From owner-freebsd-stable@FreeBSD.ORG Tue Jan 29 16:26:51 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6F80416A41A for ; Tue, 29 Jan 2008 16:26:51 +0000 (UTC) (envelope-from mcj@bluetonic.org) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.181]) by mx1.freebsd.org (Postfix) with ESMTP id 301D813C455 for ; Tue, 29 Jan 2008 16:26:51 +0000 (UTC) (envelope-from mcj@bluetonic.org) Received: by py-out-1112.google.com with SMTP id u52so3088919pyb.10 for ; Tue, 29 Jan 2008 08:26:50 -0800 (PST) Received: by 10.35.39.11 with SMTP id r11mr810993pyj.23.1201622439038; Tue, 29 Jan 2008 08:00:39 -0800 (PST) Received: from ?192.168.1.139? ( [70.244.240.164]) by mx.google.com with ESMTPS id f55sm18099289pyh.28.2008.01.29.08.00.36 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 29 Jan 2008 08:00:38 -0800 (PST) Message-Id: <793AC3A0-38F5-43CD-97D0-6ADE5FF7D6B5@bluetonic.org> From: Carey Jones To: freebsd-stable@freebsd.org Mime-Version: 1.0 (Apple Message framework v915) Date: Tue, 29 Jan 2008 10:00:35 -0600 X-Mailer: Apple Mail (2.915) Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Help debugging kernel crash? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jan 2008 16:26:51 -0000 Hello, I posted this on -questions yesterday, but I thought this might be the more appropriate list - apologies for the cross-posting. I have been getting occasional reboots on my FreeBSD 6-STABLE machine. I haven't figured out a pattern on it yet, but the most recent crash was during some pretty heavy NFS usage, and I see nfsd in the dump, so perhaps that has something to do with it. Could anyone assist in deciphering the cause of this? This is the first time it's crashed on me once I enabled debugging, so I can't say for sure whether or not this is common to all of them. Thanks, -c mcj@ark ~ % uname -a FreeBSD ark.bluetonic.org 6.3-STABLE FreeBSD 6.3-STABLE #4: Wed Jan 23 19:10:47 CST 2008 root@ark.bluetonic.org:/usr/obj/usr/src/sys/ARK i386 root@ark ...src/sys/ARK # kgdb kernel.debug /var/crash/vmcore.0 kgdb: kvm_nlist(_stopped_cpus): kgdb: kvm_nlist(_stoppcbs): [GDB will not be able to debug user-mode threads: /usr/lib/ libthread_db.so: Unde fined symbol "ps_pglobal_lookup"] GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd". Unread portion of the kernel message buffer: panic: free: address 0xca0f6300(0xca0f6000) has not been allocated. Uptime: 18h38m31s Dumping 1279 MB (2 chunks) chunk 0: 1MB (159 pages) ... ok chunk 1: 1279MB (327408 pages) 1263 1247 1231 1215 1199 1183 1167 1151 1135 1119 1103 1087 1071 1055 1039 1023 1007 991 975 959 943 927 911 895 879 863 847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15 #0 doadump () at pcpu.h:165 165 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) backtrace #0 doadump () at pcpu.h:165 #1 0xc0553a74 in boot (howto=260) at /usr/src/sys/kern/ kern_shutdown.c:409 #2 0xc0553da6 in panic ( fmt=0xc0744037 "free: address %p(%p) has not been allocated.\n") at /usr/src/sys/kern/kern_shutdown.c:565 #3 0xc0545ab5 in free (addr=0xca0f6300, mtp=0x0) at /usr/src/sys/kern/kern_malloc.c:374 #4 0xc06701f3 in nfssvc_nfsd (td=0x0) at /usr/src/sys/nfsserver/nfs_syscalls.c:544 #5 0xc066f455 in nfssvc (td=0xc522e300, uap=0xed9ced04) at /usr/src/sys/nfsserver/nfs_syscalls.c:181 #6 0xc0711332 in syscall (frame= {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 0, tf_esi = 0, tf_ebp = -1077941464, tf_isp = -308482716, tf_ebx = 0, tf_edx = -1077936144, tf_ecx = 2, tf_eax = 155, tf_trapno = 12, tf_err = 2, tf_eip = 671902679, tf_cs = 51, tf_eflags = 582, tf_esp = -1077941492, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:984 #7 0xc06fb5ef in Xint0x80_syscall () at /usr/src/sys/i386/i386/ exception.s:200 #8 0x00000033 in ?? () Previous frame inner to this frame (corrupt stack?) (kgdb)