Date: Fri, 18 May 2007 10:20:08 GMT From: Eugene Grosbein <eugen@kuzbass.ru> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/112707: 6.2-STABLE panic: spoiling cp->ace = 3 Message-ID: <200705181020.l4IAK8Vc034975@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/112707; it has been noted by GNATS. From: Eugene Grosbein <eugen@kuzbass.ru> To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/112707: 6.2-STABLE panic: spoiling cp->ace = 3 Date: Fri, 18 May 2007 17:48:58 +0800 Hi! I managed to obtain crashdump and got backtrace that follows. I also put online kernel.debug and crashdump, both compressed (5Mb and 8.5Mb) here: http://www.grosbein.pp.ru/panic-spoiling/ cript started on Fri May 18 17:34:50 2007 kgdb: kvm_nlist(_stopped_cpus): kgdb: kvm_nlist(_stoppcbs): [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"] GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd". Unread portion of the kernel message buffer: panic: spoiling cp->ace = 3 KDB: stack backtrace: kdb_backtrace(c068b1c3,c06e20c0,c0685e63,c5c69934,100,...) at 0xc0527773 = kdb_backtrace+0x2f panic(c0685e63,3,c06858b9,370,c1239b00,...) at 0xc050b74d = panic+0xb8 g_spoil(c1239b00,c122eb00,1,3,0,...) at 0xc04d1e4f = g_spoil+0x57 g_access(c122eb00,0,1,0,2000,...) at 0xc04d1abc = g_access+0x27e g_dev_open(c1268c00,2,2000,c1296300,c1268c00,...) at 0xc04cbe2e = g_dev_open+0x106 devfs_open(c5c69a54,c5c69d04,c5c69bc4,0,c5c69b10,...) at 0xc04c90cc = devfs_open+0x197 VOP_OPEN_APV(c06b6300,c5c69a54,0,c5c69a54,0,...) at 0xc066212a = VOP_OPEN_APV+0x9d vn_open_cred(c5c69bc4,c5c69cc4,1a4,c1818a80,4,...) at 0xc05760b0 = vn_open_cred+0x457 vn_open(c5c69bc4,c5c69cc4,1a4,4,c5c69b68,...) at 0xc0575c57 = vn_open+0x33 kern_open(c1296300,804c030,0,2,1b6,...) at 0xc056e029 = kern_open+0xca open(c1296300,c5c69d04,c,804d000,3,...) at 0xc056df27 = open+0x36 syscall(3b,3b,3b,804c030,0,...) at 0xc06586d2 = syscall+0x295 Xint0x80_syscall() at 0xc0648d0f = Xint0x80_syscall+0x1f --- syscall (5, FreeBSD ELF32, open), eip = 0x28137437, esp = 0xbfbfe83c, ebp = 0xbfbfe868 --- KDB: enter: panic Uptime: 1m7s Dumping 47 MB (2 chunks) chunk 0: 1MB (159 pages) ... ok chunk 1: 47MB (12032 pages) 32 16 #0 doadump () at pcpu.h:165 165 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) bt full #0 doadump () at pcpu.h:165 No locals. #1 0xc050b4ad in boot (howto=260) at /home/src/sys/kern/kern_shutdown.c:409 first_buf_printf = 1 #2 0xc050b7cb in panic (fmt=0xc0685e63 "spoiling cp->ace = %d") at /home/src/sys/kern/kern_shutdown.c:565 td = (struct thread *) 0xc1296300 bootopt = 256 newpanic = 1 ap = 0xc5c69934 "\003" buf = "spoiling cp->ace = 3", '\0' <repeats 235 times> #3 0xc04d1e4f in g_spoil (pp=0xc1239b00, cp=0xc122eb00) at /home/src/sys/geom/geom_subr.c:891 cp2 = (struct g_consumer *) 0x0 #4 0xc04d1abc in g_access (cp=0xc122eb00, dcr=0, dcw=1, dce=0) at /home/src/sys/geom/geom_subr.c:741 pp = (struct g_provider *) 0xc1239b00 pw = 0 pe = 3 error = 0 #5 0xc04cbe2e in g_dev_open (dev=0xc1268c00, flags=6, fmt=0, td=0xc1296300) at /home/src/sys/geom/geom_dev.c:196 gp = (struct g_geom *) 0x0 cp = (struct g_consumer *) 0xc122eb00 ---Type <return> to continue, or q <return> to quit--- error = 6 r = 0 w = 1 #6 0xc04c90cc in devfs_open (ap=0xc5c69a54) at /home/src/sys/fs/devfs/devfs_vnops.c:766 _giantcnt = 0 td = (struct thread *) 0xc1296300 vp = (struct vnode *) 0xc184a660 dev = (struct cdev *) 0xc1268c00 fp = (struct file *) 0x0 error = -1066703424 dsw = (struct cdevsw *) 0xc06b65c0 #7 0xc066212a in VOP_OPEN_APV (vop=0x0, a=0xc5c69a54) at vnode_if.c:372 rc = 0 #8 0xc05760b0 in vn_open_cred (ndp=0xc5c69bc4, flagp=0xc5c69cc4, cmode=420, cred=0xc1818a80, fdidx=4) at vnode_if.h:198 vp = (struct vnode *) 0xc184a660 mp = (struct mount *) 0x139 td = (struct thread *) 0xc1296300 vat = {va_type = 3226510025, va_mode = 14000, va_nlink = -16087, va_uid = 1, va_gid = 3228085506, va_fsid = 3318127288, va_fileid = -1068627818, va_size = 4294967264, va_blocksize = 4, va_atime = {tv_sec = -976839976, tv_nsec = -1068627430}, va_mtime = { tv_sec = -1049548544, tv_nsec = 4}, va_ctime = {tv_sec = 20, ---Type <return> to continue, or q <return> to quit--- tv_nsec = 4}, va_birthtime = {tv_sec = -1049548500, tv_nsec = 1380}, va_gen = 3228071115, va_flags = 3318127360, va_rdev = 3226471867, va_bytes = 7540386092, va_filerev = 1369027681980, va_vaflags = 0, va_spare = -1054263736} mode = 128 fmode = 2 error = 0 vfslocked = 0 #9 0xc0575c57 in vn_open (ndp=0x0, flagp=0x0, cmode=0, fdidx=0) at /home/src/sys/kern/vfs_vnops.c:91 td = (struct thread *) 0x0 #10 0xc056e029 in kern_open (td=0xc1296300, path=0x0, pathseg=UIO_USERSPACE, flags=2, mode=438) at /home/src/sys/kern/vfs_syscalls.c:1007 p = (struct proc *) 0x0 fdp = (struct filedesc *) 0xc1712900 fp = (struct file *) 0xc1814000 vp = (struct vnode *) 0x1 vat = {va_type = 3228436892, va_mode = 1, va_nlink = 0, va_uid = 3228081852, va_gid = 318, va_fsid = 118134284, va_fileid = 0, va_size = 13944276585772947192, va_blocksize = 3, va_atime = {tv_sec = 0, tv_nsec = 0}, va_mtime = {tv_sec = -1048312404, tv_nsec = 3}, va_ctime = { tv_sec = 0, tv_nsec = -1056270904}, va_birthtime = {tv_sec = -1048393940, tv_nsec = 0}, va_gen = 0, va_flags = 149, va_rdev = 0, va_bytes = 13862612747705294036, va_filerev = 13864923702024115656, ---Type <return> to continue, or q <return> to quit--- va_vaflags = 149, va_spare = -1054263632} mp = (struct mount *) 0x13e cmode = 0 nfp = (struct file *) 0xc1814000 type = 0 indx = 4 error = -976839420 lf = {l_start = 1369027681980, l_len = 279172874240, l_pid = 1, l_type = -18920, l_whence = -16280} nd = {ni_dirp = 0x804c030 <Address 0x804c030 out of bounds>, ni_segflg = UIO_USERSPACE, ni_startdir = 0x0, ni_rootdir = 0xc1230aa0, ni_topdir = 0x0, ni_vp = 0xc184a660, ni_dvp = 0xc1230dd0, ni_pathlen = 1, ni_next = 0xc127a008 "", ni_loopcnt = 0, ni_cnd = {cn_nameiop = 0, cn_flags = 69255236, cn_thread = 0xc1296300, cn_cred = 0xc1818a80, cn_lkflags = 2, cn_pnbuf = 0xc127a000 "/dev/ad0", cn_nameptr = 0xc127a005 "ad0", cn_namelen = 3, cn_consume = 0}} vfslocked = -1066530404 #11 0xc056df27 in open (td=0x0, uap=0xc5c69d04) at /home/src/sys/kern/vfs_syscalls.c:971 error = -1054252288 #12 0xc06586d2 in syscall (frame= {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 134529072, tf_esi = 0, tf_ebp = -1077942168, tf_isp = -976839324, tf_ebx = 512, tf_edx = 0, tf_ecx = 134533120, tf_eax = 5, tf_trapno = 12, tf_err = 2, tf_eip = 672363575, tf_cs = 51, t---Type <return> to continue, or q <return> to quit--- f_eflags = 642, tf_esp = -1077942212, tf_ss = 59}) at /home/src/sys/i386/i386/trap.c:983 params = 0xbfbfe840 <Address 0xbfbfe840 out of bounds> callp = (struct sysent *) 0xc06b7b1c td = (struct thread *) 0xc1296300 p = (struct proc *) 0xc1293648 orig_tf_eflags = 642 sticks = 0 error = 0 narg = 3 args = {134529072, 1, 438, 134533120, 12, 0, 0, -1054263736} code = 5 #13 0xc0648d0f in Xint0x80_syscall () at /home/src/sys/i386/i386/exception.s:200 No locals. #14 0x00000033 in ?? () No symbol table info available. Previous frame inner to this frame (corrupt stack?) (kgdb) quit
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200705181020.l4IAK8Vc034975>