Site Navigation

Date:      Thu, 30 May 2002 16:34:25 -0700
From:      Kris Kennaway <kris@obsecurity.org>
To:        fs@FreeBSD.org, dillon@FreeBSD.org, dwmalone@FreeBSD.org
Subject:   4.6-RC panicking in nfsd
Message-ID:  <20020530163425.A362@xor.obsecurity.org>

---

next in thread | raw e-mail | index | archive | help

---

--45Z9DzgjV8m4Oswq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

I'm getting reproducible panics from nfsd when trying to serve my
FreeBSD/sparc64 diskless box from my 4.6-RC i386 box.  The panic only
occurs after an hour or so of load. Here's a crashdump.

Kris

panicstr: from debugger
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0xb6343e29
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc02b21e1
stack pointer           = 0x10:0xc64849a0
frame pointer           = 0x10:0xc64849a0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 123 (nfsd)
interrupt mask          = none
panic: from debugger
panic: from debugger
Uptime: 2h11m1s

dumping to dev #da/0x20001, offset 393216
dump 64 63 [CTRL-C to abort] [CTRL-C to abort] 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
---
#0  dumpsys () at ../../kern/kern_shutdown.c:487
487             if (dumping++) {
(kgdb) bt
#0  dumpsys () at ../../kern/kern_shutdown.c:487
#1  0xc017f624 in boot (howto=260) at ../../kern/kern_shutdown.c:316
#2  0xc017fa71 in panic (fmt=0xc02fd3a4 "from debugger")
    at ../../kern/kern_shutdown.c:595
#3  0xc013de81 in db_panic (addr=-1070915103, have_addr=0, count=1,
    modif=0xc648480c "") at ../../ddb/db_command.c:435
#4  0xc013de1f in db_command (last_cmdp=0xc0346978, cmd_table=0xc03467b8,
    aux_cmd_tablep=0xc037ec58) at ../../ddb/db_command.c:333
#5  0xc013dee6 in db_command_loop () at ../../ddb/db_command.c:457
#6  0xc01400b7 in db_trap (type=12, code=0) at ../../ddb/db_trap.c:71
#7  0xc02cfc08 in kdb_trap (type=12, code=0, regs=0xc6484960)
    at ../../i386/i386/db_interface.c:158
#8  0xc02dd5f0 in trap_fatal (frame=0xc6484960, eva=3056877097)
    at ../../i386/i386/trap.c:961
#9  0xc02dd2b1 in trap_pfault (frame=0xc6484960, usermode=0, eva=3056877097)
    at ../../i386/i386/trap.c:859
#10 0xc02dce43 in trap (frame={tf_fs = 16, tf_es = -968359920,
      tf_ds = -1072037872, tf_edi = -1026670592, tf_esi = -1059840000,
      tf_ebp = -968341088, tf_isp = -968341108, tf_ebx = 211421894,
      tf_edx = -1026668305, tf_ecx = 255, tf_eax = -1238090199,
      tf_trapno = 12, tf_err = 0, tf_eip = -1070915103, tf_cs = 8,
      tf_eflags = 66199, tf_esp = -968341044, tf_ss = -1071216755})
    at ../../i386/i386/trap.c:458
#11 0xc02b21e1 in skpc (mask0=255, size=211421894,
    cp0=0xb6343e29 <Address 0xb6343e29 out of bounds>)
    at ../../libkern/skpc.c:50
#12 0xc026878d in ffs_nodealloccg (ip=0xc0fd1d00, cg=45, ipref=552960,
    mode=16832) at ../../ufs/ffs/ffs_alloc.c:1347
#13 0xc0267997 in ffs_hashalloc (ip=0xc0fd1d00, cg=45, pref=552960,
---Type <return> to continue, or q <return> to quit---
    size=16832, allocator=0xc0268650 <ffs_nodealloccg>)
    at ../../ufs/ffs/ffs_alloc.c:863
#14 0xc0267400 in ffs_valloc (pvp=0xc645c0c0, mode=16832, cred=0xc1030784,
    vpp=0xc6484a58) at ../../ufs/ffs/ffs_alloc.c:607
#15 0xc0278f75 in ufs_mkdir (ap=0xc6484c08) at ../../ufs/ufs/ufs_vnops.c:1321
#16 0xc027a124 in ufs_vnoperate (ap=0xc6484c08)
    at ../../ufs/ufs/ufs_vnops.c:2422
#17 0xc0238ee5 in nfsrv_mkdir (nfsd=0xc1030700, slp=0xc0daaa00,
    procp=0xc59f60c0, mrq=0xc6484e04) at vnode_if.h:674
#18 0xc0248240 in nfssvc_nfsd (nsd=0xc6484e64,
    argp=0x807df20 <Address 0x807df20 out of bounds>, p=0xc59f60c0)
    at ../../nfs/nfs_syscalls.c:602
#19 0xc0247b84 in nfssvc (p=0xc59f60c0, uap=0xc6484f80)
    at ../../nfs/nfs_syscalls.c:306
#20 0xc02dd88d in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47,
      tf_edi = -1077936668, tf_esi = 0, tf_ebp = -1077936772,
      tf_isp = -968339500, tf_ebx = 4, tf_edx = 1, tf_ecx = -3, tf_eax = 155,
      tf_trapno = 12, tf_err = 2, tf_eip = 134518648, tf_cs = 31,
      tf_eflags = 643, tf_esp = -1077937200, tf_ss = 47})
    at ../../i386/i386/trap.c:1167
#21 0xc02d0b15 in Xint0x80_syscall ()
Cannot access memory at address 0xbfbffd7c.
(kgdb)

--45Z9DzgjV8m4Oswq
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)

iD8DBQE89rcAWry0BWjoQKURAoUcAKCfTaz3Jok3IqnpNjRYdKHaB9wjDACgxSkh
10GjdHh/CmwRxLAM4Tc983k=
=PfIJ
-----END PGP SIGNATURE-----

--45Z9DzgjV8m4Oswq--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-fs" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020530163425.A362>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact