From owner-freebsd-bugs Sat Jan 27 19:50:09 1996 Return-Path: owner-bugs Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id TAA22178 for bugs-outgoing; Sat, 27 Jan 1996 19:50:09 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id TAA22170 Sat, 27 Jan 1996 19:50:05 -0800 (PST) Resent-Date: Sat, 27 Jan 1996 19:50:05 -0800 (PST) Resent-Message-Id: <199601280350.TAA22170@freefall.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, hsu@clinet.fi Received: from hauki.clinet.fi (root@hauki.clinet.fi [194.100.0.1]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id TAA21753 for ; Sat, 27 Jan 1996 19:41:27 -0800 (PST) Received: from katiska.clinet.fi (root@katiska.clinet.fi [194.100.0.4]) by hauki.clinet.fi (8.7.3/8.6.4) with ESMTP id FAA05431 for ; Sun, 28 Jan 1996 05:41:21 +0200 (EET) Received: (root@localhost) by katiska.clinet.fi (8.7.3/8.6.4) id FAA03784; Sun, 28 Jan 1996 05:41:21 +0200 (EET) Message-Id: <199601280341.FAA03784@katiska.clinet.fi> Date: Sun, 28 Jan 1996 05:41:21 +0200 (EET) From: Heikki Suonsivu Reply-To: hsu@clinet.fi To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: kern/974: ktrace causes panic: freeing busy page Sender: owner-bugs@freebsd.org Precedence: bulk >Number: 974 >Category: kern >Synopsis: ktrace causes panic: freeing busy page >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Jan 27 19:50:02 PST 1996 >Last-Modified: >Originator: Heikki Suonsivu >Organization: Clinet, Espoo, Finland >Release: FreeBSD 2.2-CURRENT i386 >Environment: -current, last sup jan 8. >Description: dumps are available in ftp://ftp.clinet.fi/pub/FreeBSD/crashdumps/*.53.gz Script started on Sun Jan 28 05:16:30 1996 jeppe has logged on ttyp0 from smile. saku has logged on ttyp1 from newzetor. hsu has logged on ttyp3 from katiska. hsu has logged on ttyp4 from katiska. saku has logged on ttyp5 from newzetor. steinerk has logged on ttyp6 from osku. wesku has logged on ttyp7 from clinet. hsu#katiska.clinet.fi Sun 1: gdb -k gdb-log.53 kernel.52 kernel.53 vmcore.52 vmcore.53 hsu#katiska.clinet.fi Sun 1: gdb -k kernel.53 vmcore.53 GDB is free software and you are welcome to distribute copies of it under certain conditions; type "show copying" to see the conditions. There is absolutely no warranty for GDB; type "show warranty" for details. GDB 4.13 (i386-unknown-freebsd), Copyright 1994 Free Software Foundation, Inc... IdlePTD 257000 current pcb at 212e50 panic: vm_page_free: freeing busy page #0 boot (howto=256) at ../../i386/i386/machdep.c:931 931 dumppcb.pcb_ptd = rcr3(); (kgdb) list 926 cngetc(); 927 } else { 928 if (howto & RB_DUMP) { 929 if (!cold) { 930 savectx(&dumppcb, 0); 931 dumppcb.pcb_ptd = rcr3(); 932 dumpsys(); 933 } 934 935 if (PANIC_REBOOT_WAIT_TIME != 0) { (kgdb) up #1 0xf0115e43 in panic (fmt=0xf01b4ddb "vm_page_free: freeing busy page") at ../../kern/subr_prf.c:126 126 boot(bootopt); (kgdb) list 121 kdbpanic(); 122 #endif 123 #ifdef DDB 124 Debugger ("panic"); 125 #endif 126 boot(bootopt); 127 } 128 129 /* 130 * Warn that a system table is full. (kgdb) up #2 0xf01b4ff2 in vm_page_free (mem=0xf030dee0) at ../../vm/vm_page.c:812 812 panic("vm_page_free: freeing busy page"); (kgdb) list 807 if (mem->bmapped || mem->busy || flags & (PG_BUSY|PG_FREE)) { 808 if (flags & PG_FREE) 809 panic("vm_page_free: freeing free page"); 810 printf("vm_page_free: pindex(%ld), bmapped(%d), busy(%d), PG_BUSY(%d)\n", 811 mem->pindex, mem->bmapped, mem->busy, (flags & PG_BUSY) ? 