Date: Tue, 27 May 2003 19:53:05 +0200 (CEST) From: macklobell@hotmail.com To: FreeBSD-gnats-submit@FreeBSD.org Cc: macklobell@hotmail.com Subject: kern/52729: panic: bremfree: removing a buffer not on a queue Message-ID: <200305271753.h4RHr5l2001185@tomten.homelinux.net> Resent-Message-ID: <200305271800.h4RI0MR8034953@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 52729
>Category: kern
>Synopsis: panic: bremfree: removing a buffer not on a queue
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue May 27 11:00:21 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Marcus
>Release: FreeBSD 5.1-BETA i386
>Organization:
>Environment:
System: FreeBSD <removed> 5.1-BETA FreeBSD 5.1-BETA #0: Fri May 23 08:09:43 CEST 2003 <removed>@<also removed>:/usr/obj/usr/src/sys/KERNEL19 i386
>Description:
I was building the QT port when i got this little nice present. After the system came up the file system was corrupt, but fixed with fsck.
Still have the core if it helps?
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-undermydesk-freebsd"...
panic: bremfree: removing a buffer not on a queue
panic messages:
---
panic: ufs_dirbad: bad dir
syncing disks, buffers remaining... 1408 1408 1408 1408 1408 1124 1125 1124 1124 1124 1124 1124 1124 1125 panic: bremfree: removing a buffer not on a queue
Uptime: 25m27s
Dumping 767 MB
ata0: resetting devices ..
done
16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496[CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] 512 528[CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] 544[CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] 560 576 592 608 624 640 656 672 688 704 720 736 752
---
Reading symbols from /boot/kernel/nvidia.ko...done.
Loaded symbols for /boot/kernel/nvidia.ko
Reading symbols from /usr/obj/usr/src/sys/KERNEL19/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done.
Loaded symbols for /usr/obj/usr/src/sys/KERNEL19/modules/usr/src/sys/modules/acpi/acpi.ko.debug
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:238
238 dumping++;
(kgdb) bt full
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:238
No locals.
#1 0xc01bf8e9 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:370
No locals.
#2 0xc01bfb7b in panic () at /usr/src/sys/kern/kern_shutdown.c:543
td = (struct thread *) 0xc1b78be0
bootopt = 260
newpanic = 0
ap = 0x0
buf = "bremfree: removing a buffer not on a queue", '\0' <repeats 213 times>
#3 0xc01f3f89 in bremfreel (bp=0xcf177ae0) at /usr/src/sys/kern/vfs_bio.c:648
old_qindex = 0
#4 0xc01f3e85 in bremfree (bp=0xcf177ae0) at /usr/src/sys/kern/vfs_bio.c:630
No locals.
#5 0xc01f6c57 in getblk (vp=0xc2aa9db0, blkno=5470496, size=16384, slpflag=0, slptimeo=0, flags=0) at /usr/src/sys/kern/vfs_bio.c:2447
lockflags = 0
bp = (struct buf *) 0xcf177ae0
error = 0
#6 0xc01f400d in breadn (vp=0xc2aa9db0, blkno=5470496, size=16384, rablkno=0x0, rabsize=0x0, cnt=0, cred=0x0, bpp=0x0)
at /usr/src/sys/kern/vfs_bio.c:701
bp = (struct buf *) 0xc28f05f0
rabp = (struct buf *) 0x14dc00
i = 0
rv = 0
readwait = 0
#7 0xc01f3fd8 in bread (vp=0xc2aa9db0, blkno=5470496, size=16384, cred=0x0, bpp=0xd7f599d8) at /usr/src/sys/kern/vfs_bio.c:683
No locals.
#8 0xc0262615 in ffs_update (vp=0xc329a36c, waitfor=0) at /usr/src/sys/ufs/ffs/ffs_inode.c:102
fs = (struct fs *) 0xc2a21000
bp = (struct buf *) 0x1
ip = (struct inode *) 0xc32a2000
error = 1367040
#9 0xc0262ed3 in ffs_truncate (vp=0xc329a36c, length=0, flags=3072, cred=0x0, td=0xc1b78be0) at /usr/src/sys/ufs/ffs/ffs_inode.c:300
ovp = (struct vnode *) 0xc329a36c
oip = (struct inode *) 0xc32a2000
bn = -2885230194389458287
lbn = 2713349148064
lastblock = -2885230228723495968
lastiblock = {281486840931180, -4487964706212443168, 355461604204}
indir_lbn = {-4383793074793334761, -4487964709462409214, -4420771217426533147}
oldblks = {3224773632, 1068376196807, 3250031584, -4383793078016606206, -2885229283830690848, -4383792267339515249,
-4383793077999828990, -2885229232291083296, -2885229129238595269, -4600442275754566824, -2885229008579617948, -2885229129238524723,
-4383793074791985920, -4487964709445631998, 281486840931180}
newblks = {-2885229919511574841, 1068376666160, -2885229850792098105, -4596433383745419910, -4598432509561143295,
146648608895140195, -4487964706196513360, 1029771469676, -2885229644633667897, 1068376663040, -2885229575914191161,
---Type <return> to continue, or q <return> to quit---
-4596446784043383430, -4598432509561143295, 72339077604573539, -4487964706188188820}
count = 1527937701375
blocksreleased = 0
datablocks = 0
fs = (struct fs *) 0xc2a21000
bp = (struct buf *) 0xcf169b70
needextclean = 0
softdepslowdown = 0
extblocks = -1029566464
offset = 0
size = -1029566464
level = -1029566464
nblocks = -671770056
i = 0
error = 0
allerror = -1070659897
osize = 1068376666160
#10 0xc0278c3c in ufs_inactive (ap=0x0) at /usr/src/sys/ufs/ufs/ufs_inode.c:100
vp = (struct vnode *) 0xc329a36c
ip = (struct inode *) 0xc32a2000
td = (struct thread *) 0xc1b78be0
mode = 0
error = 0
#11 0xc027f21f in ufs_vnoperate (ap=0x0) at /usr/src/sys/ufs/ufs/ufs_vnops.c:2787
No locals.
#12 0xc0203bfe in vput (vp=0xc329a36c) at vnode_if.h:930
td = (struct thread *) 0xc1b78be0
#13 0xc026d658 in handle_workitem_remove (dirrem=0xc32ff5a0, xp=0x0) at /usr/src/sys/ufs/ffs/ffs_softdep.c:3343
td = (struct thread *) 0xc1b78be0
inodedep = (struct inodedep *) 0xc3301400
vp = (struct vnode *) 0xc329a36c
ip = (struct inode *) 0xc32a2000
oldinum = 0
error = 0
#14 0xc0269b46 in process_worklist_item (matchmnt=0x0, flags=0) at /usr/src/sys/ufs/ffs/ffs_softdep.c:745
wk = (struct worklist *) 0xc32ff5a0
wkend = (struct worklist *) 0x0
mp = (struct mount *) 0xc2a29800
vp = (struct vnode *) 0x0
matchcnt = 0
#15 0xc0269914 in softdep_process_worklist (matchmnt=0x0) at /usr/src/sys/ufs/ffs/ffs_softdep.c:622
td = (struct thread *) 0xc1b78be0
cnt = 0
matchcnt = 0
loopcount = 9159
---Type <return> to continue, or q <return> to quit---
starttime = 1053967639
#16 0xc020307f in sched_sync () at /usr/src/sys/kern/vfs_subr.c:1776
slp = (struct synclist *) 0xc292b6dc
vp = (struct vnode *) 0x0
mp = (struct mount *) 0x0
starttime = 1053967639
td = (struct thread *) 0xc1b78be0
#17 0xc01aff08 in fork_exit (callout=0xc0202e34 <sched_sync>, arg=0x0, frame=0xd7f59d48) at /usr/src/sys/kern/kern_fork.c:768
td = (struct thread *) 0x0
p = (struct proc *) 0xc2a2c960
(kgdb) up 3
#3 0xc01f3f89 in bremfreel (bp=0xcf177ae0) at /usr/src/sys/kern/vfs_bio.c:648
648 panic("bremfree: removing a buffer not on a queue");
(kgdb) list 630,660
630 bremfreel(bp);
631 mtx_unlock(&bqlock);
632 }
633
634 void
635 bremfreel(struct buf * bp)
636 {
637 int s = splbio();
638 int old_qindex = bp->b_qindex;
639
640 GIANT_REQUIRED;
641
642 if (bp->b_qindex != QUEUE_NONE) {
643 KASSERT(BUF_REFCNT(bp) == 1, ("bremfree: bp %p not locked",bp));
644 TAILQ_REMOVE(&bufqueues[bp->b_qindex], bp, b_freelist);
645 bp->b_qindex = QUEUE_NONE;
646 } else {
647 if (BUF_REFCNT(bp) <= 1)
648 panic("bremfree: removing a buffer not on a queue");
649 }
650
651 /*
652 * Fixup numfreebuffers count. If the buffer is invalid or not
653 * delayed-write, and it was on the EMPTY, LRU, or AGE queues,
654 * the buffer was free and we must decrement numfreebuffers.
