Date: Mon, 7 Oct 2002 11:50:24 +0200 From: Stefan Farfeleder <e0026813@stud3.tuwien.ac.at> To: Terry Lambert <tlambert2@mindspring.com> Cc: Stefan Farfeleder <e0026813@stud3.tuwien.ac.at>, John Baldwin <jhb@FreeBSD.ORG>, Juli Mallett <jmallett@FreeBSD.ORG>, current@FreeBSD.ORG Subject: Re: [PATCH] Re: Junior Kernel Hacker page updated... Message-ID: <20021007095024.GA252@frog.fafoe> In-Reply-To: <3DA12642.28BB8E1@mindspring.com> References: <20021004132203.A78223@FreeBSD.org> <XFMail.20021004163317.jhb@FreeBSD.org> <20021005135504.GA254@frog.fafoe> <3D9F39BB.66126C35@mindspring.com> <3DA12642.28BB8E1@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Oct 06, 2002 at 11:14:26PM -0700, Terry Lambert wrote:
>=20
> Stefan: Did the patch fix it, or not?
Sorry for the long delay. No, it did not. But I now have a rather
interesting core dump. I inserted a KASSERT, so that the code looks like
this:
TAILQ_INSERT_TAIL(&kq->kq_head, &marker, kn_tqe);
while (count) {
kn =3D TAILQ_FIRST(&kq->kq_head);
KASSERT(kn !=3D NULL, ("TAILQ_FIRST returned NULL"));
/*
* Skip over all markers which are not ours. This looks
* unsafe, but we can't hit the end of the list without
* hitting our own marker.
*/
while ((kn->kn_status & KN_MARKER) && (kn !=3D &marker)) {
kn =3D TAILQ_NEXT(kn, kn_tqe);
}
TAILQ_REMOVE(&kq->kq_head, kn, kn_tqe);
if (kn =3D=3D &marker) {
[...]
Script started on Mon Oct 7 11:26:10 2002
frog# ../bin/gdb -k crash/kernel.debug.3 crash/vmcore.3=0D=0D
GNU gdb 5.2.0 (FreeBSD) 20020627=0D
Copyright 2002 Free Software Foundation, Inc.=0D
GDB is free software, covered by the GNU General Public License, and you ar=
e=0D
welcome to change it and/or distribute copies of it under certain condition=
s.=0D
Type "show copying" to see the conditions.=0D
There is absolutely no warranty for GDB. Type "show warranty" for details.=
=0D
This GDB was configured as "i386-undermydesk-freebsd"...=0D
panic: bremfree: bp 0xd2adf6f0 not locked=0D
panic messages:=0D
---=0D
panic: TAILQ_FIRST returned NULL=0D
cpuid =3D 1; lapic.id =3D 01000000=0D
panic: from debugger=0D
cpuid =3D 1; lapic.id =3D 01000000=0D
boot() called on cpu#1=0D
=0D
syncing disks... panic: bremfree: bp 0xd2adf6f0 not locked=0D
cpuid =3D 1; lapic.id =3D 01000000=0D
boot() called on cpu#1=0D
Uptime: 13m27s=0D
pfs_vncache_unload(): 1 entries remaining=0D
Dumping 1023 MB=0D
ata0: resetting devices ..=0D
done=0D
ad0: timeout sending command=3Dc5 s=3Dd0 e=3D00=0D
ad0: error executing commandata0: resetting devices ..=0D
done=0D
16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 =
336 352 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592 608 624=
640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880 896 912 92=
8 944 960 976 992 1008=0D
---=0D
#0 doadump () at /freebsd/current/src/sys/kern/kern_shutdown.c:223=0D
223 dumping++;=0D
(kgdb) bt=0D
#0 doadump () at /freebsd/current/src/sys/kern/kern_shutdown.c:223=0D
#1 0xc01ba92a in boot (howto=3D260)=0D
at /freebsd/current/src/sys/kern/kern_shutdown.c:355=0D
#2 0xc01babe7 in panic () at /freebsd/current/src/sys/kern/kern_shutdown.c=
:508=0D
#3 0xc01fcc77 in bremfree (bp=3D0xd2adf6f0)=0D
at /freebsd/current/src/sys/kern/vfs_bio.c:632=0D
#4 0xc01fe798 in vfs_bio_awrite (bp=3D0x3)=0D
at /freebsd/current/src/sys/kern/vfs_bio.c:1633=0D
#5 0xc02a7afa in ffs_fsync (ap=3D0xe2c9d8fc)=0D
at /freebsd/current/src/sys/ufs/ffs/ffs_vnops.c:252=0D
#6 0xc02a7829 in VOP_FSYNC (vp=3D0x0, cred=3D0x0, waitfor=3D0, td=3D0x0)=0D
at vnode_if.h:612=0D
#7 0xc02a6d3b in ffs_sync (mp=3D0xc642ba00, waitfor=3D2, cred=3D0xc22b2e80=
, =0D
td=3D0xc03643a0) at /freebsd/current/src/sys/ufs/ffs/ffs_vfsops.c:1127=
=0D
#8 0xc0210998 in sync (td=3D0xc03643a0, uap=3D0x0)=0D
at /freebsd/current/src/sys/kern/vfs_syscalls.c:130=0D
#9 0xc01ba52b in boot (howto=3D256)=0D
at /freebsd/current/src/sys/kern/kern_shutdown.c:264=0D
#10 0xc01babe7 in panic () at /freebsd/current/src/sys/kern/kern_shutdown.c=
:508=0D
#11 0xc013b1d2 in db_panic () at /freebsd/current/src/sys/ddb/db_command.c:=
450=0D
#12 0xc013b152 in db_command (last_cmdp=3D0xc035db40, cmd_table=3D0x0, =0D
aux_cmd_tablep=3D0xc03577fc, aux_cmd_tablep_end=3D0xc0357800)=0D
at /freebsd/current/src/sys/ddb/db_command.c:346=0D
---Type <return> to continue, or q <return> to quit---=0D
#13 0xc013b266 in db_command_loop ()=0D
at /freebsd/current/src/sys/ddb/db_command.c:472=0D
#14 0xc013deca in db_trap (type=3D3, code=3D0)=0D
at /freebsd/current/src/sys/ddb/db_trap.c:72=0D
#15 0xc02e9f60 in kdb_trap (type=3D3, code=3D0, regs=3D0xe2c9db94)=0D
at /freebsd/current/src/sys/i386/i386/db_interface.c:166=0D
#16 0xc0302027 in trap (frame=3D=0D
{tf_fs =3D 24, tf_es =3D 16, tf_ds =3D 16, tf_edi =3D -968725664, tf_=
esi =3D 256, tf_ebp =3D -490087456, tf_isp =3D -490087488, tf_ebx =3D 0, tf=
_edx =3D 0, tf_ecx =3D 32, tf_eax =3D 18, tf_trapno =3D 3, tf_err =3D 0, tf=
_eip =3D -1070685611, tf_cs =3D 8, tf_eflags =3D 658, tf_esp =3D -107027266=
9, tf_ss =3D -1070406694})=0D
at /freebsd/current/src/sys/i386/i386/trap.c:605=0D
#17 0xc02eb768 in calltrap () at {standard input}:99=0D
#18 0xc01babcf in panic (fmt=3D0x0)=0D
at /freebsd/current/src/sys/kern/kern_shutdown.c:494=0D
#19 0xc01a1212 in kqueue_scan (fp=3D0x0, maxevents=3D4, ulistp=3D0xbfbfeb90=
, =0D
tsp=3D0xc754f828, td=3D0xc6426b60)=0D
at /freebsd/current/src/sys/kern/kern_event.c:717=0D
#20 0xc01a0ad1 in kevent (td=3D0xc6426b60, uap=3D0xe2c9dd10)=0D
at /freebsd/current/src/sys/kern/kern_event.c:470=0D
#21 0xc030299e in syscall (frame=3D=0D
{tf_fs =3D 47, tf_es =3D 47, tf_ds =3D 47, tf_edi =3D -1077937792, tf=
_esi =3D 4, tf_ebp =3D -1077941256, tf_isp =3D -490087052, tf_ebx =3D -1077=
937772, tf_edx =3D 2184, tf_---Type <return> to continue, or q <return> to =
quit---=0D
ecx =3D 0, tf_eax =3D 363, tf_trapno =3D 0, tf_err =3D 2, tf_eip =3D 134641=
975, tf_cs =3D 31, tf_eflags =3D 514, tf_esp =3D -1077941412, tf_ss =3D 47}=
)=0D
at /freebsd/current/src/sys/i386/i386/trap.c:1050=0D
#22 0xc02eb7bd in Xint0x80_syscall () at {standard input}:141=0D
---Can't read userspace from dump, or kernel process---=0D
=0D
(kgdb) frame 19=0D
#19 0xc01a1212 in kqueue_scan (fp=3D0x0, maxevents=3D4, ulistp=3D0xbfbfeb90=
, =0D
tsp=3D0xc754f828, td=3D0xc6426b60)=0D
at /freebsd/current/src/sys/kern/kern_event.c:717=0D
717 KASSERT(kn !=3D NULL, ("TAILQ_FIRST returned NULL"));=0D
(kgdb) info locals=0D
kq =3D (struct kqueue *) 0xc754f800=0D
kevp =3D (struct kevent *) 0xc754f828=0D
atv =3D {tv_sec =3D 0, tv_usec =3D 0}=0D
rtv =3D {tv_sec =3D 434, tv_usec =3D -1070420864}=0D
ttv =3D {tv_sec =3D 1, tv_usec =3D -1070411616}=0D
kn =3D (struct knote *) 0x0=0D
marker =3D {kn_link =3D {sle_next =3D 0xc01b0d37}, kn_selnext =3D {=0D
sle_next =3D 0xc0368a20}, kn_tqe =3D {tqe_next =3D 0x0, tqe_prev =3D 0x=
c6650ac8}, =0D
kn_kq =3D 0xc6426bcc, kn_kevent =3D {ident =3D 3344374324, filter =3D -30=
080, =0D
flags =3D 49206, fflags =3D 3224546432, data =3D 431, udata =3D 0xe2c9d=
ca0}, =0D
kn_status =3D 16, kn_sfflags =3D -1070167424, kn_sdata =3D 8, kn_ptr =3D =
{=0D
p_fp =3D 0xc032ac80, p_proc =3D 0xc032ac80}, kn_fop =3D 0x1af, kn_hook =
=3D 0x3}=0D
count =3D 4=0D
timeout =3D 0=0D
nkev =3D 0=0D
error =3D 0=0D
(kgdb) p *kq=0D
$2 =3D {kq_head =3D {tqh_first =3D 0x0, tqh_last =3D 0xc754f800}, kq_count =
=3D 1, =0D
kq_sel =3D {si_thrlist =3D {tqe_next =3D 0x0, tqe_prev =3D 0x0}, si_threa=
d =3D 0x0, =0D
si_note =3D {slh_first =3D 0x0}, si_flags =3D 0}, kq_fdp =3D 0xc7571a00=
, =0D
kq_state =3D 0, kq_kev =3D {{ident =3D 23, filter =3D -1, flags =3D 1, ff=
lags =3D 0, =0D
data =3D 69, udata =3D 0x80cd800}, {ident =3D 23, filter =3D -1, flag=
s =3D 1, =0D
fflags =3D 0, data =3D 164, udata =3D 0x80cd800}, {ident =3D 27, filt=
er =3D -1, =0D
flags =3D 1, fflags =3D 0, data =3D 218, udata =3D 0x80cf800}, {ident=
=3D 19, =0D
filter =3D -1, flags =3D 1, fflags =3D 0, data =3D 182, udata =3D 0x8=
0cc800}, {=0D
ident =3D 0, filter =3D 0, flags =3D 0, fflags =3D 0, data =3D 0, uda=
ta =3D 0x0}, {=0D
ident =3D 0, filter =3D 0, flags =3D 0, fflags =3D 0, data =3D 0, uda=
ta =3D 0x0}, {=0D
ident =3D 0, filter =3D 0, flags =3D 0, fflags =3D 0, data =3D 0, uda=
ta =3D 0x0}, {=0D
ident =3D 0, filter =3D 0, flags =3D 0, fflags =3D 0, data =3D 0, uda=
ta =3D 0x0}}}=0D
(kgdb) q=0D
frog# ^D=08=08exit=0D
Script done on Mon Oct 7 11:32:50 2002
I'm confused why marker - if it was removed by TAILQ_REMOVE - hasn't
kn_tqe.tqe_next and kn_tqe.tqe_prev set to (void *)-1.
Regards,
Stefan Farfeleder
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021007095024.GA252>