Date: Tue, 16 Apr 2002 23:45:42 +0200 From: Thomas Quinot <thomas@cuivre.fr.eu.org> To: current@freebsd.org Subject: Two VM related crashes with yesterday's -CURRENT Message-ID: <20020416234542.A5299@melusine.cuivre.fr.eu.org>
next in thread | raw e-mail | index | archive | help
Two panic's in a row, on a desktop workstation, with -CURRENT
kernel and world as of Apr. 15.
I am keeping the cores for now, if any further forensics are desired.
Thomas.
# gdb -k /usr/obj/usr/src/sys/SHALMANESER/kernel.debug 3dc44d47eaf2fa5efca6d587da113787.core
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
IdlePTD at phsyical address 0x0049f000
initial pcb at physical address 0x00398440
panicstr: bwrite: buffer is not busy???
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address	= 0x11
fault code		= supervisor read, page not present
instruction pointer	= 0x8:0xc01d5154
stack pointer	        = 0x10:0xc90338cc
frame pointer	        = 0x10:0xc90338d8
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 605 (fsck_ufs)
trap number		= 12
panic: page fault
syncing disks... panic: bwrite: buffer is not busy???
Uptime: 5m22s
Dumping 127 MB
ata0: resetting devices .. done
 16 32 48 64 80 96 112
---
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:213
213		dumping++;
(kgdb) bt
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:213
#1  0xc01df201 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:346
#2  0xc01df39d in panic (fmt=0xc031942b "bwrite: buffer is not busy???")
    at /usr/src/sys/kern/kern_shutdown.c:490
#3  0xc0212d8d in bwrite (bp=0xc3bf3df8) at /usr/src/sys/kern/vfs_bio.c:747
#4  0xc021337e in bawrite (bp=0xc3bf3df8) at /usr/src/sys/kern/vfs_bio.c:1063
#5  0xc0297b3d in ffs_fsync (ap=0xc9033780)
    at /usr/src/sys/ufs/ffs/ffs_vnops.c:209
#6  0xc029620a in ffs_sync (mp=0xc8611c00, waitfor=2, cred=0xc3b6c900, 
    td=0xc03616a0) at vnode_if.h:441
#7  0xc0221828 in sync (td=0xc03616a0, uap=0x0)
    at /usr/src/sys/kern/vfs_syscalls.c:1217
#8  0xc01dee03 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:254
#9  0xc01df39d in panic (fmt=0xc0331e7e "%s")
    at /usr/src/sys/kern/kern_shutdown.c:490
#10 0xc02dfbc3 in trap_fatal (frame=0xc903388c, eva=17)
    at /usr/src/sys/i386/i386/trap.c:841
#11 0xc02df90d in trap_pfault (frame=0xc903388c, usermode=0, eva=17)
    at /usr/src/sys/i386/i386/trap.c:755
#12 0xc02df387 in trap (frame={tf_fs = -926547944, tf_es = 16, tf_ds = 16, 
      tf_edi = -926996512, tf_esi = -1070188480, tf_ebp = -922535720, 
      tf_isp = -922535752, tf_ebx = 0, tf_edx = 3058, tf_ecx = -926998528, 
      tf_eax = 1, tf_trapno = 12, tf_err = 0, tf_eip = -1071820460, tf_cs = 8, 
      tf_eflags = 66050, tf_esp = 0, tf_ss = -1011252296})
---Type <return> to continue, or q <return> to quit---
    at /usr/src/sys/i386/i386/trap.c:426
#13 0xc01d5154 in free (addr=0xc8bf27e0, type=0xc0363840)
    at /usr/src/sys/vm/uma_int.h:326
#14 0xc028d235 in indiracct (snapvp=0xc8c6fe10, cancelvp=0xc8c6fe10, level=0, 
    blkno=414, lbn=-12, rlbn=12, remblks=63988, blksperindir=1, fs=0xc4237000, 
    acctfunc=0xc028d390 <mapacct>, expungetype=2)
    at /usr/src/sys/ufs/ffs/ffs_snapshot.c:752
#15 0xc028ce9d in expunge (snapvp=0xc8c6fe10, cancelip=0xc9062d00, 
    fs=0xc4237000, acctfunc=0xc028d390 <mapacct>, expungetype=2)
    at /usr/src/sys/ufs/ffs/ffs_snapshot.c:636
#16 0xc028c798 in ffs_snapshot (mp=0xc8611600, 
    snapfile=0x80b0460 "/var/.fsck_snapshot")
    at /usr/src/sys/ufs/ffs/ffs_snapshot.c:469
#17 0xc0294bcc in ffs_mount (mp=0xc8611600, path=0xc8fea900 "/var", 
    data=0xbfbffccc "`\004\013\b9m\005\bØ\b\013\b\035", ndp=0xc9033c18, 
    td=0xc902e100) at /usr/src/sys/ufs/ffs/ffs_vfsops.c:289
#18 0xc0220df9 in vfs_mount (td=0xc902e100, fstype=0xc85a33c0 "ffs", 
    fspath=0xc8fea900 "/var", fsflags=268435456, fsdata=0xbfbffccc)
    at /usr/src/sys/kern/vfs_syscalls.c:916
#19 0xc02206e6 in mount (td=0xc902e100, uap=0xc9033d20)
    at /usr/src/sys/kern/vfs_syscalls.c:681
#20 0xc02dfe84 in syscall (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, 
      tf_edi = 134955942, tf_esi = -1077936948, tf_ebp = -1077936836, 
      tf_isp = -922534540, tf_ebx = 134955852, tf_edx = 134955776, 
---Type <return> to continue, or q <return> to quit---
      tf_ecx = -1077937272, tf_eax = 21, tf_trapno = 12, tf_err = 2, 
      tf_eip = 134558071, tf_cs = 31, tf_eflags = 518, tf_esp = -1077937120, 
      tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1037
#21 0xc02d27bd in syscall_with_err_pushed ()
#22 0x804c2fd in ?? ()
#23 0x8048137 in ?? ()
(kgdb) fr 13
#13 0xc01d5154 in free (addr=0xc8bf27e0, type=0xc0363840)
    at /usr/src/sys/vm/uma_int.h:326
326	        SLIST_FOREACH(slab, &hash->uh_slab_hash[hval], us_hlink) {
(kgdb) print slab
$1 = 0x0
(kgdb) print &hash->uh_slab_hash[0]
Cannot access memory at address 0x0.
