kern/85326: [panic] saving a file via samba to an overquota account
crashes systeM
Mike Hurst
mshurst at schooner.uwaterloo.ca
Fri Aug 26 19:50:52 GMT 2005
>Number: 85326
>Category: kern
>Synopsis: [panic] saving a file via samba to an overquota account crashes systeM
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Aug 26 19:50:11 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Mike Hurst
>Release: FreeBSD 5.4-RELEASE-p6 i386
>Organization:
University of Waterloo
>Environment:
System: FreeBSD bookworm.uwaterloo.ca 5.4-RELEASE-p6 FreeBSD 5.4-RELEASE-p6 #0: Mon Aug 15 17:09:49 EDT 2005 root at bookworm.uwaterloo.ca:/usr/src/sys/i386/compile/bookworm.debug i386
Machine is a SuperMicro X5DPR-8G2+ Dual Xeon 3GHz with 1GB RAM.
Adaptec 2015S Zero-Channel RAID card with 2x 35GB SCSI disks (RAID-1)
Machine is configured as a web server using Apache, Samba, PHP, Mysql (listing of /var/db/pkg attached).
User files are NFS mounted from a "4.8-RELEASE" file server (File server was recently upgraded to "5.4-RELEASE-p6" and the problem still persists).
dmesg.boot and enabled kernel options are attached.
>Description:
Server panics periodically (even under no load). "current process" usually indicates "smbd" but has also indicated "syncer" and "perl" (all report the same "instruction pointer").
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x1c
fault code = supervisor write, page not present
instruction pointer = 0x8:0xc056079f
stack pointer = 0x10:0xe8025a20
frame pointer = 0x10:0xe8025a2c
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 5891 (smbd)
trap number = 12
panic: page fault
cpuid = 0
boot() called on cpu#0
Uptime: 21h44m32s
Dumping 1023 MB
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
#0 doadump () at pcpu.h:159
159 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) where
#0 doadump () at pcpu.h:159
#1 0xc051c2f7 in boot (howto=260) at ../../../kern/kern_shutdown.c:410
#2 0xc051c64d in panic (fmt=0xc067af2f "%s") at ../../../kern/kern_shutdown.c:566
#3 0xc0653914 in trap_fatal (frame=0xe4b609e0, eva=28) at ../../../i386/i386/trap.c:817
#4 0xc0653647 in trap_pfault (frame=0xe4b609e0, usermode=0, eva=28) at ../../../i386/i386/trap.c:735
#5 0xc065325d in trap (frame=
{tf_fs = -1068433384, tf_es = -702545904, tf_ds = 1048592, tf_edi = -702487532, tf_esi = -702487532, tf_ebp = -457831892, tf_isp = -457831924, tf_ebx = -702487532, tf_edx = 0, tf_ecx = -1040861696, tf_eax = 4, tf_trapno = 12, tf_err = 2, tf_eip = -1068103777, tf_cs = 8, tf_eflags = 66050, tf_esp = -702487532, tf_ss = -702487532}) at ../../../i386/i386/trap.c:425
#6 0xc064188a in calltrap () at ../../../i386/i386/exception.s:140
#7 0xc0510018 in linker_hints_lookup (path=0xd620e414 "\002", pathlen=1, modname=0x0, modnamelen=-1036481044, verinfo=0x1)
at ../../../kern/kern_linker.c:1510
#8 0xc0560ff6 in getnewbuf (slpflag=256, slptimeo=0, size=7202, maxsize=8192) at ../../../kern/vfs_bio.c:1885
#9 0xc056247d in getblk (vp=0xc259e738, blkno=0, size=7202, slpflag=256, slptimeo=0, flags=0) at ../../../kern/vfs_bio.c:2585
#10 0xc05abb95 in nfs_getcacheblk (vp=0xc259e738, bn=0, size=7202, td=0xc1f5b600) at ../../../nfsclient/nfs_bio.c:1073
#11 0xc05ab80a in nfs_write (ap=0x0) at ../../../nfsclient/nfs_bio.c:886
#12 0xc057bc28 in vn_write (fp=0xc22770cc, uio=0xe4b60c88, active_cred=0xc259fb00, flags=1, td=0xc1f5b600) at vnode_if.h:432
#13 0xc053c480 in dofilewrite (td=0xc1f5b600, fp=0xc22770cc, fd=28, buf=0x0, nbyte=1, offset=Unhandled dwarf expression opcode 0x93
