GENERIC RELENG_6 from Sep 19 16:00 UTC, vmcore.83

GDB: no debug ports present
KDB: debugger backends: ddb
KDB: current backend: ddb
Copyright (c) 1992-2006 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD 6.2-PRERELEASE #1: Tue Sep 19 21:25:57 CEST 2006
    pho@crashbox.osted.lan:/usr/src/sys/i386/compile/PHO
WARNING: WITNESS option enabled, expect reduced performance.
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) XEON(TM) CPU 1.80GHz (1799.81-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0xf24  Stepping = 4
  Features=0x3febfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM>
  Logical CPUs per core: 2
real memory  = 1073676288 (1023 MB)
avail memory = 1032761344 (984 MB)
:
Trying to mount root from ufs:/dev/ad0s1a
fxp0: link state changed to UP
Mount point /mnt had 1 dangling refs

0xc7768414: tag ufs, type VDIR
    usecount 0, writecount 0, refcount 1 mountedhere 0
    flags (VV_ROOT)
    #0 0xc065ee65 at lockmgr+0x4ed
#1 0xc07b0496 at ffs_lock+0x76
#2 0xc087c88b at VOP_LOCK_APV+0x87
#3 0xc06cb39c at vn_lock+0xac
#4 0xc06bf56c at vrele+0x110
#5 0xc064ba0b at fdfree+0x65b
#6 0xc0653c20 at exit1+0x408
#7 0xc0653818 at exit1+0
#8 0xc086a303 at syscall+0x22f
#9 0xc085831f at Xint0x80_syscall+0x1f

        ino 2, on dev md0c
panic: unmount: dangling vnode
KDB: enter: panic
[thread pid 9261 tid 100083 ]
Stopped at      kdb_enter+0x2b: nop
db> where
Tracing pid 9261 tid 100083 td 0xc59b7600
kdb_enter(c08e3888) at kdb_enter+0x2b
panic(c08ec5fc,0,c5a3915c,8080000,e7cd4ca4,...) at panic+0xdf
vfs_mount_destroy(c55d35c0,c55d35e0,6,0,c59b7600,...) at vfs_mount_destroy+0x205
dounmount(c55d35c0,8080000,c59b7600,c09cd300,0,...) at dounmount+0x483
unmount(c59b7600,e7cd4d04) at unmount+0x1f9
syscall(3b,3b,3b,804a465,804de01,...) at syscall+0x22f
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (22, FreeBSD ELF32, unmount), eip = 0x280c66b7, esp = 0xbfbfe34c, ebp = 0xbfbfe3f8 ---
db> show alllocks
Process 9261 (umount) thread 0xc59b7600 (100083)
exclusive sleep mutex Giant r = 1 (0xc09cd300) locked @ kern/vfs_mount.c:1088
Process 8959 (find) thread 0xc59be600 (100127)
exclusive sleep mutex filedesc structure r = 0 (0xc68b1c2c) locked @ kern/vfs_lookup.c:183
db> where 8959
Tracing pid 8959 tid 100127 td 0xc59be600
sched_switch(c59be600,0,2) at sched_switch+0x177
mi_switch(2,0,c09cd2c0,0,c08e4eea,...) at mi_switch+0x270
critical_exit(c08e74f5,e7d10ac8,c08588b0,0,8,...) at critical_exit+0x8b
lapic_handle_timer(0) at lapic_handle_timer+0xc9
Xtimerint(c08ec2b3,c08e74f2,3) at Xtimerint+0x30
fixup_filename(c08ec2ad,c068cbc6,c0961a04,c68b1c2c,b7,...) at fixup_filename+0x24
witness_unlock(c68b1c2c,8,c08ec2ad,b7) at witness_unlock+0x51
_mtx_unlock_flags(c68b1c2c,0,c08ec2ad,b7) at _mtx_unlock_flags+0x79
namei(e7d10ba0) at namei+0x1d3
kern_lstat(c59be600,80568a8,0,e7d10c74) at kern_lstat+0x47
lstat(c59be600,e7d10d04) at lstat+0x1b
