Re: kern/37799: Writing a large file to an NFS partition panics the kernel

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,reinoud%NetBSD.org@localhost
Subject: Re: kern/37799: Writing a large file to an NFS partition panics the kernel
From: Reinoud Zandijk <reinoud%NetBSD.org@localhost>
Date: Mon, 21 Jan 2008 18:15:03 +0000 (UTC)

The following reply was made to PR kern/37799; it has been noted by GNATS.

From: Reinoud Zandijk <reinoud%NetBSD.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: kern/37799: Writing a large file to an NFS partition panics the 
kernel
Date: Mon, 21 Jan 2008 19:13:46 +0100

 This PR might be related to genfs_put_pages()/uvm since another crash while 
 copying with `dd if=/dev/cd0d of=/tmp/1 bs=32' (with /tmp on NFS) on the 
 same machine; note the similarities in struct pg: pg->hashq->tqe_next = 0x40 
(!)
 
 Could this be the result of a TAILQ operation on a NULL pointer?
 
 (gdb) list
 253
 254             hash = uvm_pagehash(uobj, pg->offset);
 255             buck = &uvm.page_hash[hash];
 256             lock = uvm_hashlock(hash);
 257             mutex_spin_enter(lock);
 258             TAILQ_REMOVE(buck, pg, hashq);
 259             mutex_spin_exit(lock);
 260
 261             if (UVM_OBJ_IS_VNODE(uobj)) {
 262                     if (uobj->uo_npages == 1) {
 (gdb) print hash
 $1 = 20722
 (gdb) print buck
 $2 = (struct pglist *) 0xc9d04790
 (gdb) print lock
 $3 = (kmutex_t *) 0xc05f6f80
 (gdb) print *pg
 $4 = {pageq = {tqe_next = 0xc08f81e0, tqe_prev = 0xc05f7168}, hashq = 
{tqe_next = 0x40, 
     tqe_prev = 0xc9d04790}, listq = {tqe_next = 0xc08f81e0, tqe_prev = 
0xcafdb1c8}, uanon = 0x0, 
   uobject = 0xcafdb1c0, offset = 32710656, flags = 12, loan_count = 0, 
wire_count = 0, pqflags = 256, 
   phys_addr = 67063808, mdpage = {mp_pp = {pp_lock = {u = {mtxa_owner = 
1281}}, pp_u = {u_pte = {
           pte_ptp = 0x0, pte_va = 0}, u_head = {pvh_list = {lh_first = 0x0}}, 
u_link = 0x0}, 
       pp_flags = 0 '\0', pp_attrs = 0 '\0'}}}
 (gdb) print *buck
 $5 = {tqh_first = 0xc08f85dc, tqh_last = 0xc08f85e4}
 (gdb) where
 #0  0xc03473a0 in uvm_pageremove (pg=0xc08f85dc) at 
../../../../uvm/uvm_page.c:258
 #1  0xc03478fb in uvm_pagefree (pg=0xc08f85dc) at 
../../../../uvm/uvm_page.c:1392
 #2  0xc0427940 in genfs_do_putpages (vp=0xcafdb1c0, startoff=32710656, 
endoff=32714752, origflags=9, 
     busypg=0x0) at ../../../../miscfs/genfs/genfs_io.c:1071
 #3  0xc0426b2a in genfs_putpages (v=0xcadb9bb8) at 
../../../../miscfs/genfs/genfs_io.c:744
 #4  0xc042382f in VOP_PUTPAGES (vp=0xcafdb1c0, offlo=32710656, offhi=32714752, 
flags=9)
     at ../../../../kern/vnode_if.c:1798
 #5  0xc034ec2b in uvn_put (uobj=0xcafdb1c0, offlo=32710656, offhi=32714752, 
flags=9)
     at ../../../../uvm/uvm_vnode.c:152
 #6  0xc034a09a in uvmpd_scan_queue () at ../../../../uvm/uvm_pdaemon.c:774
 #7  0xc034a43b in uvmpd_scan () at ../../../../uvm/uvm_pdaemon.c:965
 #8  0xc0349667 in uvm_pageout (arg=0xc9d3a5e0) at 
../../../../uvm/uvm_pdaemon.c:297
 #9  0xc01002cf in lwp_trampoline ()
 (gdb)

Prev by Date: Re: port-mac68k/37660: Internal compiler error when compiling PHP 5.2.5 on port-mac68k 4.0
Next by Date: Re: kern/27180 (NetBSD 2.0 RC2 and RC3 failed to reboot)
Previous by Thread: kern/37799: Writing a large file to an NFS partition panics the kernel
Next by Thread: Re: kern/37799: Writing a large file to an NFS partition panics the kernel
Indexes:

Home | Main Index | Thread Index | Old Index