Date: Sun, 28 Jan 2018 22:49:31 +0100 From: thomas masper <thomas.masper@gmail.com> To: Warner Losh <imp@bsdimp.com> Cc: FreeBSD Current <current@freebsd.org> Subject: Re: Panic on shutdown @r328436: "Unholding 6 with cnt = -559038242" Message-ID: <CAFZo-6x%2B6j185T8YEkYssWpgO%2B1OeThPxcG1oeb=0cZc-Z2pPg@mail.gmail.com> In-Reply-To: <CANCZdfqBadFix2yq_P8xsQXC0Xh=559prr2%2Br0t7XXhNkaBQig@mail.gmail.com> References: <20180126122947.GA1287@albert.catwhisker.org> <CANCZdfqWs_1Ss_oJ0ik8r17uDRyUN8nk%2Bt9DS=zZ=j92Xz=qZA@mail.gmail.com> <20180126150710.GV1287@albert.catwhisker.org> <CAFZo-6zgQbhOk_=SVeEghnKCdidb8m9oq15LncYunqwCVWkd3w@mail.gmail.com> <CANCZdfqBadFix2yq_P8xsQXC0Xh=559prr2%2Br0t7XXhNkaBQig@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Do you have a reproducible test case? Ideally, it would be 'insert and > remove usb thumb drive' but maybe there's more steps between insert and > removal. Exactly! Just insert and remove the usb thumb drive. Happen in both USB3 and USB2 ports of the laptop. Regards thomas On Sun, Jan 28, 2018 at 10:28 PM, Warner Losh <imp@bsdimp.com> wrote: > > > On Sun, Jan 28, 2018 at 2:22 PM, thomas masper <thomas.masper@gmail.com> > wrote: >> >> Hi, >> similar panic happen to me when extracting a pendrive from laptop USB po= rt >> (I tried 3 different pendrive). >> No issue if I reboot or shutdown. I don't know if those two issues are >> related. > > > Do you have a reproducible test case? Ideally, it would be 'insert and > remove usb thumb drive' but maybe there's more steps between insert and > removal. > > Warner > > >> >> panic: Releasing 6 with cnt =3D -559038242 >> >> GNU gdb (GDB) 8.0.1 [GDB v8.0.1 for FreeBSD] >> Copyright (C) 2017 Free Software Foundation, Inc. >> License GPLv3+: GNU GPL version 3 or later >> <http://gnu.org/licenses/gpl.html >> > >> This is free software: you are free to change and redistribute it. >> There is NO WARRANTY, to the extent permitted by law. Type "show copyin= g" >> and "show warranty" for details. >> This GDB was configured as "x86_64-portbld-freebsd12.0". >> Type "show configuration" for configuration details. >> For bug reporting instructions, please see: >> <http://www.gnu.org/software/gdb/bugs/>. >> Find the GDB manual and other documentation resources online at: >> <http://www.gnu.org/software/gdb/documentation/>. >> For help, type "help". >> Type "apropos word" to search for commands related to "word"... >> Reading symbols from /boot/kernel/kernel...Reading symbols from >> /usr/lib/debug//boot/kernel/kernel.debug...done. >> done. >> >> Unread portion of the kernel message buffer: >> da0 at umass-sim0 bus 0 scbus4 target 0 lun 0 >> da0: <Generic Flash Disk 8.07> s/n 30E47C20 detached >> (da0:umass-sim0:0:0:0): Periph destroyed >> panic: Releasing 6 with cnt =3D -559038242 >> cpuid =3D 0 >> time =3D 1517158352 >> KDB: stack backtrace: >> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame >> 0xfffffe00593838c0 >> vpanic() at vpanic+0x18d/frame 0xfffffe0059383920 >> panic() at panic+0x43/frame 0xfffffe0059383980 >> dadiskgonecb() at dadiskgonecb+0x42/frame 0xfffffe00593839a0 >> g_disk_providergone() at g_disk_providergone+0x25/frame 0xfffffe00593839= d0 >> g_destroy_provider() at g_destroy_provider+0xae/frame 0xfffffe00593839f0 >> g_wither_washer() at g_wither_washer+0x87/frame 0xfffffe0059383a30 >> g_run_events() at g_run_events+0x3ca/frame 0xfffffe0059383a70 >> fork_exit() at fork_exit+0x84/frame 0xfffffe0059383ab0 >> fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0059383ab0 >> --- trap 0, rip =3D 0, rsp =3D 0, rbp =3D 0 --- >> KDB: enter: panic >> >> __curthread () at ./machine/pcpu.h:229 >> 229 __asm("movq %%gs:%1,%0" : "=3Dr" (td) >> (kgdb) #0 __curthread () at ./machine/pcpu.h:229 >> #1 doadump (textdump=3D0) at /usr/src/sys/kern/kern_shutdown.c:346 >> #2 0xffffffff8040a08b in db_dump (dummy=3D<optimized out>, >> dummy2=3D<unavailable>, dummy3=3D<unavailable>, dummy4=3D<unavailabl= e>) >> at /usr/src/sys/ddb/db_command.c:574 >> #3 0xffffffff80409e59 in db_command (last_cmdp=3D<optimized out>, >> cmd_table=3D<optimized out>, dopager=3D<optimized out>) >> at /usr/src/sys/ddb/db_command.c:481 >> #4 0xffffffff80409bd4 in db_command_loop () >> at /usr/src/sys/ddb/db_command.c:534 >> #5 0xffffffff8040cdff in db_trap (type=3D<optimized out>, code=3D<optim= ized >> out>) >> at /usr/src/sys/ddb/db_main.c:250 >> #6 0xffffffff80b0d923 in kdb_trap (type=3D3, code=3D-61456, tf=3D<optim= ized >> out>) >> at /usr/src/sys/kern/subr_kdb.c:697 >> #7 0xffffffff80f7b498 in trap (frame=3D0xfffffe00593837f0) >> at /usr/src/sys/amd64/amd64/trap.c:547 >> #8 <signal handler called> >> #9 kdb_enter (why=3D0xffffffff811f101e "panic", msg=3D<optimized out>) >> at /usr/src/sys/kern/subr_kdb.c:479 >> #10 0xffffffff80ac8d3a in vpanic (fmt=3D<optimized out>, >> ap=3D0xfffffe0059383960) >> at /usr/src/sys/kern/kern_shutdown.c:800 >> #11 0xffffffff80ac8dc3 in panic ( >> fmt=3D0xffffffff81b1bbd8 <cnputs_mtx> >> "\257\257\033\201\377\377\377\377") >> at /usr/src/sys/kern/kern_shutdown.c:738 >> #12 0xffffffff80368bb2 in da_periph_release (periph=3D<optimized out>, >> token=3DDA_REF_GEOM) at /usr/src/sys/cam/scsi/scsi_da.c:1591 >> #13 dadiskgonecb (dp=3D<optimized out>) at >> /usr/src/sys/cam/scsi/scsi_da.c:1904 >> #14 0xffffffff80a0fdd5 in g_disk_providergone (pp=3D0xfffff80003e8b700) >> at /usr/src/sys/geom/geom_disk.c:783 >> #15 0xffffffff80a15f9e in g_destroy_provider (pp=3D0xfffff80003e8b700) >> at /usr/src/sys/geom/geom_subr.c:746 >> #16 0xffffffff80a15e17 in g_wither_washer () >> at /usr/src/sys/geom/geom_subr.c:461 >> #17 0xffffffff80a112da in g_run_events () >> at /usr/src/sys/geom/geom_event.c:297 >> #18 0xffffffff80a89444 in fork_exit ( >> callout=3D0xffffffff80a138c0 <g_event_procbody>, arg=3D0x0, >> frame=3D0xfffffe0059383ac0) at /usr/src/sys/kern/kern_fork.c:1039 >> #19 <signal handler called> >> (kgdb) >> >> >> uname -a >> FreeBSD laptopW530.tommyBSD.org 12.0-CURRENT FreeBSD 12.0-CURRENT #13 >> r328509M: Sun Jan 28 15:38:35 CET 2018 >> tommy@laptopW530.tommyBSD.