Date: Tue, 25 Oct 2005 17:10:25 GMT From: Kris Kennaway <kris@obsecurity.org> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/87791: Kernel crash when running df Message-ID: <200510251710.j9PHAPXX026322@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/87791; it has been noted by GNATS.
From: Kris Kennaway <kris@obsecurity.org>
To: bug-followup@FreeBSD.org
Cc:
Subject: Re: kern/87791: Kernel crash when running df
Date: Tue, 25 Oct 2005 13:05:21 -0400
Adding to audit trail
----- Forwarded message from kthrow1 <kthrow1@CCRS.NRCan.gc.ca> -----
test-a# kgdb kernel.debug /var/crash/vmcore.0
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so:
Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x0
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc05ff472
stack pointer = 0x28:0xd1737654
frame pointer = 0x28:0xd1737668
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 5619 (df)
trap number = 12
panic: page fault
Uptime: 20h28m31s
Dumping 255 MB (2 chunks)
chunk 0: 1MB (160 pages) ... ok
chunk 1: 255MB (65182 pages) 239 223 207 191 175 159 143 127 111 95 79 63
47 31 15
#0 doadump () at pcpu.h:165
165 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) list *0xc05ff472
0xc05ff472 is in g_io_request (/usr/src/sys/geom/geom_io.c:259).
254 KASSERT(bp->bio_length % cp->provider->sectorsize ==
0,
255 ("wrong length %jd for sectorsize %u",
256 bp->bio_length, cp->provider->sectorsize));
257 }
258
259 g_trace(G_T_BIO, "bio_request(%p) from %p(%s) to %p(%s) cmd
%d",
260 bp, cp, cp->geom->name, pp, pp->name, bp->bio_cmd);
261
262 bp->bio_from = cp;
263 bp->bio_to = pp;
(kgdb) backtrace
#0 doadump () at pcpu.h:165
#1 0xc0637806 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
#2 0xc0637a9c in panic (fmt=0xc084d766 "%s") at
/usr/src/sys/kern/kern_shutdown.c:555
#3 0xc0806e60 in trap_fatal (frame=0xd1737614, eva=0) at
/usr/src/sys/i386/i386/trap.c:831
#4 0xc0806bcb in trap_pfault (frame=0xd1737614, usermode=0, eva=0) at
/usr/src/sys/i386/i386/trap.c:742
#5 0xc0806809 in trap (frame=
{tf_fs = -780992504, tf_es = -1067319256, tf_ds = 40, tf_edi =
-1038245440, tf_esi = 0, tf_ebp = -780962200, tf_isp = -7809622
40, tf_ebx = -1040883580, tf_edx = 2048, tf_ecx = 0, tf_eax = 1, tf_trapno =
12, tf_err = 0, tf_eip = -1067453326, tf_cs = 32, tf_ef
lags = 66178, tf_esp = 1, tf_ss = 0}) at /usr/src/sys/i386/i386/trap.c:432
#6 0xc07f600a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7 0xc05ff472 in g_io_request (bp=0xc1f56084, cp=0xc21da1c0) at
/usr/src/sys/geom/geom_io.c:259
#8 0xc06019bd in g_vfs_strategy (bo=0x1, bp=0xc6666f10) at
/usr/src/sys/geom/geom_vfs.c:106
#9 0xc06098fd in cd9660_strategy (ap=0x1) at
/usr/src/sys/isofs/cd9660/cd9660_vnops.c:755
#10 0xc0816c79 in VOP_STRATEGY_APV (vop=0xc08bc420, a=0xd17376bc) at
vnode_if.c:1796
#11 0xc06813fc in bufstrategy (bo=0xc2018d80, bp=0x1) at vnode_if.h:928
#12 0xc067bd91 in breadn (vp=0xc2018cc0, blkno=0, size=2048, rablkno=0x0,
rabsize=0x0, cnt=0, cred=0x0, bpp=0x1) at buf.h:415
#13 0xc067bcd4 in bread (vp=0xc2018cc0, blkno=0, size=2048, cred=0x0,
bpp=0xd1737748) at /usr/src/sys/kern/vfs_bio.c:719
#14 0xc0606209 in cd9660_blkatoff (vp=0x800, offset=0, res=0x0,
bpp=0xd1737780) at /usr/src/sys/isofs/cd9660/cd9660_lookup.c:406
#15 0xc060890f in cd9660_vget_internal (mp=0xc1797d00, ino=108544, flags=2,
vpp=0xd1737804, relocated=1, isodir=0xc1bd27a8)
at /usr/src/sys/isofs/cd9660/cd9660_vfsops.c:751
#16 0xc06085dd in cd9660_root (mp=0xc1626400, flags=2, vpp=0xd1737804,
td=0xc1ab6d80)
at /usr/src/sys/isofs/cd9660/cd9660_vfsops.c:549
#17 0xc0686a7e in lookup (ndp=0xd17378a0) at
/usr/src/sys/kern/vfs_lookup.c:623
#18 0xc06860ee in namei (ndp=0xd17378a0) at
/usr/src/sys/kern/vfs_lookup.c:203
#19 0xc068fd5f in kern_statfs (td=0xc1ab6d80, path=0x800 <Address 0x800 out
of bounds>, pathseg=2048, buf=0xd1737af4)
at /usr/src/sys/kern/vfs_syscalls.c:251
#20 0xc068fcc1 in statfs (td=0xc1ab6d80, uap=0xd1737d04) at
/usr/src/sys/kern/vfs_syscalls.c:234
#21 0xc0807177 in syscall (frame=
{tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 134540432, tf_esi =
-1077942080, tf_ebp = -1077940968, tf_isp = -780960412, tf_e
bx = 134540048, tf_edx = 110, tf_ecx = 99, tf_eax = 396, tf_trapno = 0,
tf_err = 2, tf_eip = 671886163, tf_cs = 51, tf_eflags = 658,
tf_esp = -1077942228, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:976
#22 0xc07f605f in Xint0x80_syscall () at
/usr/src/sys/i386/i386/exception.s:200
#23 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb)
----- End forwarded message -----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510251710.j9PHAPXX026322>