FreeBSD 7.1: QUOTA: kernel panics in jailed()

Mikolaj Golub to.my.trociny at gmail.com
Sat Dec 5 23:21:29 UTC 2009 

Hi,

Today we have observed the panic on our FreeBSD7.1 box build with QUOTA
support.

According to backtrace ffs_truncate() called chkdq() with NOCRED but later
jailed() was called and the system crashed dereferencing cred->cr_prison.

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 7; apic id = 07
fault virtual address   = 0x64
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc07a1d26
stack pointer           = 0x28:0xedb2d8b8
frame pointer           = 0x28:0xedb2d8b8
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 9742 (icoms_agent_cox476)
trap number             = 12
panic: page fault
cpuid = 7
Uptime: 19h54m4s
Physical memory: 3315 MB
Dumping 326 MB: 311 295 279 263 247 231 215 199 183 167 151 135 119 103 87 71 55 39 23 7

Reading symbols from /boot/kernel/if_lagg.ko...Reading symbols from /boot/kernel/if_lagg.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/if_lagg.ko
Reading symbols from /boot/kernel/acpi.ko...Reading symbols from /boot/kernel/acpi.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/acpi.ko
#0  doadump () at pcpu.h:196
196     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:196
#1  0xc07c2b27 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418
#2  0xc07c2df9 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:574
#3  0xc0ada1ec in trap_fatal (frame=0xedb2d878, eva=100) at /usr/src/sys/i386/i386/trap.c:939
#4  0xc0ada470 in trap_pfault (frame=0xedb2d878, usermode=0, eva=100) at /usr/src/sys/i386/i386/trap.c:852
#5  0xc0adae2c in trap (frame=0xedb2d878) at /usr/src/sys/i386/i386/trap.c:530
#6  0xc0ac0c9b in calltrap () at /usr/src/sys/i386/i386/exception.s:159
#7  0xc07a1d26 in jailed (cred=0x0) at /usr/src/sys/kern/kern_jail.c:465
#8  0xc07a1da5 in prison_priv_check (cred=0x0, priv=320) at /usr/src/sys/kern/kern_jail.c:581
#9  0xc07b62ce in priv_check_cred (cred=0x0, priv=320, flags=0) at /usr/src/sys/kern/kern_priv.c:86
#10 0xc09e742d in chkdq (ip=0xcb55c980, change=28, cred=0x0, flags=Variable "flags" is not available.
)
    at /usr/src/sys/ufs/ufs/ufs_quota.c:188
#11 0xc09c24f7 in ffs_truncate (vp=0xcac04cf0, length=0, flags=2048, cred=0xc9871d00, td=0xc95d28c0)
    at /usr/src/sys/ufs/ffs/ffs_inode.c:276
#12 0xc09ed372 in ufs_setattr (ap=0xedb2db64) at /usr/src/sys/ufs/ufs/ufs_vnops.c:600
#13 0xc0af0582 in VOP_SETATTR_APV (vop=0xc0c2ff80, a=0xedb2db64) at vnode_if.c:583
#14 0xc084c446 in kern_open (td=0xc95d28c0, path=0x4890e68c <Address 0x4890e68c out of bounds>, 
    pathseg=UIO_USERSPACE, flags=Variable "flags" is not available.
) at vnode_if.h:315
#15 0xc084c5b0 in open (td=0xc95d28c0, uap=0xedb2dcfc) at /usr/src/sys/kern/vfs_syscalls.c:999
#16 0xc0ada7c5 in syscall (frame=0xedb2dd38) at /usr/src/sys/i386/i386/trap.c:1090
#17 0xc0ac0d00 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:255
#18 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) fr 11
#11 0xc09c24f7 in ffs_truncate (vp=0xcac04cf0, length=0, flags=2048, cred=0xc9871d00, td=0xc95d28c0)
    at /usr/src/sys/ufs/ffs/ffs_inode.c:276
276                             (void) chkdq(ip, -datablocks, NOCRED, 0);
(kgdb) list
271                             if (ip->i_flag & IN_SPACECOUNTED)
272                                     fs->fs_pendingblocks -= datablocks;
273                             UFS_UNLOCK(ump);
274                     } else {
275     #ifdef QUOTA
276                             (void) chkdq(ip, -datablocks, NOCRED, 0);
277     #endif
278                             softdep_setup_freeblocks(ip, length, needextclean ?
279                                 IO_EXT | IO_NORMAL : IO_NORMAL);
280                             ASSERT_VOP_LOCKED(vp, "ffs_truncate1");
(kgdb) fr 7
#7  0xc07a1d26 in jailed (cred=0x0) at /usr/src/sys/kern/kern_jail.c:465
465     {
(kgdb) list
460     /*
461      * Return 1 if the passed credential is in a jail, otherwise 0.
462      */
463     int
464     jailed(struct ucred *cred)
465     {
466
467             return (cred->cr_prison != NULL);
468     }
469

-- 
Mikolaj Golub

More information about the freebsd-stable mailing list