Hi all, Here is a recipe how to panic CURRENT's GENERIC kernel from the command line: (enter single-user mode) # mount -r /usr # mount -r /usr # umount /usr # cat [panic!] As shown below, the panic happens in GEOM when /bin/sh searches $PATH for cat(1). The recipe works in 6-STABLE, too. Is anybody interested? Thanks! -- Yar P.S. The technical details: %%% fstab: # Device Mountpoint FStype Options Dump Pass# /dev/ad0s3b none swap sw 0 0 /dev/ad0s3a / ufs rw 1 1 /dev/ad0s3e /tmp ufs rw 2 2 /dev/ad0s3f /usr ufs rw 2 2 /dev/ad0s3d /var ufs rw 2 2 /dev/acd0 /cdrom cd9660 ro,noauto 0 0 %%% usual mount: /dev/ad0s3a on / (ufs, local) devfs on /dev (devfs, local) /dev/ad0s3e on /tmp (ufs, local, soft-updates) /dev/ad0s3f on /usr (ufs, local, soft-updates) /dev/ad0s3d on /var (ufs, local, soft-updates) %%% interesting parts from the kgdb typescript: Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0xdeadc112 fault code = supervisor read, page not present instruction pointer = 0x20:0xc0667c73 stack pointer = 0x28:0xc819e7f0 frame pointer = 0x28:0xc819e814 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 46 (sh) panic: from debugger cpuid = 0 Uptime: 45s (kgdb) bt #0 doadump () at pcpu.h:166 #1 0xc069e4e0 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409 #2 0xc069e7f5 in panic (fmt=0xc08e1ef2 "from debugger") at /usr/src/sys/kern/kern_shutdown.c:565 #3 0xc0475c76 in db_panic (addr=-1067025293, have_addr=0, count=-1, modif=0xc819e5c4 "") at /usr/src/sys/ddb/db_command.c:428 #4 0xc0475c0f in db_command (last_cmdp=0xc09f4ac4, cmd_table=0x0) at /usr/src/sys/ddb/db_command.c:396 #5 0xc0475cca in db_command_loop () at /usr/src/sys/ddb/db_command.c:448 #6 0xc04778c9 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:221 #7 0xc06ba454 in kdb_trap (type=12, code=0, tf=0xc819e7b0) at /usr/src/sys/kern/subr_kdb.c:502 #8 0xc089ab25 in trap_fatal (frame=0xc819e7b0, eva=3735929106) at /usr/src/sys/i386/i386/trap.c:858 #9 0xc089a85f in trap_pfault (frame=0xc819e7b0, usermode=0, eva=3735929106) at /usr/src/sys/i386/i386/trap.c:776 #10 0xc089a47d in trap (frame= {tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -559038242, tf_esi = -559038242, tf_ebp = -937826284, tf_isp = -937826340, tf_ebx = -1044772008, tf_edx = -1044683008, tf_ecx = 0, tf_eax = -1044683008, tf_trapno = 12, tf_err = -559038190, tf_eip = -1067025293, tf_cs = 32, tf_eflags = 66050, tf_esp = -1065422231, tf_ss = -1044772008}) at /usr/src/sys/i386/i386/trap.c:461 #11 0xc088580a in calltrap () at /usr/src/sys/i386/i386/exception.s:138 #12 0xc0667c73 in g_io_request (bp=0xc1ba0b58, cp=0xc1bb6700) at /usr/src/sys/geom/geom_io.c:327 #13 0xc066acc5 in g_vfs_strategy (bo=0xc1bb6700, bp=0xc3e53420) at /usr/src/sys/geom/geom_vfs.c:106 #14 0xc07ddec1 in ffs_geom_strategy (bo=0xc1bc24c4, bp=0xc3e53420) at /usr/src/sys/ufs/ffs/ffs_vfsops.c:1810 #15 0xc07e9549 in ufs_strategy (ap=0xc1bb6700) at /usr/src/sys/ufs/ufs/ufs_vnops.c:1956 #16 0xc08acc35 in VOP_STRATEGY_APV (vop=0xc09de420, a=0xc819e890) at vnode_if.c:1771 #17 0xc06ee7e9 in bufstrategy (bo=0xc1bb6700, bp=0xc3e53420) at vnode_if.h:928 #18 0xc06e97cb in breadn (vp=0xc1bc230c, blkno=0, size=2048, rablkno=0x0, rabsize=0x0, cnt=0, cred=0x0, bpp=0xc1bb6700) at buf.h:419 #19 0xc06e955c in bread (vp=0xc1bc230c, blkno=0, size=2048, cred=0x0, bpp=0xc819e914) at /usr/src/sys/kern/vfs_bio.c:726 #20 0xc07da35a in ffs_blkatoff (vp=0xc1bc230c, offset=0, res=0x0, bpp=0xc819e980) at /usr/src/sys/ufs/ffs/ffs_subr.c:87 #21 0xc07e360d in ufs_lookup (ap=0xc819ea20) at /usr/src/sys/ufs/ufs/ufs_lookup.c:259 #22 0xc08ab6ce in VOP_CACHEDLOOKUP_APV (vop=0xc1bb6700, a=0xc819ea20) at vnode_if.c:153 #23 0xc06ef942 in vfs_cache_lookup (ap=0xc1bb6700) at vnode_if.h:82 #24 0xc08ab617 in VOP_LOOKUP_APV (vop=0xc09de420, a=0xc819eabc) at vnode_if.c:99 #25 0xc06f3b7e in lookup (ndp=0xc819eba8) at vnode_if.h:56 #26 0xc06f34c6 in namei (ndp=0xc819eba8) at /usr/src/sys/kern/vfs_lookup.c:210 #27 0xc0700b15 in kern_stat (td=0xc1aba000, path=0x824023c <Address 0x824023c out of bounds>, pathseg=3250284288, sbp=0xc819ec1c) at /usr/src/sys/kern/vfs_syscalls.c:2078 #28 0xc0700ac3 in stat (td=0xc1aba000, uap=0xc819ed04) at /usr/src/sys/kern/vfs_syscalls.c:2062 #29 0xc089ae42 in syscall (frame= {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 1, tf_esi = 136577576, tf_ebp = -1077941096, tf_isp = -937824924, tf_ebx = 136577596, tf_edx = 136577596, tf_ecx = 424, tf_eax = 188, tf_trapno = 0, tf_err = 2, tf_eip = 672812043, tf_cs = 51, tf_eflags = 658, tf_esp = -1077941252, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:1006 #30 0xc088585f in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:191 #31 0x00000033 in ?? () (kgdb) frame 12 #12 0xc0667c73 in g_io_request (bp=0xc1ba0b58, cp=0xc1bb6700) at /usr/src/sys/geom/geom_io.c:327 327 KASSERT(bp->bio_offset % cp->provider->sectorsize == 0, (kgdb) p cp->provider $1 = (struct g_provider *) 0xdeadc0de (kgdb) frame 26 #26 0xc06f34c6 in namei (ndp=0xc819eba8) at /usr/src/sys/kern/vfs_lookup.c:210 210 error = lookup(ndp); (kgdb) p *ndp $2 = {ni_dirp = 0x824023c <Address 0x824023c out of bounds>, ni_segflg = UIO_USERSPACE, ni_startdir = 0x0, ni_rootdir = 0xc1bc1c30, ni_topdir = 0x0, ni_vp = 0x0, ni_dvp = 0xc1bc230c, ni_pathlen = 5, ni_next = 0xc1bc3c09 "/cat", ni_loopcnt = 0, ni_cnd = {cn_nameiop = 0, cn_flags = 83902532, cn_thread = 0xc1aba000, cn_cred = 0xc198b700, cn_lkflags = 2, cn_pnbuf = 0xc1bc3c00 "/usr/sbin/cat", cn_nameptr = 0xc1bc3c05 "sbin/cat", cn_namelen = 4, cn_consume = 0}} %%% EOF %%%Received on Fri Aug 18 2006 - 16:47:00 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:59 UTC