Subject: Re: savecore -c crashes kernel (-current on i386)
To: Markus W Kilbinger <mk@kilbi.de>
From: Juergen Hannken-Illjes <hannken@eis.cs.tu-bs.de>
List: current-users
Date: 10/08/2007 10:08:52
On Mon, Oct 08, 2007 at 09:58:34AM +0200, Markus W Kilbinger wrote:
> >>>>> "Juergen" == Juergen Hannken-Illjes <hannken@eis.cs.tu-bs.de> writes:
> 
>     >> So, maybe it's related to the 4.99.31 -> 4.99.32 changes...
> 
>     Juergen> Quite sure. Could you please (from ddb):
> 
> Here's the output from my crashes:
> 
>   [...]
>   Starting amavisd.
>   trap: TLB miss (load or instr. fetch) in kernel mode
>   status=0xff03, cause=0x8, epc=0x801eee00, vaddr=0
>   pid=0 cmd=system usp=0x0 ksp=0xcc6e7d50
>   Stopped in pid 0.6 (system) at  netbsd:specificdata_getspecific:        lw      v
>   0,0(a1)
>   db> t
>   specificdata_getspecific+0 (c9851060,920,2,8fd8cfd8) ra 8022bf24 sz 0
>   fscow_run+44 (c9851060,920,2,8fd8cfd8) ra 80236618 sz 40
>   spec_strategy+98 (c9851060,920,2,8fd8cfd8) ra 80230668 sz 32
>   VOP_STRATEGY+2c (8fdc2dc0,8fd8c990,2,8fd8cfd8) ra 80198150 sz 40
>   uvm_swap_io+120 (8fdc2dc0,8fd8c990,2,8fd8cfd8) ra 80195994 sz 56
>   swapcluster_flush+70 (8fdc2dc0,8fd8c990,2,8fd8cfd8) ra 80195d7c sz 32
>   uvm_pageout+3cc (8fdc2dc0,8fd8c990,2,8fd8cfd8) ra 802767c0 sz 176
>   mips3_lwp_trampoline+20 (8fdc2dc0,8fd8c990,2,8fd8cfd8) ra 0 sz 24
>   User-level: pid 0.6
> 
>     Juergen> show buf <1. arg of fscow_run>
> 
>   db> show buf 0xc9851060
>     vp 0x2 lblkno 0x0 blkno 0x500000004 rawblkno 0x8a9c928000000006 dev 0x1
>     error 3 flags 0x0
>     bufsize 0xc98518c0 bcount 0x8ff51def resid 0x0
>     data 0x2 saveaddr 0x4 dep 0x3
>     iodone 0x0

This buffer dosn't look ok.  Could you try this diff:

Index: vfs_trans.c
===================================================================
RCS file: /cvsroot/src/sys/kern/vfs_trans.c,v
retrieving revision 1.13
diff -p -u -4 -r1.13 vfs_trans.c
--- vfs_trans.c	7 Oct 2007 14:48:38 -0000	1.13
+++ vfs_trans.c	8 Oct 2007 07:55:42 -0000
@@ -592,8 +592,10 @@ fscow_run(struct buf *bp)
 	if (bp->b_vp->v_type == VBLK)
 		mp = bp->b_vp->v_specmountpoint;
 	else
 		mp = bp->b_vp->v_mount;
+	if (mp == NULL)
+		return 0;
 
 	if ((cmi = mount_getspecific(mp, mount_cow_key)) == NULL)
 		return 0;
 

-- 
Juergen Hannken-Illjes - hannken@eis.cs.tu-bs.de - TU Braunschweig (Germany)