Date: Tue, 12 Aug 2008 08:42:52 +0200 From: Johan Kuuse <kuuse@redantigua.com> To: John Baldwin <jhb@freebsd.org> Cc: freebsd-stable@freebsd.org Subject: Re: kernel panic Message-ID: <200808120842.52899.kuuse@redantigua.com> In-Reply-To: <200808111704.30604.jhb@freebsd.org> References: <200808110401.49953.kuuse@redantigua.com> <200808111704.30604.jhb@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 11 August 2008 23:04:30 John Baldwin wrote: > On Sunday 10 August 2008 10:01:49 pm Johan Kuuse wrote: > > Hi, > >=20 > > I am a kgdb newbie, so please be patient. > > I suspect (just based on the fact that this is the 4th time I edit text= =20 > files on my NTFS partition through ntfs-3g, using Emacs, and getting freq= uent=20 > I/O error messages inside Emacs, and then a kernel panic) that this is a= =20 > ntfs-3g related problem. > > If you ask me exactly how to reproduce it, I sorry, I can tell you exac= tly=20 > (but see the kgdb output below). > > Anyway, the kernel seems to panic at /usr/src/sys/kern/vfs_bio.c:1530 > >=20 > > Just a suggestion for a patch (without knowing the functionality=20 > of /usr/src/sys/kern/vfs_bio.c): > >=20 > > The line where the kernel panics: > > /usr/src/sys/kern/vfs_bio.c: > > ---------------------------------- > > VM_OBJECT_LOCK(bp->b_bufobj->bo_object); > > ... > > ---------------------------------- > >=20 > > Comparing to another file, which does error checking before calling=20 > VM_OBJECT_LOCK: > > /usr/src/sys/kern/vfs_aio.c: > > ---------------------------------- > > if (vp->v_object !=3D NULL) { > > VM_OBJECT_LOCK(vp->v_object); > > ... > > ---------------------------------- > >=20 > > Perhaps the kernel panic could be avoided with the following patch? > > /usr/src/sys/kern/vfs_bio.c (suggested patch): > > ---------------------------------- > > if ((bp->b_bufobj !=3D NULL) && (bp->b_bufobj->bo_object !=3D NULL)) { > > VM_OBJECT_LOCK(bp->b_bufobj->bo_object); > > ... > > ---------------------------------- > >=20 > > Please let me know if you need more information. > >=20 > > Regards, > > Johan Kuuse > >=20 > > -----------------------------------------------------------------------= =2D----------------------------------- > > kgdb kernel.debug /var/crash/vmcore.1=20 > > [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db= =2Eso:=20 > Undefined symbol "ps_pglobal_lookup"] > > GNU gdb 6.1.1 [FreeBSD] > > Copyright 2004 Free Software Foundation, Inc. > > GDB is free software, covered by the GNU General Public License, and yo= u are > > welcome to change it and/or distribute copies of it under certain=20 > conditions. > > Type "show copying" to see the conditions. > > There is absolutely no warranty for GDB. Type "show warranty" for deta= ils. > > This GDB was configured as "i386-marcel-freebsd". > >=20 > > Unread portion of the kernel message buffer: > >=20 > >=20 > > Fatal trap 12: page fault while in kernel mode > > cpuid =3D 0; apic id =3D 00 > > fault virtual address =3D 0x34 > > fault code =3D supervisor read, page not present > > instruction pointer =3D 0x20:0xc07b6de4 > > stack pointer =3D 0x28:0xe79de7c8 > > frame pointer =3D 0x28:0xe79de7e8 > > code segment =3D base 0x0, limit 0xfffff, type 0x1b > > =3D DPL 0, pres 1, def32 1, gran 1 > > processor eflags =3D interrupt enabled, resume, IOPL =3D 0 > > current process =3D 1214 (opera) > > trap number =3D 12 > > panic: page fault > > cpuid =3D 0 > > Uptime: 5h20m30s > > Physical memory: 2035 MB > > Dumping 218 MB: 203 187 171 155 139 123 107 91 75 59 43 27 11 > >=20 > > #0 doadump () at pcpu.h:195 > > 195 __asm __volatile("movl %%fs:0,%0" : "=3Dr" (td)); > > (kgdb) list *0xc07b6de4 > > 0xc07b6de4 is in vfs_vmio_release (/usr/src/sys/kern/vfs_bio.c:1530). > > 1525 vfs_vmio_release(struct buf *bp) > > 1526 { > > 1527 int i; > > 1528 vm_page_t m; > > 1529 > > 1530 VM_OBJECT_LOCK(bp->b_bufobj->bo_object); > > 1531 vm_page_lock_queues(); > > 1532 for (i =3D 0; i < bp->b_npages; i++) { > > 1533 m =3D bp->b_pages[i]; > > 1534 bp->b_pages[i] =3D NULL; > > (kgdb) bt > > #0 doadump () at pcpu.h:195 > > #1 0xc0754457 in boot (howto=3D260) at /usr/src/sys/kern/kern_shutdown= =2Ec:409 > > #2 0xc0754719 in panic (fmt=3DVariable "fmt" is not available. > > ) at /usr/src/sys/kern/kern_shutdown.c:563 > > #3 0xc0a4905c in trap_fatal (frame=3D0xe79de788, eva=3D52)=20 > at /usr/src/sys/i386/i386/trap.c:899 > > #4 0xc0a492e0 in trap_pfault (frame=3D0xe79de788, usermode=3D0, eva=3D= 52)=20 > at /usr/src/sys/i386/i386/trap.c:812 > > #5 0xc0a49c8c in trap (frame=3D0xe79de788)=20 > at /usr/src/sys/i386/i386/trap.c:490 > > #6 0xc0a2fc0b in calltrap () at /usr/src/sys/i386/i386/exception.s:139 > > #7 0xc07b6de4 in vfs_vmio_release (bp=3D0xd927e33c)=20 > at /usr/src/sys/kern/vfs_bio.c:1530 > > #8 0xc07b8a81 in getnewbuf (slpflag=3D0, slptimeo=3D0, size=3DVariable= "size" is=20 > not available. > > ) at /usr/src/sys/kern/vfs_bio.c:1847 > > #9 0xc07ba118 in getblk (vp=3D0xc8891bb0, blkno=3D0, size=3D2048, slpf= lag=3D0,=20 > slptimeo=3D0, flags=3DVariable "flags" is not available. > > ) at /usr/src/sys/kern/vfs_bio.c:2602 > > #10 0xc0932815 in ffs_balloc_ufs2 (vp=3D0xc8891bb0,=20 > startoffset=3DVariable "startoffset" is not available. > > ) at /usr/src/sys/ufs/ffs/ffs_balloc.c:699 > > #11 0xc0952a85 in ffs_write (ap=3D0xe79debc4)=20 > at /usr/src/sys/ufs/ffs/ffs_vnops.c:720 > > #12 0xc0a5efc6 in VOP_WRITE_APV (vop=3D0xc0b93c60, a=3D0xe79debc4) at=20 > vnode_if.c:691 > > #13 0xc07dbf37 in vn_write (fp=3D0xc85f3168, uio=3D0xe79dec60,=20 > active_cred=3D0xc61c6300, flags=3D0, td=3D0xc583fc60) at vnode_if.h:373 > > #14 0xc07875e7 in dofilewrite (td=3D0xc583fc60, fd=3D17, fp=3D0xc85f316= 8,=20 > auio=3D0xe79dec60, offset=3D-1, flags=3D0) at file.h:254 > > #15 0xc07878c8 in kern_writev (td=3D0xc583fc60, fd=3D17, auio=3D0xe79de= c60)=20 > at /usr/src/sys/kern/sys_generic.c:401 > > #16 0xc078793f in write (td=3D0xc583fc60, uap=3D0xe79decfc)=20 > at /usr/src/sys/kern/sys_generic.c:317 > > #17 0xc0a49635 in syscall (frame=3D0xe79ded38)=20 > at /usr/src/sys/i386/i386/trap.c:1035 > > #18 0xc0a2fc70 in Xint0x80_syscall ()=20 > at /usr/src/sys/i386/i386/exception.s:196 > > #19 0x00000033 in ?? () > > Previous frame inner to this frame (corrupt