syscall(805003b,bfbf003b,bfbf003b,8056848,8056800,...) at syscall+0x22f
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (190, FreeBSD ELF32, lstat), eip = 0x2813b473, esp = 0xbfbfebac, ebp = 0xbfbfec48 ---
db> show lockedvnods
Locked vnodes
db> show lockedbufs
buf at 0xd94ff7b0
b_flags = 0x20000000<vmio>
b_error = 0, b_bufsize = 16384, b_bcount = 16384, b_resid = 0
b_bufobj = (0xc560ba90), b_data = 0xdddd8000, b_blkno = 3775904
b_npages = 4, pages(OBJ, IDX, PA): (0xc182b630, 0x733b4, 0x3aed5000),(0xc182b630, 0x733b5, 0x7df6000),(0xc182b630, 0x733b6, 0x277d7000),(0xc182b630, 0x733b7, 0x1d18000)
db> show allpcpu
Current CPU: 0

cpuid        = 0
curthread    = 0xc59b7600: pid 9261 "umount"
curpcb       = 0xe7cd4d90
fpcurthread  = none
idlethread   = 0xc52a1600: pid 10 "idle"
APIC ID      = 0
currentldt   = 0x50
spin locks held:

db> ps
  pid  ppid  pgrp   uid   state   wmesg     wchan    cmd
 9261  9225  9225     0  R+      CPU 0               umount
 9234     0     0     0  SL      mdwait   0xc5e05800 [md0]
 9225  1022  9225     0  S+      wait     0xc5a54430 sh
 8959  8861  8754     0  R                           find
 8876  8866  8754     0  S       piperd   0xc55eecc0 cat
 8866  8854  8754     0  SW      wait     0xc5aad218 sh
 8865  8854  8754     0  S       piperd   0xc55ee000 sort
 8864  8854  8754     0  S       piperd   0xc55edcc0 sed
 8862  8854  8754     0  S       piperd   0xc55ee7f8 xargs
 8861  8854  8754     0  SW      wait     0xc5ac7430 sh
 8855  8853  8754     0  S       piperd   0xc55ee660 mail
 8854  8852  8754     0  SW      wait     0xc5a70860 sh
 8853  8846  8754     0  SW      wait     0xc5a73000 sh
 8852  8846  8754     0  SW      wait     0xc68b0860 sh
 8846  8845  8754     0  SW      wait     0xc5a54c90 sh
 8845  8762  8754     0  SW      wait     0xc5a73430 sh
 8764  8763  8754     0  S       piperd   0xc56a1330 mail
 8763  8755  8754     0  SW      wait     0xc5aadc90 sh
 8762  8755  8754     0  SW      wait     0xc5ac7218 sh
 8755  8754  8754     0  SW      wait     0xc5ab7218 sh
 8754  8753  8754     0  SWs     wait     0xc5a70a78 sh
 8753   862   862     0  S       piperd   0xc55ed330 cron
 1181   987  1181  1001  S+      select   0xc0a18744 top
 1022  1019  1022     0  S+      wait     0xc59b9a78 bash
 1019  1018  1019     0  SW+     pause    0xc5945034 csh
 1018  1010  1018  1001  SW+     wait     0xc5945430 su
 1010  1009  1010  1001  SWs+    wait     0xc5945218 bash
 1009  1007  1007  1001  S       select   0xc0a18744 sshd
 1007   845  1007     0  SWs     sbwait   0xc593d0a8 sshd
 1006   997  1006  1001  S+      kqread   0xc5946c00 tail
  997   996   997  1001  SWs+    wait     0xc5941000 bash
  996   994   994  1001  SW      select   0xc0a18744 sshd
  994   845   994     0  SWs     sbwait   0xc56c6900 sshd
  987   973   987  1001  SWs+    wait     0xc5945648 bash
