From owner-freebsd-current@FreeBSD.ORG  Tue Feb  5 16:22:21 2008
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id EE56416A418;
	Tue,  5 Feb 2008 16:22:21 +0000 (UTC)
	(envelope-from yar@comp.chem.msu.su)
Received: from comp.chem.msu.su (comp.chem.msu.su [158.250.32.97])
	by mx1.freebsd.org (Postfix) with ESMTP id 02B3113C46B;
	Tue,  5 Feb 2008 16:22:20 +0000 (UTC)
	(envelope-from yar@comp.chem.msu.su)
Received: from comp.chem.msu.su (localhost [127.0.0.1])
	by comp.chem.msu.su (8.13.4/8.13.4) with ESMTP id m15GMJjP056740;
	Tue, 5 Feb 2008 19:22:19 +0300 (MSK)
	(envelope-from yar@comp.chem.msu.su)
Received: (from yar@localhost)
	by comp.chem.msu.su (8.13.4/8.13.4/Submit) id m15GMIkp056739;
	Tue, 5 Feb 2008 19:22:18 +0300 (MSK) (envelope-from yar)
Date: Tue, 5 Feb 2008 19:22:17 +0300
From: Yar Tikhiy <yar@comp.chem.msu.su>
To: Attilio Rao <attilio@freebsd.org>
Message-ID: <20080205162217.GA56373@comp.chem.msu.su>
References: <3bbf2fe10801291411v302dd33at54ebe538397e8fac@mail.gmail.com>
	<20080130130820.GA88429@comp.chem.msu.su>
	<3bbf2fe10801300707u3fd121c0k199605c2f0be6cbf@mail.gmail.com>
	<790a9fff0801301352xa91a69ci3f08488dfcfc982@mail.gmail.com>
	<3bbf2fe10801310243tddedfeckbc4c94be87f0a4ca@mail.gmail.com>
	<20080131130210.GA37090@comp.chem.msu.su>
	<3bbf2fe10801310504j486924bdm86e0436597a42b09@mail.gmail.com>
	<790a9fff0801312241s346068b6s40fcae71ebbf546@mail.gmail.com>
	<20080201145051.GE79881@comp.chem.msu.su>
	<3bbf2fe10802011041t28e419c9n5f0f6f34d6450184@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3bbf2fe10802011041t28e419c9n5f0f6f34d6450184@mail.gmail.com>
User-Agent: Mutt/1.5.9i
Cc: Kostik Belousov <kostikbel@gmail.com>, Scot Hetzel <swhetzel@gmail.com>,
	freebsd-current@freebsd.org, Doug Barton <dougb@freebsd.org>
Subject: Re: panic: System call lstat returning with 1 locks held
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Feb 2008 16:22:22 -0000

On Fri, Feb 01, 2008 at 07:41:58PM +0100, Attilio Rao wrote:
> 2008/2/1, Yar Tikhiy <yar@comp.chem.msu.su>:
[...]
> >  Fatal trap 12: page fault while in kernel mode
> >
> > cpuid = 0; apic id = 00
> >
> > fault virtual address   = 0xdeadc0ee
> >  fault code              = supervisor read, page not present
> >  instruction pointer     = 0x20:0xc07a0676
> >  stack pointer           = 0x28:0xd614e9a0
> >  frame pointer           = 0x28:0xd614e9a4
> >
> > code segment            = base 0x0, limit 0xfffff, type 0x1b
> >
> >                         = DPL 0, pres 1, def32 1, gran 1
> >
> > processor eflags        = resume, IOPL = 0
> >
> > current process         = 43 (umount)
> >  [thread pid 43 tid 100052 ]
> >  Stopped at      isitmychild+0x6:        movl    0x10(%eax),%ecx
> >  db> panic: Assertion !mtx_owned(&w_mtx) failed at /usr/src/sys/kern/subr_witness
> >  .c:959
> >  cpuid = 0
> >  Uptime: 2m14s
> >  Cannot dump. No dump device defined.
> >  Automatic reboot in 15 seconds - press a key on the console to abort
> 
> It would be suitable for you to add DDB to your kernel config and see
> a backtrace for it?

DDB was there (my kernel was GENERIC + DEBUG_VFS_LOCKS,) but it
failed, too.  Fortunately, I've managed to save a dump with the
whole call stack.  Attached is the respective output from kgdb,
showing multiple failures including the one in NTFS.

I'm keeping the dump so that I can dig deeper into it under your
guidance.  Thanks!

