Date: Tue, 21 Apr 1998 15:40:48 +1000 From: Stephen McKay <syssgm@dtir.qld.gov.au> To: freebsd-current@FreeBSD.ORG Cc: syssgm@dtir.qld.gov.au Subject: panic: vm_page_free: freeing busy page Message-ID: <199804210540.PAA08950@troll.dtir.qld.gov.au>
next in thread | raw e-mail | index | archive | help
I've finally got enough computer bits working again to do a little FreeBSD stress testing. The client is a Compaq Prolinea 486SX33 with 12Mb ram and 2 small SCSI-1 disks on an Adaptec 1542b. The server is a pentium 133 with 32Mb ram and 2 4Gb IBM UW SCSI disks on a FirePort 40 (ncr 875). The source and objects are on the server and NFS mounted to the client. The client mounts src readonly and obj read-write (and async, if that does anything under NFS). The client kernel (and userland) is -current from April 19 (April 18 US time), and has DIAGNOSTIC set. The server is -current from March 12, just before the big VM changes. At the time of the crash, the client was running 'make -j2 buildworld' (making all the obj dirs, I think) and building a kernel locally, and running iostat. Swapping was brisk, though not swamping the machine. There was plenty of swap space left. Unfortunately, I'm not 100% set up and I got no crash dump, or any groovy gdb info. Here's some stuff I got from DDB, painfully transcribed by hand: vm_object_terminate: freeing busy page vm_page_free: pindex(0), busy(1), PG_BUSY(1), hold(0) panic: vm_page_free: freeing busy page ... _panic... _vm_page_freechk_and_unqueue(f026949c) _vm_page_free(f026949c) _vm_object_terminate(f2489a50) _vm_object_deallocate(f2489a50) _vm_map_entry_delete(f2406ec0, f2477bac) _vm_map_delete(f2406ec0, 0, efbfe000) _vm_map_remove(f2406ec0, 0, efbfe000) _exit1(f2400f00) _exit(f2400f00) _syscall... _Xsyscall... The exiting process was /bin/sh. The page at f026949c is on queue 0x82 (PQ_ACTIVE), flags 0x85 (referenced, tabled, busy), valid 0xff, dirty 0 and is part of object f2489a50. The object at f2489a50 is type 0, size 1, res 1, ref 0, flags 0x188 (mightbedirty, writeable, dead), sref 0, offset 0, backobj(0)=(0)+0. Map entry f2477bac has start 2004b000 and end 2004c000, and corresponds to the single page mmap'd by malloc to be the malloc page directory. It refers to object f2489a50. I have some more info written down, but I think this is the essential stuff. My primitive analysis: I can't see how the object can be type 0 (OBJT_DEFAULT) and yet contain a busy page (indicating swap out in progress). I watched other sh processes in the next build world (the NFS bugs displayed by this one will be presented in a subsequent message) and their malloc directory pages changed from default to swap in /proc/*/map as expected. So, I'm stumped. Any body else got any good ideas? Stephen. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804210540.PAA08950>