  986     1   986     0  SWs+    ttyin    0xc5468c10 getty
  985     1   985     0  SWs+    ttyin    0xc546b010 getty
  984     1   984     0  SWs+    ttyin    0xc546a010 getty
  983     1   983     0  SWs+    ttyin    0xc5469410 getty
  982     1   982     0  SWs+    ttyin    0xc5469810 getty
  981     1   981     0  SWs+    ttyin    0xc5463010 getty
  980     1   980     0  SWs+    ttyin    0xc546b410 getty
  979     1   979     0  SWs+    ttyin    0xc546a410 getty
  973   910   910  1001  S       select   0xc0a18744 sshd
  961     1   961     0  SWs     select   0xc0a18744 inetd
  932     1   932     0  SWs     select   0xc0a18744 moused
  916     1   916     0  Ss      nanslp   0xc09cdbec watchdogd
  910   845   910     0  SWs     sbwait   0xc56c620c sshd
  862     1   862     0  Ss      nanslp   0xc09cdbec cron
  856     1   856    25  Ss      pause    0xc56bf034 sendmail
  852     1   852     0  Ss      select   0xc0a18744 sendmail
  845     1   845     0  SWs     select   0xc0a18744 sshd
  825     1   825     0  Ss      select   0xc0a18744 ntpd
  766   761   761     0  SW      -        0xc5693400 nfsd
  765   761   761     0  SW      -        0xc56bec00 nfsd
  764   761   761     0  SW      -        0xc5693200 nfsd
  763   761   761     0  SW      -        0xc55e2c00 nfsd
  761     1   761     0  SWs     select   0xc0a18744 nfsd
  759     1   759     0  Ss      select   0xc0a18744 mountd
  700     1   700     0  Ss      select   0xc0a18744 rpcbind
  677     1   677     0  Ss      select   0xc0a18744 syslogd
  567     1   567     0  SWs     select   0xc0a18744 devd
   39     0     0     0  SL      -        0xe57c4d04 [schedcpu]
   38     0     0     0  SL      sdflush  0xc0a26154 [softdepflush]
   37     0     0     0  SL      syncer   0xc09cd960 [syncer]
   36     0     0     0  SL      vlruwt   0xc545a218 [vnlru]
   35     0     0     0  SL      psleep   0xc0a18cac [bufdaemon]
   34     0     0     0  SL      pgzero   0xc0a270c4 [pagezero]
   33     0     0     0  SL      psleep   0xc0a26c14 [vmdaemon]
   32     0     0     0  SL      psleep   0xc0a26bd0 [pagedaemon]
   31     0     0     0  WL                          [irq7: ppc0]
   30     0     0     0  SL      -        0xc544603c [fdc0]
   29     0     0     0  WL                          [swi0: sio]
   28     0     0     0  WL                          [irq12: psm0]
   27     0     0     0  WL                          [irq1: atkbd0]
   26     0     0     0  WL                          [irq15: ata1]
   25     0     0     0  WL                          [irq14: ata0]
   24     0     0     0  WL                          [irq17: fxp0]
   23     0     0     0  SL      usbtsk   0xc09ca864 [usbtask]
   22     0     0     0  SL      usbevt   0xc53b2210 [usb0]
   21     0     0     0  WL                          [irq16: uhci0]
   20     0     0     0  SL      -        0xc53c0b80 [em0 taskq]
