Opened 16 years ago
Closed 16 years ago
#1982 closed bug (fixed)
unmount bug: PANIC: vm_page_fault: unhandled page fault in kernel
| Reported by: | thorn | Owned by: | axeld |
|---|---|---|---|
| Priority: | high | Milestone: | R1 |
| Component: | System/Kernel | Version: | R1/pre-alpha1 |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Platform: | x86 |
Description
Haiku hrev24635
how to repeat:
- mount bfs volume from tracker (for example /work)
- in terminal - cd /work
- in tracker - unmount volume and press 'cancel'
- in tracker - unmount volume again
- in terminal - ls
vm_soft_fault: va 0xdeadbef3 not covered by area in address space
vm_page_fault: vm_soft_fault returned error 'Bad address' on fault at 0xdeadbef3, ip 0x80047d37, write 0, user 0, thread 0x86
PANIC: vm_page_fault: unhandled page fault in kernel space at 0xdeadbef3, ip 0x80047d37
Welcome to Kernel Debugging Land...
Running on CPU 0
kdebug> bt
stack trace for thread 134 "sh"
kernel stack: 0x92720000 to 0x92724000
user stack: 0x7efe7000 to 0x7ffe7000
frame caller <image>:function + offset
92723a18 (+ 52) 800843f3 <kernel>:invoke_debugger_command + 0x00cf
92723a4c (+ 64) 80085194 <kernel>:_ParseCommand__16ExpressionParserRi + 0x01f8
92723a8c (+ 48) 80084b86 <kernel>:EvaluateCommand__16ExpressionParserPCcRi + 0x01de
92723abc (+ 228) 800862a8 <kernel>:evaluate_debug_command + 0x0088
92723ba0 (+ 64) 80082f36 <kernel>:kernel_debugger_loop__Fv + 0x017a
92723be0 (+ 48) 80083be1 <kernel>:kernel_debugger + 0x010d
92723c10 (+ 192) 80083ac9 <kernel>:panic + 0x0029
92723cd0 (+ 64) 8005ca63 <kernel>:vm_page_fault + 0x00ab
92723d10 (+ 64) 80090a85 <kernel>:page_fault_exception + 0x00b1
92723d50 (+ 12) 8009418d <kernel>:int_bottom + 0x001d (nearest)
iframe at 0x92723d5c (end = 0x92723db4)
eax 0xdeadbeef ebx 0x90a24c00 ecx 0x800c7e7b edx 0x2e
esi 0x90a24c01 edi 0x90b44880 ebp 0x92723df4 esp 0x92723d90
eip 0x80047d37 eflags 0x10206
vector: 0xe, error code: 0x0
92723d5c (+ 152) 80047d37 <kernel>:vnode_path_to_vnode__FP5vnodePcbiPP5vnodePxPi + 0x0103
92723df4 (+ 64) 800480ee <kernel>:path_to_vnode__FPcbPP5vnodePxT1 + 0x00de
92723e34 (+ 64) 800488c9 <kernel>:fd_and_path_to_vnode__FiPcbPP5vnodePxT2 + 0x0061
92723e74 (+ 64) 8004ccd5 <kernel>:common_path_read_stat__FiPcbP4statT2 + 0x0031
92723eb4 (+ 144) 8005198b <kernel>:_user_read_stat + 0x00eb
92723f44 (+ 100) 80094302 <kernel>:pre_syscall_debug_done + 0x0002 (nearest)
iframe at 0x92723fa8 (end = 0x92724000)
eax 0x72 ebx 0x33459c ecx 0x7ffe6c10 edx 0xffff0104
esi 0x0 edi 0x1800ce13 ebp 0x7ffe6c4c esp 0x92723fdc
eip 0xffff0104 eflags 0x207
vector: 0x63, error code: 0x0
92723fa8 (+ 0) ffff0104
7ffe6c4c (+ 48) 00310499 <libroot.so>:stat + 0x0025
7ffe6c7c (+ 128) 00244f57 <_APP_>:user_command_matches + 0x04cb (nearest)
7ffe6cfc (+ 48) 00244882 <_APP_>:find_path_file + 0x009a (nearest)
7ffe6d2c (+ 48) 002448af <_APP_>:find_path_file + 0x00c7 (nearest)
7ffe6d5c (+ 48) 002447e1 <_APP_>:find_user_command + 0x0021
7ffe6d8c (+ 48) 00244a50 <_APP_>:search_for_command + 0x0138
7ffe6dbc (+ 48) 00227bcc <_APP_>:setup_async_signals + 0x00dc (nearest)
7ffe6dec (+ 112) 002271c1 <_APP_>:execute_command_internal + 0x344d (nearest)
7ffe6e5c (+ 96) 00224232 <_APP_>:execute_command_internal + 0x04be
7ffe6ebc (+ 80) 00223bbd <_APP_>:execute_command + 0x0065
7ffe6f0c (+ 48) 0021f879 <_APP_>:reader_loop + 0x01d1
7ffe6f3c (+ 64) 0021dab6 <_APP_>:main + 0x07b2
7ffe6f7c (+ 48) 00216773 <_APP_>:_start + 0x005b
7ffe6fac (+ 48) 0010078e 1358:runtime_loader_seg0ro@0x00100000 + 0x78e
7ffe6fdc (+ 0) 7ffe6fec 1357:sh_main_stack@0x7efe7000 + 0xffffec
kdebug>
Attachments (1)
Change History (5)
comment:1 by , 16 years ago
| Priority: | normal → high |
|---|
comment:2 by , 16 years ago
Experimentally proved: each time the fs_unmount is called for a busy volume, the volume's refcount is decreased by one. Seems like some excess release call there.
comment:3 by , 16 years ago
/src/system/kernel/fs/vfs.cpp
Line 6607 is not needed. At that point the root node seems like already released in the line 6542.
Note:
See TracTickets
for help on using tickets.
Perfectly reproducible here.