Re: Panic on shutdown @r328436: "Unholding 6 with cnt = -559038242"

2018-01-28 Thread Cy Schubert
In message 
, Warner Losh writes:
> --94eb2c0425900a5b5c0563e1b5b8
> Content-Type: text/plain; charset="UTF-8"
> Content-Transfer-Encoding: quoted-printable
>
> On Sun, Jan 28, 2018 at 7:38 PM, Cy Schubert 
> wrote:
>
> > In message <2effa324-c428-6135-371b-acb00c803...@freebsd.org>, Allan
> > Jude write
> > s:
> > > On 2018-01-28 16:28, Warner Losh wrote:
> > > > On Sun, Jan 28, 2018 at 2:22 PM, thomas masper <
> > thomas.mas...@gmail.com>
> > > > wrote:
> > > >
> > > >> Hi,
> > > >> similar panic happen to me when extracting a pendrive from laptop US=
> B
> > port
> > > >> (I tried 3 different pendrive).
> > > >> No issue if I reboot or shutdown. I don't know if those two issues a=
> re
> > > >> related.
> > > >>
> > > >
> > > > Do you have a reproducible test case? Ideally, it would be 'insert an=
> d
> > > > remove usb thumb drive' but maybe there's more steps between insert a=
> nd
> > > > removal.
> > > >
> > > > Warner
> > > >
> > > >
> > > >
> > > >> panic: Releasing 6 with cnt =3D -559038242
> >
> > Converting this to hex we get DEADC0DE.
>
>
> vm/uma_dbg.c:static const uint32_t uma_junk =3D 0xdeadc0de;
>
> Use after free it is then...

Yes, INVARIANTS. Learned that when I was chasing an ipfilter use after 
free.


-- 
Cheers,
Cy Schubert 
FreeBSD UNIX: Web:  http://www.FreeBSD.org

The need of the many outweighs the greed of the few.


___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Panic on shutdown @r328436: "Unholding 6 with cnt = -559038242"

2018-01-28 Thread Warner Losh
On Sun, Jan 28, 2018 at 7:38 PM, Cy Schubert 
wrote:

> In message <2effa324-c428-6135-371b-acb00c803...@freebsd.org>, Allan
> Jude write
> s:
> > On 2018-01-28 16:28, Warner Losh wrote:
> > > On Sun, Jan 28, 2018 at 2:22 PM, thomas masper <
> thomas.mas...@gmail.com>
> > > wrote:
> > >
> > >> Hi,
> > >> similar panic happen to me when extracting a pendrive from laptop USB
> port
> > >> (I tried 3 different pendrive).
> > >> No issue if I reboot or shutdown. I don't know if those two issues are
> > >> related.
> > >>
> > >
> > > Do you have a reproducible test case? Ideally, it would be 'insert and
> > > remove usb thumb drive' but maybe there's more steps between insert and
> > > removal.
> > >
> > > Warner
> > >
> > >
> > >
> > >> panic: Releasing 6 with cnt = -559038242
>
> Converting this to hex we get DEADC0DE.


vm/uma_dbg.c:static const uint32_t uma_junk = 0xdeadc0de;

Use after free it is then...

Warner


> > >>
> > >> GNU gdb (GDB) 8.0.1 [GDB v8.0.1 for FreeBSD]
> > >> Copyright (C) 2017 Free Software Foundation, Inc.
> > >> License GPLv3+: GNU GPL version 3 or later <
> http://gnu.org/licenses/gpl.
> > >> html
> > >>>
> > >> This is free software: you are free to change and redistribute it.
> > >> There is NO WARRANTY, to the extent permitted by law.  Type "show
> copying"
> > >> and "show warranty" for details.
> > >> This GDB was configured as "x86_64-portbld-freebsd12.0".
> > >> Type "show configuration" for configuration details.
> > >> For bug reporting instructions, please see:
> > >> .
> > >> Find the GDB manual and other documentation resources online at:
> > >> .
> > >> For help, type "help".
> > >> Type "apropos word" to search for commands related to "word"...
> > >> Reading symbols from /boot/kernel/kernel...Reading symbols from
> > >> /usr/lib/debug//boot/kernel/kernel.debug...done.
> > >> done.
> > >>
> > >> Unread portion of the kernel message buffer:
> > >> da0 at umass-sim0 bus 0 scbus4 target 0 lun 0
> > >> da0:   s/n 30E47C20 detached
> > >> (da0:umass-sim0:0:0:0): Periph destroyed
> > >> panic: Releasing 6 with cnt = -559038242
> > >> cpuid = 0
> > >> time = 1517158352
> > >> KDB: stack backtrace:
> > >> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
> > >> 0xfe00593838c0
> > >> vpanic() at vpanic+0x18d/frame 0xfe0059383920
> > >> panic() at panic+0x43/frame 0xfe0059383980
> > >> dadiskgonecb() at dadiskgonecb+0x42/frame 0xfe00593839a0
> > >> g_disk_providergone() at g_disk_providergone+0x25/frame
> 0xfe00593839d0
> > >> g_destroy_provider() at g_destroy_provider+0xae/frame
> 0xfe00593839f0
> > >> g_wither_washer() at g_wither_washer+0x87/frame 0xfe0059383a30
> > >> g_run_events() at g_run_events+0x3ca/frame 0xfe0059383a70
> > >> fork_exit() at fork_exit+0x84/frame 0xfe0059383ab0
> > >> fork_trampoline() at fork_trampoline+0xe/frame 0xfe0059383ab0
> > >> --- trap 0, rip = 0, rsp = 0, rbp = 0 ---
> > >> KDB: enter: panic
> > >>
> > >> __curthread () at ./machine/pcpu.h:229
> > >> 229 __asm("movq %%gs:%1,%0" : "=r" (td)
> > >> (kgdb) #0  __curthread () at ./machine/pcpu.h:229
> > >> #1  doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:346
> > >> #2  0x8040a08b in db_dump (dummy=,
> > >> dummy2=, dummy3=, dummy4=)
> > >> at /usr/src/sys/ddb/db_command.c:574
> > >> #3  0x80409e59 in db_command (last_cmdp=,
> > >> cmd_table=, dopager=)
> > >> at /usr/src/sys/ddb/db_command.c:481
> > >> #4  0x80409bd4 in db_command_loop ()
> > >> at /usr/src/sys/ddb/db_command.c:534
> > >> #5  0x8040cdff in db_trap (type=,
> code= > >> out>)
> > >> at /usr/src/sys/ddb/db_main.c:250
> > >> #6  0x80b0d923 in kdb_trap (type=3, code=-61456, tf= > >> out>)
> > >> at /usr/src/sys/kern/subr_kdb.c:697
> > >> #7  0x80f7b498 in trap (frame=0xfe00593837f0)
> > >> at /usr/src/sys/amd64/amd64/trap.c:547
> > >> #8  
> > >> #9  kdb_enter (why=0x811f101e "panic", msg=)
> > >> at /usr/src/sys/kern/subr_kdb.c:479
> > >> #10 0x80ac8d3a in vpanic (fmt=,
> > >> ap=0xfe0059383960)
> > >> at /usr/src/sys/kern/kern_shutdown.c:800
> > >> #11 0x80ac8dc3 in panic (
> > >> fmt=0x81b1bbd8  "\257\257\033\201\377\377\377\
> > >> 377")
> > >> at /usr/src/sys/kern/kern_shutdown.c:738
> > >> #12 0x80368bb2 in da_periph_release (periph=,
> > >> token=DA_REF_GEOM) at /usr/src/sys/cam/scsi/scsi_da.c:1591
> > >> #13 dadiskgonecb (dp=) at
> > >> /usr/src/sys/cam/scsi/scsi_da.c:1904
> > >> #14 0x80a0fdd5 in g_disk_providergone (pp=0xf80003e8b700)
> > >> at /usr/src/sys/geom/geom_disk.c:783
> > >> #15 0x80a15f9e in g_destroy_provider (pp=0xf80003e8b700)
> > >> at /usr/src/sys/geom/geom_subr.c:746
> > >> #16 0x80a15e17 in g_wither_washer ()
> > >> at /usr/src/sys/geom/geom_subr.c:461
> > >> #17 0x

Re: Panic on shutdown @r328436: "Unholding 6 with cnt = -559038242"

2018-01-28 Thread Allan Jude
On 2018-01-28 21:29, Warner Losh wrote:
> 
> I've been seeing this today while working on my laptop.
> 
> 1) insert USB stick.
> 2) mount UFS partition to /mnt
> 3) copy a file off
> 4) umount /mnt
> 5) remove usb stick
> 6) instant panic
> 
> Oddly, it is the same negative number every time (-559038242), so it
> isn't random/memory corruption.
> 
> 
> 
> Is mount required?
> 
> Warner 
> 
> 
No, I just plugged the USB stick in, and then removed it 10 seconds
later, panic.

I've also seen it in VirtualBox when removing a virtual CD (.iso)


-- 
Allan Jude
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Panic on shutdown @r328436: "Unholding 6 with cnt = -559038242"

2018-01-28 Thread Cy Schubert
In message <2effa324-c428-6135-371b-acb00c803...@freebsd.org>, Allan 
Jude write
s:
> On 2018-01-28 16:28, Warner Losh wrote:
> > On Sun, Jan 28, 2018 at 2:22 PM, thomas masper 
> > wrote:
> > 
> >> Hi,
> >> similar panic happen to me when extracting a pendrive from laptop USB port
> >> (I tried 3 different pendrive).
> >> No issue if I reboot or shutdown. I don't know if those two issues are
> >> related.
> >>
> > 
> > Do you have a reproducible test case? Ideally, it would be 'insert and
> > remove usb thumb drive' but maybe there's more steps between insert and
> > removal.
> > 
> > Warner
> > 
> > 
> > 
> >> panic: Releasing 6 with cnt = -559038242

Converting this to hex we get DEADC0DE.

> >>
> >> GNU gdb (GDB) 8.0.1 [GDB v8.0.1 for FreeBSD]
> >> Copyright (C) 2017 Free Software Foundation, Inc.
> >> License GPLv3+: GNU GPL version 3 or later  >> html
> >>>
> >> This is free software: you are free to change and redistribute it.
> >> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> >> and "show warranty" for details.
> >> This GDB was configured as "x86_64-portbld-freebsd12.0".
> >> Type "show configuration" for configuration details.
> >> For bug reporting instructions, please see:
> >> .
> >> Find the GDB manual and other documentation resources online at:
> >> .
> >> For help, type "help".
> >> Type "apropos word" to search for commands related to "word"...
> >> Reading symbols from /boot/kernel/kernel...Reading symbols from
> >> /usr/lib/debug//boot/kernel/kernel.debug...done.
> >> done.
> >>
> >> Unread portion of the kernel message buffer:
> >> da0 at umass-sim0 bus 0 scbus4 target 0 lun 0
> >> da0:   s/n 30E47C20 detached
> >> (da0:umass-sim0:0:0:0): Periph destroyed
> >> panic: Releasing 6 with cnt = -559038242
> >> cpuid = 0
> >> time = 1517158352
> >> KDB: stack backtrace:
> >> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
> >> 0xfe00593838c0
> >> vpanic() at vpanic+0x18d/frame 0xfe0059383920
> >> panic() at panic+0x43/frame 0xfe0059383980
> >> dadiskgonecb() at dadiskgonecb+0x42/frame 0xfe00593839a0
> >> g_disk_providergone() at g_disk_providergone+0x25/frame 0xfe00593839d0
> >> g_destroy_provider() at g_destroy_provider+0xae/frame 0xfe00593839f0
> >> g_wither_washer() at g_wither_washer+0x87/frame 0xfe0059383a30
> >> g_run_events() at g_run_events+0x3ca/frame 0xfe0059383a70
> >> fork_exit() at fork_exit+0x84/frame 0xfe0059383ab0
> >> fork_trampoline() at fork_trampoline+0xe/frame 0xfe0059383ab0
> >> --- trap 0, rip = 0, rsp = 0, rbp = 0 ---
> >> KDB: enter: panic
> >>
> >> __curthread () at ./machine/pcpu.h:229
> >> 229 __asm("movq %%gs:%1,%0" : "=r" (td)
> >> (kgdb) #0  __curthread () at ./machine/pcpu.h:229
> >> #1  doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:346
> >> #2  0x8040a08b in db_dump (dummy=,
> >> dummy2=, dummy3=, dummy4=)
> >> at /usr/src/sys/ddb/db_command.c:574
> >> #3  0x80409e59 in db_command (last_cmdp=,
> >> cmd_table=, dopager=)
> >> at /usr/src/sys/ddb/db_command.c:481
> >> #4  0x80409bd4 in db_command_loop ()
> >> at /usr/src/sys/ddb/db_command.c:534
> >> #5  0x8040cdff in db_trap (type=, code= >> out>)
> >> at /usr/src/sys/ddb/db_main.c:250
> >> #6  0x80b0d923 in kdb_trap (type=3, code=-61456, tf= >> out>)
> >> at /usr/src/sys/kern/subr_kdb.c:697
> >> #7  0x80f7b498 in trap (frame=0xfe00593837f0)
> >> at /usr/src/sys/amd64/amd64/trap.c:547
> >> #8  
> >> #9  kdb_enter (why=0x811f101e "panic", msg=)
> >> at /usr/src/sys/kern/subr_kdb.c:479
> >> #10 0x80ac8d3a in vpanic (fmt=,
> >> ap=0xfe0059383960)
> >> at /usr/src/sys/kern/kern_shutdown.c:800
> >> #11 0x80ac8dc3 in panic (
> >> fmt=0x81b1bbd8  "\257\257\033\201\377\377\377\
> >> 377")
> >> at /usr/src/sys/kern/kern_shutdown.c:738
> >> #12 0x80368bb2 in da_periph_release (periph=,
> >> token=DA_REF_GEOM) at /usr/src/sys/cam/scsi/scsi_da.c:1591
> >> #13 dadiskgonecb (dp=) at
> >> /usr/src/sys/cam/scsi/scsi_da.c:1904
> >> #14 0x80a0fdd5 in g_disk_providergone (pp=0xf80003e8b700)
> >> at /usr/src/sys/geom/geom_disk.c:783
> >> #15 0x80a15f9e in g_destroy_provider (pp=0xf80003e8b700)
> >> at /usr/src/sys/geom/geom_subr.c:746
> >> #16 0x80a15e17 in g_wither_washer ()
> >> at /usr/src/sys/geom/geom_subr.c:461
> >> #17 0x80a112da in g_run_events ()
> >> at /usr/src/sys/geom/geom_event.c:297
> >> #18 0x80a89444 in fork_exit (
> >> callout=0x80a138c0 , arg=0x0,
> >> frame=0xfe0059383ac0) at /usr/src/sys/kern/kern_fork.c:1039
> >> #19 
> >> (kgdb)
> >>
> >>
> >> uname -a
> >> FreeBSD laptopW530.tommyBSD.org 12.0-CURRENT FreeBSD 12.0-CURRENT #13
> >> r328509M: Sun Jan 28 15:38:35 CET 2018
>

