panic on NFS access

From: Thierry Herbelot <thierry_at_herbelot.com>
Date: Thu, 25 May 2006 20:30:33 +0200
DDB trace :

panic: mutex vm object not owned at /files1/src/sys/vm/vm_object.c:695
cpuid = 0
KDB: enter: panic
[thread pid 761 tid 100087 ]
Stopped at      kdb_enter+0x2b: nop
db> where
Tracing pid 761 tid 100087 td 0xc18d5360
kdb_enter(c090fb9f) at kdb_enter+0x2b
panic(c090ee7d,c092acac,c092c05c,2b7,0) at panic+0x127
_mtx_assert(c1947708,1,c092c05c,2b7) at _mtx_assert+0x66
vm_object_page_clean(c1947708,0,0,0,0,1) at vm_object_page_clean+0x23
nfs_vinvalbuf(c1950820,1,c18d5360,1) at nfs_vinvalbuf+0x99
nfs_bioread(c1950820,c740cc64,20000,c1612200,c740cb70) at nfs_bioread+0x3a7
nfs_read(c740cb9c) at nfs_read+0x2b
VOP_READ_APV(c09c7260,c740cb9c) at VOP_READ_APV+0x7e
vn_read(c1755120,c740cc64,c1612200,0,c18d5360) at vn_read+0x1f7
dofileread(c18d5360,3,c1755120,c740cc64,ffffffff) at dofileread+0x89
kern_readv(c18d5360,3,c740cc64,8280000,1000) at kern_readv+0x36
read(c18d5360,c740cd04,c18d869c,c,c18d5360) at read+0x45
syscall(3b,3b,3b,ffffffff,28385580) at syscall+0x27e
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (3, FreeBSD ELF32, read), eip = 0x2835e3bf, esp = 0xbfbfe99c, ebp 
= 0xbfbfe9b8 ---

KGDB trace :

multi-cur# kgdb kernel.debug /files1/tmp/vmcore.1
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: 
Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:
panic: mutex vm object not owned at /files1/src/sys/vm/vm_object.c:695
cpuid = 0
KDB: enter: panic
Physical memory: 87 MB
Dumping 27 MB: 12

