From owner-freebsd-current Sat Feb 9 16:20:58 2002 Delivered-To: freebsd-current@freebsd.org Received: from mail6.speakeasy.net (mail6.speakeasy.net [216.254.0.206]) by hub.freebsd.org (Postfix) with ESMTP id 751A637B404 for ; Sat, 9 Feb 2002 16:20:53 -0800 (PST) Received: (qmail 15551 invoked from network); 10 Feb 2002 00:20:51 -0000 Received: from unknown (HELO laptop.baldwin.cx) ([65.91.153.192]) (envelope-sender ) by mail6.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 10 Feb 2002 00:20:51 -0000 Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <200202092134.g19LYvX00663@aldan.algebra.com> Date: Sat, 09 Feb 2002 19:20:18 -0500 (EST) From: John Baldwin To: Mikhail Teterin Subject: RE: panic: bdwrite: buffer is not busy Cc: current@FreeBSD.org Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 09-Feb-02 Mikhail Teterin wrote: > While attempting to ``fdisk fd0.1440''. Or ``fdisk fd0''. Or > ``newfs_msdos fd0.1440'' with or without the floppy inside :-\ > With todays or Jan 3rd kernel (my previous upgrade). Only use fdisk on hard disks. Still it shouldn't panic. The bdwrite is just extra garbage, the real panic is due to a NULL pointer dereference: > IdlePTD at phsyical address 0x004ed000 > initial pcb at physical address 0x00411560 > panicstr: bdwrite: buffer is not busy > panic messages: > --- > Fatal trap 12: page fault while in kernel mode > cpuid = 1; lapic.id = 00000000 > fault virtual address = 0x1c > fault code = supervisor read, page not present > instruction pointer = 0x8:0xc022d923 > stack pointer = 0x10:0xce9c0b10 > frame pointer = 0x10:0xce9c0b24 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 405 (fdisk) > trap number = 12 > panic: page fault > cpuid = 1; lapic.id = 00000000 > boot() called on cpu#1 > > syncing disks... panic: bdwrite: buffer is not busy > cpuid = 1; lapic.id = 00000000 > boot() called on cpu#1 > Uptime: 1m40s > pfs_vncache_unload(): 1 entries remaining > > (kgdb) where >#0 dumpsys () at /ccd/src/sys/kern/kern_shutdown.c:504 >#1 0xc021cee8 in boot (howto=260) at /ccd/src/sys/kern/kern_shutdown.c:336 >#2 0xc021d3d9 in panic (fmt=0xc03728c1 "bdwrite: buffer is not busy") > at /ccd/src/sys/kern/kern_shutdown.c:646 >#3 0xc0253583 in bdwrite (bp=0xc7cb7af4) at /ccd/src/sys/kern/vfs_bio.c:856 >#4 0xc02d28ee in ffs_update (vp=0xce8657a0, waitfor=0) > at /ccd/src/sys/ufs/ffs/ffs_inode.c:120 >#5 0xc02dff6e in ffs_fsync (ap=0xce9c09cc) > at /ccd/src/sys/ufs/ffs/ffs_vnops.c:292 >#6 0xc02de386 in ffs_sync (mp=0xc16cbe00, waitfor=2, cred=0xc1026b00, > td=0xc03cf2c0) at vnode_if.h:441 >#7 0xc026034a in sync (td=0xc03cf2c0, uap=0x0) > at /ccd/src/sys/kern/vfs_syscalls.c:669 >#8 0xc021cb14 in boot (howto=256) at /ccd/src/sys/kern/kern_shutdown.c:245 >#9 0xc021d3d9 in panic (fmt=0xc03914de "%s") > at /ccd/src/sys/kern/kern_shutdown.c:646 >#10 0xc03299e2 in trap_fatal (frame=0xce9c0ad0, eva=28) > at /ccd/src/sys/i386/i386/trap.c:842 >#11 0xc0329709 in trap_pfault (frame=0xce9c0ad0, usermode=0, eva=28) > at /ccd/src/sys/i386/i386/trap.c:756 >#12 0xc0329147 in trap (frame={tf_fs = 24, tf_es = -828637168, > tf_ds = -1071513584, tf_edi = -1049875456, tf_esi = 0, > tf_ebp = -828634332, tf_isp = -828634372, tf_ebx = -942596204, > tf_esp = -942596204, tf_ss = -1049268480}) > at /ccd/src/sys/i386/i386/trap.c:426 ^^ Here's the page fault for the NULL deref, so the next frame is where it happened: >#13 0xc022d923 in readdisklabel (dev=0xc1756f00, lp=0xc16c2c00) > at /ccd/src/sys/kern/subr_disklabel.c:220 In my subr_disklabel.c, line 220 is the DEV_STRATEGY: bp = geteblk((int)lp->d_secsize); bp->b_dev = dev; bp->b_blkno = LABELSECTOR * ((int)lp->d_secsize/DEV_BSIZE); bp->b_bcount = lp->d_secsize; bp->b_flags &= ~B_INVAL; bp->b_iocmd = BIO_READ; DEV_STRATEGY(bp, 1); Hmm, DEV_STRATEGY is: #define DEV_STRATEGY(bp, dummy) \ do { \ if ((bp)->b_flags & B_PHYS) \ (bp)->b_io.bio_offset = (bp)->b_offset; \ else \ (bp)->b_io.bio_offset = dbtob((bp)->b_blkno); \ (bp)->b_io.bio_done = bufdonebio; \ (bp)->b_io.bio_caller2 = (bp); \ BIO_STRATEGY(&(bp)->b_io, dummy); \ } while (0) I think we can assume the buf is not null as we would have panic'd earlier, so that leaves BIO_STRATEGY maybe: #define BIO_STRATEGY(bp, dummy) \ do { \ if ((!(bp)->bio_cmd) || ((bp)->bio_cmd & ((bp)->bio_cmd - 1))) \ Debugger("bio_cmd botch"); \ (*devsw((bp)->bio_dev)->d_strategy)(bp); \ } while (0) I'm guessing that devsw() is returning NULL here. You could add a KASSERT() to this macro just before the call to d_strategy() along the lines of KASSERT(devsw((bp)->bio_dev) != NULL, ("no devsw for bio")); \ To see if this is indeed the case. -- John Baldwin <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message