655 */
656 if ((bp->b_flags & B_INVAL) || (bp->b_flags & B_DELWRI) == 0) {
657 switch(old_qindex) {
658 case QUEUE_DIRTY:
659 case QUEUE_CLEAN:
660 case QUEUE_EMPTY:
(kgdb) p *bp
$1 = {b_io = {bio_cmd = 2, bio_dev = 0xc2a64400, bio_disk = 0x0, bio_blkno = 5470496, bio_offset = 2800893952, bio_bcount = 16384,
bio_data = 0xd2b63000 "", bio_flags = 4, bio_error = 0, bio_resid = 0, bio_done = 0xc01f7928 <bufdonebio>, bio_driver1 = 0x0,
bio_driver2 = 0x0, bio_caller1 = 0x0, bio_caller2 = 0xcf177ae0, bio_queue = {tqe_next = 0x0, tqe_prev = 0x0}, bio_attribute = 0x0,
bio_from = 0x0, bio_to = 0x0, bio_length = 0, bio_completed = 0, bio_children = 7, bio_inbed = 0, bio_parent = 0x0, bio_t0 = {
sec = 0, frac = 0}, bio_task = 0, bio_task_arg = 0x0, bio_pblkno = 0}, b_op = 0xc0338e98, b_magic = 280038160, b_iodone = 0,
b_offset = 2800893952, b_vnbufs = {tqe_next = 0xcf177928, tqe_prev = 0xcf176dc4}, b_left = 0xcf1970c0, b_right = 0xcf196f08,
b_vflags = 4096, b_freelist = {tqe_next = 0x0, tqe_prev = 0xc0339558}, b_qindex = 0, b_flags = 553779236, b_xflags = 2 '\002',
b_lock = {lk_interlock = 0xc0363098, lk_flags = 0, lk_sharecount = 0, lk_waitcount = 0, lk_exclusivecount = 0, lk_prio = 80,
lk_wmesg = 0xc02f6792 "getblk", lk_timo = 0, lk_lockholder = 0xfffffffe, lk_newlock = 0x0}, b_bufsize = 16384,
b_runningbufspace = 16384, b_kvabase = 0xd2b63000 "", b_kvasize = 16384, b_lblkno = 5470496, b_vp = 0xc2aa9db0, b_object = 0xc2aaccb8,
b_dirtyoff = 0, b_dirtyend = 0, b_rcred = 0x0, b_wcred = 0x0, b_saveaddr = 0x0, b_pager = {pg_spc = 0x0, pg_reqpage = 0}, b_cluster = {
cluster_head = {tqh_first = 0xcf177c98, tqh_last = 0xcf177a50}, cluster_entry = {tqe_next = 0xcf177c98, tqe_prev = 0xcf177a50}},
b_pages = {0xc10cbb68, 0xc115c4b0, 0xc0ef4ef8, 0xc10c1a40, 0x0 <repeats 28 times>}, b_npages = 4, b_dep = {lh_first = 0xc32f6b00}}
(kgdb) p bufqueues
$2 = {{tqh_first = 0x0, tqh_last = 0xc0339540}, {tqh_first = 0xcf169b70, tqh_last = 0xcf169c28}, {tqh_first = 0xcf1f5cb0,
tqh_last = 0xcf16df30}, {tqh_first = 0x0, tqh_last = 0xc0339558}, {tqh_first = 0xcf161a88, tqh_last = 0xcf1fbf60}, {
tqh_first = 0xcf23e168, tqh_last = 0xcf242c08}}
(kgdb) quit
prompt> dmesg
Copyright (c) 1992-2003 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 5.1-BETA #0: Fri May 23 08:09:43 CEST 2003
<removed>@<also removed>:/usr/obj/usr/src/sys/KERNEL19
Preloaded elf kernel "/boot/kernel/kernel" at 0xc057d000.
Preloaded elf module "/boot/kernel/nvidia.ko" at 0xc057d244.
Preloaded elf module "/boot/kernel/acpi.ko" at 0xc057d2f0.
Timecounter "i8254" frequency 1193182 Hz
Timecounter "TSC" frequency 1615728162 Hz
CPU: AMD Athlon(tm) XP 2000+ (1615.73-MHz 686-class CPU)
Origin = "AuthenticAMD" Id = 0x662 Stepping = 2
Features=0x383fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE>
AMD Features=0xc0400000<AMIE,DSP,3DNow!>
real memory = 805240832 (767 MB)
avail memory = 776777728 (740 MB)
Pentium Pro MTRR support enabled
npx0: <math processor> on motherboard
npx0: INT 16 interface
acpi0: <AMIINT VIA_K7 > on motherboard
pcibios: BIOS version 2.10
Using $PIR table, 10 entries at 0xc00f8060
acpi0: power button is handled as a fixed feature programming model.
Timecounter "ACPI-fast" frequency 3579545 Hz
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
acpi_cpu0: <CPU> port 0x530-0x537 on acpi0
acpi_button0: <Power Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
agp0: <VIA Generic host to PCI bridge> mem 0xe0000000-0xe7ffffff at device 0.0 on pci0
pcib1: <PCI-PCI bridge> at device 1.0 on pci0
pci1: <PCI bus> on pcib1
nvidia0: <GeForce4 MX 460> mem 0xddc80000-0xddcfffff,0xd0000000-0xd7ffffff,0xde000000-0xdeffffff irq 11 at device 0.0 on pci1
rl0: <RealTek 8139 10/100BaseTX> port 0xec00-0xecff mem 0xdfffff00-0xdfffffff irq 11 at device 5.0 on pci0
rl0: Realtek 8139B detected. Warning, this may be unstable in autoselect mode
rl0: Ethernet address: XX:XX:XX:XX:XX:XX
miibus0: <MII bus> on rl0
rlphy0: <RealTek internal media interface> on miibus0
rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
isab0: <PCI-ISA bridge> at device 17.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <VIA 8233A UDMA133 controller> port 0xfc00-0xfc0f at device 17.1 on pci0
ata0: at 0x1f0 irq 14 on atapci0
ata1: at 0x170 irq 15 on atapci0
pcm0: <VIA VT8233A> port 0xe800-0xe8ff irq 10 at device 17.5 on pci0
pcm0: <Avance Logic ALC650 AC97 Codec>
acpi_button1: <Sleep Button> on acpi0
fdc0: cmd 3 failed at out byte 1 of 3
sio0 port 0x3f8-0x3ff irq 4 on acpi0
sio0: type 16550A
sio1 port 0x2f8-0x2ff irq 3 on acpi0
sio1: type 16550A
ppc0 port 0x778-0x77b,0x378-0x37f irq 7 drq 3 on acpi0
ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
ppc0: FIFO with 16/16/9 bytes threshold
ppbus0: <Parallel port bus> on ppc0
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
ppi0: <Parallel I/O> on ppbus0
atkbdc0: <Keyboard controller (i8042)> port 0x64,0x60 irq 1 on acpi0
atkbd0: <AT Keyboard> flags 0x1 irq 1 on atkbdc0
kbd0 at atkbd0
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: model MouseMan+, device ID 0
fdc0: cmd 3 failed at out byte 1 of 3
orm0: <Option ROM> at iomem 0xc0000-0xcffff on isa0
fdc0: cannot reserve I/O port range (6 ports)
pmtimer0 on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounters tick every 10.000 msec
acpi_cpu: throttling enabled, 16 steps (100% to 6.2%), currently 100.0%
ad0: 78533MB <IC35L080AVVA07-0> [159560/16/63] at ata0-master UDMA100
ad1: 78533MB <IC35L080AVVA07-0> [159560/16/63] at ata0-slave UDMA100
acd0: DVD-ROM <SONY DVD-ROM DDU1611> at ata1-master PIO4
acd1: CD-RW <SAMSUNG CD-R/RW SW-240B> at ata1-slave PIO4
Mounting root from ufs:/dev/ad0s1a
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200305271753.h4RHr5l2001185>