Date: Thu, 17 Dec 1998 21:14:55 +0900 (KST) From: swjeong <swjeong@net.kitel.co.kr> To: freebsd-scsi@FreeBSD.ORG Subject: Re: kernel panic with ufsspec_write Message-ID: <199812171214.VAA02458@net.kitel.co.kr>
next in thread | raw e-mail | index | archive | help
Here is debug output.
www# gdb -aout -k /var/crash/kernel.1 /var/crash/vmcore.1
GDB is free software and you are welcome to distribute copies of it
under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.16 (i386-unknown-freebsd),
Copyright 1996 Free Software Foundation, Inc...
IdlePTD 2846720
initial pcb at 24edcc
panicstr: from debugger
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x30
fault code = supervisor write, page not present
instruction pointer = 0x8:0xf01f11dd
stack pointer = 0x10:0xf60efeb0
frame pointer = 0x10:0xf60efec0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 293 (rlogin)
interrupt mask =
panic: from debugger
panic: from debugger
dumping to dev 20401, offset 393216
dump 64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
---
#0 boot (howto=260) at ../../kern/kern_shutdown.c:268
268 dumppcb.pcb_cr3 = rcr3();
(kgdb) where
#0 boot (howto=260) at ../../kern/kern_shutdown.c:268
#1 0xf013d930 in panic (fmt=0xf0116138 "from debugger")
at ../../kern/kern_shutdown.c:430
#2 0xf0116155 in db_panic (addr=-266399267, have_addr=0, count=1,
modif=0xf60efd34 "") at ../../ddb/db_command.c:432
#3 0xf0116035 in db_command (last_cmdp=0xf023a524, cmd_table=0xf023a384,
aux_cmd_tablep=0xf024c024) at ../../ddb/db_command.c:332
#4 0xf01161c2 in db_command_loop () at ../../ddb/db_command.c:454
#5 0xf01188d3 in db_trap (type=12, code=0) at ../../ddb/db_trap.c:71
#6 0xf0207d71 in kdb_trap (type=12, code=0, regs=0xf60efe74)
at ../../i386/i386/db_interface.c:157
#7 0xf0212863 in trap_fatal (frame=0xf60efe74) at ../../i386/i386/trap.c:874
#8 0xf021230c in trap_pfault (frame=0xf60efe74, usermode=0)
at ../../i386/i386/trap.c:772
#9 0xf0211f5f in trap (frame={tf_es = 16, tf_ds = -65520,
tf_edi = -166789380, tf_esi = 8192, tf_ebp = -166789440,
tf_isp = -166789476, tf_ebx = -166789312, tf_edx = -1, tf_ecx = 32,
tf_eax = 0, tf_trapno = 12, tf_err = 2, tf_eip = -266399267, tf_cs = 8,
tf_eflags = 66183, tf_esp = -166789380, tf_ss = 14})
at ../../i386/i386/trap.c:396
#10 0xf01f11dd in ufsspec_write (ap=0xf60efefc)
at ../../ufs/ufs/ufs_vnops.c:1842
#11 0xf01f1705 in ufs_vnoperatespec (ap=0xf60efefc)
at ../../ufs/ufs/ufs_vnops.c:2309
#12 0xf0163897 in vn_write (fp=0xf1b89700, uio=0xf60eff40, cred=0xf19b7600)
at vnode_if.h:331
#13 0xf0146376 in write (p=0xf603f2c0, uap=0xf60eff94)
at ../../kern/sys_generic.c:270
#14 0xf0212b23 in syscall (frame={tf_es = 537395239, tf_ds = -272695257,
tf_edi = 537449120, tf_esi = 537442088, tf_ebp = -272639628,
tf_isp = -166789148, tf_ebx = 16964, tf_edx = 8192, tf_ecx = -272639648,
tf_eax = 4, tf_trapno = 7, tf_err = 7, tf_eip = 537350513, tf_cs = 31,
tf_eflags = 518, tf_esp = -272639648, tf_ss = 39})
at ../../i386/i386/trap.c:1031
#15 0x20075171 in ?? ()
#16 0x1cd9 in ?? ()
#17 0x1bb4 in ?? ()
#18 0x1095 in ?? ()
(kgdb) up
...
(kgdb) up
#10 0xf01f11dd in ufsspec_write (ap=0xf60efefc)
at ../../ufs/ufs/ufs_vnops.c:1842
Source file is more recent than executable.
1842 {
(kgdb) l 1842,1863
1837
1838 uio = ap->a_uio;
1839 resid = uio->uio_resid;
1840
1841 if (VTOI(ap->a_vp) == NULL) /* work around */
1842 {
1843 printf("ufsspec_write would panic at point A\n");
1844 return EFAULT;
1845 }
1846
1847 error = VOCALL(spec_vnodeop_p, VOFFSET(vop_write), ap);
1848
1849
1850
1851 if (VTOI(ap->a_vp) == NULL) /* work around */
1852 {
1853 printf("ufsspec_write would panic at point B\n");
1854 return EFAULT;
1855 }
1857
1858
1859
1860 if (uio->uio_resid != resid)
1861 VTOI(ap->a_vp)->i_flag |= IN_CHANGE | IN_UPDATE;
1862 return (error);
1863 }
(kgdb) p *ap->a_vp
$1 = {v_flag = 8, v_usecount = 1, v_writecount = 1, v_holdcnt = 0,
v_lastr = 0, v_id = 205016, v_mount = 0x0, v_op = 0xf19d4100, v_freelist = {
tqe_next = 0x0, tqe_prev = 0xf6145520}, v_mntvnodes = {
le_next = 0xf61a5ea0, le_prev = 0xf61a11e8}, v_cleanblkhd = {
lh_first = 0x0}, v_dirtyblkhd = {lh_first = 0x0}, v_synclist = {
le_next = 0x0, le_prev = 0xf19b7484}, v_numoutput = 0, v_type = VBAD,
v_un = {vu_mountedhere = 0x0, vu_socket = 0x0, vu_specinfo = 0x0,
vu_fifoinfo = 0x0}, v_lease = 0x0, v_lastw = 0, v_cstart = 0, v_lasta = 0,
v_clen = 0, v_maxio = 0, v_object = 0x0, v_interlock = {lock_data = 0},
v_vnlock = 0x0, v_tag = VT_NON, v_data = 0x0, v_cache_src = {
lh_first = 0x0}, v_cache_dst = {tqh_first = 0x0, tqh_last = 0xf60202fc},
v_dd = 0xf6020280, v_ddid = 0, v_pollinfo = {vpi_lock = {lock_data = 0},
vpi_selinfo = {si_pid = 0, si_flags = 0}, vpi_events = 0, vpi_revents = 0}}
(kgdb)
Note that v_data is NULL. This caused panic at line 1861 (originaly 1842).
I made work around for this panic by putting ap->a_vp->v_data checking.
Always point B is excuted and, point A was never executed.
During 24 hours, point B was executed 3 times.
There was about thirty outgoing rlogin users. And kernel configuration
contained 'pseudo-device pty 64'. and there existed corresponding
pseudo terminal device.
Thanks again, I appreciate your help with this...
-----
Jeong Sung-Won
swjeong@kitel.co.kr
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-scsi" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812171214.VAA02458>