unionfs kernel panic on 7.1-PRERELEASE
Kostik Belousov
kostikbel at gmail.com
Tue Dec 2 13:15:53 PST 2008
On Tue, Dec 02, 2008 at 04:42:58PM -0000, Steven Hartland wrote:
> Not sure where to go with this one any help appreciated:-
> FreeBSD dedicated11.multiplay.co.uk 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE
> #4: Tue Dec 2 16:53:30 UTC 2008
> root at dedicated11.multiplay.co.uk:/usr/obj/usr/src/sys/MULTIPLAY i386
>
> kgdb kernel /var/crash/vmcore.1
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for details.
> This GDB was configured as "i386-marcel-freebsd"...
>
> Unread portion of the kernel message buffer:
>
>
> Fatal trap 12: page fault while in kernel mode
> cpuid = 0; apic id = 00
> fault virtual address = 0x150
> fault code = supervisor read, page not present
> instruction pointer = 0x20:0xc0624115
> stack pointer = 0x28:0xe62c3b80
> frame pointer = 0x28:0xe62c3ba8
> code segment = base 0x0, limit 0xfffff, type 0x1b
> = DPL 0, pres 1, def32 1, gran 1
> processor eflags = interrupt enabled, resume, IOPL = 0
> current process = 763 (srcds_i686)
> trap number = 12
> panic: page fault
> cpuid = 0
> Uptime: 2m5s
> Physical memory: 1007 MB
> Dumping 53 MB: 38 22 6
>
>
> warning: kld_current_sos: Can't read filename: Input/output error
>
> Reading symbols from /boot/kernel/acpi.ko...Reading symbols from
> /boot/kernel/acpi.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/acpi.ko
> Reading symbols from /boot/kernel/linprocfs.ko...Reading symbols from
> /boot/kernel/linprocfs.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/linprocfs.ko
> Reading symbols from /boot/kernel/linux.ko...Reading symbols from
> /boot/kernel/linux.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/linux.ko
> Reading symbols from /boot/kernel/unionfs.ko...Reading symbols from
> /boot/kernel/unionfs.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/unionfs.ko
> #0 doadump () at pcpu.h:196
> 196 pcpu.h: No such file or directory.
> in pcpu.h
> (kgdb) list *0xc0624115
> 0xc0624115 is in getvnode (/usr/src/sys/kern/vfs_syscalls.c:3969).
> 3964 fp = NULL;
> 3965 if (fdp == NULL)
> 3966 error = EBADF;
> 3967 else {
> 3968 FILEDESC_SLOCK(fdp);
> 3969 if ((u_int)fd >= fdp->fd_nfiles ||
> 3970 (fp = fdp->fd_ofiles[fd]) == NULL)
> 3971 error = EBADF;
> 3972 else if (fp->f_vnode == NULL) {
> 3973 fp = NULL;
> (kgdb) bt
> #0 doadump () at pcpu.h:196
> #1 0xc05a0937 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418
> #2 0xc05a0c09 in panic (fmt=Variable "fmt" is not available.
> ) at /usr/src/sys/kern/kern_shutdown.c:574
> #3 0xc072eb8c in trap_fatal (frame=0xe62c3b40, eva=336) at
> /usr/src/sys/i386/i386/trap.c:939
> #4 0xc072ee10 in trap_pfault (frame=0xe62c3b40, usermode=0, eva=336) at
> /usr/src/sys/i386/i386/trap.c:852
> #5 0xc072f7cc in trap (frame=0xe62c3b40) at
> /usr/src/sys/i386/i386/trap.c:530
> #6 0xc071563b in calltrap () at /usr/src/sys/i386/i386/exception.s:159
> #7 0xc0624115 in getvnode (fdp=0xc40b4d00, fd=4, fpp=0xe62c3c70) at
> /usr/src/sys/kern/vfs_syscalls.c:3969
> #8 0xc3e2a13d in getdents_common (td=0xc408f460, args=0xe62c3cfc,
> is64bit=0) at /usr/src/sys/modules/linux/../../compat/linux/linux_file.c:446
> #9 0xc072f165 in syscall (frame=0xe62c3d38) at
> /usr/src/sys/i386/i386/trap.c:1090
> #10 0xc07156a0 in Xint0x80_syscall () at
> /usr/src/sys/i386/i386/exception.s:255
> #11 0x00000033 in ?? ()
> Previous frame inner to this frame (corrupt stack?)
>
>
> (kgdb) frame 7
> #7 0xc0624115 in getvnode (fdp=0xc40b4d00, fd=4, fpp=0xe62c3c70) at
> /usr/src/sys/kern/vfs_syscalls.c:3969
> 3969 if ((u_int)fd >= fdp->fd_nfiles ||
> (kgdb) print *fdp
> $1 = {fd_ofiles = 0x140, fd_ofileflags = 0x154 <Address 0x154 out of
> bounds>, fd_cdir = 0x168, fd_rdir = 0x17c, fd_jdir = 0x18c, fd_nfiles =
> 512, fd_map = 0xc3bed560, fd_lastfile = 4,
> fd_freefile = 5, fd_cmask = 18, fd_refcnt = 1, fd_holdcnt = 1, fd_sx =
> {lock_object = {lo_name = 0xc076e1c2 "filedesc structure", lo_type =
> 0xc076e1c2 "filedesc structure", lo_flags = 37421056,
> lo_witness_data = {lod_list = {stqe_next = 0x0}, lod_witness = 0x0}},
> sx_lock = 17, sx_recurse = 0}, fd_kqlist = {slh_first = 0x0},
> fd_holdleaderscount = 0, fd_holdleaderswakeup = 0}
> (kgdb) print fd
> $2 = 4
> (kgdb) print fdp->fd_ofiles
> $3 = (struct file **) 0x140
> (kgdb) print fdp->fd_ofiles[fd]
> Cannot access memory at address 0x150
> (kgdb) print fdp->fd_ofiles[0]
> Cannot access memory at address 0x140
> (kgdb) print *fdp->fd_ofiles
> Cannot access memory at address 0x140
>
> 0xc3e2a13d is in getdents_common
> (/usr/src/sys/modules/linux/../../compat/linux/linux_file.c:446).
> 441 nbytes = sizeof(linux_dirent);
> 442 justone = 1;
> 443 } else
> 444 justone = 0;
> 445
> 446 if ((error = getvnode(td->td_proc->p_fd, args->fd, &fp)) !=
> 0)
> 447 return (error);
> 448
> 449 if ((fp->f_flag & FREAD) == 0) {
> 450 fdrop(fp, td);
>
> (kgdb) print *args
> $5 = {fd_l_ = 0xe62c3cfc "\004", fd = 4, fd_r_ = 0xe62c3d00 "°!\020\b",
> dirent_l_ = 0xe62c3d00 "°!\020\b", dirent = 0x81021b0, dirent_r_ =
> 0xe62c3d04 "", count_l_ = 0xe62c3d04 "", count = 4096,
> count_r_ = 0xe62c3d08 "°!\020\b?? (\234\235??"}
Is it reproducable ?
The start of *fdp structure looks very suspicious,
fd_ofiles = 0x140, fd_ofileflags = 0x154, fd_cdir = 0x168, fd_rdir = 0x17c,
fd_jdir = 0x18c
The values are consequently increasing by 0x14, except fd_jdir, and
pointer values are wrong for kernel.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20081202/265e5ee7/attachment.pgp
More information about the freebsd-hackers
mailing list