) at file.h:245
#14 0xc053c3b5 in pwrite (td=0xc1f5b600, uap=0xe4b60d14) at ../../../kern/sys_generic.c:320
#15 0xc0653c57 in syscall (frame=
{tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 0, tf_esi = 7201, tf_ebp = -1077941944, tf_isp = -457831052, tf_ebx = 677546764, tf_edx = 0, tf_ecx = 137695232, tf_eax = 198, tf_trapno = 22, tf_err = 2, tf_eip = 677050651, tf_cs = 31, tf_eflags = 518, tf_esp = -1077941988, tf_ss = 47})
at ../../../i386/i386/trap.c:1009
#16 0xc06418df in Xint0x80_syscall () at ../../../i386/i386/exception.s:201
#17 0x0000002f in ?? ()
#18 0x0000002f in ?? ()
#19 0x0000002f in ?? ()
#20 0x00000000 in ?? ()
#21 0x00001c21 in ?? ()
#22 0xbfbfe948 in ?? ()
#23 0xe4b60d74 in ?? ()
#24 0x28628b0c in ?? ()
#25 0x00000000 in ?? ()
#26 0x08351000 in ?? ()
#27 0x000000c6 in ?? ()
#28 0x00000016 in ?? ()
#29 0x00000002 in ?? ()
#30 0x285af91b in ?? ()
#31 0x0000001f in ?? ()
#32 0x00000206 in ?? ()
#33 0xbfbfe91c in ?? ()
#34 0x0000002f in ?? ()
#35 0x00000000 in ?? ()
#36 0x00000000 in ?? ()
#37 0x00000000 in ?? ()
#38 0x00000000 in ?? ()
#39 0x2e620000 in ?? ()
#40 0xc235e1c4 in ?? ()
#41 0xc1f5b600 in ?? ()
#42 0xe4b60740 in ?? ()
#43 0xe4b60728 in ?? ()
#44 0xc1e98900 in ?? ()
#45 0xc052c8ef in sched_switch (td=0x1c21, newtd=0x28628b0c, flags=Cannot access memory at address 0xbfbfe958
) at ../../../kern/sched_4bsd.c:881
Previous frame inner to this frame (corrupt stack?)
(kgdb) list *0xc056079f
0xc056079f is in vfs_vmio_release (atomic.h:154).
149 atomic.h: No such file or directory.
in atomic.h
(kgdb) up 8
#8 0xc0560ff6 in getnewbuf (slpflag=256, slptimeo=0, size=7202, maxsize=8192) at ../../../kern/vfs_bio.c:1885
1885 vfs_vmio_release(bp);
(kgdb) print *bp
$1 = {b_io = {bio_cmd = 2 '\002', bio_flags = 0 '\0', bio_cflags = 0 '\0', bio_pflags = 0 '\0', bio_dev = 0x0, bio_disk = 0x0, bio_offset = 0,
bio_bcount = 7202, bio_data = 0xdce6e000 "", bio_error = 69, bio_resid = 1, bio_done = 0xc05631e8 <bufdonebio>, bio_driver1 = 0x0, bio_driver2 = 0x0,
bio_caller1 = 0x0, bio_caller2 = 0xd620e414, bio_queue = {tqe_next = 0x0, tqe_prev = 0x0}, bio_attribute = 0x0, bio_from = 0x0, bio_to = 0x0,
bio_length = 0, bio_completed = 0, bio_children = 5, bio_inbed = 0, bio_parent = 0x0, bio_t0 = {sec = 0, frac = 0}, bio_task = 0, bio_task_arg = 0x0,
bio_pblkno = 0}, b_op = 0xc06c5608, b_magic = 280038160, b_iodone = 0, b_blkno = 0, b_offset = 0, b_vnbufs = {tqe_next = 0x0, tqe_prev = 0xc259e770},
b_left = 0x0, b_right = 0x0, b_vflags = 0, b_freelist = {tqe_next = 0xd60c0a7c, tqe_prev = 0xc06ec828}, b_qindex = 0, b_flags = 536879648,
b_xflags = 0 '\0', b_lock = {lk_interlock = 0xc06e5394, lk_flags = 1024, lk_sharecount = 0, lk_waitcount = 0, lk_exclusivecount = 1, lk_prio = 80,
lk_wmesg = 0xc0693381 "bufwait", lk_timo = 0, lk_lockholder = 0xc1f5b600, lk_newlock = 0x0}, b_bufsize = 7680, b_runningbufspace = 0,
b_kvabase = 0xdce6e000 "", b_kvasize = 16384, b_lblkno = 0, b_vp = 0x0, b_object = 0x0, b_dirtyoff = 0, b_dirtyend = 0, b_rcred = 0x0,
b_wcred = 0xc23cfd80, b_saveaddr = 0xdce6e000, b_pager = {pg_reqpage = 0}, b_cluster = {cluster_head = {tqh_first = 0xd620e5c8, tqh_last = 0xd620c844},
cluster_entry = {tqe_next = 0xd620e5c8, tqe_prev = 0xd620c844}}, b_pages = {0xc1394010, 0xc1a2dc58, 0x0 <repeats 30 times>}, b_npages = 2, b_dep = {
lh_first = 0x0}}
>How-To-Repeat:
I can only reproduce the panic which indicates "current process = smbd".
