sosend() and mbuf

Dag-Erling Smørgrav des at des.no
Tue Aug 4 16:36:50 UTC 2009 

Maslan <maslanbsd at gmail.com> writes:
> Fatal trap 12: page fault while in kernel mode
> cpuid = 1; apic id = 01
> fault virtual address	= 0x10
> fault code		= supervisor read, page not present
> instruction pointer	= 0x20:0xc085935b
> [...]
> #7  0xc085935b in namei (ndp=0xe6cd3bc8) at /usr/src/sys/kern/vfs_lookup.c:191
> #8  0xc08706d7 in vn_open_cred (ndp=0xe6cd3bc8, flagp=0xe6cd3cc4, cmode=1,
>     cred=0xc408fc00, fp=0xc4b5b344) at /usr/src/sys/kern/vfs_vnops.c:188
> #9  0xc08709a3 in vn_open (ndp=0xe6cd3bc8, flagp=0xe6cd3cc4, cmode=1,
>     fp=0xc4b5b344) at /usr/src/sys/kern/vfs_vnops.c:94
> #10 0xc086e0d3 in kern_open (td=0xc499dd20, path=0xc4c7a978 "/root/test.txt",
>     pathseg=UIO_SYSSPACE, flags=1, mode=1)
>     at /usr/src/sys/kern/vfs_syscalls.c:1042
> #11 0xc4c7a805 in f_open () from ./test.ko
> #12 0xc4c7a8a1 in thread_main () from ./test.ko
> #13 0xc07bd079 in fork_exit (callout=0xc4c7a880 <thread_main>, arg=0x0,
>     frame=0xe6cd3d38) at /usr/src/sys/kern/kern_fork.c:810
> #14 0xc0ac92b0 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:264

Depending on the exact FreeBSD version you're working on, line 191 in
sys/kern/vfs_lookup.c is either

   188          /*
   189           * Get starting point for the translation.
   190           */
 * 191          FILEDESC_SLOCK(fdp);
   192          ndp->ni_rootdir = fdp->fd_rdir;
   193          ndp->ni_topdir = fdp->fd_jdir;

or

   187          /*
   188           * Get starting point for the translation.
   189           */
   190          FILEDESC_SLOCK(fdp);
 * 191          ndp->ni_rootdir = fdp->fd_rdir;
   192          ndp->ni_topdir = fdp->fd_jdir;

Either way, the problem is not ndp (which we know is valid), but fdp,
which is dereferenced either by FILEDESC_SLOCK(), which evaluates to
sx_slock(&fdp->fd_sx), or in the assignment.

You're calling namei() (indirectly) from a thread assigned to proc0, and
I'm pretty sure proc0 has a valid filedesc table (see proc0_init() in
sys/kern/init_main.c), but all the same, I suspect that creating a
separate process as I suggested earlier will fix the panic.

DES
-- 
Dag-Erling Smørgrav - des at des.no

More information about the freebsd-hackers mailing list