   19     0     0     0  WL                          [irq9: acpi0]
   18     0     0     0  WL                          [swi2: cambio]
    9     0     0     0  SL      -        0xc53a1700 [kqueue taskq]
    8     0     0     0  SL      -        0xc52ea600 [acpi_task_2]
    7     0     0     0  SL      -        0xc52ea600 [acpi_task_1]
    6     0     0     0  SL      -        0xc52ea600 [acpi_task_0]
   17     0     0     0  WL                          [swi5: +]
    5     0     0     0  SL      -        0xc52ea780 [thread taskq]
   16     0     0     0  WL                          [swi6: Giant taskq]
   15     0     0     0  WL                          [swi6: task queue]
   14     0     0     0  SL      -        0xc09c8580 [yarrow]
    4     0     0     0  SL      -        0xc09cb0a8 [g_down]
    3     0     0     0  SL      -        0xc09cb0a4 [g_up]
    2     0     0     0  SL      -        0xc09cb09c [g_event]
   13     0     0     0  WL                          [swi3: vm]
   12     0     0     0  LL     *Giant    0xc5295a40 [swi4: clock sio]
   11     0     0     0  WL                          [swi1: net]
   10     0     0     0  RL                          [idle]
    1     0     1     0  SLs     wait     0xc52a6000 [init]
    0     0     0     0  WLs                         [swapper]
db> call doadump
Dumping 1023 MB (2 chunks)
  chunk 0: 1MB (159 pages) ... ok
  chunk 1: 1023MB (261872 pages) 1007 991 975 959 943 927 911 895 879 863 847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15 ... ok

Dump complete
= 0xf
db> reset

(kgdb) bt
#0  doadump () at pcpu.h:165
#1  0xc047397f in db_fncall (dummy1=0xc0a44dc0, dummy2=0x0, dummy3=0x0, dummy4=0xe7cd4aa0 "J,\204JJ\220\a")
    at ../../../ddb/db_command.c:492
#2  0xc0473784 in db_command (last_cmdp=0xc09b2224, cmd_table=0x0, aux_cmd_tablep=0xc091062c, aux_cmd_tablep_end=0xc0910648)
    at ../../../ddb/db_command.c:350
#3  0xc047384c in db_command_loop () at ../../../ddb/db_command.c:458
#4  0xc0475441 in db_trap (type=0x3, code=0x0) at ../../../ddb/db_main.c:228
#5  0xc068233b in kdb_trap (type=0x3, code=0x0, tf=0xe7cd4be0) at ../../../kern/subr_kdb.c:473
#6  0xc0869b64 in trap (frame=
      {tf_fs = 0xe7cd0008, tf_es = 0xc0680028, tf_ds = 0xc08e0028, tf_edi = 0xc08ec5fc, tf_esi = 0x1, tf_ebp = 0xe7cd4c20, tf_isp = 0xe7cd4c0c, tf_ebx = 0xe7cd4c4c, tf_edx = 0x0, tf_ecx = 0xc1815000, tf_eax = 0x12, tf_trapno = 0x3, tf_err = 0x0, tf_eip = 0xc06820bf, tf_cs = 0x20, tf_eflags = 0x292, tf_esp = 0xe7cd4c40, tf_ss = 0xc066a27b}) at ../../../i386/i386/trap.c:594
#7  0xc08582ca in calltrap () at ../../../i386/i386/exception.s:139
#8  0xc06820bf in kdb_enter (msg=0x12 <Address 0x12 out of bounds>) at cpufunc.h:60
#9  0xc066a27b in panic (fmt=0xc08ec5fc "unmount: dangling vnode") at ../../../kern/kern_shutdown.c:559
#10 0xc06b9c09 in vfs_mount_destroy (mp=0x0) at ../../../kern/vfs_mount.c:546