-- 
Yar

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0xdeadc0ee
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc07a0676
stack pointer           = 0x28:0xd615a9a0
frame pointer           = 0x28:0xd615a9a4
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = resume, IOPL = 0
current process         = 40 (umount)
panic: Assertion !mtx_owned(&w_mtx) failed at /usr/src/sys/kern/subr_witness.c:9                                              59
cpuid = 0
Uptime: 1m0s
Physical memory: 499 MB
Dumping 32 MB: 17 1

#0  doadump () at pcpu.h:195
195     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) where
#0  doadump () at pcpu.h:195
#1  0xc0768d4e in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:417
#2  0xc0769013 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:571
#3  0xc07a2839 in witness_checkorder (lock=0xc0dd2c2c, flags=Variable "flags" is not available.
)
    at /usr/src/sys/kern/subr_witness.c:959
#4  0xc075be7c in _mtx_lock_flags (m=0xc0dd2c2c, opts=0,
    file=0xc0b0f79f "/usr/src/sys/kern/subr_eventhandler.c", line=212)
    at /usr/src/sys/kern/kern_mutex.c:179
#5  0xc07903e9 in eventhandler_find_list (name=0xc0adccf5 "dcons_poll")
    at /usr/src/sys/kern/subr_eventhandler.c:212
#6  0xc055fd88 in dcons_os_checkc (dc=0xc0c015a0)
    at /usr/src/sys/dev/dcons/dcons_os.c:264
#7  0xc055feae in dcons_cngetc (cp=0xc0b6d9e0)
    at /usr/src/sys/dev/dcons/dcons_os.c:473
#8  0xc07b57a8 in cncheckc () at /usr/src/sys/kern/tty_cons.c:604
#9  0xc07b57e6 in cngetc () at /usr/src/sys/kern/tty_cons.c:582
#10 0xc0490d26 in db_readline (lstart=0xc0bf9740 "", lsize=120)
    at /usr/src/sys/ddb/db_input.c:323
#11 0xc04916fa in db_read_line () at /usr/src/sys/ddb/db_lex.c:56
#12 0xc0490066 in db_command_loop () at /usr/src/sys/ddb/db_command.c:462
#13 0xc049181d in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:228
#14 0xc0792036 in kdb_trap (type=12, code=0, tf=0xd615a960)
    at /usr/src/sys/kern/subr_kdb.c:510
---Type <return> to continue, or q <return> to quit---
#15 0xc0a78b2f in trap_fatal (frame=0xd615a960, eva=3735929070)
    at /usr/src/sys/i386/i386/trap.c:889
#16 0xc0a79450 in trap (frame=0xd615a960) at /usr/src/sys/i386/i386/trap.c:279
#17 0xc0a5f2bb in calltrap () at /usr/src/sys/i386/i386/exception.s:146
#18 0xc07a0676 in isitmychild (parent=0xdeadc0de, child=0xc0ddeb28)
    at /usr/src/sys/kern/subr_witness.c:1611
#19 0xc07a286e in witness_checkorder (lock=0xc1474908, flags=Variable "flags" is not available.
)
    at /usr/src/sys/kern/subr_witness.c:966
#20 0xc075be7c in _mtx_lock_flags (m=0xc1474908, opts=0,
    file=0xc0b2e45f "/usr/src/sys/vm/uma_core.c", line=2257)
    at /usr/src/sys/kern/kern_mutex.c:179
#21 0xc0970508 in uma_zfree_arg (zone=0xc146d1e0, item=0xc2fbb100,
    udata=0xc2fbbfa8) at /usr/src/sys/vm/uma_core.c:2257
#22 0xc0758a8a in free (addr=0xc2fbb100, mtp=0xc2ffb000)
    at /usr/src/sys/kern/kern_malloc.c:441
#23 0xc2ff7a91 in ntfs_ntput (ip=0xc2fbb100)
    at /usr/src/sys/modules/ntfs/../../fs/ntfs/ntfs_subr.c:469
#24 0xc2ff5654 in ntfs_reclaim (ap=0xd615ab04)
    at /usr/src/sys/modules/ntfs/../../fs/ntfs/ntfs_vnops.c:262
#25 0xc0a84695 in VOP_RECLAIM_APV (vop=0xc2ffb320, a=0xd615ab04)
    at vnode_if.c:1566
#26 0xc07e819f in vgonel (vp=0xc2fea880) at vnode_if.h:819
#27 0xc07e9bb7 in vflush (mp=0xc2fc27d4, rootrefs=0, flags=1, td=0xc2fec440)
---Type <return> to continue, or q <return> to quit---
    at /usr/src/sys/kern/vfs_subr.c:2406
#28 0xc2ff4bff in ntfs_unmount (mp=0xc2fc27d4, mntflags=134217728,
    td=0xc2fec440) at /usr/src/sys/modules/ntfs/../../fs/ntfs/ntfs_vfsops.c:489
#29 0xc07e3416 in dounmount (mp=0xc2fc27d4, flags=134217728, td=0xc2fec440)
    at /usr/src/sys/kern/vfs_mount.c:1286
#30 0xc07e39e0 in unmount (td=0xc2fec440, uap=0xd615acfc)
    at /usr/src/sys/kern/vfs_mount.c:1182
#31 0xc0a79043 in syscall (frame=0xd615ad38)
    at /usr/src/sys/i386/i386/trap.c:1034
#32 0xc0a5f320 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:203
#33 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)