panic: vn_finished_write: neg cnt

From: Kris Kennaway <kris_at_obsecurity.org>
Date: Tue, 29 Nov 2005 16:45:11 -0500
This was on a quad amd64 machine running 6.0:

panic() at panic+0x1e6
vn_finished_write() at vn_finished_write+0x70
flushbufqueues() at flushbufqueues+0x541
buf_daemon() at buf_daemon+0x12a
fork_exit() at fork_exit+0xaa
fork_trampoline() at fork_trampoline+0xe

db> show allpcpu
cpuid        = 0
curthread    = 0xffffff032594d980: pid 96815 "gtar"
curpcb       = 0xffffffffbfc09d10
fpcurthread  = none
idlethread   = 0xffffff03e1626be0: pid 14 "idle: cpu0"

cpuid        = 1
curthread    = 0xffffff037e55d4c0: pid 96821 "gtar"
curpcb       = 0xffffffffbfe57d10
fpcurthread  = none
idlethread   = 0xffffff03e1626000: pid 13 "idle: cpu1"

cpuid        = 2
curthread    = 0xffffff02fde554c0: pid 96908 "gtar"
curpcb       = 0xffffffffbff0bd10
fpcurthread  = none
idlethread   = 0xffffff03e1625be0: pid 12 "idle: cpu2"

cpuid        = 3
curthread    = 0xffffff03e152b260: pid 69 "bufdaemon"
curpcb       = 0xffffffffbd78fd10
fpcurthread  = none
idlethread   = 0xffffff03e1625980: pid 11 "idle: cpu3"

db> wh 96815
Tracing pid 96815 tid 100159 td 0xffffff032594d980
ipi_nmi_handler() at ipi_nmi_handler+0x5e
trap() at trap+0x5a
nmi_calltrap() at nmi_calltrap+0x5
--- trap 0x13, rip = 0xffffffff8024eaec, rsp = 0xffffffffbfc09930, rbp = 0xffffffffbfc09960 ---
_mtx_lock_sleep() at _mtx_lock_sleep+0xdc
vn_start_write() at vn_start_write+0xc0
vn_write() at vn_write+0x128
dofilewrite() at dofilewrite+0x90
kern_writev() at kern_writev+0x54
write() at write+0x4b
syscall() at syscall+0x404
Xfast_syscall() at Xfast_syscall+0xa8
--- syscall (4, FreeBSD ELF64, write), rip = 0x8007160f8, rsp = 0x7fffffffe838, rbp = 0x52ca00 ---
db> wh 96821
Tracing pid 96821 tid 100243 td 0xffffff037e55d4c0
ipi_nmi_handler() at ipi_nmi_handler+0x5e
trap() at trap+0x5a
nmi_calltrap() at nmi_calltrap+0x5
--- trap 0x13, rip = 0xffffffff8024eb0e, rsp = 0xffffffffbfe57930, rbp = 0xffffffffbfe57960 ---
_mtx_lock_sleep() at _mtx_lock_sleep+0xfe
vn_start_write() at vn_start_write+0xc0
vn_write() at vn_write+0x128
dofilewrite() at dofilewrite+0x90
kern_writev() at kern_writev+0x54
write() at write+0x4b
syscall() at syscall+0x404
Xfast_syscall() at Xfast_syscall+0xa8
--- syscall (4, FreeBSD ELF64, write), rip = 0x8007160f8, rsp = 0x7fffffffe838, rbp = 0x52b000 ---
db> wh 96908
Tracing pid 96908 tid 100310 td 0xffffff02fde554c0
ipi_nmi_handler() at ipi_nmi_handler+0x5e
trap() at trap+0x5a
nmi_calltrap() at nmi_calltrap+0x5
--- trap 0x13, rip = 0xffffffff803f2a37, rsp = 0xffffffffbff0b710, rbp = 0xffffffffbff0b750 ---
siointr1() at siointr1+0x97
siointr() at siointr+0x78
intr_execute_handlers() at intr_execute_handlers+0xaa
lapic_handle_intr() at lapic_handle_intr+0x38
Xapic_isr1() at Xapic_isr1+0x7d
--- interrupt, rip = 0xffffffff8024eaf7, rsp = 0xffffffffbff0b880, rbp = 0xffffffffbff0b8b0 ---
_mtx_lock_sleep() at _mtx_lock_sleep+0xe7
vn_start_write() at vn_start_write+0xc0
setfown() at setfown+0x3f
kern_chown() at kern_chown+0x92
chown() at chown+0x18
syscall() at syscall+0x404
Xfast_syscall() at Xfast_syscall+0xa8
--- syscall (16, FreeBSD ELF64, chown), rip = 0x8006a4b18, rsp = 0x7fffffffe818, rbp = 0x5261c0 ---
db>

It was doing a loop of 22 simultaneous tarball extractions into an
async swap-backed md.  I can't dump it, but can leave it in ddb for a
while in case there's further information I can provide that can be of
use.

Kris
Received on Tue Nov 29 2005 - 20:45:31 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:48 UTC