Date: Wed, 5 Sep 2001 12:42:39 +0200 (CEST) From: Alexander Leidinger <Alexander@Leidinger.net> To: current@FreeBSD.ORG Subject: bremfree panic only (was: Re: panic: ffs_clusteralloc: map mismatch / panic: bremfree: ... - with kernel from yesterday and Aug 28 (backtrace)) Message-ID: <200109051042.f85Age900947@Magelan.Leidinger.net> In-Reply-To: <200109021307.f82D7Xk00888@Magelan.Leidinger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2 Sep, An: current@FreeBSD.ORG wrote:
> Hi,
>=20
> here's a backtrace from a kernel panic I get if I try to buildworld wit=
h
> "make -j4" (source as of yesterday).
>=20
> I also get this panic if I try to cvsup (not only with this kernel, als=
o
> with a kernel from Aug 28).
Still kernel (+world) from Sep 2, but now I got a panic at shutdown.
I didn't have much experience with kernel debugging (or kernel
internals), any help to be able to provide as much informations as
needed to track the bug down will be appreciated.
Here's the backtrace and a "print bp".
---snip---
IdlePTD 4911104
initial pcb at 2de4a0
panicstr: bremfree: bp 0xc69b09ec not locked
panic messages:
---
Fatal trap 12: page fault while in vm86 mode
fault virtual address =3D 0xc37bd
fault code =3D user read, page not present
instruction pointer =3D 0xc000:0x37bd
stack pointer =3D 0x0:0xfb4
frame pointer =3D 0x0:0x0
code segment =3D base 0xd00005, limit 0x2, type 0x1
=3D DPL 3, pres 1, def32 0, gran 0
processor eflags =3D interrupt enabled, resume, vm86, IOPL =3D 0
current process =3D 499 (XFree86)
trap number =3D 12
panic: page fault
syncing disks... panic: bremfree: bp 0xc69b09ec not locked
Uptime: 3h45m56s
dumping to dev ad1s2b, offset 1572992
dump ata0: resetting devices .. ad1: invalidating queued requests
done
[...]
---
#0 dumpsys () at ../../../kern/kern_shutdown.c:487
487 if (dumping++) {
(kgdb) bt
#0 dumpsys () at ../../../kern/kern_shutdown.c:487
#1 0xc019805d in boot (howto=3D260) at ../../../kern/kern_shutdown.c:330
#2 0xc0198476 in panic (fmt=3D0xc02941e1 "bremfree: bp %p not locked")
at ../../../kern/kern_shutdown.c:623
#3 0xc01ccd09 in bremfree (bp=3D0xc69b09ec) at ../../../kern/vfs_bio.c:5=
35
#4 0xc01ce41c in vfs_bio_awrite (bp=3D0xc69b09ec)
at ../../../kern/vfs_bio.c:1528
#5 0xc02165a6 in ffs_fsync (ap=3D0xc04b2e88) at ../../../ufs/ffs/ffs_vno=
ps.c:239
#6 0xc0214623 in ffs_sync (mp=3D0xc1874c00, waitfor=3D2, cred=3D0xc0e60c=
00,=20
p=3D0xc030e800) at vnode_if.h:441
#7 0xc01dbd4d in sync (p=3D0xc030e800, uap=3D0x0)
at ../../../kern/vfs_syscalls.c:622
#8 0xc0197b4d in boot (howto=3D256) at ../../../kern/kern_shutdown.c:239
#9 0xc0198476 in panic (fmt=3D0xc02a947e "%s")
at ../../../kern/kern_shutdown.c:623
#10 0xc0255c04 in trap_fatal (frame=3D0xc04b2fa8, eva=3D800701)
at ../../../i386/i386/trap.c:934
#11 0xc025593d in trap_pfault (frame=3D0xc04b2fa8, usermode=3D0, eva=3D80=
0701)
at ../../../i386/i386/trap.c:848
#12 0xc025512c in trap (frame=3D{tf_fs =3D 0, tf_es =3D 0, tf_ds =3D 0,=20
tf_edi =3D 17150, tf_esi =3D 21526, tf_ebp =3D 0, tf_isp =3D -10688=
14380,=20
tf_ebx =3D 31232, tf_edx =3D 47104, tf_ecx =3D 7809, tf_eax =3D 182=
4,=20
tf_trapno =3D 12, tf_err =3D 4, tf_eip =3D 14269, tf_cs =3D 49152,=20
tf_eflags =3D 721478, tf_esp =3D 4020, tf_ss =3D 0})
at ../../../i386/i386/trap.c:405
(kgdb) up 3
#3 0xc01ccd09 in bremfree (bp=3D0xc69b09ec) at ../../../kern/vfs_bio.c:5=
35
535 KASSERT(BUF_REFCNT(bp) =3D=3D 1, ("bremfree: bp %=
p not locked",bp));
(kgdb) list
530 int old_qindex =3D bp->b_qindex;
531
532 GIANT_REQUIRED;
533
534 if (bp->b_qindex !=3D QUEUE_NONE) {
535 KASSERT(BUF_REFCNT(bp) =3D=3D 1, ("bremfree: bp %=
p not locked",bp));
536 TAILQ_REMOVE(&bufqueues[bp->b_qindex], bp, b_free=
list);
537 bp->b_qindex =3D QUEUE_NONE;
538 } else {
539 if (BUF_REFCNT(bp) <=3D 1)
(kgdb) up 1
#4 0xc01ce41c in vfs_bio_awrite (bp=3D0xc69b09ec)
at ../../../kern/vfs_bio.c:1528
1528 bremfree(bp);
(kgdb) list
1523 return nwritten;
1524 }
1525 }
1526
1527 BUF_LOCK(bp, LK_EXCLUSIVE);
1528 bremfree(bp);
1529 bp->b_flags |=3D B_ASYNC;
1530
1531 splx(s);
1532 /*
(kgdb) print bp
$1 =3D (struct buf *) 0xc69b09ec
(kgdb) print *bp
$2 =3D {b_io =3D {bio_cmd =3D 2, bio_dev =3D 0xffffffff, bio_blkno =3D 13=
36,=20
bio_offset =3D 23479844864, bio_bcount =3D 4096,=20
bio_data =3D 0xc6ca4000 "=CE\222V=B2=ED=C5=F6=BA=AA\234\207p0=FB=EC=DB=
R=3D5M=D9F=DE\b=C8=F9,=D8'\022m=CC\002=CC\231=F2W{=A1\004=C7\206\032=BB=EB=
\036s=D8=D2\013=F0\r\031\200\027=FD\024=C4\032=CAt=D2=D6=B6d\030\016o\223=
}\215\034L=C7=D4\a=EEv\025;\236=D0\035=E7M\021=DA\b=DD!\\=F1", bio_flags =
=3D 0, _bio_buf =3D 0x0,=20
bio_error =3D 0, bio_resid =3D 0, bio_done =3D 0xc01cfab8 <bufdonebio=
>,=20
bio_driver1 =3D 0x0, bio_driver2 =3D 0x0, bio_caller1 =3D 0x0,=20
bio_caller2 =3D 0xc69b09ec, bio_queue =3D {tqe_next =3D 0xc69aa38c,=20
tqe_prev =3D 0xc18644a4}, bio_pblkno =3D 69445337, bio_done_chain =3D=
0x0},=20
b_op =3D 0xc02c602c, b_magic =3D 280038160, b_iodone =3D 0, b_offset =3D=
0,=20
b_hash =3D {le_next =3D 0xc6a59bc0, le_prev =3D 0xc6a6f9e4}, b_vnbufs =3D=
{
tqe_next =3D 0x0, tqe_prev =3D 0xd135d2d4}, b_freelist =3D {
tqe_next =3D 0xc69a488c, tqe_prev =3D 0xc6a3dc50}, b_act =3D {tqe_nex=
t =3D 0x0,=20
tqe_prev =3D 0x0}, b_flags =3D 537006752, b_qindex =3D 3, b_xflags =3D=
1 '\001',=20
b_lock =3D {lk_interlock =3D 0xc0e58e30, lk_flags =3D 0, lk_sharecount =
=3D 0,=20
lk_waitcount =3D 0, lk_exclusivecount =3D 0, lk_prio =3D 80,=20
lk_wmesg =3D 0xc02941ad "bufwait", lk_timo =3D 0, lk_lockholder =3D -=
1},=20
b_bufsize =3D 4096, b_runningbufspace =3D 0,=20
b_kvabase =3D 0xc6ca4000 "=CE\222V=B2=ED=C5=F6=BA=AA\234\207p0=FB=EC=DB=
R=3D5M=D9F=DE\b=C8=F9,=D8'\022m=CC\002=CC\231=F2W{=A1\004=C7\206\032=BB=EB=
\036s=D8=D2\013=F0\r\031\200\027=FD\024=C4\032=CAt=D2=D6=B6d\030\016o\223=
}\215\034L=C7=D4\a=EEv\025;\236=D0\035=E7M\021=DA\b=DD!\\=F1", b_kvasize =
=3D 16384, b_lblkno =3D 0,=20
b_vp =3D 0xd135d2a0, b_dirtyoff =3D 0, b_dirtyend =3D 0, b_rcred =3D 0x=
0,=20
b_wcred =3D 0x0, b_saveaddr =3D 0x0, b_pager =3D {pg_spc =3D 0x0, pg_re=
qpage =3D 0},=20
b_cluster =3D {cluster_head =3D {tqh_first =3D 0xc69ab058, tqh_last =3D=
0xc69fcd54},=20
cluster_entry =3D {tqe_next =3D 0xc69ab058, tqe_prev =3D 0xc69fcd54}}=
,=20
b_pages =3D {0xc0a239e8, 0x0 <repeats 31 times>}, b_npages =3D 1, b_dep=
=3D {
lh_first =3D 0xc191db00}}
---snip---
output of "ps auxww":
---snip---
(17) root@ttyp0 # ps auxww -N /sys/i386/compile/WORK/kernel.debug -M /var=
/crash/vmcore.20
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
nobody 483 85.8 0.0 772 0 ?? RNs 3:43PM 166:40.38 (dnetc)
root 499 5.7 0.0 19868 0 ?? Rs 3:43PM 18:46.64 (XFree86)
root 10 0.0 0.0 0 0 ?? RL 5:43PM 0:06.58 (idle)
root 11 0.0 0.0 0 0 ?? WL 5:43PM 0:00.52 (swi1: net=
)
root 12 0.0 0.0 0 0 ?? RL 5:43PM 1:21.03 (swi6: tty=
:sio clock)
root 13 0.0 0.0 0 0 ?? WL 5:43PM 0:00.00 (swi4: vm)
root 14 0.0 0.0 0 0 ?? DL 5:43PM 0:12.71 (random)
root 15 0.0 0.0 0 0 ?? WL 5:43PM 0:00.00 (swi2: cam=
net)
root 16 0.0 0.0 0 0 ?? WL 5:43PM 0:00.00 (swi3: cam=
bio)
root 17 0.0 0.0 0 0 ?? WL 5:43PM 0:00.00 (swi5: tas=
k queue)
root 18 0.0 0.0 0 0 ?? WL 5:43PM 0:00.00 (irq11: uh=
ci0 pcm1)
root 19 0.0 0.0 0 0 ?? ML 5:43PM 0:03.52 (irq14: at=
a0)
root 20 0.0 0.0 0 0 ?? WL 5:43PM 0:00.00 (irq15: at=
a1)
root 21 0.0 0.0 0 0 ?? DL 5:43PM 0:00.00 (usb0)
root 22 0.0 0.0 0 0 ?? WL 5:43PM 1:40.87 (irq10: ah=
c0 pcm0)
root 23 0.0 0.0 0 0 ?? WL 5:43PM 0:00.00 (irq5: xl0=
)
root 24 0.0 0.0 0 0 ?? WL 5:43PM 0:00.00 (irq6: fdc=
0)
root 25 0.0 0.0 0 0 ?? WL 5:43PM 0:00.00 (swi0: tty=
:sio)
root 26 0.0 0.0 0 0 ?? WL 5:43PM 0:00.00 (irq4: sio=
0)
root 27 0.0 0.0 0 0 ?? WL 5:43PM 0:00.00 (irq7: ppc=
0)
root 28 0.0 0.0 0 0 ?? WL 5:43PM 0:02.51 (irq1: atk=
bd0)
root 29 0.0 0.0 0 0 ?? WL 5:43PM 0:03.19 (irq12: ps=
m0)
root 30 0.0 0.0 0 0 ?? WL 5:43PM 0:24.84 (irq3: isi=
c0)
root 31 0.0 0.0 0 0 ?? WL 5:43PM 0:00.00 (irq0: clk=
)
root 32 0.0 0.0 0 0 ?? WL 5:43PM 0:00.00 (irq8: rtc=
)
root 2 0.0 0.0 0 0 ?? DL 5:43PM 0:00.10 (pagedaemo=
n)
root 3 0.0 0.0 0 0 ?? DL 5:43PM 0:00.00 (vmdaemon)
root 4 0.0 0.0 0 0 ?? DL 5:43PM 0:00.00 (pagezero)
root 5 0.0 0.0 0 0 ?? DL 5:43PM 0:00.17 (bufdaemon=
)
root 6 0.0 0.0 0 0 ?? DL 5:43PM 0:03.06 (syncer)
root 363 0.0 0.0 2848 0 ?? DLs 3:43PM 0:00.62 (sendmail)
root 486 0.0 0.0 2940 0 ?? Ss 3:43PM 0:00.04 (xdm)
root 9837 0.0 0.0 828 0 ?? S 7:28PM 0:00.00 (sh)
root 0 0.0 0.0 0 0 ?? DLs 5:43PM 0:00.06 (swapper)
root 9838 0.0 0.0 368 0 ?? DL 7:28PM 0:00.00 (rotatelog=
s)
root 1 0.0 0.0 680 0 ?? SLs 5:43PM 0:00.03 (init)
---snip---
Bye,
Alexander.
--=20
"One world, one web, one program" -- Microsoft promotional ad
"Ein Volk, ein Reich, ein Fuehrer" -- Adolf Hitler
http://www.Leidinger.net Alexander @ Leidinger.net
GPG fingerprint =3D C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109051042.f85Age900947>