netbsd-bugs: kern/21241: kernel panics when writing to ext2fs with fatal page fault in supervisor mode

Subject: kern/21241: kernel panics when writing to ext2fs with fatal page fault in supervisor mode
To: None <gnats-bugs@gnats.netbsd.org>
From: None <ekarttun@cs.helsinki.fi>
List: netbsd-bugs
Date: 04/20/2003 06:18:30
>Number:         21241
>Category:       kern
>Synopsis:       kernel panics when writing to ext2fs with fatal page fault in supervisor mode
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Apr 20 06:19:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     Einar Karttunen
>Release:        1.6R
>Organization:
>Environment:
NetBSD 1.6R (YUKI) #0: Sat Apr 19 19:33:29 EEST 2003
root@yuki:/usr/src/sys/arch/i386/compile/YUKI
>Description:
The kernel crashes when trying to write to an ext2-filesystem. The filesystem works with a 1.6 kernel and in linux. Reading and chown seem to work. 

Occurs both with and without NEW_BUFQ_STRATEGY, although probably not relevant.

Results in a reboot because sync (called from panic) repanics.

here is a backtrace from the fault:
GNU gdb 5.0nb1
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386--netbsdelf"...
(gdb) target kcore netbsd.1.core
panic: trap
#0  0x1 in ?? ()
(gdb) bt
#0  0x1 in ?? ()
#1  0xc02937e9 in cpu_reboot (howto=260, bootstr=0x0)
    at /usr/src/sys/arch/i386/i386/machdep.c:877
#2  0xc022641d in panic (fmt=0xc031aa40 "lockmgr: locking against myself")
    at /usr/src/sys/kern/subr_prf.c:246
#3  0xc0205add in lockmgr (lkp=0xd3949b24, flags=65554, interlkp=0xd3949ab8)
    at /usr/src/sys/kern/kern_lock.c:683
#4  0xc025db2b in genfs_lock (v=0xd394ea34)
    at /usr/src/sys/miscfs/genfs/genfs_vnops.c:328
#5  0xc025c2c0 in VOP_LOCK (vp=0xd3949ab8, flags=65554)
    at /usr/src/sys/sys/vnode_if.h:1035
#6  0xc025bc5d in vn_lock (vp=0xd3949ab8, flags=65554)
    at /usr/src/sys/kern/vfs_vnops.c:751
#7  0xc0251bd5 in vget (vp=0xd3949ab8, flags=65554)
    at /usr/src/sys/kern/vfs_subr.c:1194
#8  0xc01b5fbd in ext2fs_sync (mp=0xc08d2200, waitfor=2, cred=0xc08db480,
    p=0xd381c824) at /usr/src/sys/ufs/ext2fs/ext2fs_vfsops.c:812