#11 0xc06bb1ef in dounmount (mp=0xc55d35c0, flags=0x8080000, td=0xc59b7600) at ../../../kern/vfs_mount.c:1200
#12 0xc06bad45 in unmount (td=0xc59b7600, uap=0xe7cd4d04) at ../../../kern/vfs_mount.c:1089
#13 0xc086a303 in syscall (frame=
      {tf_fs = 0x3b, tf_es = 0x3b, tf_ds = 0x3b, tf_edi = 0x804a465, tf_esi = 0x804de01, tf_ebp = 0xbfbfe3f8, tf_isp = 0xe7cd4d64, tf_ebx = 0xbfbfe3a0, tf_edx = 0x1a, tf_ecx = 0x0, tf_eax = 0x16, tf_trapno = 0xc, tf_err = 0x2, tf_eip = 0x280c66b7, tf_cs = 0x33, tf_eflags = 0x206, tf_esp = 0xbfbfe34c, tf_ss = 0x3b}) at ../../../i386/i386/trap.c:983
#14 0xc085831f in Xint0x80_syscall () at ../../../i386/i386/exception.s:200
#15 0x00000033 in ?? ()
(kgdb) f 11
#11 0xc06bb1ef in dounmount (mp=0xc55d35c0, flags=0x8080000, td=0xc59b7600) at ../../../kern/vfs_mount.c:1200
1200            vfs_mount_destroy(mp);
(kgdb) p *mp
$2 = {mnt_list = {tqe_next = 0x0, tqe_prev = 0xc56675c0}, mnt_op = 0xc099bb60, mnt_vfc = 0xc099bba0,
  mnt_vnodecovered = 0xc5a3915c, mnt_syncer = 0x0, mnt_nvnodelist = {tqh_first = 0xc7768414, tqh_last = 0xc7768428},
  mnt_lock = {lk_interlock = 0xc09ccbf0, lk_flags = 0x100000, lk_sharecount = 0x0, lk_waitcount = 0x0,
    lk_exclusivecount = 0x0, lk_prio = 0x50, lk_wmesg = 0xc08ec4cf "vfslock", lk_timo = 0x0, lk_lockholder = 0xffffffff,
    lk_newlock = 0x0, lk_stack = {depth = 0x5, pcs = {0xc065efa3, 0xc06bae70, 0xc06bad45, 0xc086a303, 0xc085831f,
        0x0 <repeats 13 times>}}}, mnt_mtx = {mtx_object = {lo_class = 0xc0961a04, lo_name = 0xc08ec4be "struct mount mtx",
      lo_type = 0xc08ec4be "struct mount mtx", lo_flags = 0x30000, lo_list = {tqe_next = 0xc55d3930, tqe_prev = 0xc55d3380},
      lo_witness = 0xc09da8d0}, mtx_lock = 0x4, mtx_recurse = 0x0}, mnt_writeopcount = 0x0, mnt_flag = 0x0,
  mnt_opt = 0xc543f770, mnt_optnew = 0x0, mnt_kern_flag = 0x21000001, mnt_maxsymlinklen = 0x78, mnt_stat = {
    f_version = 0x20030518, f_type = 0x5, f_flags = 0x1000, f_bsize = 0x800, f_iosize = 0x4000, f_blocks = 0xc137,
    f_bfree = 0xc135, f_bavail = 0xb1c0, f_files = 0x32fe, f_ffree = 0x32fc, f_syncwrites = 0x0, f_asyncwrites = 0x0,
    f_syncreads = 0x0, f_asyncreads = 0x0, f_spare = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, f_namemax = 0xff,
    f_owner = 0x0, f_fsid = {val = {0x451094e0, 0x63e0e8b5}}, f_charspare = '\0' <repeats 79 times>,
    f_fstypename = "ufs", '\0' <repeats 12 times>, f_mntfromname = "/dev/md0c", '\0' <repeats 78 times>,
    f_mntonname = "/mnt", '\0' <repeats 83 times>}, mnt_cred = 0xc55ea880, mnt_data = 0x0, mnt_time = 0x0,
  mnt_iosize_max = 0x20000, mnt_export = 0x0, mnt_mntlabel = 0x0, mnt_fslabel = 0x0, mnt_nvnodelistsize = 0x1,
  mnt_hashseed = 0x419600c1, mnt_markercnt = 0x0, mnt_holdcnt = 0x0, mnt_holdcntwaiters = 0x0, mnt_secondary_writes = 0x0,
  mnt_secondary_accwrites = 0x48d50, mnt_ref = 0x1}