Date: Fri, 30 Dec 2022 19:35:43 +0000 From: John F Carr <jfc@mit.edu> To: Hikmat Jafarli <jafarlihi@gmail.com> Cc: "freebsd-fs@freebsd.org" <freebsd-fs@freebsd.org> Subject: Re: Trying to implement BFS, page fault at vfs_domount_first, how to debug? Message-ID: <23A1E4DF-320A-4BCB-ADB8-83FEFC3D7649@mit.edu> In-Reply-To: <CAPWrP-Y3usfDukwhQroJY0NUbZK_C=cuctm%2BXYSjBqDQYejBWw@mail.gmail.com> References: <CAPWrP-Y3usfDukwhQroJY0NUbZK_C=cuctm%2BXYSjBqDQYejBWw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Dec 30, 2022, at 14:13, Hikmat Jafarli <jafarlihi@gmail.com> wrote: >=20 > I'm trying to implement the BeOS filesystem (BFS) for FreeBSD. > The repository is here: https://github.com/jafarlihi/freebsd-bfs > (Please don't mind bad styling and all the copy-paste work, > I'll polish it later, I'm just trying to get to some PoC where it works) >=20 > Now when I try to mount a valid BFS partition (reported as BFS by `fstyp`= ) > it executes all the way to printf that logs "Either not a BFS volume or > corrupted" and then crashes with "page fault while in kernel mode" in > vfs_domount_first+0x271. Here's the log: > ``` > Either not a BFS volume or corrupted >=20 > Fatal trap 12: page fault while in kernel mode > cpuid =3D 0; apic id =3D 00 > fault virtual address =3D 0x18 > fault code =3D supervisor read data, page not present > instruction pointer =3D 0x20:0xffffffff82b2427b > stack pointer =3D 0x28:0xfffffe00df399ac0 > frame pointer =3D 0x28:0xfffffe00df399ac0 > code segment =3D base 0x0, limit 0xfffff, type 0x1b > =3D DPL 0, pres 1, long 1, def32 0, gran 1 > processor eflags =3D interrupt enabled, resume, IOPL =3D 0 > current process =3D 1208 (mount) > trap number =3D 12 > panic: page fault > cpuid =3D 0 > time =3D 1672414952 > KDB: stack backtrace: > #0 0xffffffff80c694a5 at kdb_backtrace+0x65 > #1 0xffffffff80c1bb5f at vpanic+0x17f > #2 0xffffffff80c1b9d3 at panic+0x43 > #3 0xffffffff810afdf5 at trap_fatal+0x385 > #4 0xffffffff810afe4f at trap_pfault+0x4f > #5 0xffffffff810875b8 at calltrap+0x8 > #6 0xffffffff80cf0651 at vfs_domount_first+0x271 > #7 0xffffffff80cece9d at vfs_domount+0x2ad > #8 0xffffffff80cec2d8 at vfs_donmount+0x8f8 > #9 0xffffffff80ceb9a9 at sys_nmount+0x69 > #10 0xffffffff810b06ec at amd64_syscall+0x10c > #11 0xffffffff81087ecb at fast_syscall_common+0xf8 > ``` >=20 > Now I'm trying to understand what exactly goes wrong here > and how to map 0x271 to the exact source line. >=20 > I'd appreciate it if someone could tell me how to debug this. >=20 > (Sorry for noob question, I already tried IRC and was directed here) Your BFS module tried to dereference a null pointer to structure. It's a null pointer dereference because of "fault virtual address =3D 0x18"= . That normally means you tried to access the fourth word of a structure b= ut the pointer to structure was null. It could be something else, but play= the odds. It's in your module because the instruction pointer address is far beyond t= he other kernel functions in the stack trace. Stack traces in crash report= s are misleading: they tend to omit the function that triggered the crash. = The address of vfs_domount_first is 0xffffffff80cf03e0 (0xffffffff80cf0651= - 0x271). That's the function that called your module. The address of th= e faulting instruction is 0xffffffff82b2427b. That's in your module.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?23A1E4DF-320A-4BCB-ADB8-83FEFC3D7649>