Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 11 Aug 2007 20:24:34 +0200
From:      Vaclav Haisman <v.haisman@sh.cvut.cz>
To:        stable@freebsd.org
Subject:   Panic with todays 6.2
Message-ID:  <46BDFEE2.70508@sh.cvut.cz>
next in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
I experienced a panic with todays 6.2 kernel. I still have the dump core 
if anybody is interested.

--
VH


[-- Attachment #2 --]
Script started on Sat Aug 11 20:18:45 2007
amber2::root:/usr/crash> kkgdb -v -a -c vmcore.2 /boot/kernel/kernel.debug

kgdb: core file: vmcore.2
kgdb: kernel image: /boot/kernel/kernel.debug
kgdb: kvm_nlist(_stopped_cpus): 
kgdb: kvm_nlist(_stoppcbs): 
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:
panic: vrele: negative ref cnt
Uptime: 6h15m49s
Dumping 511 MB (2 chunks)
  chunk 0: 1MB (160 pages) ... ok
  chunk 1: 511MB (130800 pages) 495 (CTRL-C to abort)  479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 (CTRL-C to abort)  (CTRL-C to abort)  (CTRL-C to abort)  175 159 143 127 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:165
165	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:165
#1  0xc05f44f4 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2  0xc05f4826 in panic (fmt=0xc08a93bd "vrele: negative ref cnt") at /usr/src/sys/kern/kern_shutdown.c:565
#3  0xc066077e in vrele (vp=0xc3d70110) at /usr/src/sys/kern/vfs_subr.c:2076
#4  0xc066588b in kern_chdir (td=0xc4565600, path=0x0, pathseg=UIO_USERSPACE) at /usr/src/sys/kern/vfs_syscalls.c:792
#5  0xc06655c2 in chdir (td=0x0, uap=0x0) at /usr/src/sys/kern/vfs_syscalls.c:761
#6  0xc084c1f0 in syscall (frame=
      {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 134569088, tf_esi = 134569088, tf_ebp = -1077946776, tf_isp = -421929628, tf_ebx = 672163096, tf_edx = 0, tf_ecx = 0, tf_eax = 12, tf_trapno = 12, tf_err = 2, tf_eip = 673982663, tf_cs = 51, tf_eflags = 514, tf_esp = -1077946804, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:983
#7  0xc083697f in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200
#8  0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) frame 2
#2  0xc05f4826 in panic (fmt=0xc08a93bd "vrele: negative ref cnt") at /usr/src/sys/kern/kern_shutdown.c:565
/usr/src/sys/kern/kern_shutdown.c:565:13857:beg:0xc05f4826
(kgdb) l
560		mtx_lock_spin(&sched_lock);
561		td->td_flags |= TDF_INPANIC;
562		mtx_unlock_spin(&sched_lock);
563		if (!sync_on_panic)
564			bootopt |= RB_NOSYNC;
565		boot(bootopt);
566	}
567	
568	/*
569	 * Support for poweroff delay.
(kgdb) pframe 3
#3  0xc066077e in vrele (vp=0xc3d70110) at /usr/src/sys/kern/vfs_subr.c:2076
/usr/src/sys/kern/vfs_subr.c:2076:55973:beg:0xc066077e
(kgdb) fl
2071		if (vp->v_usecount != 1) {
2072	#ifdef DIAGNOSTIC
2073			vprint("vrele: negative ref count", vp);
2074	#endif
2075			VI_UNLOCK(vp);
2076			panic("vrele: negative ref cnt");
2077		}
2078		/*
2079		 * We want to hold the vnode until the inactive finishes to
2080		 * prevent vgone() races.  We drop the use count here and the
(kgdb) frapp *vp
$1 = {v_type = VDIR, v_tag = 0xc3af7a08 "fuse", v_op = 0xc3af8240, v_data = 0xc3429c00, v_mount = 0xc36dfa60, v_nmntvnodes = {
    tqe_next = 0xc4159550, tqe_prev = 0xc4e51234}, v_un = {vu_mount = 0x0, vu_socket = 0x0, vu_cdev = 0x0, vu_fifoinfo = 0x0}, 
  v_hashlist = {le_next = 0xc3f07000, le_prev = 0xc3477cf0}, v_hash = 616, v_cache_src = {lh_first = 0x0}, v_cache_dst = {
    tqh_first = 0x0, tqh_last = 0xc3d70140}, v_dd = 0xc4e51220, v_cstart = 0, v_lasta = 0, v_lastw = 0, v_clen = 0, v_lock = {
    lk_interlock = 0xc09623d8, lk_flags = 128, lk_sharecount = 0, lk_waitcount = 0, lk_exclusivecount = 0, lk_prio = 80, 
    lk_wmesg = 0xc3af7a08 "fuse", lk_timo = 51, lk_lockholder = 0xffffffff, lk_newlock = 0x0}, v_interlock = {mtx_object = {
      lo_class = 0xc090a344, lo_name = 0xc08a9285 "vnode interlock", lo_type = 0xc08a9285 "vnode interlock", lo_flags = 196608, 
      lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0}, v_vnlock = 0xc3d70168, 
  v_holdcnt = 0, v_usecount = 0, v_iflag = 256, v_vflag = 0, v_writecount = 0, v_freelist = {tqe_next = 0xc4a49bb0, 
