Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 20 Jan 2007 14:42:18 +0100
From:      "Alexander Leidinger" <netchild@FreeBSD.org>
To:        "FreeBSD gnats submit" <FreeBSD-gnats-submit@FreeBSD.org>
Subject:   kern/108151: panic: relpbuf with vp
Message-ID:  <1169300538.1578@Magellan.Leidinger.net>
Resent-Message-ID: <200701201350.l0KDoG9c085593@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         108151
>Category:       kern
>Synopsis:       panic: relpbuf with vp
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jan 20 13:50:15 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Alexander Leidinger
>Release:        FreeBSD 7.0-CURRENT i386
>Organization:
FreeBSD 
>Environment:


System: FreeBSD 7.0-CURRENT #233: Thu Jan 18 08:37:34 CET 2007
    root@Magellan.Leidinger.net:/big/usr/src/sys/i386/compile/WORK



>Description:


(kgdb) bt
#0  doadump () at pcpu.h:166
During symbol reading, Incomplete CFI data; unspecified registers at 0xc04a098e.
#1  0xc04a105e in boot (howto=0x104) at ../../../kern/kern_shutdown.c:411
#2  0xc04a0bad in panic (fmt=0xc05c5bbf "relpbuf with vp") at ../../../kern/kern_shutdown.c:567
#3  0xc056b21a in relpbuf (bp=0xcceaed30, pfreecnt=0xc05f0f0c) at ../../../vm/vm_pager.c:397
#4  0xc054bd1e in ffs_rawread_main (vp=0xc325dc90, uio=0xd6aaec68) at ../../../ufs/ffs/ffs_rawread.c:417
#5  0xc054c2e1 in ffs_rawread (vp=0xc325dc90, uio=0xd6aaec68, workdone=0xd6aaeb58)
    at ../../../ufs/ffs/ffs_rawread.c:476
#6  0xc0549cc3 in ffs_read (ap=0xd6aaeba0) at ../../../ufs/ffs/ffs_vnops.c:432
#7  0xc0599394 in VOP_READ_APV (vop=0x0, a=0xd6aaeba0) at vnode_if.c:637
#8  0xc04faf73 in vn_read (fp=0xc3c3e3a8, uio=0xd6aaec68, active_cred=0xc2fbe400, flags=0x0, td=0xc5014bd0)
    at vnode_if.h:343
#9  0xc04c579e in dofileread (td=0xc5014bd0, fd=0x4, fp=0xc3c3e3a8, auio=0xd6aaec68, offset=Unhandled dwarf expression opcode 0x93
) at file.h:242
#10 0xc04c593c in kern_readv (td=0xc5014bd0, fd=0x4, auio=0xd6aaec68) at ../../../kern/sys_generic.c:192
#11 0xc04c59da in read (td=0xc5014bd0, uap=0x0) at ../../../kern/sys_generic.c:116
#12 0xc058f87d in syscall (frame=0xd6aaed38) at ../../../i386/i386/trap.c:1008
#13 0xc05811f0 in Xint0x80_syscall () at ../../../i386/i386/exception.s:196
#14 0x281100e8 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) up 3
#3  0xc056b21a in relpbuf (bp=0xcceaed30, pfreecnt=0xc05f0f0c) at ../../../vm/vm_pager.c:397
397             KASSERT(bp->b_bufobj == NULL, ("relpbuf with bufobj"));
(kgdb) list
392                     crfree(bp->b_wcred);
393                     bp->b_wcred = NOCRED;
394             }
395
396             KASSERT(bp->b_vp == NULL, ("relpbuf with vp"));
397             KASSERT(bp->b_bufobj == NULL, ("relpbuf with bufobj"));
398
399             BUF_UNLOCK(bp);
400
401             mtx_lock(&pbuf_mtx);
(kgdb) print bp
$1 = (struct buf *) 0xcceaed30
(kgdb) print *bp
$2 = {
  b_bufobj = 0x0, 
  b_bcount = 0x2000, 
  b_caller1 = 0x0, 
  b_data = 0x804f000 <Address 0x804f000 out of bounds>, 
  b_error = 0x0, 
  b_iocmd = 0x1, 
  b_ioflags = 0x2, 
  b_iooffset = 0x44feb8000, 
  b_resid = 0x0, 
  b_iodone = 0, 
  b_blkno = 0x227f5c0, 
  b_offset = 0x44feb8000, 
  b_bobufs = {
    tqe_next = 0x0, 
    tqe_prev = 0x0
  }, 
  b_left = 0x0, 
  b_right = 0x0, 
  b_vflags = 0x0, 
  b_freelist = {
    tqe_next = 0xcceb2dd0, 
    tqe_prev = 0xc062caf8
  }, 
  b_qindex = 0x0, 
  b_flags = 0x200, 
  b_xflags = 0x0, 
  b_lock = {
    lk_object = {
      lo_name = 0xc05b7ad2 "bufwait", 
      lo_type = 0x0, 
      lo_flags = 0x40000, 
      lo_witness_data = {
        lod_list = {
          stqe_next = 0x0
        }, 
        lod_witness = 0x0
      }
    }, 
    lk_interlock = 0xc0614340, 
    lk_sharecount = 0x0, 
    lk_waitcount = 0x0, 
    lk_exclusivecount = 0x1, 
    lk_prio = 0x50, 
    lk_timo = 0x0, 
    lk_lockholder = 0xc5014bd0, 
    lk_newlock = 0x0
  }, 
  b_bufsize = 0x2000, 
  b_runningbufspace = 0x0, 
  b_kvabase = 0xd22bc000 <Address 0xd22bc000 out of bounds>, 
  b_kvasize = 0x20000, 
  b_lblkno = 0x0, 
  b_vp = 0xc325dc90, 
  b_dirtyoff = 0x0, 
  b_dirtyend = 0x1c000, 
  b_rcred = 0x0, 
  b_wcred = 0x0, 
  b_saveaddr = 0x804f000, 
  b_pager = {
    pg_reqpage = 0x0
  }, 
  b_cluster = {
    cluster_head = {
      tqh_first = 0xccede2d0, 
      tqh_last = 0xccef3e10
    }, 
    cluster_entry = {
      tqe_next = 0xccede2d0, 
      tqe_prev = 0xccef3e10
    }
  }, 
  b_pages = {0xc137e548, 0xc1344570, 0xc16ac9a0, 0xc1366ab8, 0xc1463058, 0xc1249650, 0xc13548c0, 0xc11ce1e8, 
    0xc13671c0, 0xc17ca6c0, 0xc1302900, 0xc1371180, 0xc18a2630, 0xc1186ff8, 0xc12bb6c8, 0xc1139dd8, 0xc16a6ec8, 
    0xc13b99f0, 0xc1305b10, 0xc10e01c8, 0xc136e3f0, 0xc1386540, 0xc188b770, 0xc18704a0, 0xc1552308, 0xc11f12b8, 
    0xc1207098, 0xc1271598, 0xc13e9d68, 0xc1594b48, 0xc1433748, 0xc134a798}, 
  b_npages = 0x2, 
  b_dep = {
    lh_first = 0x0
  }, 
  b_fsprivate1 = 0x0, 
  b_fsprivate2 = 0x0, 
  b_fsprivate3 = 0x0, 
  b_pin_count = 0x0
}



>How-To-Repeat:


Running the fsx filesystem test in the linuxulator (linux test project version of fsx). This succeeded a lot of times before. The panic started to appear at the start of this year (already reported to current). I just need to run the entire LTP test (see http://wiki.freebsd.org/linux-kernel for more) and at some point it panics.


>Fix:





>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1169300538.1578>