From owner-freebsd-current  Sun Jun  2 15:51:47 2002
Delivered-To: freebsd-current@freebsd.org
Received: from alcanet.com.au (mail2.alcanet.com.au [203.62.196.17])
	by hub.freebsd.org (Postfix) with ESMTP id BDC2337B408
	for <current@freebsd.org>; Sun,  2 Jun 2002 15:49:42 -0700 (PDT)
Received: from mfg1.cim.alcatel.com.au (localhost.localdomain [127.0.0.1])
	by alcanet.com.au (8.12.1/8.12.1/Alcanet1.2) with ESMTP id g52Mnd0j021021
	for <current@freebsd.org>; Mon, 3 Jun 2002 08:49:40 +1000
Received: from gsmx07.alcatel.com.au by cim.alcatel.com.au
 (PMDF V5.2-32 #37645) with ESMTP id <01KIHKZL14F490OJL3@cim.alcatel.com.au>
 for current@freebsd.org; Mon, 3 Jun 2002 08:49:17 +1000
Received: from gsmx07.alcatel.com.au (localhost [127.0.0.1])
	by gsmx07.alcatel.com.au (8.12.3/8.12.3) with ESMTP id g52MnaID019499	for
 <current@freebsd.org>; Mon, 03 Jun 2002 08:49:36 +1000
Received: (from jeremyp@localhost)
	by gsmx07.alcatel.com.au (8.12.3/8.12.3/Submit)
 id g52MnaA5019498	for current@freebsd.org; Mon,
 03 Jun 2002 08:49:36 +1000 (EST)
Content-return: prohibited
Date: Mon, 03 Jun 2002 08:49:36 +1000
From: Peter Jeremy <peter.jeremy@alcatel.com.au>
Subject: Softupdates freeing unallocated space and panicing
To: current@freebsd.org
Mail-Followup-To: current@freebsd.org
Message-id: <20020603084936.A19375@gsmx07.alcatel.com.au>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-disposition: inline
User-Agent: Mutt/1.2.5.1i
X-Authentication-warning: gsmx07.alcatel.com.au: jeremyp set sender to
 peter.jeremy@alcatel.com.au using -f
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

I have a system running -CURRENT from 7th May and it panic'd over the
weekend:
panicstr: bwrite: buffer is not busy???
panic messages:
---
panic: free: address 0xccc792c0(0xccc79000) has not been allocated.


syncing disks... panic: bwrite: buffer is not busy???
Uptime: 10d8h49m19s
pfs_vncache_unload(): 1 entries remaining
Dumping 128 MB
ata0: resetting devices .. done
 16 32 48 64 80 96 112

The backtrace is:
#0  doadump () at /3.0/cvs/src/sys/kern/kern_shutdown.c:213
#1  0xc01b9684 in boot (howto=260) at /3.0/cvs/src/sys/kern/kern_shutdown.c:346
#2  0xc01b982d in panic (fmt=0xc02be24b "bwrite: buffer is not busy???")
    at /3.0/cvs/src/sys/kern/kern_shutdown.c:490
#3  0xc01e9377 in bwrite (bp=0xc36e8360) at /3.0/cvs/src/sys/kern/vfs_bio.c:747
#4  0xc01ea6af in vfs_bio_awrite (bp=0xc36e8360)
    at /3.0/cvs/src/sys/kern/vfs_bio.c:1603
#5  0xc01946e8 in spec_fsync (ap=0xc8507b48)
    at /3.0/cvs/src/sys/fs/specfs/spec_vnops.c:403
#6  0xc01942d5 in spec_vnoperate (ap=0xc8507b48)
    at /3.0/cvs/src/sys/fs/specfs/spec_vnops.c:121
#7  0xc024ae75 in ffs_sync (mp=0xc8591200, waitfor=2, cred=0xc36a1e80, 
    td=0xc02fde00) at vnode_if.h:441
#8  0xc01f6de3 in sync (td=0xc02fde00, uap=0x0)
    at /3.0/cvs/src/sys/kern/vfs_syscalls.c:1224
#9  0xc01b92f6 in boot (howto=256) at /3.0/cvs/src/sys/kern/kern_shutdown.c:254
#10 0xc01b982d in panic (
    fmt=0xc02b6180 "free: address %p(%p) has not been allocated.\n")
    at /3.0/cvs/src/sys/kern/kern_shutdown.c:490
#11 0xc01b121e in free (addr=0xccc792c0, type=0xc0310f40)
    at /3.0/cvs/src/sys/kern/kern_malloc.c:228
#12 0xc0246cfa in softdep_disk_write_complete (bp=0xc36fc3b0)
    at /3.0/cvs/src/sys/ufs/ffs/ffs_softdep.c:3549
#13 0xc01ebc7d in bufdone (bp=0xc36fc3b0) at /3.0/cvs/src/sys/sys/buf.h:406
#14 0xc01ee549 in cluster_callback (bp=0xc36da3f0)
    at /3.0/cvs/src/sys/kern/vfs_cluster.c:570
#15 0xc01ebc58 in bufdone (bp=0xc36da3f0)
    at /3.0/cvs/src/sys/kern/vfs_bio.c:2842
#16 0xc01ebbaa in bufdonebio (bp=0xc36da3f0)
    at /3.0/cvs/src/sys/kern/vfs_bio.c:2790
#17 0xc01336f9 in ad_interrupt (request=0xcc13d300)
    at /3.0/cvs/src/sys/sys/bio.h:115
#18 0xc0127838 in ata_intr (data=0xc36a3000)
    at /3.0/cvs/src/sys/dev/ata/ata-all.c:604
#19 0xc01ac006 in ithread_loop (arg=0xc8503200)
    at /3.0/cvs/src/sys/kern/kern_intr.c:533
#20 0xc01ab5af in fork_exit (callout=0xc01abef4 <ithread_loop>, 
    arg=0xc8503200, frame=0xc8507d48) at /3.0/cvs/src/sys/kern/kern_fork.c:829

Poking around softdep_disk_write_complete():
(kgdb) p *bp
$3 = {b_io = {bio_cmd = 2, bio_dev = 0xffffffff, bio_blkno = 462416, 
    bio_offset = 1864124416, bio_bcount = 8192, 
    bio_data = 0xc3c70000 "0\207\003", bio_flags = 0, _bio_buf = 0x0, 
    bio_error = 0, bio_resid = 0, bio_done = 0xc01ebb9c <bufdonebio>, 
    bio_driver1 = 0x0, bio_driver2 = 0x0, bio_caller1 = 0x0, 
    bio_caller2 = 0xc36fc3b0, bio_queue = {tqe_next = 0x0, 
      tqe_prev = 0xc85018a4}, bio_pblkno = 5365533, bio_done_chain = 0x0, 
    bio_linkage = 0x0, bio_length = 0, bio_attribute = 0x0, bio_completed = 0, 
    bio_from = 0x0, bio_to = 0x0}, b_op = 0xc0307cc4, b_magic = 280038160, 
  b_iodone = 0, b_offset = -16883712, b_hash = {le_next = 0x0, 
    le_prev = 0xc36f9d2c}, b_vnbufs = {tqe_next = 0xc3757580, 
    tqe_prev = 0xc36f4d84}, b_freelist = {tqe_next = 0xc3757580, 
    tqe_prev = 0xc0308278}, b_flags = 537006628, b_qindex = 0, 
  b_xflags = 2 '\002', b_lock = {lk_interlock = 0xc033ca40, lk_flags = 1024, 
    lk_sharecount = 0, lk_waitcount = 0, lk_exclusivecount = 1, lk_prio = 80, 
    lk_wmesg = 0xc02be1e5 "bufwait", lk_timo = 0, lk_lockholder = -2}, 
  b_bufsize = 8192, b_runningbufspace = 0, b_kvabase = 0xc3c70000 "0\207\003", 
  b_kvasize = 16384, b_lblkno = -2061, b_vp = 0xc942d960, b_dirtyoff = 0, 
  b_dirtyend = 0, b_rcred = 0x0, b_wcred = 0x0, b_saveaddr = 0x0, b_pager = {
    pg_spc = 0x0, pg_reqpage = 0}, b_cluster = {cluster_head = {
      tqh_first = 0xc3757580, tqh_last = 0xc36da4f0}, cluster_entry = {
      tqe_next = 0xc3757580, tqe_prev = 0xc36da4f0}}, b_pages = {0xc093aabc, 
    0xc09170f8, 0x0 <repeats 30 times>}, b_npages = 2, b_dep = {
    lh_first = 0xcbe15840}}
(kgdb) l
3544                            if (indirdep->ir_state & GOINGAWAY) {
3545                                    lk.lkt_held = NOHOLDER;
3546                                    panic("disk_write_complete: indirdep gone");
3547                            }
3548                            bcopy(indirdep->ir_saveddata, bp->b_data, bp->b_bcount);
3549                            FREE(indirdep->ir_saveddata, M_INDIRDEP);
3550                            indirdep->ir_saveddata = 0;
3551                            indirdep->ir_state &= ~UNDONE;
3552                            indirdep->ir_state |= ATTACHED;
3553                            while ((aip = LIST_FIRST(&indirdep->ir_donehd)) != 0) {
(kgdb) p *indirdep
$5 = {ir_list = {wk_list = {le_next = 0xcbe15840, le_prev = 0xc36fc53c}, 
    wk_type = 5, wk_state = 2}, ir_saveddata = 0xccc792c0 "0\207\003", 
  ir_savebp = 0xc36eac00, ir_donehd = {lh_first = 0x0}, ir_deplisthd = {
    lh_first = 0xcbe15e00}}
(kgdb) 


Any suggestions?

Peter

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message