From owner-freebsd-bugs@FreeBSD.ORG Tue May 27 11:00:23 2003 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7979037B404 for ; Tue, 27 May 2003 11:00:23 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 11A8A43F85 for ; Tue, 27 May 2003 11:00:22 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h4RI0MUp034954 for ; Tue, 27 May 2003 11:00:22 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h4RI0MR8034953; Tue, 27 May 2003 11:00:22 -0700 (PDT) Resent-Date: Tue, 27 May 2003 11:00:22 -0700 (PDT) Resent-Message-Id: <200305271800.h4RI0MR8034953@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, macklobell@hotmail.com Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F00B37B401 for ; Tue, 27 May 2003 10:53:13 -0700 (PDT) Received: from tomten.homelinux.net (as7-3-3.ras.s.bonet.se [217.215.99.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id 342C143FA3 for ; Tue, 27 May 2003 10:53:12 -0700 (PDT) (envelope-from marcus@tomten.homelinux.net) Received: from tomten.homelinux.net (localhost [127.0.0.1]) by tomten.homelinux.net (8.12.9/8.12.9) with ESMTP id h4RHrB2L001186; Tue, 27 May 2003 19:53:11 +0200 (CEST) (envelope-from marcus@tomten.homelinux.net) Received: (from marcus@localhost) by tomten.homelinux.net (8.12.9/8.12.9/Submit) id h4RHr5l2001185; Tue, 27 May 2003 19:53:05 +0200 (CEST) Message-Id: <200305271753.h4RHr5l2001185@tomten.homelinux.net> Date: Tue, 27 May 2003 19:53:05 +0200 (CEST) From: macklobell@hotmail.com To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 cc: macklobell@hotmail.com Subject: kern/52729: panic: bremfree: removing a buffer not on a queue X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: macklobell@hotmail.com List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 May 2003 18:00:23 -0000 >Number: 52729 >Category: kern >Synopsis: panic: bremfree: removing a buffer not on a queue >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue May 27 11:00:21 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Marcus >Release: FreeBSD 5.1-BETA i386 >Organization: >Environment: System: FreeBSD 5.1-BETA FreeBSD 5.1-BETA #0: Fri May 23 08:09:43 CEST 2003 @:/usr/obj/usr/src/sys/KERNEL19 i386 >Description: I was building the QT port when i got this little nice present. After the system came up the file system was corrupt, but fixed with fsck. Still have the core if it helps? GNU gdb 5.2.1 (FreeBSD) Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-undermydesk-freebsd"... panic: bremfree: removing a buffer not on a queue panic messages: --- panic: ufs_dirbad: bad dir syncing disks, buffers remaining... 1408 1408 1408 1408 1408 1124 1125 1124 1124 1124 1124 1124 1124 1125 panic: bremfree: removing a buffer not on a queue Uptime: 25m27s Dumping 767 MB ata0: resetting devices .. done 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496[CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] 512 528[CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] 544[CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] 560 576 592 608 624 640 656 672 688 704 720 736 752 --- Reading symbols from /boot/kernel/nvidia.ko...done. Loaded symbols for /boot/kernel/nvidia.ko Reading symbols from /usr/obj/usr/src/sys/KERNEL19/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done. Loaded symbols for /usr/obj/usr/src/sys/KERNEL19/modules/usr/src/sys/modules/acpi/acpi.ko.debug #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:238 238 dumping++; (kgdb) bt full #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:238 No locals. #1 0xc01bf8e9 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:370 No locals. #2 0xc01bfb7b in panic () at /usr/src/sys/kern/kern_shutdown.c:543 td = (struct thread *) 0xc1b78be0 bootopt = 260 newpanic = 0 ap = 0x0 buf = "bremfree: removing a buffer not on a queue", '\0' #3 0xc01f3f89 in bremfreel (bp=0xcf177ae0) at /usr/src/sys/kern/vfs_bio.c:648 old_qindex = 0 #4 0xc01f3e85 in bremfree (bp=0xcf177ae0) at /usr/src/sys/kern/vfs_bio.c:630 No locals. #5 0xc01f6c57 in getblk (vp=0xc2aa9db0, blkno=5470496, size=16384, slpflag=0, slptimeo=0, flags=0) at /usr/src/sys/kern/vfs_bio.c:2447 lockflags = 0 bp = (struct buf *) 0xcf177ae0 error = 0 #6 0xc01f400d in breadn (vp=0xc2aa9db0, blkno=5470496, size=16384, rablkno=0x0, rabsize=0x0, cnt=0, cred=0x0, bpp=0x0) at /usr/src/sys/kern/vfs_bio.c:701 bp = (struct buf *) 0xc28f05f0 rabp = (struct buf *) 0x14dc00 i = 0 rv = 0 readwait = 0 #7 0xc01f3fd8 in bread (vp=0xc2aa9db0, blkno=5470496, size=16384, cred=0x0, bpp=0xd7f599d8) at /usr/src/sys/kern/vfs_bio.c:683 No locals. #8 0xc0262615 in ffs_update (vp=0xc329a36c, waitfor=0) at /usr/src/sys/ufs/ffs/ffs_inode.c:102 fs = (struct fs *) 0xc2a21000 bp = (struct buf *) 0x1 ip = (struct inode *) 0xc32a2000 error = 1367040 #9 0xc0262ed3 in ffs_truncate (vp=0xc329a36c, length=0, flags=3072, cred=0x0, td=0xc1b78be0) at /usr/src/sys/ufs/ffs/ffs_inode.c:300 ovp = (struct vnode *) 0xc329a36c oip = (struct inode *) 0xc32a2000 bn = -2885230194389458287 lbn = 2713349148064 lastblock = -2885230228723495968 lastiblock = {281486840931180, -4487964706212443168, 355461604204} indir_lbn = {-4383793074793334761, -4487964709462409214, -4420771217426533147} oldblks = {3224773632, 1068376196807, 3250031584, -4383793078016606206, -2885229283830690848, -4383792267339515249, -4383793077999828990, -2885229232291083296, -2885229129238595269, -4600442275754566824, -2885229008579617948, -2885229129238524723, -4383793074791985920, -4487964709445631998, 281486840931180} newblks = {-2885229919511574841, 1068376666160, -2885229850792098105, -4596433383745419910, -4598432509561143295, 146648608895140195, -4487964706196513360, 1029771469676, -2885229644633667897, 1068376663040, -2885229575914191161, ---Type to continue, or q to quit--- -4596446784043383430, -4598432509561143295, 72339077604573539, -4487964706188188820} count = 1527937701375 blocksreleased = 0 datablocks = 0 fs = (struct fs *) 0xc2a21000 bp = (struct buf *) 0xcf169b70 needextclean = 0 softdepslowdown = 0 extblocks = -1029566464 offset = 0 size = -1029566464 level = -1029566464 nblocks = -671770056 i = 0 error = 0 allerror = -1070659897 osize = 1068376666160 #10 0xc0278c3c in ufs_inactive (ap=0x0) at /usr/src/sys/ufs/ufs/ufs_inode.c:100 vp = (struct vnode *) 0xc329a36c ip = (struct inode *) 0xc32a2000 td = (struct thread *) 0xc1b78be0 mode = 0 error = 0 #11 0xc027f21f in ufs_vnoperate (ap=0x0) at /usr/src/sys/ufs/ufs/ufs_vnops.c:2787 No locals. #12 0xc0203bfe in vput (vp=0xc329a36c) at vnode_if.h:930 td = (struct thread *) 0xc1b78be0 #13 0xc026d658 in handle_workitem_remove (dirrem=0xc32ff5a0, xp=0x0) at /usr/src/sys/ufs/ffs/ffs_softdep.c:3343 td = (struct thread *) 0xc1b78be0 inodedep = (struct inodedep *) 0xc3301400 vp = (struct vnode *) 0xc329a36c ip = (struct inode *) 0xc32a2000 oldinum = 0 error = 0 #14 0xc0269b46 in process_worklist_item (matchmnt=0x0, flags=0) at /usr/src/sys/ufs/ffs/ffs_softdep.c:745 wk = (struct worklist *) 0xc32ff5a0 wkend = (struct worklist *) 0x0 mp = (struct mount *) 0xc2a29800 vp = (struct vnode *) 0x0 matchcnt = 0 #15 0xc0269914 in softdep_process_worklist (matchmnt=0x0) at /usr/src/sys/ufs/ffs/ffs_softdep.c:622 td = (struct thread *) 0xc1b78be0 cnt = 0 matchcnt = 0 loopcount = 9159 ---Type to continue, or q to quit--- starttime = 1053967639 #16 0xc020307f in sched_sync () at /usr/src/sys/kern/vfs_subr.c:1776 slp = (struct synclist *) 0xc292b6dc vp = (struct vnode *) 0x0 mp = (struct mount *) 0x0 starttime = 1053967639 td = (struct thread *) 0xc1b78be0 #17 0xc01aff08 in fork_exit (callout=0xc0202e34 , arg=0x0, frame=0xd7f59d48) at /usr/src/sys/kern/kern_fork.c:768 td = (struct thread *) 0x0 p = (struct proc *) 0xc2a2c960 (kgdb) up 3 #3 0xc01f3f89 in bremfreel (bp=0xcf177ae0) at /usr/src/sys/kern/vfs_bio.c:648 648 panic("bremfree: removing a buffer not on a queue"); (kgdb) list 630,660 630 bremfreel(bp); 631 mtx_unlock(&bqlock); 632 } 633 634 void 635 bremfreel(struct buf * bp) 636 { 637 int s = splbio(); 638 int old_qindex = bp->b_qindex; 639 640 GIANT_REQUIRED; 641 642 if (bp->b_qindex != QUEUE_NONE) { 643 KASSERT(BUF_REFCNT(bp) == 1, ("bremfree: bp %p not locked",bp)); 644 TAILQ_REMOVE(&bufqueues[bp->b_qindex], bp, b_freelist); 645 bp->b_qindex = QUEUE_NONE; 646 } else { 647 if (BUF_REFCNT(bp) <= 1) 648 panic("bremfree: removing a buffer not on a queue"); 649 } 650 651 /* 652 * Fixup numfreebuffers count. If the buffer is invalid or not 653 * delayed-write, and it was on the EMPTY, LRU, or AGE queues, 654 * the buffer was free and we must decrement numfreebuffers. 655 */ 656 if ((bp->b_flags & B_INVAL) || (bp->b_flags & B_DELWRI) == 0) { 657 switch(old_qindex) { 658 case QUEUE_DIRTY: 659 case QUEUE_CLEAN: 660 case QUEUE_EMPTY: (kgdb) p *bp $1 = {b_io = {bio_cmd = 2, bio_dev = 0xc2a64400, bio_disk = 0x0, bio_blkno = 5470496, bio_offset = 2800893952, bio_bcount = 16384, bio_data = 0xd2b63000 "", bio_flags = 4, bio_error = 0, bio_resid = 0, bio_done = 0xc01f7928 , bio_driver1 = 0x0, bio_driver2 = 0x0, bio_caller1 = 0x0, bio_caller2 = 0xcf177ae0, bio_queue = {tqe_next = 0x0, tqe_prev = 0x0}, bio_attribute = 0x0, bio_from = 0x0, bio_to = 0x0, bio_length = 0, bio_completed = 0, bio_children = 7, bio_inbed = 0, bio_parent = 0x0, bio_t0 = { sec = 0, frac = 0}, bio_task = 0, bio_task_arg = 0x0, bio_pblkno = 0}, b_op = 0xc0338e98, b_magic = 280038160, b_iodone = 0, b_offset = 2800893952, b_vnbufs = {tqe_next = 0xcf177928, tqe_prev = 0xcf176dc4}, b_left = 0xcf1970c0, b_right = 0xcf196f08, b_vflags = 4096, b_freelist = {tqe_next = 0x0, tqe_prev = 0xc0339558}, b_qindex = 0, b_flags = 553779236, b_xflags = 2 '\002', b_lock = {lk_interlock = 0xc0363098, lk_flags = 0, lk_sharecount = 0, lk_waitcount = 0, lk_exclusivecount = 0, lk_prio = 80, lk_wmesg = 0xc02f6792 "getblk", lk_timo = 0, lk_lockholder = 0xfffffffe, lk_newlock = 0x0}, b_bufsize = 16384, b_runningbufspace = 16384, b_kvabase = 0xd2b63000 "", b_kvasize = 16384, b_lblkno = 5470496, b_vp = 0xc2aa9db0, b_object = 0xc2aaccb8, b_dirtyoff = 0, b_dirtyend = 0, b_rcred = 0x0, b_wcred = 0x0, b_saveaddr = 0x0, b_pager = {pg_spc = 0x0, pg_reqpage = 0}, b_cluster = { cluster_head = {tqh_first = 0xcf177c98, tqh_last = 0xcf177a50}, cluster_entry = {tqe_next = 0xcf177c98, tqe_prev = 0xcf177a50}}, b_pages = {0xc10cbb68, 0xc115c4b0, 0xc0ef4ef8, 0xc10c1a40, 0x0 }, b_npages = 4, b_dep = {lh_first = 0xc32f6b00}} (kgdb) p bufqueues $2 = {{tqh_first = 0x0, tqh_last = 0xc0339540}, {tqh_first = 0xcf169b70, tqh_last = 0xcf169c28}, {tqh_first = 0xcf1f5cb0, tqh_last = 0xcf16df30}, {tqh_first = 0x0, tqh_last = 0xc0339558}, {tqh_first = 0xcf161a88, tqh_last = 0xcf1fbf60}, { tqh_first = 0xcf23e168, tqh_last = 0xcf242c08}} (kgdb) quit prompt> dmesg Copyright (c) 1992-2003 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.1-BETA #0: Fri May 23 08:09:43 CEST 2003 @:/usr/obj/usr/src/sys/KERNEL19 Preloaded elf kernel "/boot/kernel/kernel" at 0xc057d000. Preloaded elf module "/boot/kernel/nvidia.ko" at 0xc057d244. Preloaded elf module "/boot/kernel/acpi.ko" at 0xc057d2f0. Timecounter "i8254" frequency 1193182 Hz Timecounter "TSC" frequency 1615728162 Hz CPU: AMD Athlon(tm) XP 2000+ (1615.73-MHz 686-class CPU) Origin = "AuthenticAMD" Id = 0x662 Stepping = 2 Features=0x383fbff AMD Features=0xc0400000 real memory = 805240832 (767 MB) avail memory = 776777728 (740 MB) Pentium Pro MTRR support enabled npx0: on motherboard npx0: INT 16 interface acpi0: on motherboard pcibios: BIOS version 2.10 Using $PIR table, 10 entries at 0xc00f8060 acpi0: power button is handled as a fixed feature programming model. Timecounter "ACPI-fast" frequency 3579545 Hz acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0 acpi_cpu0: port 0x530-0x537 on acpi0 acpi_button0: on acpi0 pcib0: port 0xcf8-0xcff on acpi0 pci0: on pcib0 agp0: mem 0xe0000000-0xe7ffffff at device 0.0 on pci0 pcib1: at device 1.0 on pci0 pci1: on pcib1 nvidia0: mem 0xddc80000-0xddcfffff,0xd0000000-0xd7ffffff,0xde000000-0xdeffffff irq 11 at device 0.0 on pci1 rl0: port 0xec00-0xecff mem 0xdfffff00-0xdfffffff irq 11 at device 5.0 on pci0 rl0: Realtek 8139B detected. Warning, this may be unstable in autoselect mode rl0: Ethernet address: XX:XX:XX:XX:XX:XX miibus0: on rl0 rlphy0: on miibus0 rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto isab0: at device 17.0 on pci0 isa0: on isab0 atapci0: port 0xfc00-0xfc0f at device 17.1 on pci0 ata0: at 0x1f0 irq 14 on atapci0 ata1: at 0x170 irq 15 on atapci0 pcm0: port 0xe800-0xe8ff irq 10 at device 17.5 on pci0 pcm0: acpi_button1: on acpi0 fdc0: cmd 3 failed at out byte 1 of 3 sio0 port 0x3f8-0x3ff irq 4 on acpi0 sio0: type 16550A sio1 port 0x2f8-0x2ff irq 3 on acpi0 sio1: type 16550A ppc0 port 0x778-0x77b,0x378-0x37f irq 7 drq 3 on acpi0 ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode ppc0: FIFO with 16/16/9 bytes threshold ppbus0: on ppc0 lpt0: on ppbus0 lpt0: Interrupt-driven port ppi0: on ppbus0 atkbdc0: port 0x64,0x60 irq 1 on acpi0 atkbd0: flags 0x1 irq 1 on atkbdc0 kbd0 at atkbd0 psm0: irq 12 on atkbdc0 psm0: model MouseMan+, device ID 0 fdc0: cmd 3 failed at out byte 1 of 3 orm0: