Re: panic: System call lstat returning with 1 locks held

From: Yar Tikhiy <yar_at_comp.chem.msu.su>
Date: Wed, 6 Feb 2008 14:29:31 +0300
On Tue, Feb 05, 2008 at 08:56:26PM +0100, Attilio Rao wrote:
> 2008/2/5, Yar Tikhiy <yar_at_comp.chem.msu.su>:
> > On Fri, Feb 01, 2008 at 07:41:58PM +0100, Attilio Rao wrote:
> >  > 2008/2/1, Yar Tikhiy <yar_at_comp.chem.msu.su>:
> >
> > [...]
> >
> >  > It would be suitable for you to add DDB to your kernel config and see
> >  > a backtrace for it?
> >
> >
> > DDB was there (my kernel was GENERIC + DEBUG_VFS_LOCKS,) but it
> >  failed, too.  Fortunately, I've managed to save a dump with the
> >  whole call stack.  Attached is the respective output from kgdb,
> >  showing multiple failures including the one in NTFS.
> 
> Currently it is DDB which let it fail in witness after memory corruption.
> But I'm more interested in the panic originator; so, as far as it is
> unusable, can you please remove DDB option and try to get the panic
> again? it should not give you the failing assertion without DDB.

Sure, here it is, attached.

By the way, not that I want to stop helping you, but I can provide
you with a small NTFS image so that you can test the driver against
it by yourself and save a few round-trips. :-)  The crash session
shown in the attachment was conducted using this NTFS image file:

	http://people.freebsd.org/~yar/debug/ntfs.bz2

Thanks!

-- 
Yar

[causing the panic]

Enter full pathname of shell or RETURN for /bin/sh:
# dumpon /dev/ad0s3b
# mdconfig -a -f /root/ntfs
WARNING: opening backing store: /root/ntfs readoGnly
EOM_LABEL: Label for provider md0 is ntfs/TEST_NTFS.
md0
# mount -r -t ntfs /dev/md0 /mnt
# umount /mnt
lock order reversal:
 1st 0xc30566b8 ntfs (ntfs) _at_ /usr/src/sys/kern/vfs_subr.c:2361
 2nd 0xc2fd4924 ntnode (ntnode) _at_ /usr/src/sys/modules/ntfs/../../fs/ntfs/ntfs_s
ubr.c:361
kernel trap 12 with interrupts disabled


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0xdeadc0ee
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc0791e86
stack pointer           = 0x28:0xd61559a0
frame pointer           = 0x28:0xd61559a4
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = resume, IOPL = 0
current process         = 39 (umount)
trap number             = 12
panic: page fault
cpuid = 0
Uptime: 1m0s
Physical memory: 499 MB
Dumping 32 MB: 17 1
Dump complete
Automatic reboot in 15 seconds - press a key on the console to abort

[post-mortem kgdb session]

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0xdeadc0ee
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc0791e86
stack pointer           = 0x28:0xd61559a0
frame pointer           = 0x28:0xd61559a4
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = resume, IOPL = 0
current process         = 39 (umount)
trap number             = 12
panic: page fault
cpuid = 0
Uptime: 1m0s
Physical memory: 499 MB
Dumping 32 MB: 17 1

#0  doadump () at pcpu.h:195
195     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) where
#0  doadump () at pcpu.h:195
#1  0xc075ba7e in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:417
#2  0xc075bd09 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:571
#3  0xc0a4580c in trap_fatal (frame=0xd6155960, eva=3735929070)
    at /usr/src/sys/i386/i386/trap.c:898
#4  0xc0a460e0 in trap (frame=0xd6155960) at /usr/src/sys/i386/i386/trap.c:279
#5  0xc0a2c97b in calltrap () at /usr/src/sys/i386/i386/exception.s:146
#6  0xc0791e86 in isitmychild (parent=0xdeadc0de, child=0xc0c00168)
    at /usr/src/sys/kern/subr_witness.c:1611
#7  0xc0793d9e in witness_checkorder (lock=0xc1474908, flags=Variable "flags" is not available.
)
    at /usr/src/sys/kern/subr_witness.c:966
#8  0xc074edcc in _mtx_lock_flags (m=0xc1474908, opts=0,
    file=0xc0af4e44 "/usr/src/sys/vm/uma_core.c", line=2257)
    at /usr/src/sys/kern/kern_mutex.c:179
#9  0xc095f398 in uma_zfree_arg (zone=0xc146d1e0, item=0xc2fd4900,
    udata=0xc2fd4fa8) at /usr/src/sys/vm/uma_core.c:2257
#10 0xc074bb1a in free (addr=0xc2fd4900, mtp=0xc2ff1000)
    at /usr/src/sys/kern/kern_malloc.c:441
#11 0xc2feda91 in ntfs_ntput (ip=0xc2fd4900)
    at /usr/src/sys/modules/ntfs/../../fs/ntfs/ntfs_subr.c:469
#12 0xc2feb654 in ntfs_reclaim (ap=0xd6155b04)
    at /usr/src/sys/modules/ntfs/../../fs/ntfs/ntfs_vnops.c:262
#13 0xc0a51195 in VOP_RECLAIM_APV (vop=0xc2ff1320, a=0xd6155b04)
---Type <return> to continue, or q <return> to quit---
    at vnode_if.c:1566
#14 0xc07d848f in vgonel (vp=0xc3056660) at vnode_if.h:819
#15 0xc07d9f47 in vflush (mp=0xc2fb6a70, rootrefs=0, flags=1, td=0xc2fdf660)
    at /usr/src/sys/kern/vfs_subr.c:2406
#16 0xc2feabff in ntfs_unmount (mp=0xc2fb6a70, mntflags=134217728,
    td=0xc2fdf660) at /usr/src/sys/modules/ntfs/../../fs/ntfs/ntfs_vfsops.c:489
#17 0xc07d3756 in dounmount (mp=0xc2fb6a70, flags=134217728, td=0xc2fdf660)
    at /usr/src/sys/kern/vfs_mount.c:1286
#18 0xc07d3d20 in unmount (td=0xc2fdf660, uap=0xd6155cfc)
    at /usr/src/sys/kern/vfs_mount.c:1182
#19 0xc0a45ce3 in syscall (frame=0xd6155d38)
    at /usr/src/sys/i386/i386/trap.c:1034
#20 0xc0a2c9e0 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:203
#21 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
Received on Wed Feb 06 2008 - 10:29:37 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:26 UTC