kern/87791: Kernel crash when running df

Kris Kennaway kris at obsecurity.org
Tue Oct 25 10:10:29 PDT 2005


The following reply was made to PR kern/87791; it has been noted by GNATS.

From: Kris Kennaway <kris at obsecurity.org>
To: bug-followup at FreeBSD.org
Cc:  
Subject: Re: kern/87791: Kernel crash when running df
Date: Tue, 25 Oct 2005 13:05:21 -0400

 Adding to audit trail
 
 ----- Forwarded message from kthrow1 <kthrow1 at CCRS.NRCan.gc.ca> -----
 
 test-a# kgdb kernel.debug /var/crash/vmcore.0
 [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: 
 Undefined symbol "ps_pglobal_lookup"]
 GNU gdb 6.1.1 [FreeBSD]
 Copyright 2004 Free Software Foundation, Inc.
 GDB is free software, covered by the GNU General Public License, and you are
 welcome to change it and/or distribute copies of it under certain conditions.
 Type "show copying" to see the conditions.
 There is absolutely no warranty for GDB.  Type "show warranty" for details.
 This GDB was configured as "i386-marcel-freebsd".
 
 Unread portion of the kernel message buffer:
 
 
 Fatal trap 12: page fault while in kernel mode
 fault virtual address   = 0x0
 fault code              = supervisor read, page not present
 instruction pointer     = 0x20:0xc05ff472
 stack pointer           = 0x28:0xd1737654
 frame pointer           = 0x28:0xd1737668
 code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, def32 1, gran 1
 processor eflags        = interrupt enabled, resume, IOPL = 0
 current process         = 5619 (df)
 trap number             = 12
 panic: page fault
 Uptime: 20h28m31s
 Dumping 255 MB (2 chunks)
   chunk 0: 1MB (160 pages) ... ok
   chunk 1: 255MB (65182 pages) 239 223 207 191 175 159 143 127 111 95 79 63 
   47 31 15
 
 #0  doadump () at pcpu.h:165
 165     pcpu.h: No such file or directory.
         in pcpu.h
 (kgdb)  list *0xc05ff472
 0xc05ff472 is in g_io_request (/usr/src/sys/geom/geom_io.c:259).
 254                     KASSERT(bp->bio_length % cp->provider->sectorsize == 
 0,
 255                         ("wrong length %jd for sectorsize %u",
 256                         bp->bio_length, cp->provider->sectorsize));
 257             }
 258
 259             g_trace(G_T_BIO, "bio_request(%p) from %p(%s) to %p(%s) cmd 
 %d",
 260                 bp, cp, cp->geom->name, pp, pp->name, bp->bio_cmd);
 261
 262             bp->bio_from = cp;
 263             bp->bio_to = pp;
 (kgdb) backtrace
 #0  doadump () at pcpu.h:165
 #1  0xc0637806 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
 #2  0xc0637a9c in panic (fmt=0xc084d766 "%s") at 
 /usr/src/sys/kern/kern_shutdown.c:555
 #3  0xc0806e60 in trap_fatal (frame=0xd1737614, eva=0) at 
 /usr/src/sys/i386/i386/trap.c:831
 #4  0xc0806bcb in trap_pfault (frame=0xd1737614, usermode=0, eva=0) at 
 /usr/src/sys/i386/i386/trap.c:742
 #5  0xc0806809 in trap (frame=
       {tf_fs = -780992504, tf_es = -1067319256, tf_ds = 40, tf_edi = 
       -1038245440, tf_esi = 0, tf_ebp = -780962200, tf_isp = -7809622
 40, tf_ebx = -1040883580, tf_edx = 2048, tf_ecx = 0, tf_eax = 1, tf_trapno = 
 12, tf_err = 0, tf_eip = -1067453326, tf_cs = 32, tf_ef
 lags = 66178, tf_esp = 1, tf_ss = 0}) at /usr/src/sys/i386/i386/trap.c:432
 #6  0xc07f600a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
 #7  0xc05ff472 in g_io_request (bp=0xc1f56084, cp=0xc21da1c0) at 
 /usr/src/sys/geom/geom_io.c:259
 #8  0xc06019bd in g_vfs_strategy (bo=0x1, bp=0xc6666f10) at 
 /usr/src/sys/geom/geom_vfs.c:106
 #9  0xc06098fd in cd9660_strategy (ap=0x1) at 
 /usr/src/sys/isofs/cd9660/cd9660_vnops.c:755
 #10 0xc0816c79 in VOP_STRATEGY_APV (vop=0xc08bc420, a=0xd17376bc) at 
 vnode_if.c:1796
 #11 0xc06813fc in bufstrategy (bo=0xc2018d80, bp=0x1) at vnode_if.h:928
 #12 0xc067bd91 in breadn (vp=0xc2018cc0, blkno=0, size=2048, rablkno=0x0, 
 rabsize=0x0, cnt=0, cred=0x0, bpp=0x1) at buf.h:415
 #13 0xc067bcd4 in bread (vp=0xc2018cc0, blkno=0, size=2048, cred=0x0, 
 bpp=0xd1737748) at /usr/src/sys/kern/vfs_bio.c:719
 #14 0xc0606209 in cd9660_blkatoff (vp=0x800, offset=0, res=0x0, 
 bpp=0xd1737780) at /usr/src/sys/isofs/cd9660/cd9660_lookup.c:406
 #15 0xc060890f in cd9660_vget_internal (mp=0xc1797d00, ino=108544, flags=2, 
 vpp=0xd1737804, relocated=1, isodir=0xc1bd27a8)
     at /usr/src/sys/isofs/cd9660/cd9660_vfsops.c:751
 #16 0xc06085dd in cd9660_root (mp=0xc1626400, flags=2, vpp=0xd1737804, 
 td=0xc1ab6d80)
     at /usr/src/sys/isofs/cd9660/cd9660_vfsops.c:549
 #17 0xc0686a7e in lookup (ndp=0xd17378a0) at 
 /usr/src/sys/kern/vfs_lookup.c:623
 #18 0xc06860ee in namei (ndp=0xd17378a0) at 
 /usr/src/sys/kern/vfs_lookup.c:203
 #19 0xc068fd5f in kern_statfs (td=0xc1ab6d80, path=0x800 <Address 0x800 out 
 of bounds>, pathseg=2048, buf=0xd1737af4)
     at /usr/src/sys/kern/vfs_syscalls.c:251
 #20 0xc068fcc1 in statfs (td=0xc1ab6d80, uap=0xd1737d04) at 
 /usr/src/sys/kern/vfs_syscalls.c:234
 #21 0xc0807177 in syscall (frame=
       {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 134540432, tf_esi = 
       -1077942080, tf_ebp = -1077940968, tf_isp = -780960412, tf_e
 bx = 134540048, tf_edx = 110, tf_ecx = 99, tf_eax = 396, tf_trapno = 0, 
 tf_err = 2, tf_eip = 671886163, tf_cs = 51, tf_eflags = 658,
  tf_esp = -1077942228, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:976
 #22 0xc07f605f in Xint0x80_syscall () at 
 /usr/src/sys/i386/i386/exception.s:200
 #23 0x00000033 in ?? ()
 Previous frame inner to this frame (corrupt stack?)
 (kgdb)
 
 
 ----- End forwarded message -----


More information about the freebsd-bugs mailing list