Re: Panic on shutdown _at_r328436: "Unholding 6 with cnt = -559038242"

From: Cy Schubert <Cy.Schubert_at_cschubert.com>
Date: Sun, 28 Jan 2018 18:38:50 -0800
In message <2effa324-c428-6135-371b-acb00c803d29_at_freebsd.org>, Allan 
Jude write
s:
> On 2018-01-28 16:28, Warner Losh wrote:
> > On Sun, Jan 28, 2018 at 2:22 PM, thomas masper <thomas.masper_at_gmail.com>
> > wrote:
> > 
> >> Hi,
> >> similar panic happen to me when extracting a pendrive from laptop USB port
> >> (I tried 3 different pendrive).
> >> No issue if I reboot or shutdown. I don't know if those two issues are
> >> related.
> >>
> > 
> > Do you have a reproducible test case? Ideally, it would be 'insert and
> > remove usb thumb drive' but maybe there's more steps between insert and
> > removal.
> > 
> > Warner
> > 
> > 
> > 
> >> panic: Releasing 6 with cnt = -559038242

Converting this to hex we get DEADC0DE.

> >>
> >> GNU gdb (GDB) 8.0.1 [GDB v8.0.1 for FreeBSD]
> >> Copyright (C) 2017 Free Software Foundation, Inc.
> >> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.
> >> html
> >>>
> >> This is free software: you are free to change and redistribute it.
> >> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> >> and "show warranty" for details.
> >> This GDB was configured as "x86_64-portbld-freebsd12.0".
> >> Type "show configuration" for configuration details.
> >> For bug reporting instructions, please see:
> >> <http://www.gnu.org/software/gdb/bugs/>.
> >> Find the GDB manual and other documentation resources online at:
> >> <http://www.gnu.org/software/gdb/documentation/>.
> >> For help, type "help".
> >> Type "apropos word" to search for commands related to "word"...
> >> Reading symbols from /boot/kernel/kernel...Reading symbols from
> >> /usr/lib/debug//boot/kernel/kernel.debug...done.
> >> done.
> >>
> >> Unread portion of the kernel message buffer:
> >> da0 at umass-sim0 bus 0 scbus4 target 0 lun 0
> >> da0: <Generic Flash Disk 8.07>  s/n 30E47C20 detached
> >> (da0:umass-sim0:0:0:0): Periph destroyed
> >> panic: Releasing 6 with cnt = -559038242
> >> cpuid = 0
> >> time = 1517158352
> >> KDB: stack backtrace:
> >> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
> >> 0xfffffe00593838c0
> >> vpanic() at vpanic+0x18d/frame 0xfffffe0059383920
> >> panic() at panic+0x43/frame 0xfffffe0059383980
> >> dadiskgonecb() at dadiskgonecb+0x42/frame 0xfffffe00593839a0
> >> g_disk_providergone() at g_disk_providergone+0x25/frame 0xfffffe00593839d0
> >> g_destroy_provider() at g_destroy_provider+0xae/frame 0xfffffe00593839f0
> >> g_wither_washer() at g_wither_washer+0x87/frame 0xfffffe0059383a30
> >> g_run_events() at g_run_events+0x3ca/frame 0xfffffe0059383a70
> >> fork_exit() at fork_exit+0x84/frame 0xfffffe0059383ab0
> >> fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0059383ab0
> >> --- trap 0, rip = 0, rsp = 0, rbp = 0 ---
> >> KDB: enter: panic
> >>
> >> __curthread () at ./machine/pcpu.h:229
> >> 229 __asm("movq %%gs:%1,%0" : "=r" (td)
> >> (kgdb) #0  __curthread () at ./machine/pcpu.h:229
> >> #1  doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:346
> >> #2  0xffffffff8040a08b in db_dump (dummy=<optimized out>,
> >>     dummy2=<unavailable>, dummy3=<unavailable>, dummy4=<unavailable>)
> >>     at /usr/src/sys/ddb/db_command.c:574
> >> #3  0xffffffff80409e59 in db_command (last_cmdp=<optimized out>,
> >>     cmd_table=<optimized out>, dopager=<optimized out>)
> >>     at /usr/src/sys/ddb/db_command.c:481
> >> #4  0xffffffff80409bd4 in db_command_loop ()
> >>     at /usr/src/sys/ddb/db_command.c:534
> >> #5  0xffffffff8040cdff in db_trap (type=<optimized out>, code=<optimized
> >> out>)
> >>     at /usr/src/sys/ddb/db_main.c:250
> >> #6  0xffffffff80b0d923 in kdb_trap (type=3, code=-61456, tf=<optimized
> >> out>)
> >>     at /usr/src/sys/kern/subr_kdb.c:697
> >> #7  0xffffffff80f7b498 in trap (frame=0xfffffe00593837f0)
> >>     at /usr/src/sys/amd64/amd64/trap.c:547
> >> #8  <signal handler called>
> >> #9  kdb_enter (why=0xffffffff811f101e "panic", msg=<optimized out>)
> >>     at /usr/src/sys/kern/subr_kdb.c:479
> >> #10 0xffffffff80ac8d3a in vpanic (fmt=<optimized out>,
> >> ap=0xfffffe0059383960)
> >>     at /usr/src/sys/kern/kern_shutdown.c:800
> >> #11 0xffffffff80ac8dc3 in panic (
> >>     fmt=0xffffffff81b1bbd8 <cnputs_mtx> "\257\257\033\201\377\377\377\
> >> 377")
> >>     at /usr/src/sys/kern/kern_shutdown.c:738
> >> #12 0xffffffff80368bb2 in da_periph_release (periph=<optimized out>,
> >>     token=DA_REF_GEOM) at /usr/src/sys/cam/scsi/scsi_da.c:1591
> >> #13 dadiskgonecb (dp=<optimized out>) at
> >> /usr/src/sys/cam/scsi/scsi_da.c:1904
> >> #14 0xffffffff80a0fdd5 in g_disk_providergone (pp=0xfffff80003e8b700)
> >>     at /usr/src/sys/geom/geom_disk.c:783
> >> #15 0xffffffff80a15f9e in g_destroy_provider (pp=0xfffff80003e8b700)
> >>     at /usr/src/sys/geom/geom_subr.c:746
> >> #16 0xffffffff80a15e17 in g_wither_washer ()
> >>     at /usr/src/sys/geom/geom_subr.c:461
> >> #17 0xffffffff80a112da in g_run_events ()
> >>     at /usr/src/sys/geom/geom_event.c:297
> >> #18 0xffffffff80a89444 in fork_exit (
> >>     callout=0xffffffff80a138c0 <g_event_procbody>, arg=0x0,
> >>     frame=0xfffffe0059383ac0) at /usr/src/sys/kern/kern_fork.c:1039
> >> #19 <signal handler called>
> >> (kgdb)
> >>
> >>
> >> uname -a
> >> FreeBSD laptopW530.tommyBSD.org 12.0-CURRENT FreeBSD 12.0-CURRENT #13
> >> r328509M: Sun Jan 28 15:38:35 CET 2018
> >> tommy_at_laptopW530.tommyBSD.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC
> >> amd64
> >>
> >> Regards,
> >> thomas
> >>
> >>
> >> On Fri, Jan 26, 2018 at 4:07 PM, David Wolfskill <david_at_catwhisker.org>
> >> wrote:
> >>
> >>> On Fri, Jan 26, 2018 at 07:47:48AM -0700, Warner Losh wrote:
> >>>> On Fri, Jan 26, 2018 at 5:29 AM, David Wolfskill <david_at_catwhisker.org
> >>>
> >>>> wrote:
> >>>>
> >>>>> This is on my "build machine" (laptop is still building updated ports
> >>>>> for today, so I don't know yet whether or not it encounters this.)
> >>>>>
> >>>>
> >>>> Running a kernel with INVARIANTS, right?
> >>>
> >>> Yes -- GENERIC.
> >>>
> >>>>> I had performed a source-based update from r328393 to r328436,
> >>>>> rebooted, performed "make delete-old-libs", and all seemed well.
> >>>>>
> >>>>
> >>>> This has my change 328415 in it.
> >>>
> >>> :-)
> >>>
> >>>>> I then issued "sudo shutdown -p now", and serial console shows:
> >>>>> panic: Unholding 6 with cnt = -559038242
> >>>>> cpuid = 3
> >>>>> time = 1516968697
> >>>>> KDB: stack backtrace:
> >>>>> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
> >>>>> 0xfffffe00004288c0
> >>>>> vpanic() at vpanic+0x18d/frame 0xfffffe0000428920
> >>>>> panic() at panic+0x43/frame 0xfffffe0000428980
> >>>>> dadiskgonecb() at dadiskgonecb+0x42/frame 0xfffffe00004289a0
> >>>>> g_disk_providergone() at g_disk_providergone+0x25/frame
> >>> 0xfffffe00004289d0
> >>>>> g_destroy_provider() at g_destroy_provider+0xae/frame
> >>> 0xfffffe00004289f0
> >>>>> g_wither_washer() at g_wither_washer+0x87/frame 0xfffffe0000428a30
> >>>>> g_run_events() at g_run_events+0x3ca/frame 0xfffffe0000428a70
> >>>>> fork_exit() at fork_exit+0x84/frame 0xfffffe0000428ab0
> >>>>> fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0000428ab0
> >>>>> --- trap 0, rip = 0, rsp = 0, rbp = 0 ---
> >>>>> KDB: enter: panic
> >>>>> [ thread pid 13 tid 100044 ]
> >>>>> Stopped at      kdb_enter+0x3b: movq    $0,kdb_why
> >>>>> db>
> >>>>>
> >>>>
> >>>> That's no good. We're releasing a reference to the da peripheral
> >> because
> >>>> geom has finished with the disk and is giving us a final callback so we
> >>> can
> >>>> drop the reference we took when we created the geom. Trouble is, cnt
> >>> should
> >>>> be like 1 always for this code, but it's not. It looks like it may be
> >>> bytes
> >>>> to a pointer :(
> >>>>
> >>>>
> >>>>> As noted, this is a build machine, and it was to be powered off for
> >>>>> the rest of the day anyway, so I don't need to get it up & running
> >>>>> immediately: I can poke at the ddb prompt, given some clues.
> >>>>>
> >>>>
> >>>> I don't suppose you can attach kgdb to this machine? I'd be interested
> >> to
> >>>> see what the contents of the softc are...a
> >>>
> >>> Pointer to how to do that?
> >>>
> >>> I do have ddb right now....
> >>>
> >>>> ....
> >>>> Thanks for the report. This is quite troubling.
> >>>
> >>> Well, let's get it fixed, then! :-)
> >>>
> >>>> Warner
> >>>> ....
> >>>
> >>> I should still have access to the serial console after I get in to the
> >>> office (heading out shortly).
> >>>
> >>> Peace,
> >>> david
> >>> --
> >>> David H. Wolfskill                              david_at_catwhisker.org
> >>> "unfortunately, no trust!” -- well, of course!  You reap what you sow.
> >>>
> >>> See http://www.catwhisker.org/~david/publickey.gpg for my public key.
> >>>
> >> _______________________________________________
> >> freebsd-current_at_freebsd.org mailing list
> >> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> >> To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org"
> >>
> > _______________________________________________
> > freebsd-current_at_freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-current
> > To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org"
> > 
>
> I've been seeing this today while working on my laptop.
>
> 1) insert USB stick.
> 2) mount UFS partition to /mnt
> 3) copy a file off
> 4) umount /mnt
> 5) remove usb stick
> 6) instant panic
>
> Oddly, it is the same negative number every time (-559038242), so it
> isn't random/memory corruption.
>
>
> -- 
> Allan Jude
> _______________________________________________
> freebsd-current_at_freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org"
>


-- 
Cheers,
Cy Schubert <Cy.Schubert_at_cschubert.com>
FreeBSD UNIX:  <cy_at_FreeBSD.org>   Web:  http://www.FreeBSD.org

	The need of the many outweighs the greed of the few.
Received on Mon Jan 29 2018 - 01:39:02 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:14 UTC