From owner-freebsd-current@FreeBSD.ORG  Tue Apr 26 07:13:29 2005
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2A3F816A4CE
	for <current@freebsd.org>; Tue, 26 Apr 2005 07:13:29 +0000 (GMT)
Received: from cs1.cs.huji.ac.il (cs1.cs.huji.ac.il [132.65.16.10])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A2F5043D54
	for <current@freebsd.org>; Tue, 26 Apr 2005 07:13:28 +0000 (GMT)
	(envelope-from danny@cs.huji.ac.il)
Received: from pampa.cs.huji.ac.il ([132.65.80.32])
	by cs1.cs.huji.ac.il with esmtp
	id 1DQKG7-0006jl-QN; Tue, 26 Apr 2005 10:13:27 +0300
X-Mailer: exmh version 2.7.0 06/18/2004 with nmh-1.0.4
To: Doug White <dwhite@gumbysoft.com>
In-reply-to: Your message of Mon, 25 Apr 2005 19:47:38 -0700 (PDT) .
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 26 Apr 2005 10:13:27 +0300
From: Danny Braniss <danny@cs.huji.ac.il>
Message-ID: <E1DQKG7-0006jl-QN@cs1.cs.huji.ac.il>
cc: current@freebsd.org
Subject: Re: diskless/unionfs panics 
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Apr 2005 07:13:29 -0000

> On Sat, 23 Apr 2005, Danny Braniss wrote:
> 
> > > On Fri, 22 Apr 2005, Danny Braniss wrote:
> > >
> > > > hi,
> > > > 	after much debugging, it seems that the main problem with unionfs is
> > > > that if it's called early in the boot process it will panic the kernel:
> > > >
> > > > trap 12: page fault while in kernel mode
> > > > cpuid = 0; apic id = 00
> > > > fault virtual address   = 0x0
> > > > fault code              = supervisor read, page not present
> > > > instruction pointer     = 0x8:0xffffffff8038e3f5
> > > > stack pointer           = 0x10:0xffffffffb1eac7b0
> > > > frame pointer           = 0x10:0xffffffffb1eac7e0
> > > > code segment            = base 0x0, limit 0xfffff, type 0x1b
> > > >                         = DPL 0, pres 1, long 1, def32 0, gran 1
> > > > processor eflags        = interrupt enabled, resume, IOPL = 0
> > > > current process         = 213 (sh)
> > > > [thread pid 213 tid 100066 ]
> > > > Stopped at      _mtx_lock_flags+0x35:   cmpq    $0x80779d40,0(%rdi)
> > >
> > > unintialized mutex, probably, although it looks like it'd be the vm page
> > > queue mutex which should be init'd by then.
> > >
> > > Is this -CURRENT?
> > yes, cvs'ed a few days ago (but the problem is not new).
> >
> > >
> > > > db> tr
> > > > Tracing pid 213 tid 100066 td 0xffffff007b9b1000
> > > > _mtx_lock_flags() at _mtx_lock_flags+0x35
> > > > exec_map_first_page() at exec_map_first_page+0x60
> > >
> > > If you have a debug kernel for this around, load it into gdb and 'disass
> > > exec_map_first_page' and look around offset 96 to see if its referencing a
> > > mutex (mtx) near there.
> >
> > arghh, gdb, is there a quick guide for this? im almost there, but
> > can't sync speed (the console is at 38400).
> 
> Oh, don't bother trying to attach directly to the kernel, just look at the
> kernel.debug binary , if you've got one.  If not, put
> 
> makeoptions	DEBUG=-g
ok, here is the output:
(gdb) disass exec_map_first_page
Dump of assembler code for function exec_map_first_page:
0xc060c360 <exec_map_first_page+0>:     push   %ebp
0xc060c361 <exec_map_first_page+1>:     mov    %esp,%ebp
0xc060c363 <exec_map_first_page+3>:     push   %edi
0xc060c364 <exec_map_first_page+4>:     push   %esi
0xc060c365 <exec_map_first_page+5>:     push   %ebx
0xc060c366 <exec_map_first_page+6>:     sub    $0x44,%esp
0xc060c369 <exec_map_first_page+9>:     mov    0x8(%ebp),%eax
0xc060c36c <exec_map_first_page+12>:    cmpl   $0x0,0x28(%eax)
0xc060c370 <exec_map_first_page+16>:    je     0xc060c37c <exec_map_first_page+28>
0xc060c372 <exec_map_first_page+18>:    push   %eax
0xc060c373 <exec_map_first_page+19>:    call   0xc060c6d8 <exec_unmap_first_page>
0xc060c378 <exec_map_first_page+24>:    add    $0x4,%esp
0xc060c37b <exec_map_first_page+27>:    nop    
0xc060c37c <exec_map_first_page+28>:    mov    0x8(%ebp),%edx
0xc060c37f <exec_map_first_page+31>:    mov    0x8(%edx),%eax
0xc060c382 <exec_map_first_page+34>:    mov    0xf8(%eax),%esi
0xc060c388 <exec_map_first_page+40>:    mov    %fs:0x0,%edx
0xc060c38f <exec_map_first_page+47>:    mov    $0x4,%eax
0xc060c394 <exec_map_first_page+52>:    lock cmpxchg %edx,0x1c(%esi)
0xc060c399 <exec_map_first_page+57>:    sete   %al
---Type <return> to continue, or q <return> to quit--- 
0xc060c39c <exec_map_first_page+60>:    movzbl %al,%eax
0xc060c39f <exec_map_first_page+63>:    test   %eax,%eax
0xc060c3a1 <exec_map_first_page+65>:    jne    0xc060c3b4 <exec_map_first_page+84>
0xc060c3a3 <exec_map_first_page+67>:    push   $0x0
0xc060c3a5 <exec_map_first_page+69>:    push   $0x0
0xc060c3a7 <exec_map_first_page+71>:    push   $0x0
0xc060c3a9 <exec_map_first_page+73>:    push   %edx
0xc060c3aa <exec_map_first_page+74>:    push   %esi
0xc060c3ab <exec_map_first_page+75>:    call   0xc061cfc4 <_mtx_lock_sleep>
0xc060c3b0 <exec_map_first_page+80>:    add    $0x14,%esp
0xc060c3b3 <exec_map_first_page+83>:    nop    
0xc060c3b4 <exec_map_first_page+84>:    push   $0x80
0xc060c3b9 <exec_map_first_page+89>:    push   $0x0
0xc060c3bb <exec_map_first_page+91>:    push   $0x0
0xc060c3bd <exec_map_first_page+93>:    push   %esi
0xc060c3be <exec_map_first_page+94>:    call   0xc0795068 <vm_page_grab>
0xc060c3c3 <exec_map_first_page+99>:    mov    %eax,0xffffffb4(%ebp)
0xc060c3c6 <exec_map_first_page+102>:   add    $0x10,%esp
0xc060c3c9 <exec_map_first_page+105>:   cmpb   $0xff,0x44(%eax)
0xc060c3cd <exec_map_first_page+109>:   je     0xc060c60c <exec_map_first_page+684>
0xc060c3d3 <exec_map_first_page+115>:   movl   $0x10,0xffffffb0(%ebp)
---Type <return> to continue, or q <return> to quit---