Date: Fri, 30 Aug 2002 21:05:09 -0700 (PDT) From: Kip Macy <kmacy@fsmware.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/42235: system panics with "worklist_remove: item not on list" when mapping user memory into kernel Message-ID: <200208310405.g7V459QY098070@www.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 42235
>Category: kern
>Synopsis: system panics with "worklist_remove: item not on list" when mapping user memory into kernel
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Aug 30 21:10:01 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator: Kip Macy
>Release: 4.5-RELEASE,4.6-STABLE
>Organization:
>Environment:
FreeBSD serendipity.fsmware.com 4.5-RELEASE FreeBSD 4.5-RELEASE #6: Mon Aug 26 19:52:23 PDT 2002 kmacy@serendipity.fsmware.com:/usr/src/sys/compile/MACHINE i386
>Description:
I have a kernel module that maps two 64k chunks of user memory into the kernel
using the same set of steps that cam_periph_mapmem uses. However, I inevitably
get the following panic after running the code for a bit:
Aug 30 14:55:26 testhost /kernel: panic: worklist_remove: not on list
Aug 30 14:55:26 testhost /kernel:
Aug 30 14:55:26 testhost /kernel: syncing disks... 8 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Aug 30 14:55:26 testhost /kernel: giving up on 1 buffers
This is a panic in ffs_softdep.c, it implies to me that either the FFS code
isn't recognizing that not all buffers belong to it or getpbuf isn't doing all
the needed accounting.
Also worthy of note is that my kernel module has a lot of printfs which
obviously translate to a lot of synchronous writes by syslog, presumably
putting memory pressure on the file system.
The interesting portion of the backtrace is:
panic
worklist_remove
softdep_update_inodeblock
ffs_update
ffs_fsync
fsync
The code at the panic is:
if ((item->wk_state & ONWORKLIST) == 0) {
FREE_LOCK(&lk);
panic("worklist_remove: not on list");
}
in softdep_update_inodeblock the call to worklist_remove is:
while ((wk = LIST_FIRST(&inodedep->id_inowait)) != NULL) {
WORKLIST_REMOVE(wk);
WORKLIST_INSERT(&inodedep->id_bufwait, wk);
}
which indicates that either it was put on inowait without
ONWORKLIST being set or ONWORKLIST was unset without it being
removed from the list
>How-To-Repeat:
Get a buffer, map it, and then generate a lot of synchronous file system
traffic via syslog.
I can write a test program if it will help. However, I think it is pretty
clear what is going on.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208310405.g7V459QY098070>