Server panics periodically (even under no load). "current process" usually indicates "smbd" but has also indicated "syncer" and "perl" (all report the same "instruction pointer"). Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x1c fault code = supervisor write, page not present instruction pointer = 0x8:0xc056079f stack pointer = 0x10:0xe8025a20 frame pointer = 0x10:0xe8025a2c code segment = base rx0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 5891 (smbd) trap number = 12 panic: page fault cpuid = 0 boot() called on cpu#0 Uptime: 21h44m32s Dumping 1023 MB [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"] GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd". #0 doadump () at pcpu.h:159 159 pcpu.h: No such file or directory. in pcpu.h (kgdb) where #0 doadump () at pcpu.h:159 #1 0xc051c2f7 in boot (howto=260) at ../../../kern/kern_shutdown.c:410 #2 0xc051c64d in panic (fmt=0xc067af2f "%s") at ../../../kern/kern_shutdown.c:566 #3 0xc0653914 in trap_fatal (frame=0xe4b609e0, eva=28) at ../../../i386/i386/trap.c:817 #4 0xc0653647 in trap_pfault (frame=0xe4b609e0, usermode=0, eva=28) at ../../../i386/i386/trap.c:735 #5 0xc065325d in trap (frame= {tf_fs = -1068433384, tf_es = -702545904, tf_ds = 1048592, tf_edi = -702487532, tf_esi = -702487532, tf_ebp = -457831892, tf_isp = -457831924, tf_ebx = -702487532, tf_edx = 0, tf_ecx = -1040861696, tf_eax = 4, tf_trapno = 12, tf_err = 2, tf_eip = -1068103777, tf_cs = 8, tf_eflags = 66050, tf_esp = -702487532, tf_ss = -702487532}) at ../../../i386/i386/trap.c:425 #6 0xc064188a in calltrap () at ../../../i386/i386/exception.s:140 #7 0xc0510018 in linker_hints_lookup (path=0xd620e414 "\002", pathlen=1, modname=0x0, modnamelen=-1036481044, verinfo=0x1) at ../../../kern/kern_linker.c:1510 #8 0xc0560ff6 in getnewbuf (slpflag=256, slptimeo=0, size=7202, maxsize=8192) at ../../../kern/vfs_bio.c:1885 #9 0xc056247d in getblk (vp=0xc259e738, blkno=0, size=7202, slpflag=256, slptimeo=0, flags=0) at ../../../kern/vfs_bio.c:2585 #10 0xc05abb95 in nfs_getcacheblk (vp=0xc259e738, bn=0, size=7202, td=0xc1f5b600) at ../../../nfsclient/nfs_bio.c:1073 #11 0xc05ab80a in nfs_write (ap=0x0) at ../../../nfsclient/nfs_bio.c:886 #12 0xc057bc28 in vn_write (fp=0xc22770cc, uio=0xe4b60c88, active_cred=0xc259fb00, flags=1, td=0xc1f5b600) at vnode_if.h:432 #13 0xc053c480 in dofilewrite (td=0xc1f5b600, fp=0xc22770cc, fd=28, buf=0x0, nbyte=1, offset=Unhandled dwarf expression opcode 0x93 ) at file.h:245 #14 0xc053c3b5 in pwrite (td=0xc1f5b600, uap=0xe4b60d14) at ../../../kern/sys_generic.c:320 #15 0xc0653c57 in syscall (frame= {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 0, tf_esi = 7201, tf_ebp = -1077941944, tf_isp = -457831052, tf_ebx = 677546764, tf_edx = 0, tf_ecx = 137695232, tf_eax = 198, tf_trapno = 22, tf_err = 2, tf_eip = 677050651, tf_cs = 31, tf_eflags = 518, tf_esp = -1077941988, tf_ss = 47}) at ../../../i386/i386/trap.c:1009 #16 0xc06418df in Xint0x80_syscall () at ../../../i386/i386/exception.s:201 #17 0x0000002f in ?? () #18 0x0000002f in ?? () #19 0x0000002f in ?? () #20 0x00000000 in ?? () #21 0x00001c21 in ?? () #22 0xbfbfe948 in ?? () #23 0xe4b60d74 in ?? () #24 0x28628b0c in ?? () #25 0x00000000 in ?? () #26 0x08351000 in ?? () #27 0x000000c6 in ?? () #28 0x00000016 in ?? () #29 0x00000002 in ?? () #30 0x285af91b in ?? () #31 0x0000001f in ?? () #32 0x00000206 in ?? () #33 0xbfbfe91c in ?? () #34 0x0000002f in ?? () #35 0x00000000 in ?? () #36 0x00000000 in ?? () #37 0x00000000 in ?? () #38 0x00000000 in ?? () #39 0x2e620000 in ?? () #40 0xc235e1c4 in ?? () #41 0xc1f5b600 in ?? () #42 0xe4b60740 in ?? () #43 0xe4b60728 in ?? () #44 0xc1e98900 in ?? () #45 0xc052c8ef in sched_switch (td=0x1c21, newtd=0x28628b0c, flags=Cannot access memory at address 0xbfbfe958 ) at ../../../kern/sched_4bsd.c:881 Previous frame inner to this frame (corrupt stack?) (kgdb) list *0xc056079f 0xc056079f is in vfs_vmio_release (atomic.h:154). 149 atomic.h: No such file or directory. in atomic.h (kgdb) up 8 #8 0xc0560ff6 in getnewbuf (slpflag=256, slptimeo=0, size=7202, maxsize=8192) at ../../../kern/vfs_bio.c:1885 1885 vfs_vmio_release(bp); (kgdb) print *bp $1 = {b_io = {bio_cmd = 2 '\002', bio_flags = 0 '\0', bio_cflags = 0 '\0', bio_pflags = 0 '\0', bio_dev = 0x0, bio_disk = 0x0, bio_offset = 0, bio_bcount = 7202, bio_data = 0xdce6e000 "", bio_error = 69, bio_resid = 1, bio_done = 0xc05631e8 <bufdonebio>, bio_driver1 = 0x0, bio_driver2 = 0x0, bio_caller1 = 0x0, bio_caller2 = 0xd620e414, bio_queue = {tqe_next = 0x0, tqe_prev = 0x0}, bio_attribute = 0x0, bio_from = 0x0, bio_to = 0x0, bio_length = 0, bio_completed = 0, bio_children = 5, bio_inbed = 0, bio_parent = 0x0, bio_t0 = {sec = 0, frac = 0}, bio_task = 0, bio_task_arg = 0x0, bio_pblkno = 0}, b_op = 0xc06c5608, b_magic = 280038160, b_iodone = 0, b_blkno = 0, b_offset = 0, b_vnbufs = {tqe_next = 0x0, tqe_prev = 0xc259e770}, b_left = 0x0, b_right = 0x0, b_vflags = 0, b_freelist = {tqe_next = 0xd60c0a7c, tqe_prev = 0xc06ec828}, b_qindex = 0, b_flags = 536879648, b_xflags = 0 '\0', b_lock = {lk_interlock = 0xc06e5394, lk_flags = 1024, lk_sharecount = 0, lk_waitcount = 0, lk_exclusivecount = 1, lk_prio = 80, lk_wmesg = 0xc0693381 "bufwait", lk_timo = 0, lk_lockholder = 0xc1f5b600, lk_newlock = 0x0}, b_bufsize = 7680, b_runningbufspace = 0, b_kvabase = 0xdce6e000 "", b_kvasize = 16384, b_lblkno = 0, b_vp = 0x0, b_object = 0x0, b_dirtyoff = 0, b_dirtyend = 0, b_rcred = 0x0, b_wcred = 0xc23cfd80, b_saveaddr = 0xdce6e000, b_pager = {pg_reqpage = 0}, b_cluster = {cluster_head = {tqh_first = 0xd620e5c8, tqh_last = 0xd620c844}, cluster_entry = {tqe_next = 0xd620e5c8, tqe_prev = 0xd620c844}}, b_pages = {0xc1394010, 0xc1a2dc58, 0x0 <repeats 30 times>}, b_npages = 2, b_dep = { lh_first = 0x0}} Fix: Temporary fix is to monitor samba connections and adjust quotas for users who have expired their quota's grace period. apache-2.0.53_1 autoconf-2.53_3 autoconf-2.59_2 automake-1.5_2,1 bison-1.75_2 bitstream-vera-1.10_1 cclient-2004c1_1,1 cgiwrap-3.9_2 cvsup-16.1h_2 eruby-1.0.5 expat-1.95.8 fontconfig-2.2.3,1 freetype2-2.1.9 gd-2.0.33_1,1 gettext-0.14.1 gmake-3.80_2 help2man-1.35.1 imake-6.8.2 jpeg-6b_3 libXft-2.1.6_1 libiconv-1.9.2_1 libltdl-1.5.10 libmcrypt-2.5.7_1 libtool-1.3.5_2 libtool-1.5.10_1 libxml2-2.6.18 m4-1.4.1 mod_fcgid-0.80 mod_ruby-1.2.4 mysql-client-4.1.10a mysql-server-4.1.10a openldap-client-2.2.23 p5-gettext-1.03 pdflib-6.0.1_1 pecl-pdflib-2.0.4 perl-5.8.6_2 php5-5.0.3_2 php5-bz2-5.0.3_2 php5-ctype-5.0.3_2 php5-dom-5.0.3_2 php5-extensions-1.0 php5-ftp-5.0.3_2 php5-gd-5.0.3_2 php5-gettext-5.0.3_2 php5-iconv-5.0.3_2 php5-imap-5.0.3_2 php5-ldap-5.0.3_2 php5-mbstring-5.0.3_2 php5-mcrypt-5.0.3_2 php5-mysql-5.0.3_2 php5-openssl-5.0.3_2 php5-pcre-5.0.3_2 php5-posix-5.0.3_2 php5-session-5.0.3_2 php5-simplexml-5.0.3_2 php5-sqlite-5.0.3_2 php5-tokenizer-5.0.3_2 php5-xml-5.0.3_2 php5-zlib-5.0.3_2 phpMyAdmin-2.6.1.3 pkgconfig-0.15.0_1 png-1.2.8_1 popt-1.7 rsync-2.6.5 ruby-1.8.2_3 samba-3.0.12_1,1 ssmtp-2.61 t1lib-5.0.1,1 twiki-20040902 unzip-5.52_1 xorg-clients-6.8.2 xorg-documents-6.8.2 xorg-fonts-100dpi-6.8.2 xorg-fonts-75dpi-6.8.2 xorg-fonts-encodings-6.8.2 xorg-fonts-miscbitmaps-6.8.2 xorg-fonts-truetype-6.8.2 xorg-libraries-6.8.2 xorg-manpages-6.8.2 xorg-nestserver-6.8.2 xorg-printserver-6.8.2 xorg-server-6.8.2 xorg-vfbserver-6.8.2 xterm-200_2 --- var_db_pkg.txt ends here --- How-To-Repeat: I can only reproduce the panic which indicates "current process = smbd". From a WindowsXP workstation connect via SMB to a users "homes" share. Open a MS Word document from the network share and make a change (then save the file). If the users is over quota and their grace period has expired the server crashes. If the user is over quota, but their grace period is NOT expired, the server is ok (reports disk space full). I have a non-production server available for testing, etc. I hope I've included enough info. ANY help would be greatly appreciated. Thanks Contents of smb.conf [global] workgroup = NEXUS server string = Engineering Web Server load printers = no log file = /var/log/smb.log max log size = 2000 log level = 1 security = server encrypt passwords = yes password server = server1,server2,server3,server4 socket options = TCP_NODELAY dns proxy = no dont descend = /bin, /cdrom, /dev, /etc, /mnt, /proc, /usr, /var include = /usr/local/etc/samba/debug.%m guest account = pcguest [homes] path = %H/public_html force user = %S public = no writeable = yes printable = no browseable = no inherit permissions = yes valid users = %S
Responsible Changed From-To: freebsd-bugs->freebsd-fs Over to maintainer(s).
State Changed From-To: open->feedback Can you still reproduce this on a supported release?
State Changed From-To: feedback->closed Feedback timeout.