>From a WindowsXP workstation connect via SMB to a users "homes" share. Open a MS Word document from the network share and make a change (then save the file). If the users is over quota and their grace period has expired the server crashes. If the user is over quota, but their grace period is NOT expired, the server is ok (reports disk space full).
I have a non-production server available for testing, etc.
I hope I've included enough info.
ANY help would be greatly appreciated. Thanks
Contents of smb.conf
[global]
workgroup = NEXUS
server string = Engineering Web Server
load printers = no
log file = /var/log/smb.log
max log size = 2000
log level = 1
security = server
encrypt passwords = yes
password server = server1,server2,server3,server4
socket options = TCP_NODELAY
dns proxy = no
dont descend = /bin, /cdrom, /dev, /etc, /mnt, /proc, /usr, /var
include = /usr/local/etc/samba/debug.%m
guest account = pcguest
[homes]
path = %H/public_html
force user = %S
public = no
writeable = yes
printable = no
browseable = no
inherit permissions = yes
valid users = %S
>Fix:
Temporary fix is to monitor samba connections and adjust quotas for users who have expired their quota's grace period.
--- dmesg.boot begins here ---
Copyright (c) 1992-2005 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 5.4-RELEASE-p6 #1: Mon Aug 15 17:01:14 EDT 2005
root at schooner.uwaterloo.ca:/usr/src/sys/i386/compile/bookworm.debug
WARNING: MPSAFE network stack disabled, expect reduced performance.
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Xeon(TM) CPU 3.06GHz (3065.80-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0xf27 Stepping = 7
Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
Hyperthreading: 2 logical CPUs
real memory = 2146959360 (2047 MB)
avail memory = 2099650560 (2002 MB)
ACPI APIC Table: <PTLTD APIC >
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
cpu0 (BSP): APIC ID: 0
cpu1 (AP): APIC ID: 1
cpu2 (AP): APIC ID: 6
cpu3 (AP): APIC ID: 7
ioapic0 <Version 2.0> irqs 0-23 on motherboard
ioapic1 <Version 2.0> irqs 24-47 on motherboard
ioapic2 <Version 2.0> irqs 48-71 on motherboard
npx0: <math processor> on motherboard
npx0: INT 16 interface
acpi0: <PTLTD RSDT> on motherboard
acpi0: Power Button (fixed)
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1008-0x100b on acpi0
cpu0: <ACPI CPU (2 Cx states)> on acpi0
cpu1: <ACPI CPU (2 Cx states)> on acpi0
cpu2: <ACPI CPU (2 Cx states)> on acpi0
cpu3: <ACPI CPU (2 Cx states)> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pci0: <unknown> at device 0.1 (no driver attached)
pcib1: <ACPI PCI-PCI bridge> at device 2.0 on pci0
pci1: <ACPI PCI bus> on pcib1
pci1: <base peripheral, interrupt controller> at device 28.0 (no driver attached)
pcib2: <ACPI PCI-PCI bridge> at device 29.0 on pci1
pci2: <ACPI PCI bus> on pcib2
em0: <Intel(R) PRO/1000 Network Connection, Version - 1.7.35> port 0x3000-0x303f mem 0xf8200000-0xf821ffff irq 54 at device 3.0 on pci2