(kgdb) quit
# gdb -k /usr/obj/usr/src/sys/SHALMANESER/kernel.debug f2fa5efca6d587da113787.core
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
IdlePTD at phsyical address 0x0049f000
initial pcb at physical address 0x00398440
panicstr: bwrite: buffer is not busy???
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address	= 0x0
fault code		= supervisor write, page not present
instruction pointer	= 0x8:0xc02af576
stack pointer	        = 0x10:0xc8621c2c
frame pointer	        = 0x10:0xc8621c38
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 2 (pagedaemon)
trap number		= 12
panic: page fault
syncing disks... panic: bwrite: buffer is not busy???
Uptime: 1d1h47m18s
pfs_vncache_unload(): 16 entries remaining
Dumping 127 MB
ata0: resetting devices .. done
 16 32 48 64 80 96 112
---
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:213
213		dumping++;
(kgdb) bt
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:213
#1  0xc01df201 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:346
#2  0xc01df39d in panic (fmt=0xc031942b "bwrite: buffer is not busy???")
    at /usr/src/sys/kern/kern_shutdown.c:490
#3  0xc0212d8d in bwrite (bp=0xc3c15f08) at /usr/src/sys/kern/vfs_bio.c:747
#4  0xc02141b7 in vfs_bio_awrite (bp=0xc3c15f08)
    at /usr/src/sys/kern/vfs_bio.c:1603
#5  0xc0297bb2 in ffs_fsync (ap=0xc8621ae0)
    at /usr/src/sys/ufs/ffs/ffs_vnops.c:231
#6  0xc029620a in ffs_sync (mp=0xc8611a00, waitfor=2, cred=0xc3b6c900, 
    td=0xc03616a0) at vnode_if.h:441
#7  0xc0221828 in sync (td=0xc03616a0, uap=0x0)
    at /usr/src/sys/kern/vfs_syscalls.c:1217
#8  0xc01dee03 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:254
#9  0xc01df39d in panic (fmt=0xc0331e7e "%s")
    at /usr/src/sys/kern/kern_shutdown.c:490
#10 0xc02dfbc3 in trap_fatal (frame=0xc8621bec, eva=0)
    at /usr/src/sys/i386/i386/trap.c:841
#11 0xc02df90d in trap_pfault (frame=0xc8621bec, usermode=0, eva=0)
    at /usr/src/sys/i386/i386/trap.c:755
#12 0xc02df387 in trap (frame={tf_fs = -933101544, tf_es = 16, tf_ds = 16, 
      tf_edi = 0, tf_esi = -924500056, tf_ebp = -933094344, 
      tf_isp = -933094376, tf_ebx = -1065181184, tf_edx = 0, 
      tf_ecx = -924500104, tf_eax = 0, tf_trapno = 12, tf_err = 2, 
---Type <return> to continue, or q <return> to quit---
      tf_eip = -1070926474, tf_cs = 8, tf_eflags = 66118, tf_esp = -924500056, 
      tf_ss = 4}) at /usr/src/sys/i386/i386/trap.c:426
#13 0xc02af576 in uma_zfree_internal (zone=0xc082a000, item=0xc8e53fa8, 
    udata=0x0, skip=0) at /usr/src/sys/vm/uma_core.c:1752
#14 0xc02ade6d in zone_drain (zone=0xc3b3a780)
    at /usr/src/sys/vm/uma_core.c:627
#15 0xc02ae8e7 in zone_foreach (zfunc=0xc02adc88 <zone_drain>)
    at /usr/src/sys/vm/uma_core.c:1137
#16 0xc02afa3e in uma_reclaim () at /usr/src/sys/vm/uma_core.c:1916
#17 0xc02ab6d6 in vm_pageout_scan (pass=0) at /usr/src/sys/vm/vm_pageout.c:652
#18 0xc02ac475 in vm_pageout () at /usr/src/sys/vm/vm_pageout.c:1419
#19 0xc01ce814 in fork_exit (callout=0xc02ac238 <vm_pageout>, arg=0x0, 
    frame=0xc8621d48) at /usr/src/sys/kern/kern_fork.c:808
(kgdb) fr 13
#13 0xc02af576 in uma_zfree_internal (zone=0xc082a000, item=0xc8e53fa8, 
    udata=0x0, skip=0) at /usr/src/sys/vm/uma_core.c:1752
1752			LIST_REMOVE(slab, us_link);
(kgdb) print slab
$1 = 0x0
(kgdb) quit
Script done on Tue Apr 16 19:57:04 2002
-- 
    Thomas.Quinot@Cuivre.FR.EU.ORG
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020416234542.A5299>