stack?) >=20 > FYI, you got the panic in ffs/ufs, not fuse. I've seen this at work on 6= =2Ex=20 > with NFS with no clues on what causes it. You can start by going to fram= e 7=20 > and doing 'p *bp'. >=20 Thanks for the hints. See below for more debug output. I recognize that the bp struct members b_data and b_kvabase both point to a= chunk of memory containing the text of the Opera web page I was reading wh= en the kernel crashed. (This is indicated above: current process =3D 1214 (opera)) But what is most interesting is that b_bufobj =3D 0x0 Obviously, then trying to access bp->b_bufobj->bo_object will cause a crash. So I think it would be a good idea to NULL-check the struct member before t= rying to access it. How should I proceed? Should I post this as a possible bug somewhere else, = to another list? Regards, Johan Kuuse (kgdb) up 7 #7 0xc07b6de4 in vfs_vmio_release (bp=3D0xd927e33c) at /usr/src/sys/kern/v= fs_bio.c:1530 1530 VM_OBJECT_LOCK(bp->b_bufobj->bo_object); (kgdb) p *bp $1 =3D {b_bufobj =3D 0x0, b_bcount =3D 4156, b_caller1 =3D 0x0,=20 b_data =3D 0xe03d9000 "TILL\201=C4MPNING\n- Formulera en fr\201=E5gest\20= 1=E4llning eller arbetsuppgift.\n- L\201=E4s texten noga och lyft ut det so= m du anser \201=E4r ett queert l\201=E4ckage.\n Arbeta med mark\201=F6rer = s\201=E5som genus, sexualitet och makt.\n- F"..., b_error =3D -1, b_iocmd = =3D 2 '\002', b_ioflags =3D 0 '\0', b_iooffset =3D 0, b_resid =3D 1387, b_i= odone =3D 0, b_blkno =3D 0, b_offset =3D 0, b_bobufs =3D {tqe_next =3D 0x0,= tqe_prev =3D 0xc887da54}, b_left =3D 0x0,=20 b_right =3D 0x0, b_vflags =3D 0, b_freelist =3D {tqe_next =3D 0xd9363ea8,= tqe_prev =3D 0xc0be18e8}, b_qindex =3D 0, b_flags =3D 536879648, b_xflags = =3D 0 '\0', b_lock =3D {lk_object =3D {lo_name =3D 0xc0ada5df "bufwait",=20 lo_type =3D 0xc0ada5df "bufwait", lo_flags =3D 70844416, lo_witness_d= ata =3D {lod_list =3D {stqe_next =3D 0x0}, lod_witness =3D 0x0}}, lk_interl= ock =3D 0xc0bda1b8, lk_flags =3D 262144, lk_sharecount =3D 0, lk_waitcount = =3D 0,=20 lk_exclusivecount =3D 1, lk_prio =3D 80, lk_timo =3D 0, lk_lockholder = =3D 0xc583fc60, lk_newlock =3D 0x0}, b_bufsize =3D 4608, b_runningbufspace = =3D 0,=20 b_kvabase =3D 0xe03d9000 "TILL\201=C4MPNING\n- Formulera en fr\201=E5gest= \201=E4llning eller arbetsuppgift.\n- L\201=E4s texten noga och lyft ut det= som du anser \201=E4r ett queert l\201=E4ckage.\n Arbeta med mark\201=F6r= er s\201=E5som genus, sexualitet och makt.\n- F"..., b_kvasize =3D 65536, b= _lblkno =3D 0, b_vp =3D 0x0, b_dirtyoff =3D 0, b_dirtyend =3D 1387, b_rcred= =3D 0x0, b_wcred =3D 0xc61c6300, b_saveaddr =3D 0xe03d9000, b_pager =3D {p= g_reqpage =3D 0}, b_cluster =3D { cluster_head =3D {tqh_first =3D 0xd932fc48, tqh_last =3D 0xd9279a4c}, c= luster_entry =3D {tqe_next =3D 0xd932fc48, tqe_prev =3D 0xd9279a4c}}, b_pag= es =3D {0xc2b53bf8, 0xc2b72090, 0x0 <repeats 30 times>}, b_npages =3D 2, b_= dep =3D { lh_first =3D 0x0}, b_fsprivate1 =3D 0x0, b_fsprivate2 =3D 0x0, b_fspriv= ate3 =3D 0x0, b_pin_count =3D 0} (kgdb)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808120842.52899.kuuse>