1 : 0); 812 panic("vm_page_free: freeing busy page"); 813 } 814 815 if ((flags & PG_WANTED) != 0) 816 wakeup(mem); (kgdb) list 817 if ((flags & PG_FICTITIOUS) == 0) { 818 if (mem->wire_count) { 819 if (mem->wire_count > 1) { 820 printf("vm_page_free: wire count > 1 (%d)", mem->wire_count); 821 panic("vm_page_free: invalid wire count"); 822 } 823 cnt.v_wire_count--; 824 mem->wire_count = 0; 825 } 826 mem->flags |= PG_FREE; (kgdb) up #3 0xf0129761 in vm_hold_free_pages (bp=0xf2fd0704, from=4086550528, to=4086558720) at ../../kern/vfs_bio.c:1651 1651 vm_page_free(p); (kgdb) list 1646 1647 for (pg = from; pg < to; pg += PAGE_SIZE, index++) { 1648 p = bp->b_pages[index]; 1649 bp->b_pages[index] = 0; 1650 pmap_kremove(pg); 1651 vm_page_free(p); 1652 --bp->b_npages; 1653 } 1654 } (kgdb) print p $1 = (struct vm_page *) 0xf030dee0 (kgdb) print *p $2 = {pageq = {tqe_next = 0xf02debdc, tqe_prev = 0xf021a42c}, hashq = { tqe_next = 0x0, tqe_prev = 0xf027ae50}, listq = {tqe_next = 0xf02d2874, tqe_prev = 0xf031d450}, object = 0xf0212c4c, pindex = 14718, phys_addr = 42569728, wire_count = 1, flags = 1536, hold_count = 0, act_count = 0, bmapped = 0, busy = 1, valid = 0, dirty = 0} (kgdb) down #2 0xf01b4ff2 in vm_page_free (mem=0xf030dee0) at ../../vm/vm_page.c:812 812 panic("vm_page_free: freeing busy page"); (kgdb) list 807 if (mem->bmapped || mem->busy || flags & (PG_BUSY|PG_FREE)) { 808 if (flags & PG_FREE) 809 panic("vm_page_free: freeing free page"); 810 printf("vm_page_free: pindex(%ld), bmapped(%d), busy(%d), PG_BUSY(%d)\n", 811 mem->pindex, mem->bmapped, mem->busy, (flags & PG_BUSY) ? 1 : 0); 812 panic("vm_page_free: freeing busy page"); 813 } 814 815 if ((flags & PG_WANTED) != 0) 816 wakeup(mem); (kgdb) print mem-    *mem $3 = {pageq = {tqe_next = 0xf02debdc, tqe_prev = 0xf021a42c}, hashq = { tqe_next = 0x0, tqe_prev = 0xf027ae50}, listq = {tqe_next = 0xf02d2874, tqe_prev = 0xf031d450}, object = 0xf0212c4c, pindex = 14718, phys_addr = 42569728, wire_count = 1, flags = 1536, hold_count = 0, act_count = 0, bmapped = 0, busy = 1, valid = 0, dirty = 0} (kgdb) set radix 16 Input and output radices now set to decimal 16, hex 10, octal 20. (kgdb) print *mem $4 = {pageq = {tqe_next = 0xf02debdc, tqe_prev = 0xf021a42c}, hashq = { tqe_next = 0x0, tqe_prev = 0xf027ae50}, listq = {tqe_next = 0xf02d2874, tqe_prev = 0xf031d450}, object = 0xf0212c4c, pindex = 0x397e, phys_addr = 0x2899000, wire_count = 0x1, flags = 0x600, hold_count = 0x0, act_count = 0x0, bmapped = 0x0, busy = 0x1, valid = 0x0, dirty = 0x0} (kgdb) quit hsu#katiska.clinet.fi Sun 2: ^Dexit Script done on Sun Jan 28 05:21:17 1996 >How-To-Repeat: This was already on -current list, but better PR it to make sure it's not forgotten. It is trivial to cause, ktrace anything which does lots of disk IO/system calls. >Fix: >Audit-Trail: >Unformatted: