Date: Sun, 28 Jan 2018 22:22:36 +0100 From: thomas masper <thomas.masper@gmail.com> To: current@freebsd.org Subject: Re: Panic on shutdown @r328436: "Unholding 6 with cnt = -559038242" Message-ID: <CAFZo-6zgQbhOk_=SVeEghnKCdidb8m9oq15LncYunqwCVWkd3w@mail.gmail.com> In-Reply-To: <20180126150710.GV1287@albert.catwhisker.org> References: <20180126122947.GA1287@albert.catwhisker.org> <CANCZdfqWs_1Ss_oJ0ik8r17uDRyUN8nk%2Bt9DS=zZ=j92Xz=qZA@mail.gmail.com> <20180126150710.GV1287@albert.catwhisker.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, similar panic happen to me when extracting a pendrive from laptop USB port (I tried 3 different pendrive). No issue if I reboot or shutdown. I don't know if those two issues are related. panic: Releasing 6 with cnt =3D -559038242 GNU gdb (GDB) 8.0.1 [GDB v8.0.1 for FreeBSD] Copyright (C) 2017 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.htm= l > This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-portbld-freebsd12.0". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /boot/kernel/kernel...Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug...done. done. Unread portion of the kernel message buffer: da0 at umass-sim0 bus 0 scbus4 target 0 lun 0 da0: <Generic Flash Disk 8.07> s/n 30E47C20 detached (da0:umass-sim0:0:0:0): Periph destroyed panic: Releasing 6 with cnt =3D -559038242 cpuid =3D 0 time =3D 1517158352 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00593838c0 vpanic() at vpanic+0x18d/frame 0xfffffe0059383920 panic() at panic+0x43/frame 0xfffffe0059383980 dadiskgonecb() at dadiskgonecb+0x42/frame 0xfffffe00593839a0 g_disk_providergone() at g_disk_providergone+0x25/frame 0xfffffe00593839d0 g_destroy_provider() at g_destroy_provider+0xae/frame 0xfffffe00593839f0 g_wither_washer() at g_wither_washer+0x87/frame 0xfffffe0059383a30 g_run_events() at g_run_events+0x3ca/frame 0xfffffe0059383a70 fork_exit() at fork_exit+0x84/frame 0xfffffe0059383ab0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0059383ab0 --- trap 0, rip =3D 0, rsp =3D 0, rbp =3D 0 --- KDB: enter: panic __curthread () at ./machine/pcpu.h:229 229 __asm("movq %%gs:%1,%0" : "=3Dr" (td) (kgdb) #0 __curthread () at ./machine/pcpu.h:229 #1 doadump (textdump=3D0) at /usr/src/sys/kern/kern_shutdown.c:346 #2 0xffffffff8040a08b in db_dump (dummy=3D<optimized out>, dummy2=3D<unavailable>, dummy3=3D<unavailable>, dummy4=3D<unavailable>) at /usr/src/sys/ddb/db_command.c:574 #3 0xffffffff80409e59 in db_command (last_cmdp=3D<optimized out>, cmd_table=3D<optimized out>, dopager=3D<optimized out>) at /usr/src/sys/ddb/db_command.c:481 #4 0xffffffff80409bd4 in db_command_loop () at /usr/src/sys/ddb/db_command.c:534 #5 0xffffffff8040cdff in db_trap (type=3D<optimized out>, code=3D<optimize= d out>) at /usr/src/sys/ddb/db_main.c:250 #6 0xffffffff80b0d923 in kdb_trap (type=3D3, code=3D-61456, tf=3D<optimize= d out>) at /usr/src/sys/kern/subr_kdb.c:697 #7 0xffffffff80f7b498 in trap (frame=3D0xfffffe00593837f0) at /usr/src/sys/amd64/amd64/trap.c:547 #8 <signal handler called> #9 kdb_enter (why=3D0xffffffff811f101e "panic", msg=3D<optimized out>) at /usr/src/sys/kern/subr_kdb.c:479 #10 0xffffffff80ac8d3a in vpanic (fmt=3D<optimized out>, ap=3D0xfffffe0059383960) at /usr/src/sys/kern/kern_shutdown.c:800 #11 0xffffffff80ac8dc3 in panic ( fmt=3D0xffffffff81b1bbd8 <cnputs_mtx> "\257\257\033\201\377\377\377\377= ") at /usr/src/sys/kern/kern_shutdown.c:738 #12 0xffffffff80368bb2 in da_periph_release (periph=3D<optimized out>, token=3DDA_REF_GEOM) at /usr/src/sys/cam/scsi/scsi_da.c:1591 #13 dadiskgonecb (dp=3D<optimized out>) at /usr/src/sys/cam/scsi/scsi_da.c:1904 #14 0xffffffff80a0fdd5 in g_disk_providergone (pp=3D0xfffff80003e8b700) at /usr/src/sys/geom/geom_disk.c:783 #15 0xffffffff80a15f9e in g_destroy_provider (pp=3D0xfffff80003e8b700) at /usr/src/sys/geom/geom_subr.c:746 #16 0xffffffff80a15e17 in g_wither_washer () at /usr/src/sys/geom/geom_subr.c:461 #17 0xffffffff80a112da in g_run_events () at /usr/src/sys/geom/geom_event.c:297 #18 0xffffffff80a89444 in fork_exit ( callout=3D0xffffffff80a138c0 <g_event_procbody>, arg=3D0x0, frame=3D0xfffffe0059383ac0) at /usr/src/sys/kern/kern_fork.c:1039 #19 <signal handler called> (kgdb) uname -a FreeBSD laptopW530.tommyBSD.org 12.0-CURRENT FreeBSD 12.0-CURRENT #13 r328509M: Sun Jan 28 15:38:35 CET 2018 tommy@laptopW530.tommyBSD.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64 Regards, thomas On Fri, Jan 26, 2018 at 4:07 PM, David Wolfskill <david@catwhisker.org> wrote: > On Fri, Jan 26, 2018 at 07:47:48AM -0700, Warner Losh wrote: > > On Fri, Jan 26, 2018 at 5:29 AM, David Wolfskill <david@catwhisker.org> > > wrote: > > > > > This is on my "build machine" (laptop is still building updated ports > > > for today, so I don't know yet whether or not it encounters this.) > > > > > > > Running a kernel with INVARIANTS, right? > > Yes -- GENERIC. > > > > I had performed a source-based update from r328393 to r328436, > > > rebooted, performed "make delete-old-libs", and all seemed well. > > > > > > > This has my change 328415 in it. > > :-) > > > > I then issued "sudo shutdown -p now", and serial console shows: > > > panic: Unholding 6 with cnt =3D -559038242 > > > cpuid =3D 3 > > > time =3D 1516968697 > > > KDB: stack backtrace: > > > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame > > > 0xfffffe00004288c0 > > > vpanic() at vpanic+0x18d/frame 0xfffffe0000428920 > > > panic() at panic+0x43/frame 0xfffffe0000428980 > > > dadiskgonecb() at dadiskgonecb+0x42/frame 0xfffffe00004289a0 > > > g_disk_providergone() at g_disk_providergone+0x25/frame > 0xfffffe00004289d0 > > > g_destroy_provider() at g_destroy_provider+0xae/frame > 0xfffffe00004289f0 > > > g_wither_washer() at g_wither_washer+0x87/frame 0xfffffe0000428a30 > > > g_run_events() at g_run_events+0x3ca/frame 0xfffffe0000428a70 > > > fork_exit() at fork_exit+0x84/frame 0xfffffe0000428ab0 > > > fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0000428ab0 > > > --- trap 0, rip =3D 0, rsp =3D 0, rbp =3D 0 --- > > > KDB: enter: panic > > > [ thread pid 13 tid 100044 ] > > > Stopped at kdb_enter+0x3b: movq $0,kdb_why > > > db> > > > > > > > That's no good. We're releasing a reference to the da peripheral becaus= e > > geom has finished with the disk and is giving us a final callback so we > can > > drop the reference we took when we created the geom. Trouble is, cnt > should > > be like 1 always for this code, but it's not. It looks like it may be > bytes > > to a pointer :( > > > > > > > As noted, this is a build machine, and it was to be powered off for > > > the rest of the day anyway, so I don't need to get it up & running > > > immediately: I can poke at the ddb prompt, given some clues. > > > > > > > I don't suppose you can attach kgdb to this machine? I'd be interested = to > > see what the contents of the softc are...a > > Pointer to how to do that? > > I do have ddb right now.... > > > .... > > Thanks for the report. This is quite troubling. > > Well, let's get it fixed, then! :-) > > > Warner > > .... > > I should still have access to the serial console after I get in to the > office (heading out shortly). > > Peace, > david > -- > David H. Wolfskill david@catwhisker.org > "unfortunately, no trust!=E2=80=9D -- well, of course! You reap what you= sow. > > See http://www.catwhisker.org/~david/publickey.gpg for my public key. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFZo-6zgQbhOk_=SVeEghnKCdidb8m9oq15LncYunqwCVWkd3w>