kern/150544: Panic, when viewing the list of ZFS snapshots
jhell
jhell at DataIX.net
Tue Sep 14 06:00:11 UTC 2010
The following reply was made to PR kern/150544; it has been noted by GNATS.
From: jhell <jhell at DataIX.net>
To: "Vladislav V. Prodan" <universite at ukr.net>
Cc:
Subject: Re: kern/150544: Panic, when viewing the list of ZFS snapshots
Date: Tue, 14 Sep 2010 01:56:36 -0400
This is a multi-part message in MIME format.
--------------000303020304060701070902
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/13/2010 18:06, Vladislav V. Prodan wrote:
>> Number: 150544
>> Category: kern
>> Synopsis: Panic, when viewing the list of ZFS snapshots
>> Confidential: no
>> Severity: non-critical
>> Priority: low
>> Responsible: freebsd-bugs
>> State: open
>> Quarter:
>> Keywords:
>> Date-Required:
>> Class: sw-bug
>> Submitter-Id: current-users
>> Arrival-Date: Mon Sep 13 22:10:01 UTC 2010
>> Closed-Date:
>> Last-Modified:
>> Originator: Vladislav V. Prodan
>> Release: 9.0-CURRENT amd64
>> Organization:
>> Environment:
>
> http://img835.imageshack.us/img835/1779/capture09142010005524.jpg
>> Fix: *UNKNOWN*
>
Priority of this should be changed to *HIGH* & Severity changed to
*Critical*.
New synopsis: [ZFS][HIGH][CRIT] amd64 & i386 stable/8-ZFSv15 &
HEAD-ZFSv15, Panic, during ls(1) while in snapshot directories.
People BCC'd, pjd@ mm@ avg@ stable@ current@ to grab some more attention.
Backtraces: I have two available vmcore.37 & 38 along with core.txt.37 & 38.
Backtrace 37 attached.
Background: Because a normal user can access snapshot directories(.zfs)
they have the ability to crash a machine running HEAD or stable/8 with
ZFSv15 patches.
Workaround: Do not snapshot global readable directories or chmod go-rwx
/path/to where the snapshot directory (.zfs) is.
Systems effected thus far:
FreeBSD/i386 8.1-STABLE r212590M (ZFSv15 patches)
FreeBSD 9.0-CURRENT ? ?
Possibly 8.1-RELEASE (ZFSv15 patches)
Regards,
- --
jhell,v
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (FreeBSD)
iQEcBAEBAgAGBQJMjw6UAAoJEJBXh4mJ2FR+JUUH/jEQ3NRYhwedW1dbSTNb0bvr
LHEWoBz1S+sOERzu5Qlu4Q7QLvbOp2qiUfTmf120DedgxyTKlsRc45I90X7RCp8E
LuqfHO6n3aVuXO/9luwqUzHYIgI8KVUTDTiN3wa7HB89NYbpe2BRVhJo16QXoQCf
emDXtOcdX7DJWsetrdeTJ/zdCWG1tkEjVtM1KATVLOvx4QXfvxvgYISvGFXPdCWm
Cuzb6GoQ/qtSH+dMQKNUppcvhllJRG/uEV0ot0XL35tI3Cj5f5dJqfqAu+kNkGrT
eZPbeuDghcFFyK+uLgb9CdGzxAj8k0sJoGL2bOKqC/ZTyYnbNrvN01nA6E2zEsw=
=5Ujk
-----END PGP SIGNATURE-----
--------------000303020304060701070902
Content-Type: text/plain;
name="backtrace.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="backtrace.txt"
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x80
fault code = supervisor read, page not present
instruction pointer = 0x20:0x80922145
stack pointer = 0x28:0xb4593738
frame pointer = 0x28:0xb4593748
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 7073 (ls)
trap number = 12
panic: page fault
cpuid = 0
KDB: stack backtrace:
db_trace_self_wrapper(8098bd66,b45935d8,80669da9,809ae1aa,0,...) at 0x804e1e38 = db_trace_self_wrapper+0x26
kdb_backtrace(809ae1aa,0,8096e958,b45935e4,0,...) at 0x8069652a = kdb_backtrace+0x29
panic(8096e958,809af581,92eec168,1,1,...) at 0x80669da9 = panic+0x114
trap_fatal(87c10570,0,1,0,8ebdf074,...) at 0x8090cca7 = trap_fatal+0x320
trap_pfault(8a01,b459368c,81673760,b45936a4,92c997f8,...) at 0x8090ceef = trap_pfault+0x23c
trap(b45936f8) at 0x8090d7c7 = trap+0x3f9
calltrap() at 0x808f0f0c = calltrap+0x6
