From owner-freebsd-current  Thu Dec 12 18:32:27 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0CC9A37B401; Thu, 12 Dec 2002 18:32:24 -0800 (PST)
Received: from smtp04.iprimus.com.au (smtp04.iprimus.com.au [210.50.76.52])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id EB88043ED1; Thu, 12 Dec 2002 18:32:22 -0800 (PST)
	(envelope-from tim@robbins.dropbear.id.au)
Received: from smtp02.iprimus.net.au (210.50.76.70) by smtp04.iprimus.com.au (6.7.010)
        id 3DF583C30006FE8C; Fri, 13 Dec 2002 13:32:11 +1100
Received: from dilbert.robbins.dropbear.id.au ([210.50.250.64]) by smtp02.iprimus.net.au with Microsoft SMTPSVC(5.0.2195.5600);
	 Fri, 13 Dec 2002 13:32:09 +1100
Received: from dilbert.robbins.dropbear.id.au (0v1hwh9y11smdpqa@localhost [127.0.0.1])
	by dilbert.robbins.dropbear.id.au (8.12.6/8.12.6) with ESMTP id gBD2WAgP056659;
	Fri, 13 Dec 2002 13:32:10 +1100 (EST)
	(envelope-from tim@dilbert.robbins.dropbear.id.au)
Received: (from tim@localhost)
	by dilbert.robbins.dropbear.id.au (8.12.6/8.12.6/Submit) id gBD2W9OW056658;
	Fri, 13 Dec 2002 13:32:09 +1100 (EST)
	(envelope-from tim)
Date: Fri, 13 Dec 2002 13:32:09 +1100
From: Tim Robbins <tjr@FreeBSD.org>
To: Brian Fundakowski Feldman <green@FreeBSD.org>
Cc: current@FreeBSD.org
Subject: Re: fincore.c strikes again (panic bremfree: bp not locked)
Message-ID: <20021213133209.A56368@dilbert.robbins.dropbear.id.au>
References: <200212130020.gBD0KFWg000827@green.bikeshed.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <200212130020.gBD0KFWg000827@green.bikeshed.org>; from green@FreeBSD.org on Thu, Dec 12, 2002 at 07:20:15PM -0500
X-OriginalArrivalTime: 13 Dec 2002 02:32:10.0510 (UTC) FILETIME=[D68742E0:01C2A24F]
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

On Thu, Dec 12, 2002 at 07:20:15PM -0500, Brian Fundakowski Feldman wrote:

> I don't have any more info since for some reason the kernel wasn't saved 
> when my system dumped core, but yet again fincore.c causes evidence that 
> -CURRENT has regressed again.  I can't find the old thread I'm thinking of, 
> but from a slightly different thread, bde knew what was going on.
[...]

I can reproduce the panic here. This is the message & backtrace, for anyone
who wants to help track it down:

GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-undermydesk-freebsd"...
panic: from debugger
panic messages:
---
panic: mutex vm page queue mutex not owned at /usr/src/sys/i386/i386/pmap.c:3141
panic: from debugger
Uptime: 2h37m31s
Dumping 64 MB
ata0: resetting devices ..
done
 16 32 48
---
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:232
232             dumping++;
(kgdb) bt
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:232
#1  0xc0197bfc in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:364
#2  0xc0197e43 in panic () at /usr/src/sys/kern/kern_shutdown.c:517
#3  0xc01318d2 in db_panic () at /usr/src/sys/ddb/db_command.c:450
#4  0xc0131852 in db_command (last_cmdp=0xc02d73c0, cmd_table=0x0, 
    aux_cmd_tablep=0xc02d20e4, aux_cmd_tablep_end=0xc02d20e8)
    at /usr/src/sys/ddb/db_command.c:346
#5  0xc0131966 in db_command_loop () at /usr/src/sys/ddb/db_command.c:472
#6  0xc013465a in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_trap.c:72
#7  0xc0287862 in kdb_trap (type=3, code=0, regs=0xc6279ba8)
    at /usr/src/sys/i386/i386/db_interface.c:166
#8  0xc0298eef in trap (frame=
      {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = -1058181856, tf_esi = 256, tf_ebp = -970482700, tf_isp = -970482732, tf_ebx = 0, tf_edx = 0, tf_ecx = 32, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -1071088882, tf_cs = 8, tf_eflags = 646, tf_esp = -1070805470, tf_ss = -1070875346})
    at /usr/src/sys/i386/i386/trap.c:603
#9  0xc0289048 in calltrap () at {standard input}:98
#10 0xc0197e2b in panic (fmt=0x0) at /usr/src/sys/kern/kern_shutdown.c:503
#11 0xc018eb3c in _mtx_assert (m=0xc02ef400, what=0, 
    file=0xc02ce210 "/usr/src/sys/i386/i386/pmap.c", line=3141)
    at /usr/src/sys/kern/kern_mutex.c:838
#12 0xc0296b24 in pmap_ts_referenced (m=0xc45)
    at /usr/src/sys/i386/i386/pmap.c:3141
---Type <return> to continue, or q <return> to quit---
#13 0xc0296ec3 in pmap_mincore (pmap=0x0, addr=0)
    at /usr/src/sys/i386/i386/pmap.c:3340
#14 0xc025d51c in mincore (td=0x3ab0405, uap=0x0)
    at /usr/src/sys/vm/vm_mmap.c:874
#15 0xc02997f7 in syscall (frame=
      {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = -1077937044, tf_esi = -1077937032, tf_ebp = -1077937084, tf_isp = -970482316, tf_ebx = 2, tf_edx = 134524928, tf_ecx = 8, tf_eax = 78, tf_trapno = 12, tf_err = 2, tf_eip = 671813747, tf_cs = 31, tf_eflags = 658, tf_esp = -1077937300, tf_ss = 47})
    at /usr/src/sys/i386/i386/trap.c:1033
#16 0xc028909d in Xint0x80_syscall () at {standard input}:140
---Can't read userspace from dump, or kernel process---

