panic: getnewbuf: locked buf

From: Pawel Worach <pawel.worach_at_telia.com>
Date: Mon, 23 Aug 2004 03:47:22 +0200
Hi,

Got this while running ssh host "tar cf - /usr/X11R6.8" | tar xf -
and firefox decided to crash.

FreeBSD corona 6.0-CURRENT FreeBSD 6.0-CURRENT #0: Sun Aug 22 19:15:47 
CEST 2004     root_at_darkstar:/export/data/obj/usr/src/sys/CORONA  i386

#0  doadump () at pcpu.h:159
#1  0xc04f9654 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:396
#2  0xc04f9a09 in panic (fmt=0xc06afa0b "getnewbuf: locked buf")
     at /usr/src/sys/kern/kern_shutdown.c:552
#3  0xc054e71e in getnewbuf (slpflag=0, slptimeo=0, size=16384, 
maxsize=16384)
     at /usr/src/sys/kern/vfs_bio.c:1879
#4  0xc055010d in getblk (vp=0xc1785108, blkno=1, size=16384, slpflag=0,
     slptimeo=0, flags=0) at /usr/src/sys/kern/vfs_bio.c:2586
#5  0xc05fc914 in ffs_balloc_ufs2 (vp=0xc1785108, startoffset=Unhandled 
dwarf expression opcode 0x93
)
     at /usr/src/sys/ufs/ffs/ffs_balloc.c:640
#6  0xc0614e0c in ffs_write (ap=0xcd69c9a8)
     at /usr/src/sys/ufs/ffs/ffs_vnops.c:650
#7  0xc056ec9a in vn_rdwr (rw=UIO_WRITE, vp=0xc1785108, base=0x0, 
len=49152,
     offset=Unhandled dwarf expression opcode 0x93
) at vnode_if.h:432
#8  0xc056edc6 in vn_rdwr_inchunks (rw=UIO_WRITE, vp=0xc1785108,
     base=0x805b000 <Address 0x805b000 out of bounds>, len=14770176, 
offset=Unhandled dwarf expression opcode 0x93
)
     at /usr/src/sys/kern/vfs_vnops.c:501
#9  0xc04c4c4a in elf32_coredump (td=0xc197ab00, vp=0xc1785108, 
limit=Unhandled dwarf expression opcode 0x93
)
     at pcpu.h:156
#10 0xc04ffbb4 in coredump (td=0xc197ab00) at 
/usr/src/sys/kern/kern_sig.c:2634
#11 0xc04ff243 in sigexit (td=0xc197ab00, sig=10)
     at /usr/src/sys/kern/kern_sig.c:2444
#12 0xc04e1587 in kse_thr_interrupt (td=0xc197ab00, uap=0xcd69cd14)
     at /usr/src/sys/kern/kern_kse.c:240
#13 0xc06803c0 in syscall (frame=
       {tf_fs = -1066991569, tf_es = 47, tf_ds = 47, tf_edi = 9, tf_esi 
= 134627328, tf_ebp = 134623116, tf_isp = -848704140, tf_ebx = 
681073276, tf_edx = 10, tf_ecx = 10, tf_eax = 382, tf_trapno = 12, 
tf_err = 2, tf_eip = 681057579, tf_cs = 31, tf_eflags = 2097666, tf_esp 
= 134622976, tf_ss = 47})
     at /usr/src/sys/i386/i386/trap.c:1004
#14 0xc067051f in Xint0x80_syscall () at 
/usr/src/sys/i386/i386/exception.s:201
#15 0xc067002f in dumpsys (di=Cannot access memory at address 0x8062f94
) at /usr/src/sys/i386/i386/dump_machdep.c:100
(kgdb) frame 3
#3  0xc054e71e in getnewbuf (slpflag=0, slptimeo=0, size=16384, 
maxsize=16384)
     at /usr/src/sys/kern/vfs_bio.c:1879
1879                            panic("getnewbuf: locked buf");
(kgdb) list
