From owner-freebsd-current@FreeBSD.ORG  Wed Feb  6 13:49:52 2008
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C186C16A420
	for <freebsd-current@freebsd.org>; Wed,  6 Feb 2008 13:49:52 +0000 (UTC)
	(envelope-from asmrookie@gmail.com)
Received: from fk-out-0910.google.com (fk-out-0910.google.com [209.85.128.188])
	by mx1.freebsd.org (Postfix) with ESMTP id 2450513C44B
	for <freebsd-current@freebsd.org>; Wed,  6 Feb 2008 13:49:51 +0000 (UTC)
	(envelope-from asmrookie@gmail.com)
Received: by fk-out-0910.google.com with SMTP id b27so3268951fka.11
	for <freebsd-current@freebsd.org>; Wed, 06 Feb 2008 05:49:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
	bh=gZhoCjP/xcRuYOPfQqnnjRDLzoiR2z8SLfNVEVMjQ3k=;
	b=PKpgReTeswu1QN5/bsO0b4WkmjEcHSxUsLQ1iyJ+kYw03ighoQ5Sx7oA2XV6UcLySdQh+6AOJojRkRVdMzQHZRwdLlRFTkGq2mDrLgvBUEtETmJK7AaxZeb3ABMfUsxKaG+5GwrxwhxyVCKI9AoVkFoxoZnA6GPaRHBZSr7nIyo=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
	b=ffZR9CrbKf35oE4OXZLQRtHPki0RgQCOFOAOs9v692unL0Q4HVL+1kuyQE7CAlbsfSUK2wV8TB728SDtvJZTrZIEm6BcVDRB11SpAb1ZXUtaqC/YFGFNLlmc9R2Pn6em0w8rKL2Ykh1eOUcT9cffz0A2x5xgYOBTzBj2mwyrUGc=
Received: by 10.82.161.19 with SMTP id j19mr17979733bue.20.1202305789651;
	Wed, 06 Feb 2008 05:49:49 -0800 (PST)
Received: by 10.86.28.19 with HTTP; Wed, 6 Feb 2008 05:49:49 -0800 (PST)
Message-ID: <3bbf2fe10802060549u66b1067cy4bb9d4232ccef05d@mail.gmail.com>
Date: Wed, 6 Feb 2008 14:49:49 +0100
From: "Attilio Rao" <attilio@freebsd.org>
Sender: asmrookie@gmail.com
To: "Yar Tikhiy" <yar@comp.chem.msu.su>
In-Reply-To: <20080206112930.GD7592@comp.chem.msu.su>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <3bbf2fe10801300707u3fd121c0k199605c2f0be6cbf@mail.gmail.com>
	<3bbf2fe10801310243tddedfeckbc4c94be87f0a4ca@mail.gmail.com>
	<20080131130210.GA37090@comp.chem.msu.su>
	<3bbf2fe10801310504j486924bdm86e0436597a42b09@mail.gmail.com>
	<790a9fff0801312241s346068b6s40fcae71ebbf546@mail.gmail.com>
	<20080201145051.GE79881@comp.chem.msu.su>
	<3bbf2fe10802011041t28e419c9n5f0f6f34d6450184@mail.gmail.com>
	<20080205162217.GA56373@comp.chem.msu.su>
	<3bbf2fe10802051156p1cc6ea67t7938a60e306323ce@mail.gmail.com>
	<20080206112930.GD7592@comp.chem.msu.su>
X-Google-Sender-Auth: c794f7f0a8eb917a
Cc: Kostik Belousov <kostikbel@gmail.com>, Scot Hetzel <swhetzel@gmail.com>,
	freebsd-current@freebsd.org, Doug Barton <dougb@freebsd.org>
Subject: Re: panic: System call lstat returning with 1 locks held
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Feb 2008 13:49:52 -0000

2008/2/6, Yar Tikhiy <yar@comp.chem.msu.su>:
> On Tue, Feb 05, 2008 at 08:56:26PM +0100, Attilio Rao wrote:
>  > 2008/2/5, Yar Tikhiy <yar@comp.chem.msu.su>:
>  > > On Fri, Feb 01, 2008 at 07:41:58PM +0100, Attilio Rao wrote:
>  > >  > 2008/2/1, Yar Tikhiy <yar@comp.chem.msu.su>:
>  > >
>  > > [...]