(kgdb) frame 12
#12 0xc0296b24 in pmap_ts_referenced (m=0xc45)
    at /usr/src/sys/i386/i386/pmap.c:3141
3141            mtx_assert(&vm_page_queue_mtx, MA_OWNED);
(kgdb) print vm_page_queue_mtx
$1 = {mtx_object = {lo_class = 0xc02df5c0, 
    lo_name = 0xc02ca52a "vm page queue mutex", 
    lo_type = 0xc02ca52a "vm page queue mutex", lo_flags = 196608, lo_list = {
      tqe_next = 0xc02ef3a0, tqe_prev = 0xc030d10c}, lo_witness = 0xc0310148}, 
  mtx_lock = 4, mtx_recurse = 0, mtx_blocked = {tqh_first = 0x0, 
    tqh_last = 0xc02ef424}, mtx_contested = {le_next = 0x0, le_prev = 0x0}, 
  mtx_acqtime = 0, mtx_filename = 0x0, mtx_lineno = 0}

This stuff probably is not useful:

(kgdb) frame 14
#14 0xc025d51c in mincore (td=0x3ab0405, uap=0x0)
    at /usr/src/sys/vm/vm_mmap.c:874
874                             mincoreinfo = pmap_mincore(pmap, addr);
(kgdb) print pmap
$2 = (struct pmap *) 0xc0609bdc
(kgdb) print addr
$3 = 672395264
(kgdb) print *pmap
$4 = {pm_pdir = 0xc62b7000, pm_pteobj = 0xc1048410, pm_pvlist = {
    tqh_first = 0xc05c5188, tqh_last = 0xc05a8be0}, pm_active = 1, pm_stats = {
    resident_count = 173, wired_count = 0}, pm_ptphint = 0xc0484368, 
  pm_list = {le_next = 0xc060962c, le_prev = 0xc02f56fc}}
(kgdb) frame 13
#13 0xc0296ec3 in pmap_mincore (pmap=0x0, addr=0)
    at /usr/src/sys/i386/i386/pmap.c:3340
(kgdb) print m
$5 = (struct vm_page *) 0xc0543138
(kgdb) print *m
$6 = {pageq = {tqe_next = 0xc054a6c8, tqe_prev = 0xc04967a0}, listq = {
    tqe_next = 0xc04fd580, tqe_prev = 0xc04806f8}, left = 0xc053df60, 
  right = 0xc04afc10, object = 0xc0435958, pindex = 6, phys_addr = 61538304, 
  md = {pv_list_count = 1, pv_list = {tqh_first = 0xc05a355c, 
      tqh_last = 0xc05a3564}}, queue = 33, flags = 0, pc = 16, wire_count = 0, 
  hold_count = 0, act_count = 0 '\0', busy = 0 '\0', valid = 255 'ÿ', 
  dirty = 0 '\0', cow = 0}



Tim

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message