kern/52916: vinum causes panic after start/stop/... cycle, easy to reproduce

Pawel Malachowski pawmal at unia.3lo.lublin.pl
Tue Jun 24 11:30:16 PDT 2003 

The following reply was made to PR kern/52916; it has been noted by GNATS.

From: "Pawel Malachowski" <pawmal at unia.3lo.lublin.pl>
To: Greg 'groggy' Lehey <grog at FreeBSD.org>
Cc: Freebsd-gnats-submit at FreeBSD.org
Subject: Re: kern/52916: vinum causes panic after start/stop/... cycle, easy to reproduce
Date: Tue, 24 Jun 2003 20:25:23 +0200

 On 24 Jun 2003 at 8:33, Greg 'groggy' Lehey wrote:
 
 >         [...] In particular, I need a gdb backtrace, not a ddb
 > backtrace.  But if it looks the same, keep the dump and I'll look at
 > it (or get you to look at it) when I know what I'm looking for.
 
 As I said before, there was no crashdump.
 System tries do dump after first panic but fails with second panic.
 
 However, I discovered that when I change dumpdev from /dev/da0s1b
 to /dev/da1s1b (second, unused disk), dumping can be done with
 success.
 
 I've installed fresh 4.8-RELEASE from CD, updated kernel and userland
 do todays 4.8-STABLE. Also vinum resetconfig was done to remove previous
 configuration from second hard drive.
 # vinum list
 0 drives:
 0 volumes:
 0 plexes:
 0 subdisks:
 
 GENERIC kernel was used with the following additions:
 makeoptions     DEBUG=-g 
 pseudo-device   vinum
 options         VINUMDEBUG
 
 
 The following vinum-test.sh was used:
 
 #!/bin/sh
 i=1
 while [ 1 ]
 do
   echo Start $i
   (sync;sync;sync;sync;sync;sync;sync;sync;sync;sync;sync;sync) &
   vinum start
   echo Stop $i
   vinum stop
   i=$(($i + 1))
 done
 
 This script was running without problems about 300 times, then I started
 `make buildworld' and system crashed immediately.
 
 Here is backtrace:
 Fatal trap 12: page fault while in kernel mode
 fault virtual address   = 0x3ef85e4c
 fault code              = supervisor read, page not present
 instruction pointer     = 0x8:0xc023c864
 stack pointer           = 0x10:0xe18d0d70
 frame pointer           = 0x10:0xe18d0d84
 code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, def32 1, gran 1
 processor eflags        = interrupt enabled, resume, IOPL = 0
 current process         = 6129 (rm)
 interrupt mask          = none
 trap number             = 12
 panic: page fault
 
 syncing disks...
 
 Fatal trap 12: page fault while in kernel mode
 fault virtual address   = 0x3ef85e4c
 fault code              = supervisor read, page not present
 instruction pointer     = 0x8:0xc023c864
 stack pointer           = 0x10:0xe18d0b20
 frame pointer           = 0x10:0xe18d0b34
 code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, def32 1, gran 1
 processor eflags        = interrupt enabled, resume, IOPL = 0
 current process         = 6129 (rm)
 interrupt mask          = none
 trap number             = 12
 panic: page fault
 Uptime: 9m2s
 
 dumping to dev #da/0x20009, offset 2621464
 dump 767 766 765 764 763 762 761 760 759 758 757 756 755 754 753 752 751 750 749 748 747 746 745
 [cut]
 (kgdb) bt
 #0  dumpsys () at ../../kern/kern_shutdown.c:487
 #1  0xc0232867 in boot (howto=260) at ../../kern/kern_shutdown.c:316
 #2  0xc0232c8c in poweroff_wait (junk=0xc042a18c, howto=-1069376369)
     at ../../kern/kern_shutdown.c:595
 #3  0xc03a620e in trap_fatal (frame=0xe18d0ae0, eva=1056464460) at ../../i386/i386/trap.c:974
 #4  0xc03a5ee1 in trap_pfault (frame=0xe18d0ae0, usermode=0, eva=1056464460)
     at ../../i386/i386/trap.c:867
 #5  0xc03a5a9f in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = -814809072, tf_edi = 16,
       tf_esi = 1056464276, tf_ebp = -510850252, tf_isp = -510850292, tf_ebx = 4, tf_edx = 2,
       tf_ecx = -814803112, tf_eax = -814803112, tf_trapno = 12, tf_err = 0,
       tf_eip = -1071396764, tf_cs = 8, tf_eflags = 66050, tf_esp = -1023903520,
       tf_ss = -814803112}) at ../../i386/i386/trap.c:466
 #6  0xc023c864 in dscheck (bp=0xcf6f1758, ssp=0xc31b6800) at ../../kern/subr_diskslice.c:184
 #7  0xc023c4d5 in diskstrategy (bp=0xcf6f1758) at ../../kern/subr_disk.c:246
 #8  0xc026bcb4 in spec_strategy (ap=0xe18d0b80) at ../../miscfs/specfs/spec_vnops.c:479
 #9  0xc0258682 in bwrite (bp=0xcf6f1758) at vnode_if.h:944
 #10 0xc025df46 in vop_stdbwrite (ap=0xe18d0bb0) at ../../kern/vfs_default.c:344
 #11 0xc025dd91 in vop_defaultop (ap=0xe18d0bb0) at ../../kern/vfs_default.c:152
 #12 0xc02589d2 in bawrite (bp=0xcf6f1758) at vnode_if.h:1193
 #13 0xc026bb58 in spec_fsync (ap=0xe18d0c10) at ../../miscfs/specfs/spec_vnops.c:396
 #14 0xc033fe33 in ffs_sync (mp=0xc2f82c00, waitfor=2, cred=0xc1adc900, p=0xc055a520)
     at vnode_if.h:558
 #15 0xc0262e7b in sync (p=0xc055a520, uap=0x0) at ../../kern/vfs_syscalls.c:577
 #16 0xc0232602 in boot (howto=256) at ../../kern/kern_shutdown.c:235
 #17 0xc0232c8c in poweroff_wait (junk=0xc042a18c, howto=-1069376369)
     at ../../kern/kern_shutdown.c:595
 #18 0xc03a620e in trap_fatal (frame=0xe18d0d30, eva=1056464460) at ../../i386/i386/trap.c:974
 #19 0xc03a5ee1 in trap_pfault (frame=0xe18d0d30, usermode=0, eva=1056464460)
     at ../../i386/i386/trap.c:867
 #20 0xc03a5a9f in trap (frame={tf_fs = -510853104, tf_es = -1070333936, tf_ds = -1023934448,
       tf_edi = 2909664, tf_esi = 1056464276, tf_ebp = -510849660, tf_isp = -510849700,
       tf_ebx = 12, tf_edx = 2, tf_ecx = -814693552, tf_eax = -814693552, tf_trapno = 12,
       tf_err = 0, tf_eip = -1071396764, tf_cs = 8, tf_eflags = 66050, tf_esp = -1023903520,
       tf_ss = -814693552}) at ../../i386/i386/trap.c:466
 #21 0xc023c864 in dscheck (bp=0xcf70c350, ssp=0xc31b6800) at ../../kern/subr_diskslice.c:184
 #22 0xc023c4d5 in diskstrategy (bp=0xcf70c350) at ../../kern/subr_disk.c:246
 #23 0xc026bcb4 in spec_strategy (ap=0xe18d0dcc) at ../../miscfs/specfs/spec_vnops.c:479
 #24 0xc034784d in ufs_strategy (ap=0xe18d0e10) at vnode_if.h:944
 #25 0xc0347f1d in ufs_vnoperate (ap=0xe18d0e10) at ../../ufs/ufs/ufs_vnops.c:2376
 #26 0xc0258682 in bwrite (bp=0xcf70c350) at vnode_if.h:944
 #27 0xc025df46 in vop_stdbwrite (ap=0xe18d0e4c) at ../../kern/vfs_default.c:344
 #28 0xc025dd91 in vop_defaultop (ap=0xe18d0e4c) at ../../kern/vfs_default.c:152
 #29 0xc0347f1d in ufs_vnoperate (ap=0xe18d0e4c) at ../../ufs/ufs/ufs_vnops.c:2376
 #30 0xc0258a09 in bowrite (bp=0xcf70c350) at vnode_if.h:1193
 #31 0xc0344054 in ufs_dirremove (dvp=0xe18d4780, ip=0xc31b6600, flags=32776, isrmdir=0)
     at ../../ufs/ufs/ufs_lookup.c:1051
 #32 0xc0345eb7 in ufs_remove (ap=0xe18d0ecc) at ../../ufs/ufs/ufs_vnops.c:721
 #33 0xc0347f1d in ufs_vnoperate (ap=0xe18d0ecc) at ../../ufs/ufs/ufs_vnops.c:2376
 #34 0xc026427f in unlink (p=0xd9f89520, uap=0xe18d0f80) at vnode_if.h:583
 #35 0xc03a64bd in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 1,
       tf_esi = 134717440, tf_ebp = -1077938368, tf_isp = -510849068, tf_ebx = 134778368,
       tf_edx = 134778448, tf_ecx = 0, tf_eax = 10, tf_trapno = 7, tf_err = 2,
       tf_eip = 134523416, tf_cs = 31, tf_eflags = 643, tf_esp = -1077938412, tf_ss = 47})
     at ../../i386/i386/trap.c:1175
 #36 0xc0397375 in Xint0x80_syscall ()
 #37 0x8048367 in ?? ()
 #38 0x804813e in ?? ()
 (kgdb) up 6
 #6  0xc023c864 in dscheck (bp=0xcf6f1758, ssp=0xc31b6800) at ../../kern/subr_diskslice.c:184
 184             } else {
 (kgdb) list
 179             }
 180             if (lp == NULL) {
 181                     labelsect = -LABELSECTOR - 1;
 182                     endsecno = sp->ds_size;
 183                     slicerel_secno = secno;
 184             } else {
 185                     labelsect = lp->d_partitions[LABEL_PART].p_offset;
 186     if (labelsect != 0) Debugger("labelsect != 0 in dscheck()");
 187                     pp = &lp->d_partitions[dkpart(bp->b_dev)];
 188                     endsecno = pp->p_size;
 (kgdb) up 15
 #21 0xc023c864 in dscheck (bp=0xcf70c350, ssp=0xc31b6800) at ../../kern/subr_diskslice.c:184
 184             } else {
 
 
 
 -- 
 Pawe³ Ma³achowski

More information about the freebsd-bugs mailing list