From owner-freebsd-current Thu Jan 15 04:47:18 1998 Return-Path: Received: (from daemon@localhost) by hub.freebsd.org (8.8.8/8.8.8) id EAA14907 for current-outgoing; Thu, 15 Jan 1998 04:47:18 -0800 (PST) (envelope-from owner-freebsd-current) Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA14794; Thu, 15 Jan 1998 04:46:06 -0800 (PST) (envelope-from bde@godzilla.zeta.org.au) Received: (from bde@localhost) by godzilla.zeta.org.au (8.8.7/8.8.7) id XAA25673; Thu, 15 Jan 1998 23:42:48 +1100 Date: Thu, 15 Jan 1998 23:42:48 +1100 From: Bruce Evans Message-Id: <199801151242.XAA25673@godzilla.zeta.org.au> To: dyson@freebsd.org Subject: panic: vm_object_deallocate: deallocated too many times Cc: current@freebsd.org Sender: owner-freebsd-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk [This may have been lost when hub.freebsd.org was down.] The following command usually causes a panic when /usr is nfs-mounted: umount -Af -t nfs The panic usually occurs when syslogd exits. Bruce GDB is free software and you are welcome to distribute copies of it under certain conditions; type "show copying" to see the conditions. There is absolutely no warranty for GDB; type "show warranty" for details. GDB 4.16 (i386-unknown-freebsd), Copyright 1996 Free Software Foundation, Inc... IdlePTD 390000 current pcb at 2302b8 panicstr: vm_object_deallocate: object deallocated too many times panic messages: --- panic: vm_object_deallocate: object deallocated too many times syncing disks... done dumping to dev 401, offset 65536 dump 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 --- #0 boot (howto=256) at ./@/kern/kern_shutdown.c:285 285 dumppcb.pcb_cr3 = rcr3(); (kgdb) where #0 boot (howto=256) at ./@/kern/kern_shutdown.c:285 #1 0xf0120557 in panic ( fmt=0xf01d7f3b "vm_object_deallocate: object deallocated too many times") at ./@/kern/kern_shutdown.c:425 #2 0xf01d7fbc in vm_object_deallocate (object=0xf035344c) at ./@/vm/vm_object.c:295 #3 0xf01d5a00 in vm_map_entry_delete (map=0xf06a4500, entry=0xf476c828) at ./@/vm/vm_map.c:1784 #4 0xf01d5b7c in vm_map_delete (map=0xf06a4500, start=0, end=4022329344) at ./@/vm/vm_map.c:1877 #5 0xf01d5c04 in vm_map_remove (map=0xf06a4500, start=0, end=4022329344) at ./@/vm/vm_map.c:1911 #6 0xf01195f8 in exit1 (p=0xf06b9400, rv=11) at ./@/kern/kern_exit.c:213 #7 0xf01217e6 in sigexit (p=0xf06b9400, signum=11) at ./@/kern/kern_sig.c:1222 #8 0xf01215e3 in postsig (signum=11) at ./@/kern/kern_sig.c:1130 #9 0xf01ef7d8 in trap (frame={tf_es = 39, tf_ds = 39, tf_edi = -272646808, tf_esi = 32, tf_ebp = -272638376, tf_isp = -196325404, tf_ebx = 537455056, tf_edx = -1, tf_ecx = 3, tf_eax = 1, tf_trapno = 12, tf_err = 1, tf_eip = 7798, tf_cs = 31, tf_eflags = 66118, tf_esp = -272646880, tf_ss = 39}) at ./@/i386/i386/trap.c:166 #10 0x1e76 in ?? () Cannot access memory at address 0xefbfde5c. (kgdb) up 2 #2 0xf01d7fbc in vm_object_deallocate (object=0xf035344c) at ./@/vm/vm_object.c:295 295 return; (kgdb) p *object $1 = {object_list = {tqe_next = 0xf0352aec, tqe_prev = 0xf47939d8}, shadow_head = {tqh_first = 0x0, tqh_last = 0xf0353814}, shadow_list = { tqe_next = 0x0, tqe_prev = 0xf03539fc}, memq = {tqh_first = 0x0, tqh_last = 0xf0353824}, type = OBJT_DEFAULT, size = 13, ref_count = 0, shadow_count = -1, pg_color = 5, flags = 392, paging_in_progress = 0, behavior = 0, resident_page_count = 0, paging_offset = 0x0000000000000000, backing_object = 0x0, backing_object_offset = 0x0000000000000000, last_read = 0, page_hint = 0x0, pager_object_list = {tqe_next = 0x0, tqe_prev = 0x0}, handle = 0x0, un_pager = {vnp = { vnp_size = 0x0000000000007000}, devp = {devp_pglist = { tqh_first = 0x7000, tqh_last = 0x0}}, swp = {swp_nblocks = 28672, swp_allocsize = 0, swp_blocks = 0x0, swp_poip = 0}}} (kgdb) p *curproc $2 = {p_procq = {tqe_next = 0xf034459c, tqe_prev = 0x0}, p_list = { le_next = 0xf06a2000, le_prev = 0xf06b5408}, p_cred = 0xf04df960, p_fd = 0xf06c0e00, p_stats = 0xf44c3220, p_limit = 0xf06a6400, p_upages_obj = 0xf0353884, p_sigacts = 0xf44c30f0, p_flag = 8196, p_stat = 2 '\002', p_pad1 = "\000\000", p_pid = 95, p_hash = { le_next = 0xf06a2000, le_prev = 0xf0689cfc}, p_pglist = {le_next = 0x0, le_prev = 0xf04df368}, p_pptr = 0xf06a2e00, p_sibling = { le_next = 0xf06a2000, le_prev = 0xf06b5448}, p_children = { lh_first = 0x0}, p_ithandle = {callout = 0xf2683e4c}, p_oppid = 0, p_dupfd = 0, p_vmspace = 0xf06a4500, p_estcpu = 14, p_cpticks = 14, p_pctcpu = 0, p_wchan = 0x0, p_wmesg = 0xf0127d99 "select", p_swtime = 241, p_slptime = 0, p_realtimer = {it_interval = {tv_sec = 0, tv_usec = 0}, it_value = {tv_sec = 884704028, tv_usec = 512775}}, p_rtime = {tv_sec = 0, tv_usec = 109914}, p_uticks = 5, p_sticks = 22, p_iticks = 0, p_sleepend = 0x0, p_traceflag = 0, p_tracep = 0x0, p_siglist = 0, p_textvp = 0xf06a4a00, p_lock = 0 '\000', p_oncpu = 0 '\000', p_lastcpu = 0 '\000', p_pad2 = 0 '\000', p_locks = 0, p_simple_locks = 0, p_stops = 0, p_stype = 0, p_step = 0 '\000', p_pfsflags = 0 '\000', p_pad3 = "\000", p_retval = {1, -1}, p_sigmask = 0, p_sigignore = 4294967295, p_sigcatch = 548865, p_priority = 53 '5', p_usrpri = 53 '5', p_nice = 0 '\000', p_comm = "syslogd\000\000\000\000\000\000\000\000\000", p_pgrp = 0xf04df360, p_sysent = 0xf021fdd0, p_rtprio = {type = 1, prio = 0}, p_addr = 0xf44c3000, p_md = {md_regs = 0xf44c4fbc}, p_xstat = 0, p_acflag = 19, p_ru = 0xf0715f80, p_nthreads = 0, p_aioinfo = 0x0, p_wakeup = 0, p_peers = 0x0, p_leader = 0xf06b9400} (kgdb) q