gmail.com)
Received: (from kostik@localhost)
	by deviant.kiev.zoral.com.ua (8.14.3/8.14.3/Submit) id mB2KddMk006845; 
	Tue, 2 Dec 2008 22:39:39 +0200 (EET)
	(envelope-from kostikbel@gmail.com)
X-Authentication-Warning: deviant.kiev.zoral.com.ua: kostik set sender to
	kostikbel@gmail.com using -f
Date: Tue, 2 Dec 2008 22:39:39 +0200
From: Kostik Belousov <kostikbel@gmail.com>
To: Steven Hartland <killing@multiplay.co.uk>
Message-ID: <20081202203939.GD3045@deviant.kiev.zoral.com.ua>
References: <29A6B82D99A749799B4D662ABAE6A960@multiplay.co.uk>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="FCPLy5NpE1Kdjj9y"
Content-Disposition: inline
In-Reply-To: <29A6B82D99A749799B4D662ABAE6A960@multiplay.co.uk>
User-Agent: Mutt/1.4.2.3i
X-Virus-Scanned: ClamAV version 0.93.3,
	clamav-milter version 0.93.3 on skuns.kiev.zoral.com.ua
X-Virus-Status: Clean
X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00
	autolearn=ham version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
	skuns.kiev.zoral.com.ua
X-Virus-Scanned: mail.terabit.net.ua 1L7c25-000FNr-K3
	b580b8bc5d5333e3aa6df7c97c4ce2a2
X-Terabit: YES
Cc: freebsd-hackers@freebsd.org
Subject: Re: unionfs kernel panic on 7.1-PRERELEASE
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Dec 2008 21:15:53 -0000


--FCPLy5NpE1Kdjj9y
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Dec 02, 2008 at 04:42:58PM -0000, Steven Hartland wrote:
> Not sure where to go with this one any help appreciated:-
> FreeBSD dedicated11.multiplay.co.uk 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE=
=20
> #4: Tue Dec  2 16:53:30 UTC 2008=20
> root@dedicated11.multiplay.co.uk:/usr/obj/usr/src/sys/MULTIPLAY  i386
>=20
> kgdb kernel /var/crash/vmcore.1
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you =
are
> welcome to change it and/or distribute copies of it under certain=20
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for detail=
s.
> This GDB was configured as "i386-marcel-freebsd"...
>=20
> Unread portion of the kernel message buffer:
>=20
>=20
> Fatal trap 12: page fault while in kernel mode
> cpuid =3D 0; apic id =3D 00
> fault virtual address   =3D 0x150
> fault code              =3D supervisor read, page not present
> instruction pointer     =3D 0x20:0xc0624115
> stack pointer           =3D 0x28:0xe62c3b80
> frame pointer           =3D 0x28:0xe62c3ba8
> code segment            =3D base 0x0, limit 0xfffff, type 0x1b
>                        =3D DPL 0, pres 1, def32 1, gran 1
> processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
> current process         =3D 763 (srcds_i686)
> trap number             =3D 12
> panic: page fault
> cpuid =3D 0
> Uptime: 2m5s
> Physical memory: 1007 MB
> Dumping 53 MB: 38 22 6
>=20
>=20
> warning: kld_current_sos: Can't read filename: Input/output error
>=20
> Reading symbols from /boot/kernel/acpi.ko...Reading symbols from=20
> /boot/kernel/acpi.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/acpi.ko
> Reading symbols from /boot/kernel/linprocfs.ko...Reading symbols from=20
> /boot/kernel/linprocfs.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/linprocfs.ko
> Reading symbols from /boot/kernel/linux.ko...Reading symbols from=20
> /boot/kernel/linux.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/linux.ko
> Reading symbols from /boot/kernel/unionfs.ko...Reading symbols from=20
> /boot/kernel/unionfs.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/unionfs.ko
> #0  doadump () at pcpu.h:196
> 196     pcpu.h: No such file or directory.
>        in pcpu.h
> (kgdb) list *0xc0624115
> 0xc0624115 is in getvnode (/usr/src/sys/kern/vfs_syscalls.c:3969).
> 3964            fp =3D NULL;
> 3965            if (fdp =3D=3D NULL)
> 3966                    error =3D EBADF;
> 3967            else {
> 3968                    FILEDESC_SLOCK(fdp);
> 3969                    if ((u_int)fd >=3D fdp->fd_nfiles ||
> 3970                        (fp =3D fdp->fd_ofiles[fd]) =3D=3D NULL)
> 3971                            error =3D EBADF;
> 3972                    else if (fp->f_vnode =3D=3D NULL) {
> 3973                            fp =3D NULL;
> (kgdb) bt
> #0  doadump () at pcpu.h:196
> #1  0xc05a0937 in boot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c=
:418
> #2  0xc05a0c09 in panic (fmt=3DVariable "fmt" is not available.
> ) at /usr/src/sys/kern/kern_shutdown.c:574
> #3  0xc072eb8c in trap_fatal (frame=3D0xe62c3b40, eva=3D336) at=20
> /usr/src/sys/i386/i386/trap.c:939
> #4  0xc072ee10 in trap_pfault (frame=3D0xe62c3b40, usermode=3D0, eva=3D33=
6) at=20
> /usr/src/sys/i386/i386/trap.c:852
> #5  0xc072f7cc in trap (frame=3D0xe62c3b40) at=20
> /usr/src/sys/i386/i386/trap.c:530
> #6  0xc071563b in calltrap () at /usr/src/sys/i386/i386/exception.s:159
> #7  0xc0624115 in getvnode (fdp=3D0xc40b4d00, fd=3D4, fpp=3D0xe62c3c70) a=
t=20
> /usr/src/sys/kern/vfs_syscalls.c:3969
> #8  0xc3e2a13d in getdents_common (td=3D0xc408f460, args=3D0xe62c3cfc,=20
> is64bit=3D0) at /usr/src/sys/modules/linux/../../compat/linux/linux_file.=
c:446
> #9  0xc072f165 in syscall (frame=3D0xe62c3d38) at=20
> /usr/src/sys/i386/i386/trap.c:1090
> #10 0xc07156a0 in Xint0x80_syscall () at=20
> /usr/src/sys/i386/i386/exception.s:255
> #11 0x00000033 in ?? ()
> Previous frame inner to this frame (corrupt stack?)
>=20
>=20
> (kgdb) frame 7
> #7  0xc0624115 in getvnode (fdp=3D0xc40b4d00, fd=3D4, fpp=3D0xe62c3c70) a=
t=20
> /usr/src/sys/kern/vfs_syscalls.c:3969
> 3969                    if ((u_int)fd >=3D fdp->fd_nfiles ||
> (kgdb) print *fdp
> $1 =3D {fd_ofiles =3D 0x140, fd_ofileflags =3D 0x154 <Address 0x154 out o=
f=20
> bounds>, fd_cdir =3D 0x168, fd_rdir =3D 0x17c, fd_jdir =3D 0x18c, fd_nfil=
es =3D=20
> 512, fd_map =3D 0xc3bed560, fd_lastfile =3D 4,
>  fd_freefile =3D 5, fd_cmask =3D 18, fd_refcnt =3D 1, fd_holdcnt =3D 1, f=
d_sx =3D=20
>  {lock_object =3D {lo_name =3D 0xc076e1c2 "filedesc structure", lo_type =
=3D=20
> 0xc076e1c2 "filedesc structure", lo_flags =3D 37421056,
>      lo_witness_data =3D {lod_list =3D {stqe_next =3D 0x0}, lod_witness =
=3D 0x0}},=20
>      sx_lock =3D 17, sx_recurse =3D 0}, fd_kqlist =3D {slh_first =3D 0x0}=
,=20
> fd_holdleaderscount =3D 0, fd_holdleaderswakeup =3D 0}
> (kgdb) print fd
> $2 =3D 4
> (kgdb) print fdp->fd_ofiles
> $3 =3D (struct file **) 0x140
> (kgdb) print fdp->fd_ofiles[fd]
> Cannot access memory at address 0x150
> (kgdb) print fdp->fd_ofiles[0]
> Cannot access memory at address 0x140
> (kgdb) print *fdp->fd_ofiles
> Cannot access memory at address 0x140
>=20
> 0xc3e2a13d is in getdents_common=20
> (/usr/src/sys/modules/linux/../../compat/linux/linux_file.c:446).
> 441                     nbytes =3D sizeof(linux_dirent);
> 442                     justone =3D 1;
> 443             } else
> 444                     justone =3D 0;
> 445
> 446             if ((error =3D getvnode(td->td_proc->p_fd, args->fd, &fp)=
) !=3D=20
> 0)
> 447                     return (error);
> 448
> 449             if ((fp->f_flag & FREAD) =3D=3D 0) {
> 450                     fdrop(fp, td);
>=20
> (kgdb) print *args
> $5 =3D {fd_l_ =3D 0xe62c3cfc "\004", fd =3D 4, fd_r_ =3D 0xe62c3d00 "=9C!=
\020\b",=20
> dirent_l_ =3D 0xe62c3d00 "=9C!\020\b", dirent =3D 0x81021b0, dirent_r_ =
=3D=20
> 0xe62c3d04 "", count_l_ =3D 0xe62c3d04 "", count =3D 4096,
>  count_r_ =3D 0xe62c3d08 "=9C!\020\b?? (\234\235??"}

Is it reproducable ?

The start of *fdp structure looks very suspicious,
fd_ofiles =3D 0x140, fd_ofileflags =3D 0x154, fd_cdir =3D 0x168, fd_rdir =
=3D 0x17c,
fd_jdir =3D 0x18c
The values are consequently increasing by 0x14, except fd_jdir, and
pointer values are wrong for kernel.

--FCPLy5NpE1Kdjj9y
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)

iEYEARECAAYFAkk1nQsACgkQC3+MBN1Mb4gVpwCdHk1NtUqQTWChA84F2MSsIG4P
giQAn0LgFL/NzLWhosL0KSzIAe7KXG7W
=d90K
-----END PGP SIGNATURE-----

--FCPLy5NpE1Kdjj9y--