>  > >
>
> > >  > It would be suitable for you to add DDB to your kernel config and see
>  > >  > a backtrace for it?
>  > >
>  > >
>  > > DDB was there (my kernel was GENERIC + DEBUG_VFS_LOCKS,) but it
>  > >  failed, too.  Fortunately, I've managed to save a dump with the
>  > >  whole call stack.  Attached is the respective output from kgdb,
>  > >  showing multiple failures including the one in NTFS.
>  >
>  > Currently it is DDB which let it fail in witness after memory corruption.
>  > But I'm more interested in the panic originator; so, as far as it is
>  > unusable, can you please remove DDB option and try to get the panic
>  > again? it should not give you the failing assertion without DDB.
>
>
> Sure, here it is, attached.
>
>  By the way, not that I want to stop helping you, but I can provide
>  you with a small NTFS image so that you can test the driver against
>  it by yourself and save a few round-trips. :-)  The crash session
>  shown in the attachment was conducted using this NTFS image file:
>
>         http://people.freebsd.org/~yar/debug/ntfs.bz2
>
>  Thanks!
>
>  --
>  Yar
>
>  [causing the panic]
>
>
>  Enter full pathname of shell or RETURN for /bin/sh:
>
> # dumpon /dev/ad0s3b
>  # mdconfig -a -f /root/ntfs
>  WARNING: opening backing store: /root/ntfs readoGnly
>  EOM_LABEL: Label for provider md0 is ntfs/TEST_NTFS.
>  md0
>  # mount -r -t ntfs /dev/md0 /mnt
>  # umount /mnt
>  lock order reversal:
>   1st 0xc30566b8 ntfs (ntfs) @ /usr/src/sys/kern/vfs_subr.c:2361
>   2nd 0xc2fd4924 ntnode (ntnode) @ /usr/src/sys/modules/ntfs/../../fs/ntfs/ntfs_s
>  ubr.c:361
>
> kernel trap 12 with interrupts disabled
>
>
>
> Fatal trap 12: page fault while in kernel mode
>  cpuid = 0; apic id = 00
>  fault virtual address   = 0xdeadc0ee
>  fault code              = supervisor read, page not present
>
> instruction pointer     = 0x20:0xc0791e86
>  stack pointer           = 0x28:0xd61559a0
>  frame pointer           = 0x28:0xd61559a4
>
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, def32 1, gran 1
>  processor eflags        = resume, IOPL = 0
>
> current process         = 39 (umount)
>  trap number             = 12
>  panic: page fault
>
> cpuid = 0
>  Uptime: 1m0s
>  Physical memory: 499 MB
>  Dumping 32 MB: 17 1
>
> Dump complete
>
> Automatic reboot in 15 seconds - press a key on the console to abort
>
>
> [post-mortem kgdb session]
>
>
>  Fatal trap 12: page fault while in kernel mode
>  cpuid = 0; apic id = 00
>  fault virtual address   = 0xdeadc0ee
>  fault code              = supervisor read, page not present
>
> instruction pointer     = 0x20:0xc0791e86
>  stack pointer           = 0x28:0xd61559a0
>  frame pointer           = 0x28:0xd61559a4
>
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, def32 1, gran 1
>  processor eflags        = resume, IOPL = 0
>
> current process         = 39 (umount)
>  trap number             = 12
>  panic: page fault
>
> cpuid = 0
>  Uptime: 1m0s
>  Physical memory: 499 MB
>  Dumping 32 MB: 17 1
>
>  #0  doadump () at pcpu.h:195
>  195     pcpu.h: No such file or directory.
