panic: vrele: negative ref cnt

From: John Baldwin <jhb_at_FreeBSD.org>
Date: Tue, 6 Jan 2004 15:17:03 -0500
I got this panic today when powering my laptop down after trying to use xmms in KDE hosed KDE to the point that a power off was the only workaround. :(  I got the panic after the buffers had been flushed to disk.  I got the following error from fsck during boot up:

/dev/ad0s1a: 996 files, 26453 used, 100386 free (794 frags, 12449 blocks, 0.6% fragmentation)
/dev/ad0s1e: LINK COUNT DIR I=2  OWNER=root MODE=41777
/dev/ad0s1e: SIZE=512 MTIME=Jan  6 14:43 2004  COUNT 10 SHOULD BE 9 (ADJUSTED)
/dev/ad0s1e: FREE BLK COUNT(S) WRONG IN SUPERBLK (SALVAGED)
/dev/ad0s1e: SUMMARY INFORMATION BAD (SALVAGED)
/dev/ad0s1e: BLK(S) MISSING IN BIT MAPS (SALVAGED)
/dev/ad0s1e: 13 files, 267 used, 126572 free (28 frags, 15818 blocks, 0.0% fragmentation)
/dev/ad0s1f: FILE SYSTEM CLEAN; SKIPPING CHECKS
/dev/ad0s1f: clean, 6221672 free (151296 frags, 758797 blocks, 1.3% fragmentation)
/dev/ad0s1d: FILE SYSTEM CLEAN; SKIPPING CHECKS
/dev/ad0s1d: clean, 116411 free (179 frags, 14529 blocks, 0.1% fragmentation)

Backtrace:

This GDB was configured as "i386-undermydesk-freebsd"...
panic: vrele: negative ref cnt
panic messages:
---
panic: vrele: negative ref cnt
Uptime: 3h39m10s
Dumping 1023 MB
 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592 608 624 640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880 896 912 928 944 960 976 992 1008(kgdb) where
#0  doadump () at ../../../kern/kern_shutdown.c:240
#1  0xc057e4b7 in boot (howto=16640) at ../../../kern/kern_shutdown.c:372
#2  0xc057e7f3 in poweroff_wait (junk=0xc0741a6a, howto=0)
    at ../../../kern/kern_shutdown.c:550
#3  0xc05d1a1e in vput (vp=0xe0408be0) at ../../../kern/vfs_subr.c:2222
#4  0xc067f2fa in ffs_unmount (mp=0xc6c45800, mntflags=524288, td=0xc29c7500)
    at ../../../ufs/ffs/ffs_vfsops.c:1001
#5  0xc05cd38f in dounmount (mp=0xc6c45800, flags=524288, td=0xc29c7500)
    at ../../../kern/vfs_mount.c:1130
#6  0xc05d31dc in vfs_unmountall () at ../../../kern/vfs_subr.c:3177
#7  0xc057e37e in boot (howto=16384) at ../../../kern/kern_shutdown.c:357
#8  0xc057dcc5 in reboot (td=0x0, uap=0x0) at ../../../kern/kern_shutdown.c:178

(Greg: note (kgdb) prompt)

The panic from ddb was from vput, so I tried frame #3:
(kgdb) p vp->v_usecount
$3 = -1066929414
(kgdb) printf "%#x\n", vp->v_usecount
0xc067f2fa
(kgdb) x (char *)(vp->v_usecount)
0xc067f2fa <ffs_unmount+393>:   0x042444c7

Looks like v_usecount is pointing into some code?

(kgdb) l *(char *)(vp->v_usecount)
0xc067f2fa is in ffs_unmount (../../../ufs/ffs/ffs_vfsops.c:1003).
998             error = VOP_CLOSE(ump->um_devvp, FREAD|FWRITE, NOCRED, td);
999     #endif
1000
1001            vrele(ump->um_devvp);
1002
1003            free(fs->fs_csp, M_UFSMNT);
1004            free(fs, M_UFSMNT);
1005            free(ump, M_UFSMNT);
1006            mp->mnt_data = (qaddr_t)0;
1007            mp->mnt_flag &= ~MNT_LOCAL;

Weird.  Any ideas?

---

-- 
John Baldwin <jhb_at_FreeBSD.org>  <><  http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve"  =  http://www.FreeBSD.org
Received on Tue Jan 06 2004 - 11:34:55 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:36 UTC