#0  doadump () at pcpu.h:166
166             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt
#0  doadump () at pcpu.h:166
#1  0xc047501b in db_fncall (dummy1=-952055868, dummy2=0, dummy3=1016,
    dummy4=0xc740c798 "°Ç_at_Çø\003") at /files1/src/sys/ddb/db_command.c:479
#2  0xc0474e2c in db_command (last_cmdp=0xc09e1804, cmd_table=0x0)
    at /files1/src/sys/ddb/db_command.c:395
#3  0xc0474eea in db_command_loop () at /files1/src/sys/ddb/db_command.c:446
#4  0xc0476b01 in db_trap (type=3, code=0) 
at /files1/src/sys/ddb/db_main.c:221
#5  0xc06ae4a0 in kdb_trap (type=3, code=0, tf=0xc740c928)
    at /files1/src/sys/kern/subr_kdb.c:481
#6  0xc088a960 in trap (frame=
      {tf_fs = -952107000, tf_es = -1066794968, tf_ds = -1064239064, tf_edi 
= -1064243587, tf_esi = 1, tf_ebp = -952055448, tf_isp = -952055468, tf_ebx 
= -952055404, tf_edx = 0, tf_ecx = -1056755712, tf_eax = 18, tf_trapno = 3, 
tf_err = 0, tf_eip = -1066737209, tf_cs = 32, tf_eflags = 642, tf_esp 
= -952055416, tf_ss = -1066845133})
    at /files1/src/sys/i386/i386/trap.c:622
#7  0xc0875c0a in calltrap () at /files1/src/sys/i386/i386/exception.s:138
#8  0xc06ae1c7 in kdb_enter (msg=0x12 <Address 0x12 out of bounds>) at 
cpufunc.h:60
#9  0xc0693c33 in panic (fmt=0xc090ee7d "mutex %s not owned at %s:%d")
    at /files1/src/sys/kern/kern_shutdown.c:549
#10 0xc068b826 in _mtx_assert (m=0xc1947708, what=-1056755712,
    file=0xc092c05c "/files1/src/sys/vm/vm_object.c", line=695)
    at /files1/src/sys/kern/kern_mutex.c:754
#11 0xc07eca97 in vm_object_page_clean (object=0xc1947708, start=0, 
end=Unhandled dwarf expression opcode 0x93
)
    at /files1/src/sys/vm/vm_object.c:695
#12 0xc07734b5 in nfs_vinvalbuf (vp=0xc1950820, flags=1, td=0xc18d5360, 
intrflg=1)
    at /files1/src/sys/nfsclient/nfs_bio.c:1316
#13 0xc07719c7 in nfs_bioread (vp=0xc1950820, uio=0xc740cc64, ioflag=0,
    cred=0xc1612200) at /files1/src/sys/nfsclient/nfs_bio.c:423
#14 0xc077cce3 in nfs_read (ap=0x12) 
at /files1/src/sys/nfsclient/nfs_vnops.c:981
#15 0xc089c0c6 in VOP_READ_APV (vop=0x12, a=0xc740cb9c) at vnode_if.c:631
#16 0xc06f95a7 in vn_read (fp=0xc1755120, uio=0xc740cc64, 
active_cred=0xc1612200,
    flags=0, td=0xc18d5360) at vnode_if.h:343
#17 0xc06bad21 in dofileread (td=0xc18d5360, fd=3, fp=0xc1755120, 
auio=0xc740cc64,
    offset=Unhandled dwarf expression opcode 0x93
) at file.h:241
#18 0xc06babb6 in kern_readv (td=0xc18d5360, fd=3, auio=0xc740cc64)
    at /files1/src/sys/kern/sys_generic.c:192
#19 0xc06baae1 in read (td=0xc18d5360, uap=0xc1033000)
    at /files1/src/sys/kern/sys_generic.c:116
#20 0xc088b1c6 in syscall (frame=
      {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = -1, tf_esi = 674780544, 
tf_ebp = -1077941832, tf_isp = -952054428, tf_ebx = 674691968, tf_edx = 
674786132, tf_ecx = 136839168, tf_eax = 3, tf_trapno = 12, tf_err = 2, tf_eip 
= 674620351, tf_cs = 51, tf_eflags = 530, tf_esp = -1077941860, tf_ss = 59})
    at /files1/src/sys/i386/i386/trap.c:1016
#21 0xc0875c5f in Xint0x80_syscall () 
at /files1/src/sys/i386/i386/exception.s:191
#22 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb)  
(kgdb) frame 11
#11 0xc07eca97 in vm_object_page_clean (object=0xc1947708, start=0, 
end=Unhandled dwarf expression opcode 0x93
)
    at /files1/src/sys/vm/vm_object.c:695
695             VM_OBJECT_LOCK_ASSERT(object, MA_OWNED);
(kgdb) list
690             vm_pindex_t pi;
691             int clearobjflags;
692             int pagerflags;
693             int curgeneration;
694
695             VM_OBJECT_LOCK_ASSERT(object, MA_OWNED);
696             if (object->type != OBJT_VNODE ||
697                     (object->flags & OBJ_MIGHTBEDIRTY) == 0)
698                     return;
699
(kgdb) print *object
$2 = {mtx = {mtx_object = {lo_name = 0xc092acac "vm object",
      lo_type = 0xc092c04c "standard object", lo_flags = 21168128,
      lo_witness_data = {lod_list = {stqe_next = 0xc0a0b398},
        lod_witness = 0xc0a0b398}}, mtx_lock = 4, mtx_recurse = 0}, 
object_list = {
    tqe_next = 0x0, tqe_prev = 0xc1947798}, shadow_head = {lh_first = 0x0},
  shadow_list = {le_next = 0x0, le_prev = 0x0}, memq = {tqh_first = 0x0,
    tqh_last = 0xc1947734}, root = 0x0, size = 1, generation = 1, ref_count = 
0,
  shadow_count = 0, type = 2 '\002', flags = 0, pg_color = 0,
  paging_in_progress = 0, resident_page_count = 0, backing_object = 0x0,
  backing_object_offset = 0, pager_object_list = {tqe_next = 0x0, tqe_prev = 
0x0},
  handle = 0xc1950820, un_pager = {vnp = {vnp_size = 987}, devp = {devp_pglist 
= {
        tqh_first = 0x3db, tqh_last = 0x0}}, swp = {swp_bcount = 987}}}

this is with a quite recent current :
FreeBSD 7.0-CURRENT compiled on Thu May 25 09:35:31 CEST 2006
with :
/files1/src/sys/vm/vm_object.c:
$FreeBSD: src/sys/vm/vm_object.c,v 1.359 2006/03/02 22:13:27 tegge Exp $
/files1/src/sys/nfsclient/nfs_bio.c:
$FreeBSD: src/sys/nfsclient/nfs_bio.c,v 1.157 2006/05/25 01:00:35 ups Exp $
/files1/src/sys/kern/sys_generic.c:
$FreeBSD: src/sys/kern/sys_generic.c,v 1.148 2006/01/06 16:34:22 jhb Exp $
/files1/src/sys/nfsclient/nfs_vnops.c:
$FreeBSD: src/sys/nfsclient/nfs_vnops.c,v 1.266 2006/05/19 00:04:24 mohans Exp 
$

	TfH
Received on Thu May 25 2006 - 16:30:59 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:56 UTC