Date: Fri, 9 Jan 1998 15:02:56 +1100 From: Bruce Evans <bde@zeta.org.au> To: current@freebsd.org Subject: panic in vm_object_deallocate() on reboot Message-ID: <199801090402.PAA12300@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
I get fairly consistent panics in vm_object_deallocate() on reboot.
The problem seems to be sensitive to the timing of swapon and dumpon
calls. With a fairly standard setup with swapon and dumpon run on the
same device from /etc/rc, the panic seems to occur if the dumpon succeeds
but not if it fails due to the dump device being too small. Running
swapon and dumpon after booting gives less consistent panics.
Bruce
GDB is free software and you are welcome to distribute copies of it
under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.16 (i386-unknown-freebsd),
Copyright 1996 Free Software Foundation, Inc...
IdlePTD 2b7000
current pcb at 22f2b8
panicstr: vm_object_deallocate: object deallocated too many times
panic messages:
---
panic: vm_object_deallocate: object deallocated too many times
syncing disks... 5 5 done
dumping to dev 50011, offset 142033
dump 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
---
#0 boot (howto=256) at ./@/kern/kern_shutdown.c:285
285 dumppcb.pcb_cr3 = rcr3();
(kgdb) where
#0 boot (howto=256) at ./@/kern/kern_shutdown.c:285
#1 0xf01207a7 in panic (
fmt=0xf01d7c7b "vm_object_deallocate: object deallocated too many times")
at ./@/kern/kern_shutdown.c:425
#2 0xf01d7cf8 in vm_object_deallocate (object=0xf027a3a8)
at ./@/vm/vm_object.c:295
#3 0xf01d5880 in vm_map_entry_delete (map=0xf0798000, entry=0xf4c087e0)
at ./@/vm/vm_map.c:1784
#4 0xf01d59fc in vm_map_delete (map=0xf0798000, start=0, end=4022329344)
at ./@/vm/vm_map.c:1877
#5 0xf01d5a84 in vm_map_remove (map=0xf0798000, start=0, end=4022329344)
at ./@/vm/vm_map.c:1911
#6 0xf0119858 in exit1 (p=0xf078d600, rv=11) at ./@/kern/kern_exit.c:213
#7 0xf0121a36 in sigexit (p=0xf078d600, signum=11) at ./@/kern/kern_sig.c:1222
#8 0xf0121833 in postsig (signum=11) at ./@/kern/kern_sig.c:1130
#9 0xf01ef458 in trap (frame={tf_es = 39, tf_ds = 39, tf_edi = -272646808,
tf_esi = 32, tf_ebp = -272638376, tf_isp = -191787036,
tf_ebx = 537455056, tf_edx = 16, tf_ecx = 3, tf_eax = 1, tf_trapno = 12,
tf_err = 1, tf_eip = 7798, tf_cs = 31, tf_eflags = 66118,
tf_esp = -272646880, tf_ss = 39}) at ./@/i386/i386/trap.c:166
#10 0x1e76 in ?? ()
Cannot access memory at address 0xefbfde5c.
(kgdb) up 2
#2 0xf01d7cf8 in vm_object_deallocate (object=0xf027a3a8)
at ./@/vm/vm_object.c:295
295 return;
(kgdb) p *object
$1 = {object_list = {tqe_next = 0xf0279d18, tqe_prev = 0xf4c395a0},
shadow_head = {tqh_first = 0x0, tqh_last = 0xf027ad10}, shadow_list = {
tqe_next = 0x0, tqe_prev = 0xf027a700}, memq = {tqh_first = 0x0,
tqh_last = 0xf027ad20}, type = OBJT_DEFAULT, size = 13, ref_count = 0,
shadow_count = -1, pg_color = 18, flags = 392, paging_in_progress = 0,
behavior = 0, resident_page_count = 0, paging_offset = 0x0000000000000000,
backing_object = 0x0, backing_object_offset = 0x0000000000000000,
last_read = 0, page_hint = 0x0, pager_object_list = {tqe_next = 0x0,
tqe_prev = 0x0}, handle = 0x0, un_pager = {vnp = {
vnp_size = 0x0000000000007000}, devp = {devp_pglist = {
tqh_first = 0x7000, tqh_last = 0x0}}, swp = {swp_nblocks = 28672,
swp_allocsize = 0, swp_blocks = 0x0, swp_poip = 0}}}
(kgdb) q
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199801090402.PAA12300>