Re: Panic on shutdown @r328436: "Unholding 6 with cnt = -559038242"

2018-01-28 Thread Warner Losh
On Jan 28, 2018 6:41 PM, "Allan Jude"  wrote:

On 2018-01-28 16:28, Warner Losh wrote:
> On Sun, Jan 28, 2018 at 2:22 PM, thomas masper 
> wrote:
>
>> Hi,
>> similar panic happen to me when extracting a pendrive from laptop USB
port
>> (I tried 3 different pendrive).
>> No issue if I reboot or shutdown. I don't know if those two issues are
>> related.
>>
>
> Do you have a reproducible test case? Ideally, it would be 'insert and
> remove usb thumb drive' but maybe there's more steps between insert and
> removal.
>
> Warner
>
>
>
>> panic: Releasing 6 with cnt = -559038242
>>
>> GNU gdb (GDB) 8.0.1 [GDB v8.0.1 for FreeBSD]
>> Copyright (C) 2017 Free Software Foundation, Inc.
>> License GPLv3+: GNU GPL version 3 or later > html
>>>
>> This is free software: you are free to change and redistribute it.
>> There is NO WARRANTY, to the extent permitted by law.  Type "show
copying"
>> and "show warranty" for details.
>> This GDB was configured as "x86_64-portbld-freebsd12.0".
>> Type "show configuration" for configuration details.
>> For bug reporting instructions, please see:
>> .
>> Find the GDB manual and other documentation resources online at:
>> .
>> For help, type "help".
>> Type "apropos word" to search for commands related to "word"...
>> Reading symbols from /boot/kernel/kernel...Reading symbols from
>> /usr/lib/debug//boot/kernel/kernel.debug...done.
>> done.
>>
>> Unread portion of the kernel message buffer:
>> da0 at umass-sim0 bus 0 scbus4 target 0 lun 0
>> da0:   s/n 30E47C20 detached
>> (da0:umass-sim0:0:0:0): Periph destroyed
>> panic: Releasing 6 with cnt = -559038242
>> cpuid = 0
>> time = 1517158352
>> KDB: stack backtrace:
>> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
>> 0xfe00593838c0
>> vpanic() at vpanic+0x18d/frame 0xfe0059383920
>> panic() at panic+0x43/frame 0xfe0059383980
>> dadiskgonecb() at dadiskgonecb+0x42/frame 0xfe00593839a0
>> g_disk_providergone() at g_disk_providergone+0x25/frame
0xfe00593839d0
>> g_destroy_provider() at g_destroy_provider+0xae/frame 0xfe00593839f0
>> g_wither_washer() at g_wither_washer+0x87/frame 0xfe0059383a30
>> g_run_events() at g_run_events+0x3ca/frame 0xfe0059383a70
>> fork_exit() at fork_exit+0x84/frame 0xfe0059383ab0
>> fork_trampoline() at fork_trampoline+0xe/frame 0xfe0059383ab0
>> --- trap 0, rip = 0, rsp = 0, rbp = 0 ---
>> KDB: enter: panic
>>
>> __curthread () at ./machine/pcpu.h:229
>> 229 __asm("movq %%gs:%1,%0" : "=r" (td)
>> (kgdb) #0  __curthread () at ./machine/pcpu.h:229
>> #1  doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:346
>> #2  0x8040a08b in db_dump (dummy=,
>> dummy2=, dummy3=, dummy4=)
>> at /usr/src/sys/ddb/db_command.c:574
>> #3  0x80409e59 in db_command (last_cmdp=,
>> cmd_table=, dopager=)
>> at /usr/src/sys/ddb/db_command.c:481
>> #4  0x80409bd4 in db_command_loop ()
>> at /usr/src/sys/ddb/db_command.c:534
>> #5  0x8040cdff in db_trap (type=, code=> out>)
>> at /usr/src/sys/ddb/db_main.c:250
>> #6  0x80b0d923 in kdb_trap (type=3, code=-61456, tf=> out>)
>> at /usr/src/sys/kern/subr_kdb.c:697
>> #7  0x80f7b498 in trap (frame=0xfe00593837f0)
>> at /usr/src/sys/amd64/amd64/trap.c:547
>> #8  
>> #9  kdb_enter (why=0x811f101e "panic", msg=)
>> at /usr/src/sys/kern/subr_kdb.c:479
>> #10 0x80ac8d3a in vpanic (fmt=,
>> ap=0xfe0059383960)
>> at /usr/src/sys/kern/kern_shutdown.c:800
>> #11 0x80ac8dc3 in panic (
>> fmt=0x81b1bbd8  "\257\257\033\201\377\377\377\
>> 377")
>> at /usr/src/sys/kern/kern_shutdown.c:738
>> #12 0x80368bb2 in da_periph_release (periph=,
>> token=DA_REF_GEOM) at /usr/src/sys/cam/scsi/scsi_da.c:1591
>> #13 dadiskgonecb (dp=) at
>> /usr/src/sys/cam/scsi/scsi_da.c:1904
>> #14 0x80a0fdd5 in g_disk_providergone (pp=0xf80003e8b700)
>> at /usr/src/sys/geom/geom_disk.c:783
>> #15 0x80a15f9e in g_destroy_provider (pp=0xf80003e8b700)
>> at /usr/src/sys/geom/geom_subr.c:746
>> #16 0x80a15e17 in g_wither_washer ()
>> at /usr/src/sys/geom/geom_subr.c:461
>> #17 0x80a112da in g_run_events ()
>> at /usr/src/sys/geom/geom_event.c:297
>> #18 0x80a89444 in fork_exit (
>> callout=0x80a138c0 , arg=0x0,
>> frame=0xfe0059383ac0) at /usr/src/sys/kern/kern_fork.c:1039
>> #19 
>> (kgdb)
>>
>>
>> uname -a
>> FreeBSD laptopW530.tommyBSD.org 12.0-CURRENT FreeBSD 12.0-CURRENT #13
>> r328509M: Sun Jan 28 15:38:35 CET 2018
>> to...@laptopw530.tommybsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC
>> amd64
>>
>> Regards,
>> thomas
>>
>>
>> On Fri, Jan 26, 2018 at 4:07 PM, David Wolfskill 
>> wrote:
>>
>>> On Fri, Jan 26, 2018 at 07:47:48AM -0700, Warner Losh wrote:
 On Fri, Jan 26, 2018 at 5:29 AM, David Wolfskill >>
 wrote:
>>

Re: Panic on shutdown @r328436: "Unholding 6 with cnt = -559038242"

2018-01-28 Thread Allan Jude
On 2018-01-28 16:28, Warner Losh wrote:
> On Sun, Jan 28, 2018 at 2:22 PM, thomas masper 
> wrote:
> 
>> Hi,
>> similar panic happen to me when extracting a pendrive from laptop USB port
>> (I tried 3 different pendrive).
>> No issue if I reboot or shutdown. I don't know if those two issues are
>> related.
>>
> 
> Do you have a reproducible test case? Ideally, it would be 'insert and
> remove usb thumb drive' but maybe there's more steps between insert and
> removal.
> 
> Warner
> 
> 
> 
>> panic: Releasing 6 with cnt = -559038242
>>
>> GNU gdb (GDB) 8.0.1 [GDB v8.0.1 for FreeBSD]
>> Copyright (C) 2017 Free Software Foundation, Inc.
>> License GPLv3+: GNU GPL version 3 or later > html
>>>
>> This is free software: you are free to change and redistribute it.
>> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
>> and "show warranty" for details.
>> This GDB was configured as "x86_64-portbld-freebsd12.0".
>> Type "show configuration" for configuration details.
>> For bug reporting instructions, please see:
>> .
>> Find the GDB manual and other documentation resources online at:
>> .
>> For help, type "help".
>> Type "apropos word" to search for commands related to "word"...
>> Reading symbols from /boot/kernel/kernel...Reading symbols from
>> /usr/lib/debug//boot/kernel/kernel.debug...done.
>> done.
>>
>> Unread portion of the kernel message buffer:
>> da0 at umass-sim0 bus 0 scbus4 target 0 lun 0
>> da0:   s/n 30E47C20 detached
>> (da0:umass-sim0:0:0:0): Periph destroyed
>> panic: Releasing 6 with cnt = -559038242
>> cpuid = 0
>> time = 1517158352
>> KDB: stack backtrace:
>> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
>> 0xfe00593838c0
>> vpanic() at vpanic+0x18d/frame 0xfe0059383920
>> panic() at panic+0x43/frame 0xfe0059383980
>> dadiskgonecb() at dadiskgonecb+0x42/frame 0xfe00593839a0
>> g_disk_providergone() at g_disk_providergone+0x25/frame 0xfe00593839d0
>> g_destroy_provider() at g_destroy_provider+0xae/frame 0xfe00593839f0
>> g_wither_washer() at g_wither_washer+0x87/frame 0xfe0059383a30
>> g_run_events() at g_run_events+0x3ca/frame 0xfe0059383a70
>> fork_exit() at fork_exit+0x84/frame 0xfe0059383ab0
>> fork_trampoline() at fork_trampoline+0xe/frame 0xfe0059383ab0
>> --- trap 0, rip = 0, rsp = 0, rbp = 0 ---
>> KDB: enter: panic
>>
>> __curthread () at ./machine/pcpu.h:229
>> 229 __asm("movq %%gs:%1,%0" : "=r" (td)
>> (kgdb) #0  __curthread () at ./machine/pcpu.h:229
>> #1  doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:346
>> #2  0x8040a08b in db_dump (dummy=,
>> dummy2=, dummy3=, dummy4=)
>> at /usr/src/sys/ddb/db_command.c:574
>> #3  0x80409e59 in db_command (last_cmdp=,
>> cmd_table=, dopager=)
>> at /usr/src/sys/ddb/db_command.c:481
>> #4  0x80409bd4 in db_command_loop ()
>> at /usr/src/sys/ddb/db_command.c:534
>> #5  0x8040cdff in db_trap (type=, code=> out>)
>> at /usr/src/sys/ddb/db_main.c:250
>> #6  0x80b0d923 in kdb_trap (type=3, code=-61456, tf=> out>)
>> at /usr/src/sys/kern/subr_kdb.c:697
>> #7  0x80f7b498 in trap (frame=0xfe00593837f0)
>> at /usr/src/sys/amd64/amd64/trap.c:547
>> #8  
>> #9  kdb_enter (why=0x811f101e "panic", msg=)
>> at /usr/src/sys/kern/subr_kdb.c:479
>> #10 0x80ac8d3a in vpanic (fmt=,
>> ap=0xfe0059383960)
>> at /usr/src/sys/kern/kern_shutdown.c:800
>> #11 0x80ac8dc3 in panic (
>> fmt=0x81b1bbd8  "\257\257\033\201\377\377\377\
>> 377")
>> at /usr/src/sys/kern/kern_shutdown.c:738
>> #12 0x80368bb2 in da_periph_release (periph=,
>> token=DA_REF_GEOM) at /usr/src/sys/cam/scsi/scsi_da.c:1591
>> #13 dadiskgonecb (dp=) at
>> /usr/src/sys/cam/scsi/scsi_da.c:1904
>> #14 0x80a0fdd5 in g_disk_providergone (pp=0xf80003e8b700)
>> at /usr/src/sys/geom/geom_disk.c:783
>> #15 0x80a15f9e in g_destroy_provider (pp=0xf80003e8b700)
>> at /usr/src/sys/geom/geom_subr.c:746
>> #16 0x80a15e17 in g_wither_washer ()
>> at /usr/src/sys/geom/geom_subr.c:461
>> #17 0x80a112da in g_run_events ()
>> at /usr/src/sys/geom/geom_event.c:297
>> #18 0x80a89444 in fork_exit (
>> callout=0x80a138c0 , arg=0x0,
>> frame=0xfe0059383ac0) at /usr/src/sys/kern/kern_fork.c:1039
>> #19 
>> (kgdb)
>>
>>
>> uname -a
>> FreeBSD laptopW530.tommyBSD.org 12.0-CURRENT FreeBSD 12.0-CURRENT #13
>> r328509M: Sun Jan 28 15:38:35 CET 2018
>> to...@laptopw530.tommybsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC
>> amd64
>>
>> Regards,
>> thomas
>>
>>
>> On Fri, Jan 26, 2018 at 4:07 PM, David Wolfskill 
>> wrote:
>>
>>> On Fri, Jan 26, 2018 at 07:47:48AM -0700, Warner Losh wrote:
 On Fri, Jan 26, 2018 at 5:29 AM, David Wolfskill >>
 wrote:

> This is on my "build machine" (l

Re: Panic on shutdown @r328436: "Unholding 6 with cnt = -559038242"

2018-01-28 Thread Konrad Witaszczyk
On 01/28/2018 22:28, Warner Losh wrote:
> On Sun, Jan 28, 2018 at 2:22 PM, thomas masper 
> wrote:
> 
>> Hi,
>> similar panic happen to me when extracting a pendrive from laptop USB port
>> (I tried 3 different pendrive).
>> No issue if I reboot or shutdown. I don't know if those two issues are
>> related.
>>
> 
> Do you have a reproducible test case? Ideally, it would be 'insert and
> remove usb thumb drive' but maybe there's more steps between insert and
> removal.
> 
> Warner

I hit the same problem after upgrading to r328500. I booted my laptop from a
pendrive, got a GELI password prompt, removed the pendrive, typed in a GELI
password and then I got the kernel panic. Removing the pendrive at an earlier
stage is a workaround for me at the moment.

>> panic: Releasing 6 with cnt = -559038242
>>
>> GNU gdb (GDB) 8.0.1 [GDB v8.0.1 for FreeBSD]
>> Copyright (C) 2017 Free Software Foundation, Inc.
>> License GPLv3+: GNU GPL version 3 or later > html
>>>
>> This is free software: you are free to change and redistribute it.
>> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
>> and "show warranty" for details.
>> This GDB was configured as "x86_64-portbld-freebsd12.0".
>> Type "show configuration" for configuration details.
>> For bug reporting instructions, please see:
>> .
>> Find the GDB manual and other documentation resources online at:
>> .
>> For help, type "help".
>> Type "apropos word" to search for commands related to "word"...
>> Reading symbols from /boot/kernel/kernel...Reading symbols from
>> /usr/lib/debug//boot/kernel/kernel.debug...done.
>> done.
>>
>> Unread portion of the kernel message buffer:
>> da0 at umass-sim0 bus 0 scbus4 target 0 lun 0
>> da0:   s/n 30E47C20 detached
>> (da0:umass-sim0:0:0:0): Periph destroyed
>> panic: Releasing 6 with cnt = -559038242
>> cpuid = 0
>> time = 1517158352
>> KDB: stack backtrace:
>> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
>> 0xfe00593838c0
>> vpanic() at vpanic+0x18d/frame 0xfe0059383920
>> panic() at panic+0x43/frame 0xfe0059383980
>> dadiskgonecb() at dadiskgonecb+0x42/frame 0xfe00593839a0
>> g_disk_providergone() at g_disk_providergone+0x25/frame 0xfe00593839d0
>> g_destroy_provider() at g_destroy_provider+0xae/frame 0xfe00593839f0
>> g_wither_washer() at g_wither_washer+0x87/frame 0xfe0059383a30
>> g_run_events() at g_run_events+0x3ca/frame 0xfe0059383a70
>> fork_exit() at fork_exit+0x84/frame 0xfe0059383ab0
>> fork_trampoline() at fork_trampoline+0xe/frame 0xfe0059383ab0
>> --- trap 0, rip = 0, rsp = 0, rbp = 0 ---
>> KDB: enter: panic
>>
>> __curthread () at ./machine/pcpu.h:229
>> 229 __asm("movq %%gs:%1,%0" : "=r" (td)
>> (kgdb) #0  __curthread () at ./machine/pcpu.h:229
>> #1  doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:346
>> #2  0x8040a08b in db_dump (dummy=,
>> dummy2=, dummy3=, dummy4=)
>> at /usr/src/sys/ddb/db_command.c:574
>> #3  0x80409e59 in db_command (last_cmdp=,
>> cmd_table=, dopager=)
>> at /usr/src/sys/ddb/db_command.c:481
>> #4  0x80409bd4 in db_command_loop ()
>> at /usr/src/sys/ddb/db_command.c:534
>> #5  0x8040cdff in db_trap (type=, code=> out>)
>> at /usr/src/sys/ddb/db_main.c:250
>> #6  0x80b0d923 in kdb_trap (type=3, code=-61456, tf=> out>)
>> at /usr/src/sys/kern/subr_kdb.c:697
>> #7  0x80f7b498 in trap (frame=0xfe00593837f0)
>> at /usr/src/sys/amd64/amd64/trap.c:547
>> #8  
>> #9  kdb_enter (why=0x811f101e "panic", msg=)
>> at /usr/src/sys/kern/subr_kdb.c:479
>> #10 0x80ac8d3a in vpanic (fmt=,
>> ap=0xfe0059383960)
>> at /usr/src/sys/kern/kern_shutdown.c:800
>> #11 0x80ac8dc3 in panic (
>> fmt=0x81b1bbd8  "\257\257\033\201\377\377\377\
>> 377")
>> at /usr/src/sys/kern/kern_shutdown.c:738
>> #12 0x80368bb2 in da_periph_release (periph=,
>> token=DA_REF_GEOM) at /usr/src/sys/cam/scsi/scsi_da.c:1591
>> #13 dadiskgonecb (dp=) at
>> /usr/src/sys/cam/scsi/scsi_da.c:1904
>> #14 0x80a0fdd5 in g_disk_providergone (pp=0xf80003e8b700)
>> at /usr/src/sys/geom/geom_disk.c:783
>> #15 0x80a15f9e in g_destroy_provider (pp=0xf80003e8b700)
>> at /usr/src/sys/geom/geom_subr.c:746
>> #16 0x80a15e17 in g_wither_washer ()
>> at /usr/src/sys/geom/geom_subr.c:461
>> #17 0x80a112da in g_run_events ()
>> at /usr/src/sys/geom/geom_event.c:297
>> #18 0x80a89444 in fork_exit (
>> callout=0x80a138c0 , arg=0x0,
>> frame=0xfe0059383ac0) at /usr/src/sys/kern/kern_fork.c:1039
>> #19 
>> (kgdb)
>>
>>
>> uname -a
>> FreeBSD laptopW530.tommyBSD.org 12.0-CURRENT FreeBSD 12.0-CURRENT #13
>> r328509M: Sun Jan 28 15:38:35 CET 2018
>> to...@laptopw530.tommybsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC
>> amd64
>>
>> 

Re: Panic on shutdown @r328436: "Unholding 6 with cnt = -559038242"

2018-01-28 Thread thomas masper
> Do you have a reproducible test case? Ideally, it would be 'insert and
> remove usb thumb drive' but maybe there's more steps between insert and
> removal.

Exactly! Just insert and remove the usb thumb drive.
Happen in both USB3 and USB2 ports of the laptop.


Regards
thomas

On Sun, Jan 28, 2018 at 10:28 PM, Warner Losh  wrote:
>
>
> On Sun, Jan 28, 2018 at 2:22 PM, thomas masper 
> wrote:
>>
>> Hi,
>> similar panic happen to me when extracting a pendrive from laptop USB port
>> (I tried 3 different pendrive).
>> No issue if I reboot or shutdown. I don't know if those two issues are
>> related.
>
>
> Do you have a reproducible test case? Ideally, it would be 'insert and
> remove usb thumb drive' but maybe there's more steps between insert and
> removal.
>
> Warner
>
>
>>
>> panic: Releasing 6 with cnt = -559038242
>>
>> GNU gdb (GDB) 8.0.1 [GDB v8.0.1 for FreeBSD]
>> Copyright (C) 2017 Free Software Foundation, Inc.
>> License GPLv3+: GNU GPL version 3 or later
>> > >
>> This is free software: you are free to change and redistribute it.
>> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
>> and "show warranty" for details.
>> This GDB was configured as "x86_64-portbld-freebsd12.0".
>> Type "show configuration" for configuration details.
>> For bug reporting instructions, please see:
>> .
>> Find the GDB manual and other documentation resources online at:
>> .
>> For help, type "help".
>> Type "apropos word" to search for commands related to "word"...
>> Reading symbols from /boot/kernel/kernel...Reading symbols from
>> /usr/lib/debug//boot/kernel/kernel.debug...done.
>> done.
>>
>> Unread portion of the kernel message buffer:
>> da0 at umass-sim0 bus 0 scbus4 target 0 lun 0
>> da0:   s/n 30E47C20 detached
>> (da0:umass-sim0:0:0:0): Periph destroyed
>> panic: Releasing 6 with cnt = -559038242
>> cpuid = 0
>> time = 1517158352
>> KDB: stack backtrace:
>> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
>> 0xfe00593838c0
>> vpanic() at vpanic+0x18d/frame 0xfe0059383920
>> panic() at panic+0x43/frame 0xfe0059383980
>> dadiskgonecb() at dadiskgonecb+0x42/frame 0xfe00593839a0
>> g_disk_providergone() at g_disk_providergone+0x25/frame 0xfe00593839d0
>> g_destroy_provider() at g_destroy_provider+0xae/frame 0xfe00593839f0
>> g_wither_washer() at g_wither_washer+0x87/frame 0xfe0059383a30
>> g_run_events() at g_run_events+0x3ca/frame 0xfe0059383a70
>> fork_exit() at fork_exit+0x84/frame 0xfe0059383ab0
>> fork_trampoline() at fork_trampoline+0xe/frame 0xfe0059383ab0
>> --- trap 0, rip = 0, rsp = 0, rbp = 0 ---
>> KDB: enter: panic
>>
>> __curthread () at ./machine/pcpu.h:229
>> 229 __asm("movq %%gs:%1,%0" : "=r" (td)
>> (kgdb) #0  __curthread () at ./machine/pcpu.h:229
>> #1  doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:346
>> #2  0x8040a08b in db_dump (dummy=,
>> dummy2=, dummy3=, dummy4=)
>> at /usr/src/sys/ddb/db_command.c:574
>> #3  0x80409e59 in db_command (last_cmdp=,
>> cmd_table=, dopager=)
>> at /usr/src/sys/ddb/db_command.c:481
>> #4  0x80409bd4 in db_command_loop ()
>> at /usr/src/sys/ddb/db_command.c:534
>> #5  0x8040cdff in db_trap (type=, code=> out>)
>> at /usr/src/sys/ddb/db_main.c:250
>> #6  0x80b0d923 in kdb_trap (type=3, code=-61456, tf=> out>)
>> at /usr/src/sys/kern/subr_kdb.c:697
>> #7  0x80f7b498 in trap (frame=0xfe00593837f0)
>> at /usr/src/sys/amd64/amd64/trap.c:547
>> #8  
>> #9  kdb_enter (why=0x811f101e "panic", msg=)
>> at /usr/src/sys/kern/subr_kdb.c:479
>> #10 0x80ac8d3a in vpanic (fmt=,
>> ap=0xfe0059383960)
>> at /usr/src/sys/kern/kern_shutdown.c:800
>> #11 0x80ac8dc3 in panic (
>> fmt=0x81b1bbd8 
>> "\257\257\033\201\377\377\377\377")
>> at /usr/src/sys/kern/kern_shutdown.c:738
>> #12 0x80368bb2 in da_periph_release (periph=,
>> token=DA_REF_GEOM) at /usr/src/sys/cam/scsi/scsi_da.c:1591
>> #13 dadiskgonecb (dp=) at
>> /usr/src/sys/cam/scsi/scsi_da.c:1904
>> #14 0x80a0fdd5 in g_disk_providergone (pp=0xf80003e8b700)
>> at /usr/src/sys/geom/geom_disk.c:783
>> #15 0x80a15f9e in g_destroy_provider (pp=0xf80003e8b700)
>> at /usr/src/sys/geom/geom_subr.c:746
>> #16 0x80a15e17 in g_wither_washer ()
>> at /usr/src/sys/geom/geom_subr.c:461
>> #17 0x80a112da in g_run_events ()
>> at /usr/src/sys/geom/geom_event.c:297
>> #18 0x80a89444 in fork_exit (
>> callout=0x80a138c0 , arg=0x0,
>> frame=0xfe0059383ac0) at /usr/src/sys/kern/kern_fork.c:1039
>> #19 
>> (kgdb)
>>
>>
>> uname -a
>> FreeBSD laptopW530.tommyBSD.org 12.0-CURRENT FreeBSD 12.0-CURRENT #13
>> r328509M: Sun Jan 28 15:38:35 CET 2018
>> to...@laptopw530.tommybsd.org:/usr/obj/usr/src/amd64.amd64/sys

Re: Panic on shutdown @r328436: "Unholding 6 with cnt = -559038242"

2018-01-28 Thread Warner Losh
On Sun, Jan 28, 2018 at 2:22 PM, thomas masper 
wrote:

> Hi,
> similar panic happen to me when extracting a pendrive from laptop USB port
> (I tried 3 different pendrive).
> No issue if I reboot or shutdown. I don't know if those two issues are
> related.
>

Do you have a reproducible test case? Ideally, it would be 'insert and
remove usb thumb drive' but maybe there's more steps between insert and
removal.

Warner



> panic: Releasing 6 with cnt = -559038242
>
> GNU gdb (GDB) 8.0.1 [GDB v8.0.1 for FreeBSD]
> Copyright (C) 2017 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later  html
> >
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-portbld-freebsd12.0".
> Type "show configuration" for configuration details.
> For bug reporting instructions, please see:
> .
> Find the GDB manual and other documentation resources online at:
> .
> For help, type "help".
> Type "apropos word" to search for commands related to "word"...
> Reading symbols from /boot/kernel/kernel...Reading symbols from
> /usr/lib/debug//boot/kernel/kernel.debug...done.
> done.
>
> Unread portion of the kernel message buffer:
> da0 at umass-sim0 bus 0 scbus4 target 0 lun 0
> da0:   s/n 30E47C20 detached
> (da0:umass-sim0:0:0:0): Periph destroyed
> panic: Releasing 6 with cnt = -559038242
> cpuid = 0
> time = 1517158352
> KDB: stack backtrace:
> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
> 0xfe00593838c0
> vpanic() at vpanic+0x18d/frame 0xfe0059383920
> panic() at panic+0x43/frame 0xfe0059383980
> dadiskgonecb() at dadiskgonecb+0x42/frame 0xfe00593839a0
> g_disk_providergone() at g_disk_providergone+0x25/frame 0xfe00593839d0
> g_destroy_provider() at g_destroy_provider+0xae/frame 0xfe00593839f0
> g_wither_washer() at g_wither_washer+0x87/frame 0xfe0059383a30
> g_run_events() at g_run_events+0x3ca/frame 0xfe0059383a70
> fork_exit() at fork_exit+0x84/frame 0xfe0059383ab0
> fork_trampoline() at fork_trampoline+0xe/frame 0xfe0059383ab0
> --- trap 0, rip = 0, rsp = 0, rbp = 0 ---
> KDB: enter: panic
>
> __curthread () at ./machine/pcpu.h:229
> 229 __asm("movq %%gs:%1,%0" : "=r" (td)
> (kgdb) #0  __curthread () at ./machine/pcpu.h:229
> #1  doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:346
> #2  0x8040a08b in db_dump (dummy=,
> dummy2=, dummy3=, dummy4=)
> at /usr/src/sys/ddb/db_command.c:574
> #3  0x80409e59 in db_command (last_cmdp=,
> cmd_table=, dopager=)
> at /usr/src/sys/ddb/db_command.c:481
> #4  0x80409bd4 in db_command_loop ()
> at /usr/src/sys/ddb/db_command.c:534
> #5  0x8040cdff in db_trap (type=, code= out>)
> at /usr/src/sys/ddb/db_main.c:250
> #6  0x80b0d923 in kdb_trap (type=3, code=-61456, tf= out>)
> at /usr/src/sys/kern/subr_kdb.c:697
> #7  0x80f7b498 in trap (frame=0xfe00593837f0)
> at /usr/src/sys/amd64/amd64/trap.c:547
> #8  
> #9  kdb_enter (why=0x811f101e "panic", msg=)
> at /usr/src/sys/kern/subr_kdb.c:479
> #10 0x80ac8d3a in vpanic (fmt=,
> ap=0xfe0059383960)
> at /usr/src/sys/kern/kern_shutdown.c:800
> #11 0x80ac8dc3 in panic (
> fmt=0x81b1bbd8  "\257\257\033\201\377\377\377\
> 377")
> at /usr/src/sys/kern/kern_shutdown.c:738
> #12 0x80368bb2 in da_periph_release (periph=,
> token=DA_REF_GEOM) at /usr/src/sys/cam/scsi/scsi_da.c:1591
> #13 dadiskgonecb (dp=) at
> /usr/src/sys/cam/scsi/scsi_da.c:1904
> #14 0x80a0fdd5 in g_disk_providergone (pp=0xf80003e8b700)
> at /usr/src/sys/geom/geom_disk.c:783
> #15 0x80a15f9e in g_destroy_provider (pp=0xf80003e8b700)
> at /usr/src/sys/geom/geom_subr.c:746
> #16 0x80a15e17 in g_wither_washer ()
> at /usr/src/sys/geom/geom_subr.c:461
> #17 0x80a112da in g_run_events ()
> at /usr/src/sys/geom/geom_event.c:297
> #18 0x80a89444 in fork_exit (
> callout=0x80a138c0 , arg=0x0,
> frame=0xfe0059383ac0) at /usr/src/sys/kern/kern_fork.c:1039
> #19 
> (kgdb)
>
>
> uname -a
> FreeBSD laptopW530.tommyBSD.org 12.0-CURRENT FreeBSD 12.0-CURRENT #13
> r328509M: Sun Jan 28 15:38:35 CET 2018
> to...@laptopw530.tommybsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC
> amd64
>
> Regards,
> thomas
>
>
> On Fri, Jan 26, 2018 at 4:07 PM, David Wolfskill 
> wrote:
>
> > On Fri, Jan 26, 2018 at 07:47:48AM -0700, Warner Losh wrote:
> > > On Fri, Jan 26, 2018 at 5:29 AM, David Wolfskill  >
> > > wrote:
> > >
> > > > This is on my "build machine" (laptop is still building updated ports
> > > > for today, so I don't know yet whether or not it encounters this.)
> > > >
> > >
> > > Running a kernel with INVARIANTS, rig

Re: Panic on shutdown @r328436: "Unholding 6 with cnt = -559038242"

2018-01-28 Thread thomas masper
Hi,
similar panic happen to me when extracting a pendrive from laptop USB port
(I tried 3 different pendrive).
No issue if I reboot or shutdown. I don't know if those two issues are
related.

panic: Releasing 6 with cnt = -559038242

GNU gdb (GDB) 8.0.1 [GDB v8.0.1 for FreeBSD]
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd12.0".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
.
Find the GDB manual and other documentation resources online at:
.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /boot/kernel/kernel...Reading symbols from
/usr/lib/debug//boot/kernel/kernel.debug...done.
done.

Unread portion of the kernel message buffer:
da0 at umass-sim0 bus 0 scbus4 target 0 lun 0
da0:   s/n 30E47C20 detached
(da0:umass-sim0:0:0:0): Periph destroyed
panic: Releasing 6 with cnt = -559038242
cpuid = 0
time = 1517158352
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
0xfe00593838c0
vpanic() at vpanic+0x18d/frame 0xfe0059383920
panic() at panic+0x43/frame 0xfe0059383980
dadiskgonecb() at dadiskgonecb+0x42/frame 0xfe00593839a0
g_disk_providergone() at g_disk_providergone+0x25/frame 0xfe00593839d0
g_destroy_provider() at g_destroy_provider+0xae/frame 0xfe00593839f0
g_wither_washer() at g_wither_washer+0x87/frame 0xfe0059383a30
g_run_events() at g_run_events+0x3ca/frame 0xfe0059383a70
fork_exit() at fork_exit+0x84/frame 0xfe0059383ab0
fork_trampoline() at fork_trampoline+0xe/frame 0xfe0059383ab0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic

__curthread () at ./machine/pcpu.h:229
229 __asm("movq %%gs:%1,%0" : "=r" (td)
(kgdb) #0  __curthread () at ./machine/pcpu.h:229
#1  doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:346
#2  0x8040a08b in db_dump (dummy=,
dummy2=, dummy3=, dummy4=)
at /usr/src/sys/ddb/db_command.c:574
#3  0x80409e59 in db_command (last_cmdp=,
cmd_table=, dopager=)
at /usr/src/sys/ddb/db_command.c:481
#4  0x80409bd4 in db_command_loop ()
at /usr/src/sys/ddb/db_command.c:534
#5  0x8040cdff in db_trap (type=, code=)
at /usr/src/sys/ddb/db_main.c:250
#6  0x80b0d923 in kdb_trap (type=3, code=-61456, tf=)
at /usr/src/sys/kern/subr_kdb.c:697
#7  0x80f7b498 in trap (frame=0xfe00593837f0)
at /usr/src/sys/amd64/amd64/trap.c:547
#8  
#9  kdb_enter (why=0x811f101e "panic", msg=)
at /usr/src/sys/kern/subr_kdb.c:479
#10 0x80ac8d3a in vpanic (fmt=,
ap=0xfe0059383960)
at /usr/src/sys/kern/kern_shutdown.c:800
#11 0x80ac8dc3 in panic (
fmt=0x81b1bbd8  "\257\257\033\201\377\377\377\377")
at /usr/src/sys/kern/kern_shutdown.c:738
#12 0x80368bb2 in da_periph_release (periph=,
token=DA_REF_GEOM) at /usr/src/sys/cam/scsi/scsi_da.c:1591
#13 dadiskgonecb (dp=) at
/usr/src/sys/cam/scsi/scsi_da.c:1904
#14 0x80a0fdd5 in g_disk_providergone (pp=0xf80003e8b700)
at /usr/src/sys/geom/geom_disk.c:783
#15 0x80a15f9e in g_destroy_provider (pp=0xf80003e8b700)
at /usr/src/sys/geom/geom_subr.c:746
#16 0x80a15e17 in g_wither_washer ()
at /usr/src/sys/geom/geom_subr.c:461
#17 0x80a112da in g_run_events ()
at /usr/src/sys/geom/geom_event.c:297
#18 0x80a89444 in fork_exit (
callout=0x80a138c0 , arg=0x0,
frame=0xfe0059383ac0) at /usr/src/sys/kern/kern_fork.c:1039
#19 
(kgdb)


uname -a
FreeBSD laptopW530.tommyBSD.org 12.0-CURRENT FreeBSD 12.0-CURRENT #13
r328509M: Sun Jan 28 15:38:35 CET 2018
to...@laptopw530.tommybsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC
amd64

Regards,
thomas


On Fri, Jan 26, 2018 at 4:07 PM, David Wolfskill 
wrote:

> On Fri, Jan 26, 2018 at 07:47:48AM -0700, Warner Losh wrote:
> > On Fri, Jan 26, 2018 at 5:29 AM, David Wolfskill 
> > wrote:
> >
> > > This is on my "build machine" (laptop is still building updated ports
> > > for today, so I don't know yet whether or not it encounters this.)
> > >
> >
> > Running a kernel with INVARIANTS, right?
>
> Yes -- GENERIC.
>
> > > I had performed a source-based update from r328393 to r328436,
> > > rebooted, performed "make delete-old-libs", and all seemed well.
> > >
> >
> > This has my change 328415 in it.
>
> :-)
>
> > > I then issued "sudo shutdown -p now", and serial console shows:
> > > panic: Unholding 6 with cnt = -559038242
> > > cpuid = 3
> > > time = 1516968697
> > > KDB: stack backtrace:
> > > db_trace_self_wrapper() at db_trace_self_wrapper

Re: Panic on shutdown @r328436: "Unholding 6 with cnt = -559038242"

2018-01-26 Thread David Wolfskill
On Fri, Jan 26, 2018 at 07:47:48AM -0700, Warner Losh wrote:
> On Fri, Jan 26, 2018 at 5:29 AM, David Wolfskill 
> wrote:
> 
> > This is on my "build machine" (laptop is still building updated ports
> > for today, so I don't know yet whether or not it encounters this.)
> >
> 
> Running a kernel with INVARIANTS, right?

Yes -- GENERIC.

> > I had performed a source-based update from r328393 to r328436,
> > rebooted, performed "make delete-old-libs", and all seemed well.
> >
> 
> This has my change 328415 in it.

:-)

> > I then issued "sudo shutdown -p now", and serial console shows:
> > panic: Unholding 6 with cnt = -559038242
> > cpuid = 3
> > time = 1516968697
> > KDB: stack backtrace:
> > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
> > 0xfe4288c0
> > vpanic() at vpanic+0x18d/frame 0xfe428920
> > panic() at panic+0x43/frame 0xfe428980
> > dadiskgonecb() at dadiskgonecb+0x42/frame 0xfe4289a0
> > g_disk_providergone() at g_disk_providergone+0x25/frame 0xfe4289d0
> > g_destroy_provider() at g_destroy_provider+0xae/frame 0xfe4289f0
> > g_wither_washer() at g_wither_washer+0x87/frame 0xfe428a30
> > g_run_events() at g_run_events+0x3ca/frame 0xfe428a70
> > fork_exit() at fork_exit+0x84/frame 0xfe428ab0
> > fork_trampoline() at fork_trampoline+0xe/frame 0xfe428ab0
> > --- trap 0, rip = 0, rsp = 0, rbp = 0 ---
> > KDB: enter: panic
> > [ thread pid 13 tid 100044 ]
> > Stopped at  kdb_enter+0x3b: movq$0,kdb_why
> > db>
> >
> 
> That's no good. We're releasing a reference to the da peripheral because
> geom has finished with the disk and is giving us a final callback so we can
> drop the reference we took when we created the geom. Trouble is, cnt should
> be like 1 always for this code, but it's not. It looks like it may be bytes
> to a pointer :(
> 
> 
> > As noted, this is a build machine, and it was to be powered off for
> > the rest of the day anyway, so I don't need to get it up & running
> > immediately: I can poke at the ddb prompt, given some clues.
> >
> 
> I don't suppose you can attach kgdb to this machine? I'd be interested to
> see what the contents of the softc are...a

Pointer to how to do that?

I do have ddb right now

> 
> Thanks for the report. This is quite troubling.

Well, let's get it fixed, then! :-)

> Warner
> 

I should still have access to the serial console after I get in to the
office (heading out shortly).

Peace,
david
-- 
David H. Wolfskill  da...@catwhisker.org
"unfortunately, no trust!” -- well, of course!  You reap what you sow.

See http://www.catwhisker.org/~david/publickey.gpg for my public key.


signature.asc
Description: PGP signature


Re: Panic on shutdown @r328436: "Unholding 6 with cnt = -559038242"

2018-01-26 Thread Warner Losh
On Fri, Jan 26, 2018 at 5:29 AM, David Wolfskill 
wrote:

> This is on my "build machine" (laptop is still building updated ports
> for today, so I don't know yet whether or not it encounters this.)
>

Running a kernel with INVARIANTS, right?


> I had performed a source-based update from r328393 to r328436,
> rebooted, performed "make delete-old-libs", and all seemed well.
>

This has my change 328415 in it.


> I then issued "sudo shutdown -p now", and serial console shows:
> panic: Unholding 6 with cnt = -559038242
> cpuid = 3
> time = 1516968697
> KDB: stack backtrace:
> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
> 0xfe4288c0
> vpanic() at vpanic+0x18d/frame 0xfe428920
> panic() at panic+0x43/frame 0xfe428980
> dadiskgonecb() at dadiskgonecb+0x42/frame 0xfe4289a0
> g_disk_providergone() at g_disk_providergone+0x25/frame 0xfe4289d0
> g_destroy_provider() at g_destroy_provider+0xae/frame 0xfe4289f0
> g_wither_washer() at g_wither_washer+0x87/frame 0xfe428a30
> g_run_events() at g_run_events+0x3ca/frame 0xfe428a70
> fork_exit() at fork_exit+0x84/frame 0xfe428ab0
> fork_trampoline() at fork_trampoline+0xe/frame 0xfe428ab0
> --- trap 0, rip = 0, rsp = 0, rbp = 0 ---
> KDB: enter: panic
> [ thread pid 13 tid 100044 ]
> Stopped at  kdb_enter+0x3b: movq$0,kdb_why
> db>
>

That's no good. We're releasing a reference to the da peripheral because
geom has finished with the disk and is giving us a final callback so we can
drop the reference we took when we created the geom. Trouble is, cnt should
be like 1 always for this code, but it's not. It looks like it may be bytes
to a pointer :(


> As noted, this is a build machine, and it was to be powered off for
> the rest of the day anyway, so I don't need to get it up & running
> immediately: I can poke at the ddb prompt, given some clues.
>

I don't suppose you can attach kgdb to this machine? I'd be interested to
see what the contents of the softc are...a


> Same system had completed a source-based update for stable/11 from
> r328392 to r328429 earlier today without incident (using a different
> slice of the boot drive).
>

Thanks for the report. This is quite troubling.

Warner
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Panic on shutdown @r328436: "Unholding 6 with cnt = -559038242"

2018-01-26 Thread David Wolfskill
On Fri, Jan 26, 2018 at 04:29:47AM -0800, David Wolfskill wrote:
> This is on my "build machine" (laptop is still building updated ports
> for today, so I don't know yet whether or not it encounters this.) 
> 

The laptop did the same source-based update, and did not exhibit the
panic.

(On the laptop) following the "make delete-old-libs", I did a normal
"shutdown -r now" (as I normally continue using the laptop throughout
the day); when it started to boot, I coerced it to boot head again, then
logged in an ran "poweroff" -- to which it complied without issue.

The build machine went from

FreeBSD 12.0-CURRENT #83  r328393M/328393:1200056: Thu Jan 25 04:37:47 PST 2018 

r...@freebeast.catwhisker.org:/common/S4/obj/usr/src/amd64.amd64/sys/GENERIC  
amd64

to

FreeBSD 12.0-CURRENT #84  r328436M/328436:1200056: Fri Jan 26 04:02:06 PST 2018 

r...@freebeast.catwhisker.org:/common/S4/obj/usr/src/amd64.amd64/sys/GENERIC  
amd64


The laptop went from

FreeBSD 12.0-CURRENT #80  r328393M/328393:1200056: Thu Jan 25 04:56:41 PST 2018 
r...@g1-252.catwhisker.org:/common/S4/obj/usr/src/amd64.amd64/sys/CANARY  
amd64

to

FreeBSD 12.0-CURRENT #81  r328436M/328436:1200056: Fri Jan 26 05:41:19 PST 2018 
r...@g1-252.catwhisker.org:/common/S4/obj/usr/src/amd64.amd64/sys/CANARY  
amd64

Peace,
david
-- 
David H. Wolfskill  da...@catwhisker.org
"unfortunately, no trust!” -- well, of course!  You reap what you sow.

See http://www.catwhisker.org/~david/publickey.gpg for my public key.


signature.asc
Description: PGP signature