    tqe_prev = 0xc38dd3e8}, v_bufobj = {bo_mtx = 0xc3d7018c, bo_clean = {bv_hd = {tqh_first = 0x0, tqh_last = 0xc3d701d4}, 
      bv_root = 0x0, bv_cnt = 0}, bo_dirty = {bv_hd = {tqh_first = 0x0, tqh_last = 0xc3d701e4}, bv_root = 0x0, bv_cnt = 0}, 
    bo_numoutput = 0, bo_flag = 0, bo_ops = 0xc3af8310, bo_bsize = 4096, bo_object = 0xc53b5b58, bo_synclist = {le_next = 0x0, 
      le_prev = 0x0}, bo_private = 0xc3d70110, __bo_vnode = 0xc3d70110}, v_pollinfo = 0x0, v_label = 0xc508fab4}
(kgdb) frame 34
#4  0xc066588b in kern_chdir (td=0xc4565600, path=0x0, pathseg=UIO_USERSPACE) at /usr/src/sys/kern/vfs_syscalls.c:792
/usr/src/sys/kern/vfs_syscalls.c:792:18246:beg:0xc066588b
(kgdb) l
787		FILEDESC_LOCK_FAST(fdp);
788		vp = fdp->fd_cdir;
789		fdp->fd_cdir = nd.ni_vp;
790		FILEDESC_UNLOCK_FAST(fdp);
791		vfslocked = VFS_LOCK_GIANT(vp->v_mount);
792		vrele(vp);
793		VFS_UNLOCK_GIANT(vfslocked);
794		return (0);
795	}
796	
(kgdb) p *td
$2 = {td_proc = 0xc3966430, td_ksegrp = 0xc3b48c00, td_plist = {tqe_next = 0x0, tqe_prev = 0xc3966440}, td_kglist = {tqe_next = 0x0, 
    tqe_prev = 0xc3b48c0c}, td_slpq = {tqe_next = 0x0, tqe_prev = 0xc4937d40}, td_lockq = {tqe_next = 0x0, tqe_prev = 0xe6d5ec34}, 
  td_runq = {tqe_next = 0x0, tqe_prev = 0xc090c3ac}, td_selq = {tqh_first = 0x0, tqh_last = 0xc4565630}, td_sleepqueue = 0xc4937d40, 
  td_turnstile = 0xc475ed80, td_umtxq = 0xc4567e40, td_tid = 100145, td_flags = 16842754, td_inhibitors = 0, td_pflags = 0, 
  td_dupfd = 0, td_wchan = 0x0, td_wmesg = 0x0, td_lastcpu = 0 '\0', td_oncpu = 0 '\0', td_owepreempt = 0 '\0', td_locks = 1356, 
  td_blocked = 0x0, td_ithd = 0x0, td_lockname = 0x0, td_contested = {lh_first = 0x0}, td_sleeplocks = 0x0, td_intr_nesting_level = 0, 
  td_pinned = 1, td_mailbox = 0x0, td_ucred = 0xc38b5a00, td_standin = 0x0, td_upcall = 0x0, td_sticks = 1348, td_uuticks = 0, 
  td_usticks = 0, td_intrval = 4, td_oldsigmask = {__bits = {524288, 0, 0, 0}}, td_sigmask = {__bits = {524288, 0, 0, 0}}, 
  td_siglist = {__bits = {0, 0, 0, 0}}, td_generation = 6095, td_sigstk = {ss_sp = 0x0, ss_size = 0, ss_flags = 4}, td_kflags = 0, 
  td_xsig = 0, td_profil_addr = 0, td_profil_ticks = 0, td_base_pri = 216 'Ø', td_priority = 216 'Ø', td_pcb = 0xe6d9dd90, 
  td_state = TDS_RUNNING, td_retval = {0, 0}, td_slpcallout = {c_links = {sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0, 
        tqe_prev = 0xcd798e78}}, c_time = 22844429, c_arg = 0xc4565600, c_func = 0xc06195b0 <sleepq_timeout>, c_mtx = 0x0, 
    c_flags = 16}, td_frame = 0xe6d9dd38, td_kstack_obj = 0xc455a7bc, td_kstack = 3873030144, td_kstack_pages = 2, 
  td_altkstack_obj = 0x0, td_altkstack = 0, td_altkstack_pages = 0, td_critnest = 0, td_md = {md_spinlock_count = 0, 
    md_saved_flags = 70}, td_sched = 0xc4565758, td_ar = 0x0}
(kgdb) frame 5
#5  0xc06655c2 in chdir (td=0x0, uap=0x0) at /usr/src/sys/kern/vfs_syscalls.c:761
/usr/src/sys/kern/vfs_syscalls.c:761:17450:beg:0xc06655c2
(kgdb) pl
756		struct chdir_args /* {
757			char *path;
758		} */ *uap;
759	{
760	
761		return (kern_chdir(td, uap->path, UIO_USERSPACE));
762	}
763	
764	int
765	kern_chdir(struct thread *td, char *path, enum uio_seg pathseg)
(kgdb) p *frame 6
#6  0xc084c1f0 in syscall (frame=
      {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 134569088, tf_esi = 134569088, tf_ebp = -1077946776, tf_isp = -421929628, tf_ebx = 672163096, tf_edx = 0, tf_ecx = 0, tf_eax = 12, tf_trapno = 12, tf_err = 2, tf_eip = 673982663, tf_cs = 51, tf_eflags = 514, tf_esp = -1077946804, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:983
/usr/src/sys/i386/i386/trap.c:983:25465:beg:0xc084c1f0
(kgdb) l
978			STOPEVENT(p, S_SCE, narg);
979	
980			PTRACESTOP_SC(p, td, S_PT_SCE);
981	
982			AUDIT_SYSCALL_ENTER(code, td);
983			error = (*callp->sy_call)(td, args);
984			AUDIT_SYSCALL_EXIT(error, td);
985		}
986	
987		switch (error) {
(kgdb) q
amber2::root:/usr/crash> eexit


Script done on Sat Aug 11 20:20:25 2007

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46BDFEE2.70508>