Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 27 Sep 1995 10:24:17 -0400
From:      Eugene Stark <stark@UG.CS.SUNYSB.EDU>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   kern/744: Page fault in fchmod() with Sep 20 -stable kernel
Message-ID:  <199509271424.KAA10038@ws24.ug.cs.sunysb.edu>
Resent-Message-ID: <199509271430.HAA02100@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         744
>Category:       kern
>Synopsis:       Page fault in fchmod() with Sep 20 -stable kernel
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 27 07:30:01 PDT 1995
>Last-Modified:
>Originator:     Eugene Stark
>Organization:
SUNY at Stony Brook CS Dept.
>Release:        FreeBSD 2.1-STABLE supped on Sep 20, 1995
>Environment:

	486DX4/100, 32MB RAM, IDE, BusLogic SCSI.
	FreeBSD 2.1-STABLE supped on Sep 20, 1995.

>Description:

	System crashed due to attempt to follow NULL vp->v_mount
	pointer in fchmod() in kern/vfs_syscalls.c.

	There has been one revision to vnode code in -STABLE since
	that date, but I'm not sure if it is relevant to this problem.

	I'll retain this core dump for a little while, in case
	anybody wants more information.

gdb -k kernel vmcore.7
GDB is free software and you are welcome to distribute copies of it
 under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.13 (i386-unknown-freebsd), 
Copyright 1994 Free Software Foundation, Inc...
IdlePTD 1c3000
current pcb at 1b6140
panic: page fault
#0  boot (howto=256) at ../../i386/i386/machdep.c:873
873                                     dumppcb.pcb_ptd = rcr3();
(kgdb) bt
#0  boot (howto=256) at ../../i386/i386/machdep.c:873
#1  0xf010f893 in panic (fmt=0xf018c9fc "page fault")
    at ../../kern/subr_prf.c:124
#2  0xf018d4be in trap_fatal (frame=0xefbffe80) at ../../i386/i386/trap.c:718
#3  0xf018d030 in trap_pfault (frame=0xefbffe80, usermode=0)
    at ../../i386/i386/trap.c:640
#4  0xf018cce7 in trap (frame={tf_es = -266665968, tf_ds = -227672048, 
      tf_edi = -255635968, tf_esi = 0, tf_ebp = -272629940, 
      tf_isp = -267232531, tf_ebx = -257021696, tf_edx = -258090496, 
      tf_ecx = 29, tf_eax = 0, tf_trapno = 12, tf_err = -257032192, 
      tf_eip = -267232531, tf_cs = -267255800, tf_eflags = 66178, 
      tf_esp = -272629868, tf_ss = -255635968}) at ../../i386/i386/trap.c:299
#5  0xf0185e7d in calltrap ()
#6  0xf0125aed in fchmod (p=0xf0c34e00, uap=0xefbfff94, retval=0xefbfff8c)
    at ../../kern/vfs_syscalls.c:1503
#7  0xf018d703 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = 136768, 
      tf_esi = 0, tf_ebp = -272640484, tf_isp = -272629788, tf_ebx = 147456, 
      tf_edx = 147524, tf_ecx = 0, tf_eax = 124, tf_trapno = 514, 
      tf_err = 514, tf_eip = 134525525, tf_cs = 31, tf_eflags = 514, 
      tf_esp = -272640504, tf_ss = 39}) at ../../i386/i386/trap.c:853
#8  0xf0185ecb in Xsyscall ()
#9  0xde0a in ?? ()
#10 0xcf51 in ?? ()
#11 0x10d3 in ?? ()
(kgdb) frame 6
#6  0xf0125aed in fchmod (p=0xf0c34e00, uap=0xefbfff94, retval=0xefbfff8c)
    at ../../kern/vfs_syscalls.c:1503
1503            if (vp->v_mount->mnt_flag & MNT_RDONLY)
(kgdb) print *vp
$1 = {v_flag = 0, v_usecount = 1, v_writecount = 1, v_holdcnt = 0, 
  v_lastr = 0, v_id = 2194101, v_mount = 0x0, v_op = 0xf09dda00, v_freelist = {
    tqe_next = 0x0, tqe_prev = 0xf0ae209c}, v_mntvnodes = {
    le_next = 0xf0b37a80, le_prev = 0xf0b1b424}, v_cleanblkhd = {
    lh_first = 0x0}, v_dirtyblkhd = {lh_first = 0x0}, v_numoutput = 0, 
  v_type = VBAD, v_un = {vu_mountedhere = 0x0, vu_socket = 0x0, 
    vu_specinfo = 0x0, vu_fifoinfo = 0x0}, v_lease = 0x0, v_lastw = 0, 
  v_cstart = 0, v_lasta = 0, v_clen = 0, v_ralen = 0, v_maxra = 0, 
  v_vmdata = 0x0, v_tag = VT_NON, v_data = 0x0}
(kgdb) print *p
$2 = {p_forw = 0xf0bf8200, p_back = 0x0, p_next = 0xf0c41a00, 
  p_prev = 0xf0a4fd08, p_cred = 0xf0bd1f40, p_fd = 0xf0c63700, 
  p_stats = 0xf4610288, p_limit = 0xf01bc74c, p_vmspace = 0xf0ad4000, 
  p_sigacts = 0xf461015c, p_flag = 16390, p_stat = 2 '\002', 
  p_pad1 = "\000\000", p_pid = 15224, p_hash = 0x0, p_pgrpnxt = 0x0, 
  p_pptr = 0xf09e7e00, p_osptr = 0xf0a83300, p_ysptr = 0x0, p_cptr = 0x0, 
  p_oppid = 0, p_dupfd = 0, p_estcpu = 71, p_cpticks = 70, p_pctcpu = 34, 
  p_wchan = 0x0, p_wmesg = 0xf01112b4 "select", p_swtime = 660, p_slptime = 0, 
  p_realtimer = {it_interval = {tv_sec = 0, tv_usec = 0}, it_value = {
      tv_sec = 0, tv_usec = 0}}, p_rtime = {tv_sec = 2, tv_usec = 682432}, 
  p_uticks = 53, p_sticks = 376, p_iticks = 12, p_traceflag = 0, 
  p_tracep = 0x0, p_siglist = 0, p_textvp = 0xf0af4300, p_lock = 0 '\000', 
  p_pad2 = "\000\000", p_spare = {0, 0}, p_sigmask = 0, 
  p_sigignore = 406884353, p_sigcatch = 548870, p_priority = 67 'C', 
  p_usrpri = 67 'C', p_nice = 0 '\000', 
  p_comm = "slirp\000d\000\000\000\000\000\000\000\000\000", 
  p_pgrp = 0xf0bee600, p_sysent = 0xf01ac020, p_rtprio = {type = 1, prio = 0}, 
  p_thread = 6, p_addr = 0xf4610000, p_md = {md_flags = 0, 
    md_regs = 0xefbfffbc}, p_xstat = 0, p_acflag = 0, p_ru = 0x0}
(kgdb) 

>How-To-Repeat:

	Unknown.

>Fix:
	
	Unknown.


>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509271424.KAA10038>