Date: Sun, 6 Dec 2009 20:18:13 +0200 From: Kostik Belousov <kostikbel@gmail.com> To: Mikolaj Golub <to.my.trociny@gmail.com> Cc: FreeBSD Stable <freebsd-stable@freebsd.org> Subject: Re: FreeBSD 7.1: QUOTA: kernel panics in jailed() Message-ID: <20091206181813.GR43143@deviant.kiev.zoral.com.ua> In-Reply-To: <86ws1180sr.fsf@kopusha.onet> References: <86ws1180sr.fsf@kopusha.onet>
next in thread | previous in thread | raw e-mail | index | archive | help
--jh06fhy6YTawvwPV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Dec 06, 2009 at 01:21:24AM +0200, Mikolaj Golub wrote: > Hi, >=20 > Today we have observed the panic on our FreeBSD7.1 box build with QUOTA > support. >=20 > According to backtrace ffs_truncate() called chkdq() with NOCRED but later > jailed() was called and the system crashed dereferencing cred->cr_prison. >=20 > GNU gdb 6.1.1 [FreeBSD] > Copyright 2004 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and you = are > welcome to change it and/or distribute copies of it under certain conditi= ons. > Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. Type "show warranty" for detail= s. > This GDB was configured as "i386-marcel-freebsd"... >=20 > Unread portion of the kernel message buffer: >=20 >=20 > Fatal trap 12: page fault while in kernel mode > cpuid =3D 7; apic id =3D 07 > fault virtual address =3D 0x64 > fault code =3D supervisor read, page not present > instruction pointer =3D 0x20:0xc07a1d26 > stack pointer =3D 0x28:0xedb2d8b8 > frame pointer =3D 0x28:0xedb2d8b8 > code segment =3D base 0x0, limit 0xfffff, type 0x1b > =3D DPL 0, pres 1, def32 1, gran 1 > processor eflags =3D interrupt enabled, resume, IOPL =3D 0 > current process =3D 9742 (icoms_agent_cox476) > trap number =3D 12 > panic: page fault > cpuid =3D 7 > Uptime: 19h54m4s > Physical memory: 3315 MB > Dumping 326 MB: 311 295 279 263 247 231 215 199 183 167 151 135 119 103 8= 7 71 55 39 23 7 >=20 > Reading symbols from /boot/kernel/if_lagg.ko...Reading symbols from /boot= /kernel/if_lagg.ko.symbols...done. > done. > Loaded symbols for /boot/kernel/if_lagg.ko > Reading symbols from /boot/kernel/acpi.ko...Reading symbols from /boot/ke= rnel/acpi.ko.symbols...done. > done. > Loaded symbols for /boot/kernel/acpi.ko > #0 doadump () at pcpu.h:196 > 196 pcpu.h: No such file or directory. > in pcpu.h > (kgdb) bt > #0 doadump () at pcpu.h:196 > #1 0xc07c2b27 in boot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c= :418 > #2 0xc07c2df9 in panic (fmt=3DVariable "fmt" is not available. > ) at /usr/src/sys/kern/kern_shutdown.c:574 > #3 0xc0ada1ec in trap_fatal (frame=3D0xedb2d878, eva=3D100) at /usr/src/= sys/i386/i386/trap.c:939 > #4 0xc0ada470 in trap_pfault (frame=3D0xedb2d878, usermode=3D0, eva=3D10= 0) at /usr/src/sys/i386/i386/trap.c:852 > #5 0xc0adae2c in trap (frame=3D0xedb2d878) at /usr/src/sys/i386/i386/tra= p.c:530 > #6 0xc0ac0c9b in calltrap () at /usr/src/sys/i386/i386/exception.s:159 > #7 0xc07a1d26 in jailed (cred=3D0x0) at /usr/src/sys/kern/kern_jail.c:465 > #8 0xc07a1da5 in prison_priv_check (cred=3D0x0, priv=3D320) at /usr/src/= sys/kern/kern_jail.c:581 > #9 0xc07b62ce in priv_check_cred (cred=3D0x0, priv=3D320, flags=3D0) at = /usr/src/sys/kern/kern_priv.c:86 > #10 0xc09e742d in chkdq (ip=3D0xcb55c980, change=3D28, cred=3D0x0, flags= =3DVariable "flags" is not available. > ) > at /usr/src/sys/ufs/ufs/ufs_quota.c:188 > #11 0xc09c24f7 in ffs_truncate (vp=3D0xcac04cf0, length=3D0, flags=3D2048= , cred=3D0xc9871d00, td=3D0xc95d28c0) > at /usr/src/sys/ufs/ffs/ffs_inode.c:276 > #12 0xc09ed372 in ufs_setattr (ap=3D0xedb2db64) at /usr/src/sys/ufs/ufs/u= fs_vnops.c:600 > #13 0xc0af0582 in VOP_SETATTR_APV (vop=3D0xc0c2ff80, a=3D0xedb2db64) at v= node_if.c:583 > #14 0xc084c446 in kern_open (td=3D0xc95d28c0, path=3D0x4890e68c <Address = 0x4890e68c out of bounds>,=20 > pathseg=3DUIO_USERSPACE, flags=3DVariable "flags" is not available. > ) at vnode_if.h:315 > #15 0xc084c5b0 in open (td=3D0xc95d28c0, uap=3D0xedb2dcfc) at /usr/src/sy= s/kern/vfs_syscalls.c:999 > #16 0xc0ada7c5 in syscall (frame=3D0xedb2dd38) at /usr/src/sys/i386/i386/= trap.c:1090 > #17 0xc0ac0d00 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception= .s:255 > #18 0x00000033 in ?? () > Previous frame inner to this frame (corrupt stack?) > (kgdb) fr 11 > #11 0xc09c24f7 in ffs_truncate (vp=3D0xcac04cf0, length=3D0, flags=3D2048= , cred=3D0xc9871d00, td=3D0xc95d28c0) > at /usr/src/sys/ufs/ffs/ffs_inode.c:276 > 276 (void) chkdq(ip, -datablocks, NOCRED, 0); > (kgdb) list > 271 if (ip->i_flag & IN_SPACECOUNTED) > 272 fs->fs_pendingblocks -=3D datablo= cks; > 273 UFS_UNLOCK(ump); > 274 } else { > 275 #ifdef QUOTA > 276 (void) chkdq(ip, -datablocks, NOCRED, 0); > 277 #endif The kernel paniced because chkdq was supplied NULL credentials and _positive_ blocks use count change. Line 276 calls chkdq with -datablocks as the change. This could happen if you have problems either with hardware (e.g. memory or CPU cache), or your fs is damaged. Another possibility is random corruption of the kernel memory, but I recommend to start with fsck and then continue with memory testers if fsck have shown no problems. > 278 softdep_setup_freeblocks(ip, length, need= extclean ? > 279 IO_EXT | IO_NORMAL : IO_NORMAL); > 280 ASSERT_VOP_LOCKED(vp, "ffs_truncate1"); > (kgdb) fr 7 > #7 0xc07a1d26 in jailed (cred=3D0x0) at /usr/src/sys/kern/kern_jail.c:465 > 465 { > (kgdb) list > 460 /* > 461 * Return 1 if the passed credential is in a jail, otherwise 0. > 462 */ > 463 int > 464 jailed(struct ucred *cred) > 465 { > 466 > 467 return (cred->cr_prison !=3D NULL); > 468 } > 469 >=20 > --=20 > Mikolaj Golub > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" --jh06fhy6YTawvwPV Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (FreeBSD) iEYEARECAAYFAksb9WUACgkQC3+MBN1Mb4gnxACg7T0pHI7uXiNbmxd8rL+rslrY ZqAAnRS81PYXxtzbGJaugXq/0p+O5EXY =QzbU -----END PGP SIGNATURE----- --jh06fhy6YTawvwPV--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091206181813.GR43143>