--- trap 0xc, eip = 0x80922145, esp = 0xb4593738, ebp = 0xb4593748 ---
VOP_LOCK1_APV(80d0fea0,b459375c,b459375c,80a13f80,8b65da78,...) at 0x80922145 = VOP_LOCK1_APV+0x3e
_vn_lock(8b65da78,80400,80cee192,1b5,8b65da78,...) at 0x806fdfbc = _vn_lock+0x3d
gfs_file_create(54,86e1c53c,86d90000,80d0fea0,18,...) at 0x80c08ea6 = gfs_file_create+0x65
gfs_dir_create(54,86e1c53c,86d90000,80d0fea0,0,...) at 0x80c08f2d = gfs_dir_create+0x2c
zfsctl_mknode_shares(86e1c53c,80cee192,308,356,925c2bdc,...) at 0x80c82773 = zfsctl_mknode_shares+0x52
gfs_dir_lookup(86e1c53c,b45938c0,b4593b74,888e8700,0,...) at 0x80c08d69 = gfs_dir_lookup+0x216
zfsctl_root_lookup(86e1c53c,b45938c0,b4593b74,0,0,...) at 0x80c829f1 = zfsctl_root_lookup+0x10a
zfsctl_freebsd_root_lookup(b4593a34,b45939e8,200000,b4593b88,b4593a54,...) at 0x80c83029 = zfsctl_freebsd_root_lookup+0xb0
VOP_LOOKUP_APV(80cfbb00,b4593a34,809908ef,1f6,0,...) at 0x80922801 = VOP_LOOKUP_APV+0x48
lookup(b4593b5c,87e53800,400,b4593b7c,0,...) at 0x806e59b4 = lookup+0x5fb
namei(b4593b5c,b4593afc,60,0,92eec000,...) at 0x806e68ce = namei+0x57d
kern_statat_vnhook(92eec000,200,ffffff9c,304043b8,0,...) at 0x806f6269 = kern_statat_vnhook+0x6c
kern_statat(92eec000,200,ffffff9c,304043b8,0,...) at 0x806f63d3 = kern_statat+0x3c
kern_lstat(92eec000,304043b8,0,b4593c18,5188ce43,...) at 0x806f640b = kern_lstat+0x36
lstat(92eec000,b4593cf8,c,c,c,...) at 0x806f649f = lstat+0x2b
syscall(b4593d38) at 0x8090d1b8 = syscall+0x2ab
Xint0x80_syscall() at 0x808f0f71 = Xint0x80_syscall+0x21
--- syscall (190, FreeBSD ELF32, lstat), eip = 0x301c3f73, esp = 0x7fbfe54c, ebp = 0x7fbfe5d8 ---
Uptime: 1h2m13s
Physical memory: 1009 MB
Dumping 458 MB: 443 427 411 395 379 363 347 331 315 299 283 267 251 235 219 203 187 171 155 139 123 107 91 75 59 43 27 11
Reading symbols from /boot/kernel/linprocfs.ko...Reading symbols from /boot/kernel/linprocfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/linprocfs.ko
Reading symbols from /boot/kernel/linux.ko...Reading symbols from /boot/kernel/linux.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/linux.ko
Reading symbols from /boot/kernel/linsysfs.ko...Reading symbols from /boot/kernel/linsysfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/linsysfs.ko
Reading symbols from /boot/kernel/zfs.ko...Reading symbols from /boot/kernel/zfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/zfs.ko
Reading symbols from /boot/kernel/opensolaris.ko...Reading symbols from /boot/kernel/opensolaris.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/opensolaris.ko
Reading symbols from /boot/kernel/lindev.ko...Reading symbols from /boot/kernel/lindev.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/lindev.ko
Reading symbols from /boot/kernel/aio.ko...Reading symbols from /boot/kernel/aio.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/aio.ko
Reading symbols from /boot/kernel/cpufreq.ko...Reading symbols from /boot/kernel/cpufreq.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/cpufreq.ko
Reading symbols from /boot/kernel/ksyms.ko...Reading symbols from /boot/kernel/ksyms.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ksyms.ko
Reading symbols from /boot/kernel/mqueuefs.ko...Reading symbols from /boot/kernel/mqueuefs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/mqueuefs.ko
#0 doadump () at pcpu.h:231
231 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) #0 doadump () at pcpu.h:231
#1 0x80669b51 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:416
#2 0x80669de5 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:590
#3 0x8090cca7 in trap_fatal (frame=0xb45936f8, eva=128)
at /usr/src/sys/i386/i386/trap.c:938
#4 0x8090ceef in trap_pfault (frame=0xb45936f8, usermode=0, eva=128)
at /usr/src/sys/i386/i386/trap.c:851
#5 0x8090d7c7 in trap (frame=0xb45936f8) at /usr/src/sys/i386/i386/trap.c:533
#6 0x808f0f0c in calltrap () at /usr/src/sys/i386/i386/exception.s:166
#7 0x80922145 in VOP_LOCK1_APV (vop=0x0, a=0xb459375c) at vnode_if.c:1986
#8 0x806fdfbc in _vn_lock (vp=0x8b65da78, flags=525312,
file=0x80cee192 "/usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/gfs.c", line=437) at vnode_if.h:859
#9 0x80c08ea6 in gfs_file_create (size=84, pvp=0x86e1c53c, vfsp=0x86d90000,
ops=0x80d0fea0)
at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/gfs.c:437
#10 0x80c08f2d in gfs_dir_create (struct_size=84, pvp=0x86e1c53c,
vfsp=0x86d90000, ops=0x80d0fea0, entries=0x0, inode_cb=0, maxlen=256,
readdir_cb=0, lookup_cb=0)
at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/gfs.c:496
#11 0x80c82773 in zfsctl_mknode_shares (pvp=0x86e1c53c)
at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c:1146
#12 0x80c08d69 in gfs_dir_lookup (dvp=0x86e1c53c, nm=0xb45938c0 "shares",
vpp=0xb4593b74, cr=0x888e8700, flags=0, direntflags=0x0, realpnp=0x0)
at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/gfs.c:777
#13 0x80c829f1 in zfsctl_root_lookup (dvp=0x86e1c53c, nm=0xb45938c0 "shares",
vpp=0xb4593b74, pnp=0x0, flags=Variable "flags" is not available.
)
at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c:506
#14 0x80c83029 in zfsctl_freebsd_root_lookup (ap=0xb4593a34)
at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c:541
#15 0x80922801 in VOP_LOOKUP_APV (vop=0x80cfbb00, a=0xb4593a34)
at vnode_if.c:123
#16 0x806e59b4 in lookup (ndp=0xb4593b5c) at vnode_if.h:54
#17 0x806e68ce in namei (ndp=0xb4593b5c) at /usr/src/sys/kern/vfs_lookup.c:269
#18 0x806f6269 in kern_statat_vnhook (td=0x92eec000, flag=512, fd=-100,
path=0x304043b8 <Address 0x304043b8 out of bounds>,
pathseg=UIO_USERSPACE, sbp=0xb4593c18, hook=0)
at /usr/src/sys/kern/vfs_syscalls.c:2346
#19 0x806f63d3 in kern_statat (td=0x92eec000, flag=512, fd=-100,
path=0x304043b8 <Address 0x304043b8 out of bounds>,
pathseg=UIO_USERSPACE, sbp=0xb4593c18)
at /usr/src/sys/kern/vfs_syscalls.c:2327
#20 0x806f640b in kern_lstat (td=0x92eec000,
path=0x304043b8 <Address 0x304043b8 out of bounds>,
pathseg=UIO_USERSPACE, sbp=0xb4593c18)
at /usr/src/sys/kern/vfs_syscalls.c:2400
#21 0x806f649f in lstat (td=0x92eec000, uap=0xb4593cf8)
at /usr/src/sys/kern/vfs_syscalls.c:2390
#22 0x8090d1b8 in syscall (frame=0xb4593d38)
at /usr/src/sys/i386/i386/trap.c:1111
#23 0x808f0f71 in Xint0x80_syscall ()
at /usr/src/sys/i386/i386/exception.s:264
#24 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb)
--------------000303020304060701070902
Content-Type: application/octet-stream;
name="backtrace.txt.sig"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="backtrace.txt.sig"
iQEcBAABAgAGBQJMjw6UAAoJEJBXh4mJ2FR+pk4H/22ORXAmvGRUZIf11X0Doc66WQndsI+D
2dwQIBwSDs7DWXqt98A2g0w8I7ZfleZdSUeOBpQXifncG5MsMqS7Abhl9PoGUsMTubH0R6Gv
+0wUYP+Nt607mOsKk46lG3FyrG2W4yt6h9fInJ3/NOY8nHaJOIZz3i/KS+5/SoRsWCPqVoH+
sZVgBjErAnyDfeoqq9ZTVgJJtG5tnjdxUmKHFB07FzZDwUlpwx/2l7PcBQUNWch8wqZSveTN
zB4KdTTCOMaRsSOQDb74JoF9lecb2+bLHapzg0xWKp3MIrmpqE9nSr4nXEKlL2OaqApfDxFC
tMQ2a+qtAeU3USDDmW2mnKk=
--------------000303020304060701070902--
More information about the freebsd-bugs
mailing list