Date: Sat, 24 Feb 2018 13:41:14 -0500 From: Ryan Stone <rysto32@gmail.com> To: Konstantin Belousov <kostikbel@gmail.com> Cc: FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: Panic in prison_alloc() on boot Message-ID: <CAFMmRNxCD0oCf-x0tRLvCs27AtpxxH2jq74yeB2HEEgZ=74wOg@mail.gmail.com> In-Reply-To: <20180212085852.GA94212@kib.kiev.ua> References: <CAFMmRNxCQpXCbC29=3bfmWmUxGmnVgZbxuoCesBEL3gBLwPuwg@mail.gmail.com> <20180212085852.GA94212@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Sorry for the late reply. Panicking this system is a bit painful, but
I found some time to do it today.
Strangely, it's actually cred that is NULL, not cred->cr_prison:
(kgdb) p cred
$7 = (struct ucred *) 0x0
(kgdb) disassemble
Dump of assembler code for function prison_allow:
0xffffffff80ac33e0 <+0>: push %rbp
0xffffffff80ac33e1 <+1>: mov %rsp,%rbp
=> 0xffffffff80ac33e4 <+4>: mov 0x30(%rdi),%rax
0xffffffff80ac33e8 <+8>: and 0xf8(%rax),%esi
0xffffffff80ac33ee <+14>: mov %esi,%eax
0xffffffff80ac33f0 <+16>: pop %rbp
0xffffffff80ac33f1 <+17>: retq
End of assembler dump.
(kgdb) info reg $rdi
rdi 0x0 0
However, if I go up a frame, things look fine?
(kgdb) up
#13 0xffffffff82c22531 in nullfs_mount (mp=0xfffff801a483d000)
at /usr/src/sys/fs/nullfs/null_vfsops.c:88
88 if (!prison_allow(td->td_ucred, PR_ALLOW_MOUNT_NULLFS))
(kgdb) p td->td_ucred
$8 = (struct ucred *) 0xfffff801854c1700
This appears to be a miscompilation, but I've blown away
/usr/obj/usr/src multiple times and rebuilt and got this same error
every time. But looking at the disassembly, something is definitely
wrong:
0xffffffff82c22517 <+23>: mov %gs:0x0,%r14
0xffffffff82c22520 <+32>: mov 0x150(%r14),%rdi
0xffffffff82c22527 <+39>: mov $0x100,%esi
0xffffffff82c2252c <+44>: callq 0xffffffff80ac33e0 <prison_allow>
=> 0xffffffff82c22531 <+49>: test %eax,%eax
(kgdb) p &((struct thread*)0)->td_ucred
$10 = (struct ucred **) 0x158
It uses offset 0x150 to get the cred, but the debug info claims that
td_ucred is at offset 0x158. If I print out the pointer at that
offset, it looks reasonable:
(kgdb) p *td->td_ucred
$11 = {cr_ref = 107, cr_uid = 0, cr_ruid = 0, cr_svuid = 0, cr_ngroups = 1,
cr_rgid = 0, cr_svgid = 0, cr_uidinfo = 0xfffff80106617000,
cr_ruidinfo = 0xfffff80106617000, cr_prison = 0xffffffff8187cb70 <prison0>,
cr_loginclass = 0xfffff8019fa43b00, cr_flags = 0, cr_pspare2 = {0x0, 0x0},
cr_label = 0x0, cr_audit = {ai_auid = 4294967295, ai_mask = {am_success = 0,
am_failure = 0}, ai_termid = {at_port = 0, at_type = 4, at_addr = {0, 0,
0, 0}}, ai_asid = 0, ai_flags = 0}, cr_groups = 0xfffff801854c179c,
cr_agroups = 16, cr_smallgroups = {0 <repeats 16 times>}}
I'm really at a loss at to what to try next. Build with
MAKEOBJDIRPREFIX set to something else to get rid of any lingering
possibility of an issue in my objdir, I guess?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFMmRNxCD0oCf-x0tRLvCs27AtpxxH2jq74yeB2HEEgZ=74wOg>