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC >> amd64 >> >> Regards, >> thomas >> >> >> On Fri, Jan 26, 2018 at 4:07 PM, David Wolfskill <david@catwhisker.org> >> wrote: >> >> > On Fri, Jan 26, 2018 at 07:47:48AM -0700, Warner Losh wrote: >> > > On Fri, Jan 26, 2018 at 5:29 AM, David Wolfskill >> > > <david@catwhisker.org> >> > > wrote: >> > > >> > > > This is on my "build machine" (laptop is still building updated >> > > > ports >> > > > for today, so I don't know yet whether or not it encounters this.) >> > > > >> > > >> > > Running a kernel with INVARIANTS, right? >> > >> > Yes -- GENERIC. >> > >> > > > I had performed a source-based update from r328393 to r328436, >> > > > rebooted, performed "make delete-old-libs", and all seemed well. >> > > > >> > > >> > > This has my change 328415 in it. >> > >> > :-) >> > >> > > > I then issued "sudo shutdown -p now", and serial console shows: >> > > > panic: Unholding 6 with cnt =3D -559038242 >> > > > cpuid =3D 3 >> > > > time =3D 1516968697 >> > > > KDB: stack backtrace: >> > > > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame >> > > > 0xfffffe00004288c0 >> > > > vpanic() at vpanic+0x18d/frame 0xfffffe0000428920 >> > > > panic() at panic+0x43/frame 0xfffffe0000428980 >> > > > dadiskgonecb() at dadiskgonecb+0x42/frame 0xfffffe00004289a0 >> > > > g_disk_providergone() at g_disk_providergone+0x25/frame >> > 0xfffffe00004289d0 >> > > > g_destroy_provider() at g_destroy_provider+0xae/frame >> > 0xfffffe00004289f0 >> > > > g_wither_washer() at g_wither_washer+0x87/frame 0xfffffe0000428a30 >> > > > g_run_events() at g_run_events+0x3ca/frame 0xfffffe0000428a70 >> > > > fork_exit() at fork_exit+0x84/frame 0xfffffe0000428ab0 >> > > > fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0000428ab0 >> > > > --- trap 0, rip =3D 0, rsp =3D 0, rbp =3D 0 --- >> > > > KDB: enter: panic >> > > > [ thread pid 13 tid 100044 ] >> > > > Stopped at kdb_enter+0x3b: movq $0,kdb_why >> > > > db> >> > > > >> > > >> > > That's no good. We're releasing a reference to the da peripheral >> > > because >> > > geom has finished with the disk and is giving us a final callback so >> > > we >> > can >> > > drop the reference we took when we created the geom. Trouble is, cnt >> > should >> > > be like 1 always for this code, but it's not. It looks like it may b= e >> > bytes >> > > to a pointer :( >> > > >> > > >> > > > As noted, this is a build machine, and it was to be powered off fo= r >> > > > the rest of the day anyway, so I don't need to get it up & running >> > > > immediately: I can poke at the ddb prompt, given some clues. >> > > > >> > > >> > > I don't suppose you can attach kgdb to this machine? I'd be interest= ed >> > > to >> > > see what the contents of the softc are...a >> > >> > Pointer to how to do that? >> > >> > I do have ddb right now.... >> > >> > > .... >> > > Thanks for the report. This is quite troubling. >> > >> > Well, let's get it fixed, then! :-) >> > >> > > Warner >> > > .... >> > >> > I should still have access to the serial console after I get in to the >> > office (heading out shortly). >> > >> > Peace, >> > david >> > -- >> > David H. Wolfskill david@catwhisker.org >> > "unfortunately, no trust!=E2=80=9D -- well, of course! You reap what = you sow. >> > >> > See http://www.catwhisker.org/~david/publickey.gpg for my public key. >> > >> _______________________________________________ >> freebsd-current@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-current >> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.or= g" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFZo-6x%2B6j185T8YEkYssWpgO%2B1OeThPxcG1oeb=0cZc-Z2pPg>