em0: Ethernet address: 00:30:48:29:c5:a8
em0: Speed:N/A Duplex:N/A
em1: <Intel(R) PRO/1000 Network Connection, Version - 1.7.35> port 0x3040-0x307f mem 0xf8220000-0xf823ffff irq 55 at device 3.1 on pci2
em1: Ethernet address: 00:30:48:29:c5:a9
em1: Speed:N/A Duplex:N/A
pci1: <base peripheral, interrupt controller> at device 30.0 (no driver attached)
pcib3: <ACPI PCI-PCI bridge> at device 31.0 on pci1
pci3: <ACPI PCI bus> on pcib3
asr0: <Adaptec Caching SCSI RAID> mem 0xfc000000-0xfdffffff,0xfb000000-0xfbffffff,0xf8300000-0xf83fffff irq 30 at device 3.0 on pci3
asr0: ADAPTEC 2015S FW Rev. 3B05, 2 channel, 256 CCBs, Protocol I2O
uhci0: <Intel 82801CA/CAM (ICH3) USB controller USB-A> port 0x2000-0x201f irq 16 at device 29.0 on pci0
usb0: <Intel 82801CA/CAM (ICH3) USB controller USB-A> on uhci0
usb0: USB revision 1.0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1: <Intel 82801CA/CAM (ICH3) USB controller USB-B> port 0x2020-0x203f irq 19 at device 29.1 on pci0
usb1: <Intel 82801CA/CAM (ICH3) USB controller USB-B> on uhci1
usb1: USB revision 1.0
uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2: <Intel 82801CA/CAM (ICH3) USB controller USB-C> port 0x2040-0x205f irq 18 at device 29.2 on pci0
usb2: <Intel 82801CA/CAM (ICH3) USB controller USB-C> on uhci2
usb2: USB revision 1.0
uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
pcib4: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci4: <ACPI PCI bus> on pcib4
pci4: <display, VGA> at device 1.0 (no driver attached)
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel ICH3 UDMA100 controller> port 0x2060-0x206f,0x376,0x170-0x177,0x3f6,0x1f0-0x1f7 at device 31.1 on pci0
ata0: channel #0 on atapci0
ata1: channel #1 on atapci0
pci0: <serial bus, SMBus> at device 31.3 (no driver attached)
acpi_button0: <Power Button> on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x64,0x60 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: model IntelliMouse, device ID 3
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
sio0: type 16550A
sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0
sio1: type 16550A
fdc0: <floppy drive controller> port 0x3f7,0x3f0-0x3f5 irq 6 drq 2 on acpi0
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
pmtimer0 on isa0
orm0: <ISA Option ROMs> at iomem 0xe0000-0xe3fff,0xc9000-0xcefff,0xc8000-0xc8fff,0xc0000-0xc7fff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
ppc0: parallel port not found.
Timecounters tick every 10.000 msec
acd0: CDROM <CD-232E/1.0A> at ata1-master PIO4
ses0 at asr0 bus 0 target 6 lun 0
ses0: <SUPER GEM318 0> Fixed Processor SCSI-2 device
ses0: SAF-TE Compliant Device
da0 at asr0 bus 0 target 0 lun 0
da0: <ADAPTEC RAID-1 3B05> Fixed Direct Access SCSI-2 device
da0: Tagged Queueing Enabled
da0: 35003MB (71686144 512 byte sectors: 255H 63S/T 4462C)
SMP: AP CPU #1 Launched!
SMP: AP CPU #2 Launched!
SMP: AP CPU #3 Launched!
Mounting root from ufs:/dev/da0s1a
WARNING: / was not properly dismounted
WARNING: /tmp was not properly dismounted
WARNING: /usr was not properly dismounted
WARNING: /var was not properly dismounted
ipfw2 initialized, divert disabled, rule-based forwarding disabled, default to deny, logging disabled
em0: Link is up 1000 Mbps Full Duplex
--- dmesg.boot ends here ---
--- var_db_pkg.txt begins here ---
apache-2.0.53_1
autoconf-2.53_3
autoconf-2.59_2
automake-1.5_2,1
bison-1.75_2
bitstream-vera-1.10_1
cclient-2004c1_1,1
cgiwrap-3.9_2
cvsup-16.1h_2
eruby-1.0.5
expat-1.95.8
fontconfig-2.2.3,1
freetype2-2.1.9
gd-2.0.33_1,1
gettext-0.14.1
gmake-3.80_2
help2man-1.35.1
imake-6.8.2
jpeg-6b_3
libXft-2.1.6_1
libiconv-1.9.2_1
libltdl-1.5.10
libmcrypt-2.5.7_1
libtool-1.3.5_2
libtool-1.5.10_1
libxml2-2.6.18
m4-1.4.1
mod_fcgid-0.80
mod_ruby-1.2.4
mysql-client-4.1.10a
mysql-server-4.1.10a
openldap-client-2.2.23
p5-gettext-1.03
pdflib-6.0.1_1
pecl-pdflib-2.0.4
perl-5.8.6_2
php5-5.0.3_2
php5-bz2-5.0.3_2
php5-ctype-5.0.3_2
php5-dom-5.0.3_2
php5-extensions-1.0
php5-ftp-5.0.3_2
php5-gd-5.0.3_2
php5-gettext-5.0.3_2
php5-iconv-5.0.3_2
php5-imap-5.0.3_2
php5-ldap-5.0.3_2
php5-mbstring-5.0.3_2
php5-mcrypt-5.0.3_2
php5-mysql-5.0.3_2
php5-openssl-5.0.3_2
php5-pcre-5.0.3_2
php5-posix-5.0.3_2
php5-session-5.0.3_2
php5-simplexml-5.0.3_2
php5-sqlite-5.0.3_2
php5-tokenizer-5.0.3_2
php5-xml-5.0.3_2
php5-zlib-5.0.3_2
phpMyAdmin-2.6.1.3
pkgconfig-0.15.0_1
png-1.2.8_1
popt-1.7
rsync-2.6.5
ruby-1.8.2_3
samba-3.0.12_1,1
ssmtp-2.61
t1lib-5.0.1,1
twiki-20040902
unzip-5.52_1
xorg-clients-6.8.2
xorg-documents-6.8.2
xorg-fonts-100dpi-6.8.2
xorg-fonts-75dpi-6.8.2
xorg-fonts-encodings-6.8.2
xorg-fonts-miscbitmaps-6.8.2
xorg-fonts-truetype-6.8.2
xorg-libraries-6.8.2
xorg-manpages-6.8.2
xorg-nestserver-6.8.2
xorg-printserver-6.8.2
xorg-server-6.8.2
xorg-vfbserver-6.8.2
xterm-200_2
--- var_db_pkg.txt ends here ---
--- kernel_options.txt begins here ---
machine i386
cpu I686_CPU
ident bookworm
options SMP
options KDB, KDB_TRACE, KDB_UNATTENDED
makeoptions DEBUG=-g
options SCHED_4BSD
options INET
options FFS
options SOFTUPDATES
options UFS_ACL
options UFS_DIRHASH
options MD_ROOT
options NFSCLIENT
options NFSSERVER
options NFS_ROOT
options MSDOSFS
options CD9660
options PROCFS
options PSEUDOFS
options GEOM_GPT
options COMPAT_43
options COMPAT_FREEBSD4
options SCSI_DELAY=15000
options KTRACE
options SYSVSHM
options SYSVMSG
options SYSVSEM
options _KPOSIX_PRIORITY_SCHEDULING
options KBD_INSTALL_CDEV
options AHC_REG_PRETTY_PRINT
options AHD_REG_PRETTY_PRINT
options ADAPTIVE_GIANT
device apic
device isa
device pci
device fdc
device ata
device atadisk
device atapicd
device atapifd
options ATA_STATIC_ID
device ahc
device ahd
device scbus
device ch
device da
device sa
device cd
device pass
device ses
device asr
device aac
device aacp
device atkbdc
device atkbd
device psm
device vga
device splash
device sc
device agp
device npx
device pmtimer
device sio
device ppc
device ppbus
device ppi
device em
device loop
device mem
device io
device random
device ether
device tun
device pty
device md
device bpf
device uhci
device ohci
device usb
device ugen
device uhid
device ukbd
device ulpt
device umass
device ums
device urio
device uscanner
--- kernel_options.txt ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list