1874                     * Start freeing the bp.  This is somewhat 
involved.  nbp
1875                     * remains valid only for QUEUE_EMPTY[KVA] bp's.
1876                     */
1877
1878                    if (BUF_LOCK(bp, LK_EXCLUSIVE | LK_NOWAIT, NULL) 
!= 0)
1879                            panic("getnewbuf: locked buf");
1880                    bremfreel(bp);
1881                    mtx_unlock(&bqlock);
1882
1883                    if (qindex == QUEUE_CLEAN) {
(kgdb) print bp
$1 = (struct buf *) 0xc66b0658
(kgdb) print *bp
$2 = {b_io = {bio_cmd = 2 '\002', bio_flags = 2 '\002', bio_cflags = 0 
'\0',
     bio_pflags = 0 '\0', bio_dev = 0x0, bio_disk = 0x0,
     bio_offset = 11293147136, bio_bcount = 16384,
     bio_data = 0xc76c5000 <Address 0xc76c5000 out of bounds>, bio_error 
= 0,
     bio_resid = 0, bio_done = 0xc0551160 <bufdonebio>, bio_driver1 = 0x0,
     bio_driver2 = 0x0, bio_caller1 = 0x0, bio_caller2 = 0xc66b0658,
     bio_queue = {tqe_next = 0x0, tqe_prev = 0x0}, bio_attribute = 0x0,
     bio_from = 0x0, bio_to = 0x0, bio_length = 0, bio_completed = 0,
     bio_children = 6, bio_inbed = 0, bio_parent = 0x0, bio_t0 = {sec = 0,
       frac = 0}, bio_task = 0, bio_task_arg = 0x0, bio_pblkno = 0},
   b_op = 0xc06dca88, b_magic = 280038160, b_iodone = 0, b_blkno = 
22056928,
   b_offset = 1540096, b_vnbufs = {tqe_next = 0x0, tqe_prev = 0xc19d0140},
   b_left = 0x0, b_right = 0x0, b_vflags = 0, b_freelist = {
     tqe_next = 0xc66513c0, tqe_prev = 0xc0701f98}, b_qindex = 3,
   b_flags = 139808, b_xflags = 0 '\0', b_lock = {lk_interlock = 
0xc06fd468,
     lk_flags = 2097664, lk_sharecount = 0, lk_waitcount = 1,
     lk_exclusivecount = 0, lk_prio = 80, lk_wmesg = 0xc06af7a2 "bufwait",
     lk_timo = 0, lk_lockholder = 0xffffffff, lk_newlock = 0x0}, 
b_bufsize = 0,
   b_runningbufspace = 0,
   b_kvabase = 0xc76c5000 <Address 0xc76c5000 out of bounds>,
   b_kvasize = 16384, b_lblkno = 94, b_vp = 0x0, b_object = 0x0,
   b_dirtyoff = 0, b_dirtyend = 0, b_rcred = 0x0, b_wcred = 0x0,
   b_saveaddr = 0xc76c5000, b_pager = {pg_reqpage = 0}, b_cluster = {
     cluster_head = {tqh_first = 0x0, tqh_last = 0xc66430ac}, 
cluster_entry = {
       tqe_next = 0x0, tqe_prev = 0xc66430ac}}, b_pages = {
     0x0 <repeats 32 times>}, b_npages = 0, b_dep = {lh_first = 0x0}}
(kgdb) frame 10
#10 0xc04ffbb4 in coredump (td=0xc197ab00) at 
/usr/src/sys/kern/kern_sig.c:2634
2634            error = p->p_sysent->sv_coredump ?
(kgdb) print td->td_proc->p_comm
$3 = "firefox-bin\000n\000\000\000\000\000\000"

kernel.debug and vmcore saved if more info needed.

-- 
Pawel
Received on Sun Aug 22 2004 - 23:47:26 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:07 UTC