kern/118928: 7.0-BETA4 from yesterday panics when nfs server is mounted

Barkley Vowk bvowk at math.ualberta.ca
Fri Dec 21 05:30:02 PST 2007 

>Number:         118928
>Category:       kern
>Synopsis:       7.0-BETA4 from yesterday panics when nfs server is mounted
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Dec 21 13:30:01 UTC 2007
>Closed-Date:
>Last-Modified:
>Originator:     Barkley Vowk
>Release:        7.0-BETA4
>Organization:
>Environment:
FreeBSD tethys 7.0-BETA4 FreeBSD 7.0-BETA4 #0: Thu Dec 20 15:57:56 EET 2007     bvowk at tethys:/usr/obj/usr/src/sys/GENERIC  amd64

>Description:
tethys# kgdb kernel.debug /var/crash/vmcore.0
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd".

Unread portion of the kernel message buffer:
kernel trap 12 with interrupts disabled


Fatal trap 12: page fault while in kernel mode
cpuid = 2; apic id = 02
fault virtual address	= 0x30
fault code		= supervisor read data, page not present
instruction pointer	= 0x8:0xffffffff804a9d1f
stack pointer	        = 0x10:0xffffffffb12ef820
frame pointer	        = 0x10:0xffffff0003b43680
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= resume, IOPL = 0
current process		= 810 (nfsd)
trap number		= 12
panic: page fault
cpuid = 2
Uptime: 1m27s
Physical memory: 8179 MB
Dumping 555 MB: 540 524 508 492 476 460 444 428 412 396 380 364 348 332 316 300 284 268 252 236 220 204 188 172 156 140 124 108 92 76 60 44 28 12

#0  doadump () at pcpu.h:194
194		__asm __volatile("movq %%gs:0,%0" : "=r" (td));
(kgdb) bt
#0  doadump () at pcpu.h:194
#1  0x0000000000000004 in ?? ()
#2  0xffffffff804775c9 in boot (howto=260)
    at /usr/src/sys/kern/kern_shutdown.c:409
#3  0xffffffff804779cd in panic (fmt=0x104 <Address 0x104 out of bounds>)
    at /usr/src/sys/kern/kern_shutdown.c:563
#4  0xffffffff8074c254 in trap_fatal (frame=0xffffff0003b43680, 
    eva=18446742974260342784) at /usr/src/sys/amd64/amd64/trap.c:724
#5  0xffffffff8074cecf in trap (frame=0xffffffffb12ef770)
    at /usr/src/sys/amd64/amd64/trap.c:251
#6  0xffffffff80732bbe in calltrap ()
    at /usr/src/sys/amd64/amd64/exception.S:169
#7  0xffffffff804a9d1f in turnstile_broadcast (ts=0x0, queue=0)
    at /usr/src/sys/kern/subr_turnstile.c:835
#8  0xffffffff8046c01a in _mtx_unlock_sleep (m=0xffffffff80a709e0, opts=Variable "opts" is not available.
)
    at /usr/src/sys/kern/kern_mutex.c:605
#9  0xffffffff80603dd2 in nfsrv3_access (nfsd=0xffffff00059e0200, 
    slp=0xffffff0003adbc00, td=0xffffff0003b43680, mrq=0xffffffffb12efaf0)
    at /usr/src/sys/nfsserver/nfs_serv.c:253
#10 0xffffffff8061549d in nfssvc (td=Variable "td" is not available.
)
    at /usr/src/sys/nfsserver/nfs_syscalls.c:461
#11 0xffffffff8074c8a7 in syscall (frame=0xffffffffb12efc70)
    at /usr/src/sys/amd64/amd64/trap.c:852
---Type <return> to continue, or q <return> to quit--- 
#12 0xffffffff80732dcb in Xfast_syscall ()
#5  0xffffffff8074cecf in trap (frame=0xffffffffb12ef770)
    at /usr/src/sys/amd64/amd64/trap.c:251
#6  0xffffffff80732bbe in calltrap ()
    at /usr/src/sys/amd64/amd64/exception.S:169
#7  0xffffffff804a9d1f in turnstile_broadcast (ts=0x0, queue=0)
    at /usr/src/sys/kern/subr_turnstile.c:835
#8  0xffffffff8046c01a in _mtx_unlock_sleep (m=0xffffffff80a709e0, opts=Variable "opts" is not available.
)
    at /usr/src/sys/kern/kern_mutex.c:605
#9  0xffffffff80603dd2 in nfsrv3_access (nfsd=0xffffff00059e0200, 
    slp=0xffffff0003adbc00, td=0xffffff0003b43680, mrq=0xffffffffb12efaf0)
    at /usr/src/sys/nfsserver/nfs_serv.c:253
#10 0xffffffff8061549d in nfssvc (td=Variable "td" is not available.
)
    at /usr/src/sys/nfsserver/nfs_syscalls.c:461
#11 0xffffffff8074c8a7 in syscall (frame=0xffffffffb12efc70)
    at /usr/src/sys/amd64/amd64/trap.c:852
---Type <return> to continue, or q <return> to quit---
#12 0xffffffff80732dcb in Xfast_syscall ()
    at /usr/src/sys/amd64/amd64/exception.S:290
#13 0x00000008006874fc in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) 

>How-To-Repeat:
I have a group of 7.0-B4 boxes that export /var to a debian etch machine. If I enable nfsd and attempt to read the directory, the machine instantly panics and reboots. And will keep booting and panic'ing seconds after NFSD is restarted. 


>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list