#9  0xc02556da in sys_sync (l=0xd37ec700, v=0x0, retval=0x0)
    at /usr/src/sys/kern/vfs_syscalls.c:593
#10 0xc0253977 in vfs_shutdown () at /usr/src/sys/kern/vfs_subr.c:2522
#11 0xc02937ba in cpu_reboot (howto=256, bootstr=0x0)
    at /usr/src/sys/arch/i386/i386/machdep.c:863
#12 0xc022641d in panic (fmt=0xc0323e9e "trap")
    at /usr/src/sys/kern/subr_prf.c:246
#13 0xc029ec77 in trap (frame={tf_gs = -980025328, tf_fs = 131120,
      tf_es = -778829808, tf_ds = 16, tf_edi = -745214652,
      tf_esi = -1064455040, tf_ebp = -745214768, tf_ebx = -1071947536,
      tf_edx = 0, tf_ecx = -745205504, tf_eax = 1050779497, tf_trapno = 6,
      tf_err = 2, tf_eip = -1071982867, tf_cs = 8, tf_eflags = 66195,
      tf_esp = 33188, tf_ss = 4040, tf_vm86_es = 2, tf_vm86_ds = 511,
      tf_vm86_fs = 0, tf_vm86_gs = 11})
    at /usr/src/sys/arch/i386/i386/trap.c:297
#14 0xc0102aae in calltrap ()
#15 0xc01b9841 in VOP_VALLOC (pvp=0xd3949ab8, mode=33188, cred=0xc08db480,
    vpp=0xd394ed44) at /usr/src/sys/sys/vnode_if.h:1278
#16 0xc01b9360 in ext2fs_makeinode (mode=33188, dvp=0xd3949ab8,
    vpp=0xd394eeb4, cnp=0xd394eec8)
    at /usr/src/sys/ufs/ext2fs/ext2fs_vnops.c:1374
#17 0xc01b6c56 in ext2fs_create (v=0xd394edbc)
    at /usr/src/sys/ufs/ext2fs/ext2fs_vnops.c:115
#18 0xc025bda1 in VOP_CREATE (dvp=0xd3949ab8, vpp=0xd394eeb4, cnp=0xd394eec8,
    vap=0xd394ee08) at /usr/src/sys/sys/vnode_if.h:121
#19 0xc025ae41 in vn_open (ndp=0xd394eea4, fmode=514, cmode=420)
    at /usr/src/sys/kern/vfs_vnops.c:129
#20 0xc0256584 in sys_open (l=0xd37ec700, v=0xd394ef74, retval=0xd394ef6c)
    at /usr/src/sys/kern/vfs_syscalls.c:1095
#21 0xc029e5f9 in syscall_plain (frame={tf_gs = 31, tf_fs = 31, tf_es = 31,
      tf_ds = 31, tf_edi = 0, tf_esi = -1077937028, tf_ebp = -1077937144,
      tf_ebx = 704975, tf_edx = -1, tf_ecx = 1208884304, tf_eax = 5,
      tf_trapno = 3, tf_err = 2, tf_eip = 1208837047, tf_cs = 23,
      tf_eflags = 643, tf_esp = -1077937348, tf_ss = 31, tf_vm86_es = 0,
      tf_vm86_ds = 0, tf_vm86_fs = 0, tf_vm86_gs = 0})
    at /usr/src/sys/arch/i386/i386/syscall.c:156
#22 0xc0100a57 in syscall1 ()
(gdb) q


dmesg (from savecore):
NetBSD 1.6R (YUKI) #0: Sat Apr 19 19:33:29 EEST 2003
root@yuki:/usr/src/sys/arch/i386/compile/YUKI
total memory = 255 MB
avail memory = 234 MB
using 3295 buffers containing 13180 KB of memory
BIOS32 rev. 0 found at 0xe7300
mainbus0 (root)
cpu0 at mainbus0: (uniprocessor)
cpu0: Intel Pentium III (686-class), 797.45 MHz, id 0x686
cpu0: features 383fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR>
cpu0: features 383fbff<PGE,MCA,CMOV,PAT,PSE36,MMX>
cpu0: features 383fbff<FXSR,SSE>
cpu0: I-cache 16 KB 32b/line 4-way, D-cache 16 KB 32b/line 4-way
cpu0: L2 cache 256 KB 32b/line 8-way
cpu0: ITLB 32 4 KB entries 4-way, 2 4 MB entries fully associative
cpu0: DTLB 64 4 KB entries 4-way, 8 4 MB entries 4-way
cpu0: 8 page colors
pci0 at mainbus0 bus 0: configuration mode 1
pci0: i/o space, memory space enabled, rd/line, rd/mult, wr/inv ok
pchb0 at pci0 dev 0 function 0
pchb0: vendor 0x8086 product 0x1130 (rev. 0x02)
pchb0: random number generator enabled
agp0 at pchb0: can't find internal VGA device config space
ppb0 at pci0 dev 1 function 0: vendor 0x8086 product 0x1131 (rev. 0x02)
pci1 at ppb0 bus 1
pci1: i/o space, memory space enabled
vga0 at pci1 dev 0 function 0: vendor 0x102b product 0x0521 (rev. 0x01)
wsdisplay0 at vga0 kbdmux 1: console (80x25, vt100 emulation)
wsmux1: connecting to wsdisplay0
ppb1 at pci0 dev 30 function 0: vendor 0x8086 product 0x2418 (rev. 0x02)
pci2 at ppb1 bus 2
pci2: i/o space, memory space enabled
ex0 at pci2 dev 10 function 0: 3Com 3c905C-TX 10/100 Ethernet with mngmt (rev. 0x74)
ex0: interrupting at irq 5
ex0: MAC address 00:01:02:b1:7f:be
bmtphy0 at ex0 phy 24: Broadcom 3c905C internal PHY, rev. 6
bmtphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
pcib0 at pci0 dev 31 function 0
pcib0: vendor 0x8086 product 0x2410 (rev. 0x02)
pciide0 at pci0 dev 31 function 1: Intel 82801AA IDE Controller (ICH) (rev. 0x02)
pciide0: bus-master DMA support present
pciide0: primary channel wired to compatibility mode
wd0 at pciide0 channel 0 drive 0: <WDC WD200EB-11BHF0>
wd0: drive supports 16-sector PIO transfers, LBA addressing
wd0: 19092 MB, 16383 cyl, 16 head, 63 sec, 512 bytes/sect x 39102336 sectors
wd0: 32-bit data port
wd0: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 5 (Ultra/100)
pciide0: primary channel interrupting at irq 14
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 (Ultra/66) (using DMA data transfers)
pciide0: secondary channel wired to compatibility mode
atapibus0 at pciide0 channel 1: 2 targets
cd0 at atapibus0 drive 0: <LTN485, , KQ05> cdrom removable
cd0: 32-bit data port
cd0: drive supports PIO mode 4, DMA mode 2
pciide0: secondary channel interrupting at irq 15
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 (using DMA data transfers)
vendor 0x8086 product 0x2412 (USB serial bus, revision 0x02) at pci0 dev 31 function 2 not configured
auich0 at pci0 dev 31 function 5: i82801AA (ICH) AC-97 Audio
auich0: interrupting at irq 10
auich0: Analog Devices AD1885 codec; headphone, Analog Devices Phat Stereo
auich0: variable rate audio
audio0 at auich0: full duplex, mmap, independent
isa0 at pcib0
pckbc0 at isa0 port 0x60-0x64
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
lpt0 at isa0 port 0x378-0x37b irq 7
pcppi0 at isa0 port 0x61
sysbeep0 at pcppi0
npx0 at isa0 port 0xf0-0xff: using exception 16
fdc0 at isa0 port 0x3f0-0x3f7 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB, 80 cyl, 2 head, 18 sec
auich0: measured ac97 link rate at 55934 Hz
boot device: wd0
root on wd0a dumps on wd0b
root file system type: ffs
wsdisplay0: screen 1 added (80x25, vt100 emulation)
wsdisplay0: screen 2 added (80x25, vt100 emulation)
wsdisplay0: screen 3 added (80x25, vt100 emulation)
wsdisplay0: screen 4 added (80x25, vt100 emulation)
uvm_fault(0xd375d900, 0x0, 0, 2) -> e
fatal page fault in supervisor mode
trap type 6 code 2 eip c01773c3 cs 8 eflags 10297 cr2 64 ilevel 0
panic: trap
syncing disks... panic: lockmgr: locking against myself

dumping to dev 0,524288 offset 5880
dump 255 254 253 252 251 250 249 248 247 246 245 244 243 242 241 240 239 238 237 236 235 234 233 232 231 230 229 228 227 226 225 224 223 222 221 220 219 218 217 216 215 214 213 212 211 210 209 208 207 206 205 204 203 202 201 200 199 198 197 196 195 194 193 192 191 190 189 188 187 186 185 184 183 182 181 180 179 178 177 176 175 174 173 172 171 170 169 168 167 166 165 164 163 162 161 160 159 158 157 156 155 154 153 152 151 150 149 148 147 146 145 144 143 142 141 140 139 138 137 136 135 134 133 132 131 130 129 128 127 126 125 124 123 122 121 120 119 118 117 116 115 114 113 112 111 110 109 108 107 106 105 104 103 102 101 100 99 98 97 96 95 94 93 92 91 90 89 88 87 86 85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68 67 66 65 64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1

>How-To-Repeat:
mount /my/ext2fs /mnt
touch /mnt/foobar
>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted: