From owner-freebsd-stable@FreeBSD.ORG Fri Apr 6 18:42:02 2007 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D088C16A40A for ; Fri, 6 Apr 2007 18:42:02 +0000 (UTC) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.freebsd.org (Postfix) with ESMTP id BDF3813C4AD for ; Fri, 6 Apr 2007 18:42:02 +0000 (UTC) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id 4215C1A3C1C; Fri, 6 Apr 2007 11:42:03 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 06859513EB; Fri, 6 Apr 2007 14:42:01 -0400 (EDT) Date: Fri, 6 Apr 2007 14:42:00 -0400 From: Kris Kennaway To: Tom Judge Message-ID: <20070406184200.GA62383@xor.obsecurity.org> References: <46161B62.4070505@tomjudge.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="sm4nu43k4a2Rpi4c" Content-Disposition: inline In-Reply-To: <46161B62.4070505@tomjudge.com> User-Agent: Mutt/1.4.2.2i Cc: freebsd-stable@freebsd.org Subject: Re: Repeatable crash with mkdir causing a divide by zero error X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Apr 2007 18:42:02 -0000 --sm4nu43k4a2Rpi4c Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Apr 06, 2007 at 11:05:22AM +0100, Tom Judge wrote: > Hi, >=20 > I have seen some problems with a new file system that I created=20 > yesterday in that I could repeatedly get the system to crash in with a=20 > mkdir. >=20 > Here is the disk information > mfid1: on mfi1 > mfid1: 5716992MB (11708399616 sectors) RAID volume 'Images' is optimal >=20 > I created a new file system tuned for 64k blocks, an average file size=20 > of 1Mb, and 2500 files per directory. >=20 > newfs -b 65535 -g 1048576 -h 2500 /dev/mfid1p1 > mount /dev/mfid1p1 /compere > mkdir /compere/images > mkdir /compere/images/1999 >=20 > (Also tested with mkdir test; mkdir test/1998) >=20 > The system is and amd64 system running 6.2-RELEASE and the pmap.c patch.= =20 > I have 3 cores cause by 3 different apps (rsync, gmkdir, mkdir) and=20 > can provide any more information if required. I have attached a back=20 > trace, unfortunatly I cannot do any testing as the system is now in=20 > testing (newfs -b 65535 -g 1048576 /dev/mfid1p1 was used and seems not=20 > to cause the bug). This might be simple to fix, but please file a PR if it does not get picked up by someone on this list. Kris >=20 >=20 > kgdb /usr/obj/usr/src/sys/PE2950/kernel.debug /var/crash/vmcore.2 > [GDB will not be able to debug user-mode threads:=20 > /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"] > GNU gdb 6.1.1 [FreeBSD] > Copyright 2004 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and you = are > welcome to change it and/or distribute copies of it under certain=20 > conditions. > Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. Type "show warranty" for detail= s. > This GDB was configured as "amd64-marcel-freebsd". >=20 > Unread portion of the kernel message buffer: >=20 >=20 > Fatal trap 18: integer divide fault while in kernel mode > cpuid =3D 0; apic id =3D 00 > instruction pointer =3D 0x8:0xffffffff80391347 > stack pointer =3D 0x10:0xffffffffa78736f0 > frame pointer =3D 0x10:0xffffff0001d7a600 > code segment =3D base 0x0, limit 0xfffff, type 0x1b > =3D DPL 0, pres 1, long 1, def32 0, gran 1 > processor eflags =3D interrupt enabled, resume, IOPL =3D 0 > current process =3D 1206 (mkdir) > trap number =3D 18 > panic: integer divide fault > cpuid =3D 0 > Uptime: 4m29s > Dumping 1023 MB (2 chunks) > chunk 0: 1MB (156 pages) ... ok > chunk 1: 1023MB (261800 pages) 1007 991 975 959 943 927 911 895 879=20 > 863 847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591= =20 > 575 559 543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303= =20 > 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15 >=20 > #0 doadump () at pcpu.h:172 > 172 pcpu.h: No such file or directory. > in pcpu.h > (kgdb) bt > #0 doadump () at pcpu.h:172 > #1 0x0000000000000004 in ?? () > #2 0xffffffff8029a557 in boot (howto=3D260) at=20 > /usr/src/sys/kern/kern_shutdown.c:409 > #3 0xffffffff8029abf1 in panic (fmt=3D0xffffff0029753000 "X?/") at=20 > /usr/src/sys/kern/kern_shutdown.c:565 > #4 0xffffffff803f62ff in trap_fatal (frame=3D0xffffff0029753000,=20 > eva=3D18446742974994109272) at /usr/src/sys/amd64/amd64/trap.c:660 > #5 0xffffffff803f67a2 in trap (frame=3D > {tf_rdi =3D 0, tf_rsi =3D 0, tf_rdx =3D 0, tf_rcx =3D 1951858688, t= f_r8 =3D=20 > 2500, tf_r9 =3D 2975, tf_rax =3D 1951858688, tf_rbx =3D -2050457600, tf_r= bp =3D=20 > -1099480717824, tf_r10 =3D 246016, tf_r11 =3D 184512, tf_r12 =3D=20 > -1098707543808, tf_r13 =3D 246015, tf_r14 =3D -2050457600, tf_r15 =3D 255= ,=20 > tf_trapno =3D 18, tf_addr =3D 0, tf_flags =3D 2147483648012, tf_err =3D 0= ,=20 > tf_rip =3D -2143743161, tf_cs =3D 8, tf_rflags =3D 66182, tf_rsp =3D=20 > -1484310784, tf_ss =3D 16}) at /usr/src/sys/amd64/amd64/trap.c:469 > #6 0xffffffff803e1a6b in calltrap () at=20 > /usr/src/sys/amd64/amd64/exception.S:168 > #7 0xffffffff80391347 in ffs_valloc (pvp=3D0xffffff002f24d7c0,=20 > mode=3D16877, cred=3D0x0, vpp=3D0xffffffffa7873798) at libkern.h:56 > #8 0xffffffff803b8a5e in ufs_mkdir (ap=3D0xffffffffa78739a0) at=20 > /usr/src/sys/ufs/ufs/ufs_vnops.c:1386 > #9 0xffffffff8043b355 in VOP_MKDIR_APV (vop=3D0x74570000,=20 > a=3D0xffffffffa78739a0) at vnode_if.c:1251 > #10 0xffffffff80310e19 in kern_mkdir (td=3D0xffffff002f24d7c0,=20 > path=3D0xffffff003dabe400 "", segflg=3D4, mode=3D511) at vnode_if.h:653 > #11 0xffffffff803f7151 in syscall (frame=3D > {tf_rdi =3D 140737488348678, tf_rsi =3D 511, tf_rdx =3D 4294967295,= =20 > tf_rcx =3D 1, tf_r8 =3D 0, tf_r9 =3D 140737488347272, tf_rax =3D 136, tf_= rbx =3D=20 > 2, tf_rbp =3D 140737488348024, tf_r10 =3D 4294967295, tf_r11 =3D 582, tf_= r12 =3D=20 > 140737488348678, tf_r13 =3D 140737488348008, tf_r14 =3D 0, tf_r15 =3D 0,= =20 > tf_trapno =3D 12, tf_addr =3D 34367037072, tf_flags =3D 0, tf_err =3D 2, = tf_rip=20 > =3D 34367037084, tf_cs =3D 43, tf_rflags =3D 518, tf_rsp =3D 140737488347= 720,=20 > tf_ss =3D 35}) > at /usr/src/sys/amd64/amd64/trap.c:792 > #12 0xffffffff803e1c08 in Xfast_syscall () at=20 > /usr/src/sys/amd64/amd64/exception.S:270 > #13 0x00000008006f5e9c in ?? () > Previous frame inner to this frame (corrupt stack?) > (kgdb) frame 7 > #7 0xffffffff80391347 in ffs_valloc (pvp=3D0xffffff002f24d7c0,=20 > mode=3D16877, cred=3D0x0, vpp=3D0xffffffffa7873798) at libkern.h:56 > 56 static __inline u_int min(u_int a, u_int b) { return (a < b ? a= =20 > : b); } > (kgdb) list > 51 static __inline int imax(int a, int b) { return (a > b ? a : b); } > 52 static __inline int imin(int a, int b) { return (a < b ? a : b); } > 53 static __inline long lmax(long a, long b) { return (a > b ? a := =20 > b); } > 54 static __inline long lmin(long a, long b) { return (a < b ? a := =20 > b); } > 55 static __inline u_int max(u_int a, u_int b) { return (a > b ? a= =20 > : b); } > 56 static __inline u_int min(u_int a, u_int b) { return (a < b ? a= =20 > : b); } > 57 static __inline quad_t qmax(quad_t a, quad_t b) { return (a > b= =20 > ? a : b); } > 58 static __inline quad_t qmin(quad_t a, quad_t b) { return (a < b= =20 > ? a : b); } > 59 static __inline u_long ulmax(u_long a, u_long b) { return (a > b= =20 > ? a : b); } > 60 static __inline u_long ulmin(u_long a, u_long b) { return (a < b= =20 > ? a : b); } > (kgdb) frame 8 > #8 0xffffffff803b8a5e in ufs_mkdir (ap=3D0xffffffffa78739a0) at=20 > /usr/src/sys/ufs/ufs/ufs_vnops.c:1386 > 1386 error =3D UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp); > (kgdb) list > 1381 /* > 1382 * Must simulate part of ufs_makeinode here to acquire=20 > the inode, > 1383 * but not have it entered in the parent directory. The= =20 > entry is > 1384 * made later after writing "." and ".." entries. > 1385 */ > 1386 error =3D UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp); > 1387 if (error) > 1388 goto out; > 1389 ip =3D VTOI(tvp); > 1390 ip->i_gid =3D dp->i_gid; > (kgdb) > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >=20 --sm4nu43k4a2Rpi4c Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGFpR4Wry0BWjoQKURAv4mAKCJbuC3VqgYrJ0BZ4YvPEcDOD5wOgCg2yCw jk0LOG7L1QmSu3GjO8L0hds= =KD4L -----END PGP SIGNATURE----- --sm4nu43k4a2Rpi4c--