Re: nullfs panic with recent current

From: John Baldwin <jhb_at_freebsd.org>
Date: Thu, 11 Sep 2008 16:32:39 -0400
On Thursday 11 September 2008 01:24:53 pm Oleg Bulyzhin wrote:
> 
> Trying to build world, having null mounted /usr/src & /usr/obj, i've got
> this panic.
> 
> root_at_slave# uname -a
> FreeBSD slave.rinet.ru 8.0-CURRENT FreeBSD 8.0-CURRENT #0 r182885: Tue Sep  
9 22:52:56 MSD 2008     root_at_slave.rinet.ru:/usr/obj/usr/src/sys/slave-smp  
amd64
> 
> root_at_slave# kgdb kernel.debug /var/crash/vmcore.7
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain 
conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for details.
> This GDB was configured as "amd64-marcel-freebsd"...
> 
> Unread portion of the kernel message buffer:
> 
> 
> Fatal trap 9: general protection fault while in kernel mode
> cpuid = 0; apic id = 00
> instruction pointer     = 0x8:0xffffffff80216e99
> stack pointer           = 0x10:0xfffffffe6189d5a0
> frame pointer           = 0x10:0xfffffffe6189d5d0
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, long 1, def32 0, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 47776 (cc1)
> panic: from debugger
> cpuid = 0
> Uptime: 19m15s
> Physical memory: 998 MB
> Dumping 156 MB: 141 125 109 93 77 61 45 29 13
> 
> Reading symbols from /boot/kernel/nullfs.ko...Reading symbols 
from /boot/kernel/nullfs.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/nullfs.ko
> Reading symbols from /boot/kernel/geom_mirror.ko...Reading symbols 
from /boot/kernel/geom_mirror.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/geom_mirror.ko
> Reading symbols from /boot/kernel/ipfw.ko...Reading symbols 
from /boot/kernel/ipfw.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/ipfw.ko
> Reading symbols from /boot/kernel/if_bge.ko...Reading symbols 
from /boot/kernel/if_bge.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/if_bge.ko
> Reading symbols from /boot/kernel/miibus.ko...Reading symbols 
from /boot/kernel/miibus.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/miibus.ko
> Reading symbols from /boot/kernel/if_em.ko...Reading symbols 
from /boot/kernel/if_em.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/if_em.ko
> Reading symbols from /boot/kernel/if_nfe.ko...Reading symbols 
from /boot/kernel/if_nfe.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/if_nfe.ko
> Reading symbols from /boot/kernel/if_vlan.ko...Reading symbols 
from /boot/kernel/if_vlan.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/if_vlan.ko
> #0  doadump () at pcpu.h:196
> 196             __asm __volatile("movq %%gs:0,%0" : "=r" (td));
> (kgdb) l *0xffffffff80216e99
> 0xffffffff80216e99 is in _mtx_lock_flags 
(/usr/src/sys/kern/kern_mutex.c:174).
> 169     void
> 170     _mtx_lock_flags(struct mtx *m, int opts, const char *file, int line)
> 171     {
> 172
> 173             MPASS(curthread != NULL);
> 174             KASSERT(m->mtx_lock != MTX_DESTROYED,
> 175                 ("mtx_lock() of destroyed mutex _at_ %s:%d", file, line));
> 176             KASSERT(LOCK_CLASS(&m->lock_object) == 
&lock_class_mtx_sleep,
> 177                 ("mtx_lock() of spin mutex %s _at_ %s:%d", 
m->lock_object.lo_name,
> 178                 file, line));
> (kgdb) bt
> #0  doadump () at pcpu.h:196
> #1  0xffffffff8022399a in boot (howto=260)
>     at /usr/src/sys/kern/kern_shutdown.c:418
> #2  0xffffffff80223e37 in panic (fmt=Variable "fmt" is not available.
> ) at /usr/src/sys/kern/kern_shutdown.c:572
> #3  0xffffffff80176fa7 in db_panic (addr=Variable "addr" is not available.
> ) at /usr/src/sys/ddb/db_command.c:446
> #4  0xffffffff801778f9 in db_command (last_cmdp=0xffffffff80530f88,
>     cmd_table=0x0, dopager=1) at /usr/src/sys/ddb/db_command.c:413
> #5  0xffffffff80177b20 in db_command_loop ()
>     at /usr/src/sys/ddb/db_command.c:466
> #6  0xffffffff80179469 in db_trap (type=Variable "type" is not available.
> ) at /usr/src/sys/ddb/db_main.c:228
> #7  0xffffffff802511e0 in kdb_trap (type=9, code=0, tf=0xfffffffe6189d4f0)
>     at /usr/src/sys/kern/subr_kdb.c:534
> #8  0xffffffff8036671d in trap_fatal (frame=0xfffffffe6189d4f0, 
eva=Variable "eva" is not available.
> )
>     at /usr/src/sys/amd64/amd64/trap.c:754
> #9  0xffffffff8036722a in trap (frame=0xfffffffe6189d4f0)
>     at /usr/src/sys/amd64/amd64/trap.c:560
> #10 0xffffffff8034a64e in calltrap ()
>     at /usr/src/sys/amd64/amd64/exception.S:217
> #11 0xffffffff80216e99 in _mtx_lock_flags (m=0xdeadc0dedeadc19e, opts=16,
>     
file=0xffffffff807caa40 "/usr/src/sys/modules/nullfs/../../fs/nullfs/null_vnops.c", 
line=532) at /usr/src/sys/kern/kern_mutex.c:173

Given the value of 'm', I'd say the "lvp" in the previous frame is a reference 
to a free'd vnode.

> #12 0xffffffff807c9e1c in null_lock (ap=0xfffffffe6189d670)
>     at /usr/src/sys/modules/nullfs/../../fs/nullfs/null_vnops.c:532
> #13 0xffffffff8038413b in VOP_LOCK1_APV (vop=0xffffffff807caee0,
>     a=0xfffffffe6189d670) at vnode_if.c:1618
> ---Type <return> to continue, or q <return> to quit---
> #14 0xffffffff802b41b7 in _vn_lock (vp=0xffffff001d7981d8, flags=524288,
>     file=0xffffffff803bf0b2 "/usr/src/sys/kern/vfs_subr.c", line=2151)
>     at vnode_if.h:839
> #15 0xffffffff802a9570 in vrele (vp=0xffffff001d7981d8)
>     at /usr/src/sys/kern/vfs_subr.c:2151
> #16 0xffffffff8029e977 in namei (ndp=0xfffffffe6189da10)
>     at /usr/src/sys/kern/vfs_lookup.c:226
> #17 0xffffffff802b3aaa in vn_open_cred (ndp=0xfffffffe6189da10,
>     flagp=0xfffffffe6189d95c, cmode=420, cred=0xffffff000173e800,
>     fp=0xffffff00389661e0) at /usr/src/sys/kern/vfs_vnops.c:190
> #18 0xffffffff802b21fe in kern_openat (td=0xffffff0001b736c0, fd=-100,
>     path=0xc9ec80 <Address 0xc9ec80 out of bounds>, 
pathseg=Variable "pathseg" is not available.
> )
>     at /usr/src/sys/kern/vfs_syscalls.c:1069
> #19 0xffffffff80366c76 in syscall (frame=0xfffffffe6189dc90)
>     at /usr/src/sys/amd64/amd64/trap.c:898
> #20 0xffffffff8034a85b in Xfast_syscall ()
>     at /usr/src/sys/amd64/amd64/exception.S:338
> #21 0x000000000084a53c in ?? ()
> Previous frame inner to this frame (corrupt stack?)
> (kgdb)
> 
> 
> -- 
> Oleg.
> 
> ================================================================
> === Oleg Bulyzhin -- OBUL-RIPN -- OBUL-RIPE -- oleg_at_rinet.ru ===
> ================================================================
> 
> _______________________________________________
> freebsd-current_at_freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org"
> 



-- 
John Baldwin
Received on Thu Sep 11 2008 - 19:43:24 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:35 UTC