From owner-freebsd-bugs@FreeBSD.ORG Tue May 30 02:30:21 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 690CA16A7A9 for ; Tue, 30 May 2006 02:30:21 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id DAD6F43D4C for ; Tue, 30 May 2006 02:30:20 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k4U2UFHC098446 for ; Tue, 30 May 2006 02:30:15 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k4U2UFkB098445; Tue, 30 May 2006 02:30:15 GMT (envelope-from gnats) Resent-Date: Tue, 30 May 2006 02:30:15 GMT Resent-Message-Id: <200605300230.k4U2UFkB098445@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Kirk Russell Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0263516A803 for ; Tue, 30 May 2006 02:23:52 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 81A7043D46 for ; Tue, 30 May 2006 02:23:51 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k4U2Npf5013370 for ; Tue, 30 May 2006 02:23:51 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id k4U2NoGU013369; Tue, 30 May 2006 02:23:51 GMT (envelope-from nobody) Message-Id: <200605300223.k4U2NoGU013369@www.freebsd.org> Date: Tue, 30 May 2006 02:23:51 GMT From: Kirk Russell To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Cc: Subject: kern/98116: Crash with sparse files and execve() X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 May 2006 02:30:49 -0000 >Number: 98116 >Category: kern >Synopsis: Crash with sparse files and execve() >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue May 30 02:30:15 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Kirk Russell >Release: 6.1-RELEASE i386 >Organization: http://www.ba23.org/ >Environment: FreeBSD amd.on.kr 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Mon May 29 19:39:51 EDT 2006 root@amd.on.kr:/usr/src/sys/i386/compile/GENERIC i386 >Description: I can reproduce this issue on an alpha AS2100, so it should be a generic kernel issue. It would appear that when I try to exec(), a sparse file, the kernel will crash. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd". Unread portion of the kernel message buffer: panic: vnode_pager_getpages: unexpected missing page: firstaddr: -1, foff: 0x000000000, vnp_size: 0x000005000 Uptime: 4m45s Dumping 127 MB (2 chunks) chunk 0: 1MB (159 pages) ... ok chunk 1: 127MB (32492 pages) 111 95 79 63 47 31 15 #0 doadump () at pcpu.h:165 165 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) bt #0 doadump () at pcpu.h:165 #1 0xc064dee1 in boot (howto=260) at ../../../kern/kern_shutdown.c:402 #2 0xc064e178 in panic ( fmt=0xc08bbde2 "vnode_pager_getpages: unexpected missing page: firstaddr: %jd, foff: 0x%jx%08jx, vnp_size: 0x%jx%08jx") at ../../../kern/kern_shutdown.c:558 #3 0xc07cad09 in vnode_pager_generic_getpages (vp=0xc1ce1990, m=0xcaa84af0, bytecount=16384, reqpage=0) at ../../../vm/vnode_pager.c:812 #4 0xc07a3b91 in ffs_getpages (ap=0xcaa84aa8) at ../../../ufs/ffs/ffs_vnops.c:787 #5 0xc0853755 in VOP_GETPAGES_APV (vop=0x0, a=0x0) at vnode_if.c:2110 #6 0xc07ca743 in vnode_pager_getpages (object=0xc1ce3738, m=0x0, count=0, reqpage=0) at vnode_if.h:1084 #7 0xc06347f0 in exec_map_first_page (imgp=0xcaa84be8) at vm_pager.h:130 #8 0xc0633b68 in do_execve (td=0xc1bd8d80, args=0xcaa84cb4, mac_p=0x0) at ../../../kern/kern_exec.c:394 #9 0xc06338d4 in kern_execve (td=0xc1bd8d80, args=0xcaa84cb4, mac_p=0x0) at ../../../kern/kern_exec.c:258 #10 0xc06337de in execve (td=0xc1bd8d80, uap=0x0) at ../../../kern/kern_exec.c:186 #11 0xc08420ab in syscall (frame= {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 671408800, tf_esi = -1077940828, tf_ebp = -1077940920, tf_isp = -894939804, tf_ebx = 1, tf_edx = -1, tf_ecx = 2, tf_eax = 59, tf_trapno = 12, tf_err = 2, tf_eip = 671914907, tf_cs = 51,---Type to continue, or q to quit--- tf_eflags = 662, tf_esp = -1077940996, tf_ss = 59}) at ../../../i386/i386/trap.c:981 #12 0xc0830cef in Xint0x80_syscall () at ../../../i386/i386/exception.s:200 #13 0x00000033 in ?? () Previous frame inner to this frame (corrupt stack?) (kgdb) frame 6 #6 0xc07ca743 in vnode_pager_getpages (object=0xc1ce3738, m=0x0, count=0, reqpage=0) at vnode_if.h:1084 1084 a.a_offset = offset; (kgdb) print offset No symbol "offset" in current context. (kgdb) print a.a_offset No symbol "a" in current context. (kgdb) print a No symbol "a" in current context. (kgdb) bt #0 doadump () at pcpu.h:165 #1 0xc064dee1 in boot (howto=260) at ../../../kern/kern_shutdown.c:402 #2 0xc064e178 in panic ( fmt=0xc08bbde2 "vnode_pager_getpages: unexpected missing page: firstaddr: %jd, foff: 0x%jx%08jx, vnp_size: 0x%jx%08jx") at ../../../kern/kern_shutdown.c:558 #3 0xc07cad09 in vnode_pager_generic_getpages (vp=0xc1ce1990, m=0xcaa84af0, bytecount=16384, reqpage=0) at ../../../vm/vnode_pager.c:812 #4 0xc07a3b91 in ffs_getpages (ap=0xcaa84aa8) at ../../../ufs/ffs/ffs_vnops.c:787 #5 0xc0853755 in VOP_GETPAGES_APV (vop=0x0, a=0x0) at vnode_if.c:2110 #6 0xc07ca743 in vnode_pager_getpages (object=0xc1ce3738, m=0x0, count=0, reqpage=0) at vnode_if.h:1084 #7 0xc06347f0 in exec_map_first_page (imgp=0xcaa84be8) at vm_pager.h:130 #8 0xc0633b68 in do_execve (td=0xc1bd8d80, args=0xcaa84cb4, mac_p=0x0) at ../../../kern/kern_exec.c:394 #9 0xc06338d4 in kern_execve (td=0xc1bd8d80, args=0xcaa84cb4, mac_p=0x0) at ../../../kern/kern_exec.c:258 #10 0xc06337de in execve (td=0xc1bd8d80, uap=0x0) at ../../../kern/kern_exec.c:186 #11 0xc08420ab in syscall (frame= {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 671408800, tf_esi = -1077940828, tf_ebp = -1077940920, tf_isp = -894939804, tf_ebx = 1, tf_edx = -1, tf_ecx = 2, tf_eax = 59, tf_trapno = 12, tf_err = 2, tf_eip = 671914907, tf_cs = 51,---Type to continue, or q to quit--- tf_eflags = 662, tf_esp = -1077940996, tf_ss = 59}) at ../../../i386/i386/trap.c:981 #12 0xc0830cef in Xint0x80_syscall () at ../../../i386/i386/exception.s:200 #13 0x00000033 in ?? () Copyright (c) 1992-2006 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 6.1-RELEASE #0: Mon May 29 19:39:51 EDT 2006 root@amd.on.kr:/usr/src/sys/i386/compile/GENERIC Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: AMD Athlon(tm) Processor (1210.79-MHz 686-class CPU) Origin = "AuthenticAMD" Id = 0x642 Stepping = 2 Features=0x183f9ff AMD Features=0xc0440800,MMX+,3DNow+,3DNow> real memory = 134135808 (127 MB) avail memory = 121704448 (116 MB) kbd1 at kbdmux0 acpi0: on motherboard acpi0: Power Button (fixed) Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0xe408-0xe40b on acpi0 cpu0: on acpi0 acpi_throttle0: on cpu0 acpi_button0: on acpi0 pcib0: port 0xcf8-0xcff on acpi0 pci0: on pcib0 agp0: mem 0xe6000000-0xe7ffffff at device 0.0 on pci0 pcib1: at device 1.0 on pci0 pci1: on pcib1 isab0: at device 4.0 on pci0 isa0: on isab0 atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xd800-0xd80f at device 4.1 on pci0 ata0: on atapci0 ata1: on atapci0 uhci0: port 0xd000-0xd01f irq 5 at device 4.3 on pci0 uhci0: [GIANT-LOCKED] usb0: on uhci0 usb0: USB revision 1.0 uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered pci0: at device 4.4 (no driver attached) ahc0: port 0xa400-0xa4ff mem 0xe5000000-0xe5000fff irq 5 at device 9.0 on pci0 ahc0: [GIANT-LOCKED] aic7870: Single Channel A, SCSI Id=7, 16/253 SCBs fxp0: port 0xa000-0xa03f mem 0xe4800000-0xe4800fff,0xe4000000-0xe40fffff irq 10 at device 10.0 on pci0 miibus0: on fxp0 inphy0: on miibus0 inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto fxp0: Ethernet address: 00:04:ac:d3:7e:2f ahc1: port 0x9800-0x98ff mem 0xe3800000-0xe3800fff irq 11 at device 11.0 on pci0 ahc1: [GIANT-LOCKED] aic7880: Ultra Wide Channel A, SCSI Id=7, 16/253 SCBs pci0: at device 12.0 (no driver attached) ahc2: port 0x9000-0x90ff mem 0xe1000000-0xe1000fff irq 5 at device 13.0 on pci0 ahc2: [GIANT-LOCKED] aic7880: Ultra Wide Channel A, SCSI Id=7, 16/253 SCBs atapci1: port 0x8800-0x8807,0x8400-0x8403,0x8000-0x8007,0x7800-0x7803,0x7400-0x743f mem 0xe0800000-0xe081ffff irq 11 at devi ce 17.0 on pci0 ata2: on atapci1 ata3: on atapci1 fdc0: port 0x3f2-0x3f5,0x3f7 irq 6 drq 2 on acpi0 fdc0: [FAST] fd0: <1440-KB 3.5" drive> on fdc0 drive 0 ppc0: port 0x378-0x37f,0x778-0x77b irq 7 drq 3 on acpi0 ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode ppc0: FIFO with 16/16/8 bytes threshold ppbus0: on ppc0 plip0: on ppbus0 lpt0: on ppbus0 lpt0: Interrupt-driven port ppi0: on ppbus0 sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 sio0: type 16550A sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0 sio1: type 16550A atkbdc0: port 0x60,0x64 irq 1 on acpi0 atkbd0: irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] psm0: irq 12 on atkbdc0 psm0: [GIANT-LOCKED] psm0: model Generic PS/2 mouse, device ID 0 pmtimer0 on isa0 orm0: at iomem 0xc0000-0xcbfff,0xcc000-0xcc7ff,0xd0000-0xd47ff,0xd8000-0xd87ff on isa0 sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 Timecounter "TSC" frequency 1210791126 Hz quality 800 Timecounters tick every 1.000 msec Waiting 5 seconds for SCSI devices to settle ad0: 8063MB at ata0-master UDMA33 acd0: CDROM at ata1-slave UDMA33 da0 at ahc1 bus 0 target 0 lun 0 da0: Fixed Direct Access SCSI-2 device da0: 40.000MB/s transfers (20.000MHz, offset 8, 16bit), Tagged Queueing Enabled da0: 8678MB (17773500 512 byte sectors: 255H 63S/T 1106C) Trying to mount root from ufs:/dev/da0s1a >How-To-Repeat: $ cat bstg0002.c #include #include #include #include #include #include int main() { extern char **environ; int fd; char *tk[3] = { "/tmp/afile", NULL, NULL }; unlink(tk[0]); /* create a (sparse) file of zeroes */ if ((fd = open(tk[0], O_CREAT|O_RDWR, 0777)) == -1) { errx(1, "%s: %s", "open", strerror(errno)); } else if (ftruncate(fd, 20480) == -1) { errx(1, "%s: %s", "ftruncate", strerror(errno)); } else if (close(fd) == -1) { errx(1, "%s: %s", "close", strerror(errno)); } /* we expect the exec() to fail because file is all zeroes */ execve(tk[0], tk, environ); warn("%s", strerror(errno)); return 0; } $ cc -Wall bstg0002.c $ ./a.out Dump header from device /dev/da0s1b Architecture: i386 Architecture Version: 2 Dump Length: 133742592B (127 MB) Blocksize: 512 Dumptime: Mon May 29 20:13:53 2006 Hostname: amd.on.kr Magic: FreeBSD Kernel Dump Version String: FreeBSD 6.1-RELEASE #0: Mon May 29 19:39:51 EDT 2006 root@amd.on.kr:/usr/src/sys/i386/compile/GENERIC Panic String: vnode_pager_getpages: unexpected missing page: firstaddr: -1, foff: 0x000000000, vnp_size: 0x000005000 Dump Parity: 587650072 Bounds: 5 Dump Status: good >Fix: >Release-Note: >Audit-Trail: >Unformatted: