netbsd-bugs: kern/13534: 1.5.1: System crash in softdep code

Subject: kern/13534: 1.5.1: System crash in softdep code
To: None <gnats-bugs@gnats.netbsd.org>
From: Ingolf Steinbach <ingolf@jellonet.de>
List: netbsd-bugs
Date: 07/22/2001 20:48:29
>Number:         13534
>Category:       kern
>Synopsis:       1.5.1: System crash in softdep code
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jul 22 11:49:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Ingolf Steinbach
>Release:        NetBSD-1.5.1
>Organization:
none
>Environment:
System: NetBSD helios 1.5.1 NetBSD 1.5.1 (HELIOS) #0: Thu Jul 12 21:20:37 CEST 2001 ingolf@helios:/usr/obj/sys/arch/i386/compile/HELIOS i386


>Description:
	Probably at the end of a process running in Linux emulation
	(appletviewer from sun-jre-1.3.1 -- or is it jdk?) the system
	crashed. See the following ps output and backtrace:

% ps -aux -O paddr -M netbsd.core
USER       PID %CPU %MEM   VSZ RSS TT STAT STARTED    TIME COMMAND   PID    PADDR TT STAT    TIME COMMAND
ingolf   22258  8.2  0.0  6856   0 p7 RE+  11Jul01 0:00.00 (applet 22258 d2c744e8 p7 RE+  0:00.00 (applet
[...]

(gdb) bt
#0  0x2 in ?? ()
#1  0xc02761f3 in cpu_reboot (howto=256, bootstr=0x0)
    at /usr/src/sys/arch/i386/i386/machdep.c:1175
#2  0xc011ffad in db_sync_cmd () at /usr/src/sys/ddb/db_command.c:720
#3  0xc011fb12 in db_command (last_cmdp=0xc02fdcc8, cmd_table=0x0)
    at /usr/src/sys/ddb/db_command.c:320
#4  0xc011fe5e in db_command_loop () at /usr/src/sys/ddb/db_command.c:555
#5  0xc012334e in db_trap (type=6, code=0) at /usr/src/sys/ddb/db_trap.c:78
#6  0xc027313e in kdb_trap (type=6, code=0, regs=0xd2beabd0)
    at /usr/src/sys/arch/i386/i386/db_interface.c:119
#7  0xc0279c7c in trap (frame={tf_gs = 16, tf_fs = 16, tf_es = 16, tf_ds = 16,
      tf_edi = -1, tf_esi = -992548444, tf_ebp = -759256040,
      tf_ebx = -992548444, tf_edx = -1073682620, tf_ecx = 0, tf_eax = 0,
      tf_trapno = 6, tf_err = 0, tf_eip = -1072266756, tf_cs = 8,
      tf_eflags = 66118, tf_esp = 0, tf_ss = -992548444,
      tf_vm86_es = -759256000, tf_vm86_ds = -1072287248, tf_vm86_fs = 0,
      tf_vm86_gs = -992548444}) at /usr/src/sys/arch/i386/i386/trap.c:299
#8  0xc0100c57 in calltrap ()
#9  0xc01631f0 in getblk (vp=0x0, blkno=516160, size=8192, slpflag=0,
    slptimeo=0) at /usr/src/sys/kern/vfs_bio.c:705
#10 0xc01639cd in bread (vp=0x0, blkno=516160, size=8192, cred=0xffffffff,
    bpp=0xd2beacb0) at /usr/src/sys/kern/vfs_bio.c:196
#11 0xc0241d08 in softdep_setup_freeblocks (ip=0xd2ab3b60, length=0)
    at /usr/src/sys/ufs/ffs/ffs_softdep.c:1593
#12 0xc023e9e3 in ffs_truncate (v=0xd2beae48)
    at /usr/src/sys/ufs/ffs/ffs_inode.c:244
#13 0xc0258900 in ufs_inactive (v=0xd2beae7c)
    at /usr/src/sys/sys/vnode_if.h:1039
#14 0xc016a6ad in vrele (vp=0xd2b8bddc) at /usr/src/sys/sys/vnode_if.h:723
#15 0xc0270646 in uvn_detach (uobj=0xd2b8bddc)
    at /usr/src/sys/uvm/uvm_vnode.c:495
#16 0xc0268d34 in uvm_unmap_detach (first_entry=0xd2961bd0, amap_unref_flags=0)
    at /usr/src/sys/uvm/uvm_map.c:1129
#17 0xc0268cdf in uvm_unmap (map=0xd2acda54, start=0, end=3217022976)
    at /usr/src/sys/uvm/uvm_map_i.h:183
#18 0xc026f324 in uvm_deallocate (map=0xd2acda54, start=0, size=3217022976)
    at /usr/src/sys/uvm/uvm_user.c:66
#19 0xc013bb2f in exit1 (p=0xd2c744e8, rv=0)
    at /usr/src/sys/kern/kern_exit.c:206
#20 0xc013c180 in sys_exit (p=0xd2c744e8, v=0xd2beaf80, retval=0xd2beaf78)
    at /usr/src/sys/kern/kern_exit.c:138
#21 0xc027a2d4 in syscall (frame={tf_gs = 31, tf_fs = 31, tf_es = 43,
      tf_ds = 43, tf_edi = 0, tf_esi = 1210680220, tf_ebp = 1309707860,
      tf_ebx = 0, tf_edx = 1210680888, tf_ecx = 1208450525, tf_eax = 1,
      tf_trapno = 3, tf_err = 2, tf_eip = 1210300461, tf_cs = 35,
      tf_eflags = 535, tf_esp = 1309707816, tf_ss = 43, tf_vm86_es = 0,
      tf_vm86_ds = 0, tf_vm86_fs = 0, tf_vm86_gs = 0})
    at /usr/src/sys/arch/i386/i386/trap.c:801
#22 0xc0100cc3 in syscall1 ()
can not access 0x4e108e54, invalid translation (invalid PDE)
can not access 0x4e108e54, invalid translation (invalid PDE)
Cannot access memory at address 0x4e108e54.

(gdb) proc 0xd2c744e8
(gdb) bt
#0  0xc0402 in ?? ()
#1  0xc8a6000 in ?? ()

	I have softdep enabled on all local ffs type filesystems.
	That it was a Linux emulation process may be totally
	irrelevant.

	Unfortunately, the (compressed) kernel and core file
	exceed my web space limit.
 
>How-To-Repeat:
	Up to now, I have not been able to reproduce the crash.

>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: