Date: Mon, 7 Oct 2002 11:50:24 +0200 From: Stefan Farfeleder <e0026813@stud3.tuwien.ac.at> To: Terry Lambert <tlambert2@mindspring.com> Cc: Stefan Farfeleder <e0026813@stud3.tuwien.ac.at>, John Baldwin <jhb@FreeBSD.ORG>, Juli Mallett <jmallett@FreeBSD.ORG>, current@FreeBSD.ORG Subject: Re: [PATCH] Re: Junior Kernel Hacker page updated... Message-ID: <20021007095024.GA252@frog.fafoe> In-Reply-To: <3DA12642.28BB8E1@mindspring.com> References: <20021004132203.A78223@FreeBSD.org> <XFMail.20021004163317.jhb@FreeBSD.org> <20021005135504.GA254@frog.fafoe> <3D9F39BB.66126C35@mindspring.com> <3DA12642.28BB8E1@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Oct 06, 2002 at 11:14:26PM -0700, Terry Lambert wrote: >=20 > Stefan: Did the patch fix it, or not? Sorry for the long delay. No, it did not. But I now have a rather interesting core dump. I inserted a KASSERT, so that the code looks like this: TAILQ_INSERT_TAIL(&kq->kq_head, &marker, kn_tqe); while (count) { kn =3D TAILQ_FIRST(&kq->kq_head); KASSERT(kn !=3D NULL, ("TAILQ_FIRST returned NULL")); /* * Skip over all markers which are not ours. This looks * unsafe, but we can't hit the end of the list without * hitting our own marker. */ while ((kn->kn_status & KN_MARKER) && (kn !=3D &marker)) { kn =3D TAILQ_NEXT(kn, kn_tqe); } TAILQ_REMOVE(&kq->kq_head, kn, kn_tqe); if (kn =3D=3D &marker) { [...] Script started on Mon Oct 7 11:26:10 2002 frog# ../bin/gdb -k crash/kernel.debug.3 crash/vmcore.3=0D=0D GNU gdb 5.2.0 (FreeBSD) 20020627=0D Copyright 2002 Free Software Foundation, Inc.=0D GDB is free software, covered by the GNU General Public License, and you ar= e=0D welcome to change it and/or distribute copies of it under certain condition= s.=0D Type "show copying" to see the conditions.=0D There is absolutely no warranty for GDB. Type "show warranty" for details.= =0D This GDB was configured as "i386-undermydesk-freebsd"...=0D panic: bremfree: bp 0xd2adf6f0 not locked=0D panic messages:=0D ---=0D panic: TAILQ_FIRST returned NULL=0D cpuid =3D 1; lapic.id =3D 01000000=0D panic: from debugger=0D cpuid =3D 1; lapic.id =3D 01000000=0D boot() called on cpu#1=0D =0D syncing disks... panic: bremfree: bp 0xd2adf6f0 not locked=0D cpuid =3D 1; lapic.id =3D 01000000=0D boot() called on cpu#1=0D Uptime: 13m27s=0D pfs_vncache_unload(): 1 entries remaining=0D Dumping 1023 MB=0D ata0: resetting devices ..=0D done=0D ad0: timeout sending command=3Dc5 s=3Dd0 e=3D00=0D ad0: error executing commandata0: resetting devices ..=0D done=0D 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 = 336 352 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592 608 624= 640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880 896 912 92= 8 944 960 976 992 1008=0D ---=0D #0 doadump () at /freebsd/current/src/sys/kern/kern_shutdown.c:223=0D 223 dumping++;=0D (kgdb) bt=0D #0 doadump () at /freebsd/current/src/sys/kern/kern_shutdown.c:223=0D #1 0xc01ba92a in boot (howto=3D260)=0D at /freebsd/current/src/sys/kern/kern_shutdown.c:355=0D #2 0xc01babe7 in panic () at /freebsd/current/src/sys/kern/kern_shutdown.c= :508=0D #3 0xc01fcc77 in bremfree (bp=3D0xd2adf6f0)=0D at /freebsd/current/src/sys/kern/vfs_bio.c:632=0D #4 0xc01fe798 in vfs_bio_awrite (bp=3D0x3)=0D at /freebsd/current/src/sys/kern/vfs_bio.c:1633=0D #5 0xc02a7afa in ffs_fsync (ap=3D0xe2c9d8fc)=0D at /freebsd/current/src/sys/ufs/ffs/ffs_vnops.c:252=0D #6 0xc02a7829 in VOP_FSYNC (vp=3D0x0, cred=3D0x0, waitfor=3D0, td=3D0x0)=0D at vnode_if.h:612=0D #7 0xc02a6d3b in ffs_sync (mp=3D0xc642ba00, waitfor=3D2, cred=3D0xc22b2e80= , =0D td=3D0xc03643a0) at /freebsd/current/src/sys/ufs/ffs/ffs_vfsops.c:1127= =0D #8 0xc0210998 in sync (td=3D0xc03643a0, uap=3D0x0)=0D at /freebsd/current/src/sys/kern/vfs_syscalls.c:130=0D #9 0xc01ba52b in boot (howto=3D256)=0D at /freebsd/current/src/sys/kern/kern_shutdown.c:264=0D #10 0xc01babe7 in panic () at /freebsd/current/src/sys/kern/kern_shutdown.c= :508=0D #11 0xc013b1d2 in db_panic () at /freebsd/current/src/sys/ddb/db_command.c:= 450=0D #12 0xc013b152 in db_command (last_cmdp=3D0xc035db40, cmd_table=3D0x0, =0D aux_cmd_tablep=3D0xc03577fc, aux_cmd_tablep_end=3D0xc0357800)=0D at /freebsd/current/src/sys/ddb/db_command.c:346=0D ---Type <return> to continue, or q <return> to quit---=0D #13 0xc013b266 in db_command_loop ()=0D at /freebsd/current/src/sys/ddb/db_command.c:472=0D #14 0xc013deca in db_trap (type=3D3, code=3D0)=0D at /freebsd/current/src/sys/ddb/db_trap.c:72=0D #15 0xc02e9f60 in kdb_trap (type=3D3, code=3D0, regs=3D0xe2c9db94)=0D at /freebsd/current/src/sys/i386/i386/db_interface.c:166=0D #16 0xc0302027 in trap (frame=3D=0D {tf_fs =3D 24, tf_es =3D 16, tf_ds =3D 16, tf_edi =3D -968725664, tf_= esi =3D 256, tf_ebp =3D -490087456, tf_isp =3D -490087488, tf_ebx =3D 0, tf= _edx =3D 0, tf_ecx =3D 32, tf_eax =3D 18, tf_trapno =3D 3, tf_err =3D 0, tf= _eip =3D -1070685611, tf_cs =3D 8, tf_eflags =3D 658, tf_esp =3D -107027266= 9, tf_ss =3D -1070406694})=0D at /freebsd/current/src/sys/i386/i386/trap.c:605=0D #17 0xc02eb768 in calltrap () at {standard input}:99=0D #18 0xc01babcf in panic (fmt=3D0x0)=0D at /freebsd/current/src/sys/kern/kern_shutdown.c:494=0D #19 0xc01a1212 in kqueue_scan (fp=3D0x0, maxevents=3D4, ulistp=3D0xbfbfeb90= , =0D tsp=3D0xc754f828, td=3D0xc6426b60)=0D at /freebsd/current/src/sys/kern/kern_event.c:717=0D #20 0xc01a0ad1 in kevent (td=3D0xc6426b60, uap=3D0xe2c9dd10)=0D at /freebsd/current/src/sys/kern/kern_event.c:470=0D #21 0xc030299e in syscall (frame=3D=0D {tf_fs =3D 47, tf_es =3D 47, tf_ds =3D 47, tf_edi =3D -1077937792, tf= _esi =3D 4, tf_ebp =3D -1077941256, tf_isp =3D -490087052, tf_ebx =3D -1077= 937772, tf_edx =3D 2184, tf_---Type <return> to continue, or q <return> to = quit---=0D ecx =3D 0, tf_eax =3D 363, tf_trapno =3D 0, tf_err =3D 2, tf_eip =3D 134641= 975, tf_cs =3D 31, tf_eflags =3D 514, tf_esp =3D -1077941412, tf_ss =3D 47}= )=0D at /freebsd/current/src/sys/i386/i386/trap.c:1050=0D #22 0xc02eb7bd in Xint0x80_syscall () at {standard input}:141=0D ---Can't read userspace from dump, or kernel process---=0D =0D (kgdb) frame 19=0D #19 0xc01a1212 in kqueue_scan (fp=3D0x0, maxevents=3D4, ulistp=3D0xbfbfeb90= , =0D tsp=3D0xc754f828, td=3D0xc6426b60)=0D at /freebsd/current/src/sys/kern/kern_event.c:717=0D 717 KASSERT(kn !=3D NULL, ("TAILQ_FIRST returned NULL"));=0D (kgdb) info locals=0D kq =3D (struct kqueue *) 0xc754f800=0D kevp =3D (struct kevent *) 0xc754f828=0D atv =3D {tv_sec =3D 0, tv_usec =3D 0}=0D rtv =3D {tv_sec =3D 434, tv_usec =3D -1070420864}=0D ttv =3D {tv_sec =3D 1, tv_usec =3D -1070411616}=0D kn =3D (struct knote *) 0x0=0D marker =3D {kn_link =3D {sle_next =3D 0xc01b0d37}, kn_selnext =3D {=0D sle_next =3D 0xc0368a20}, kn_tqe =3D {tqe_next =3D 0x0, tqe_prev =3D 0x= c6650ac8}, =0D kn_kq =3D 0xc6426bcc, kn_kevent =3D {ident =3D 3344374324, filter =3D -30= 080, =0D flags =3D 49206, fflags =3D 3224546432, data =3D 431, udata =3D 0xe2c9d= ca0}, =0D kn_status =3D 16, kn_sfflags =3D -1070167424, kn_sdata =3D 8, kn_ptr =3D = {=0D p_fp =3D 0xc032ac80, p_proc =3D 0xc032ac80}, kn_fop =3D 0x1af, kn_hook = =3D 0x3}=0D count =3D 4=0D timeout =3D 0=0D nkev =3D 0=0D error =3D 0=0D (kgdb) p *kq=0D $2 =3D {kq_head =3D {tqh_first =3D 0x0, tqh_last =3D 0xc754f800}, kq_count = =3D 1, =0D kq_sel =3D {si_thrlist =3D {tqe_next =3D 0x0, tqe_prev =3D 0x0}, si_threa= d =3D 0x0, =0D si_note =3D {slh_first =3D 0x0}, si_flags =3D 0}, kq_fdp =3D 0xc7571a00= , =0D kq_state =3D 0, kq_kev =3D {{ident =3D 23, filter =3D -1, flags =3D 1, ff= lags =3D 0, =0D data =3D 69, udata =3D 0x80cd800}, {ident =3D 23, filter =3D -1, flag= s =3D 1, =0D fflags =3D 0, data =3D 164, udata =3D 0x80cd800}, {ident =3D 27, filt= er =3D -1, =0D flags =3D 1, fflags =3D 0, data =3D 218, udata =3D 0x80cf800}, {ident= =3D 19, =0D filter =3D -1, flags =3D 1, fflags =3D 0, data =3D 182, udata =3D 0x8= 0cc800}, {=0D ident =3D 0, filter =3D 0, flags =3D 0, fflags =3D 0, data =3D 0, uda= ta =3D 0x0}, {=0D ident =3D 0, filter =3D 0, flags =3D 0, fflags =3D 0, data =3D 0, uda= ta =3D 0x0}, {=0D ident =3D 0, filter =3D 0, flags =3D 0, fflags =3D 0, data =3D 0, uda= ta =3D 0x0}, {=0D ident =3D 0, filter =3D 0, flags =3D 0, fflags =3D 0, data =3D 0, uda= ta =3D 0x0}}}=0D (kgdb) q=0D frog# ^D=08=08exit=0D Script done on Mon Oct 7 11:32:50 2002 I'm confused why marker - if it was removed by TAILQ_REMOVE - hasn't kn_tqe.tqe_next and kn_tqe.tqe_prev set to (void *)-1. Regards, Stefan Farfeleder To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021007095024.GA252>