>         in pcpu.h
>  (kgdb) where
>  #0  doadump () at pcpu.h:195
>
> #1  0xc075ba7e in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:417
>  #2  0xc075bd09 in panic (fmt=Variable "fmt" is not available.
>
> ) at /usr/src/sys/kern/kern_shutdown.c:571
>
> #3  0xc0a4580c in trap_fatal (frame=0xd6155960, eva=3735929070)
>     at /usr/src/sys/i386/i386/trap.c:898
>  #4  0xc0a460e0 in trap (frame=0xd6155960) at /usr/src/sys/i386/i386/trap.c:279
>  #5  0xc0a2c97b in calltrap () at /usr/src/sys/i386/i386/exception.s:146
>  #6  0xc0791e86 in isitmychild (parent=0xdeadc0de, child=0xc0c00168)
>     at /usr/src/sys/kern/subr_witness.c:1611
>  #7  0xc0793d9e in witness_checkorder (lock=0xc1474908, flags=Variable "flags" is not available.
>  )
>     at /usr/src/sys/kern/subr_witness.c:966
>  #8  0xc074edcc in _mtx_lock_flags (m=0xc1474908, opts=0,
>     file=0xc0af4e44 "/usr/src/sys/vm/uma_core.c", line=2257)
>     at /usr/src/sys/kern/kern_mutex.c:179
>  #9  0xc095f398 in uma_zfree_arg (zone=0xc146d1e0, item=0xc2fd4900,
>     udata=0xc2fd4fa8) at /usr/src/sys/vm/uma_core.c:2257
>  #10 0xc074bb1a in free (addr=0xc2fd4900, mtp=0xc2ff1000)
>     at /usr/src/sys/kern/kern_malloc.c:441
>  #11 0xc2feda91 in ntfs_ntput (ip=0xc2fd4900)
>
>     at /usr/src/sys/modules/ntfs/../../fs/ntfs/ntfs_subr.c:469
>
> #12 0xc2feb654 in ntfs_reclaim (ap=0xd6155b04)
>
>     at /usr/src/sys/modules/ntfs/../../fs/ntfs/ntfs_vnops.c:262
>
> #13 0xc0a51195 in VOP_RECLAIM_APV (vop=0xc2ff1320, a=0xd6155b04)
>
> ---Type <return> to continue, or q <return> to quit---
>
>     at vnode_if.c:1566
>  #14 0xc07d848f in vgonel (vp=0xc3056660) at vnode_if.h:819
>  #15 0xc07d9f47 in vflush (mp=0xc2fb6a70, rootrefs=0, flags=1, td=0xc2fdf660)
>     at /usr/src/sys/kern/vfs_subr.c:2406
>  #16 0xc2feabff in ntfs_unmount (mp=0xc2fb6a70, mntflags=134217728,
>     td=0xc2fdf660) at /usr/src/sys/modules/ntfs/../../fs/ntfs/ntfs_vfsops.c:489
>  #17 0xc07d3756 in dounmount (mp=0xc2fb6a70, flags=134217728, td=0xc2fdf660)
>     at /usr/src/sys/kern/vfs_mount.c:1286
>  #18 0xc07d3d20 in unmount (td=0xc2fdf660, uap=0xd6155cfc)
>     at /usr/src/sys/kern/vfs_mount.c:1182
>  #19 0xc0a45ce3 in syscall (frame=0xd6155d38)
>
>     at /usr/src/sys/i386/i386/trap.c:1034
>
> #20 0xc0a2c9e0 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:203
>  #21 0x00000033 in ?? ()
>
> Previous frame inner to this frame (corrupt stack?)

Want to see if this bt has been helpful? :)
Can you try the attached patch and see if kernel rings a bell?:
http://www.freebsd.org/~attilio/ntfs_debug.diff

Thanks,
Attilio


-- 
Peace can only be achieved by understanding - A. Einstein