Subject: kern/22411: double panic; locking against myself and in cache_lookup() in ufs
To: None <gnats-bugs@gnats.netbsd.org>
From: None <dogcow@babymeat.com>
List: netbsd-bugs
Date: 08/09/2003 01:00:34
>Number: 22411
>Category: kern
>Synopsis: double panic; locking against myself and in cache_lookup() in ufs
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Aug 09 08:01:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator: Tom Spindler
>Release: NetBSD 1.6W
>Organization:
>Environment:
System: NetBSD beefcake.babymeat.com 1.6W NetBSD 1.6W (DEBUGBEEFCAKE) #28: Fri Aug 8 05:10:50 PDT 2003 dogcow@beefcake.babymeat.com:/usr/src/sys/arch/i386/compile/DEBUGBEEFCAKE i386
Architecture: i386
Machine: i386
>Description:
Not doing anything special, but was using phoenix. It looks like something
got kinda confused with the vnodes in /. Here's the traceback.
Core file or any other info on request.
(gdb) bt
#0 0x1 in ?? ()
#1 0xc022c7a7 in cpu_reboot (howto=260, bootstr=0x0)
at ../../../../arch/i386/i386/machdep.c:877
#2 0xc01d0c0f in panic () at ../../../../kern/subr_prf.c:242
#3 0xc01b957d in lockmgr (lkp=0xd3ac1ee4, flags=65554, interlkp=0xd3ac1e74)
at ../../../../kern/kern_lock.c:679
#4 0xc01f9bd4 in genfs_lock (v=0xd3ca7a14)
at ../../../../miscfs/genfs/genfs_vnops.c:324
#5 0xc01f8d31 in vn_lock (vp=0xd3ac1e74, flags=65554)
at ../../../../sys/vnode_if.h:1031
#6 0xc01f06c9 in vget (vp=0xd3ac1e74, flags=65554)
at ../../../../kern/vfs_subr.c:1236
#7 0xc0193657 in ffs_sync (mp=0xc0870a00, waitfor=2, cred=0xc0925a00,
p=0xd3be79e8) at ../../../../ufs/ffs/ffs_vfsops.c:1259
#8 0xc01f32fe in sys_sync (l=0xd3bb1d04, v=0x0, retval=0x0)
at ../../../../kern/vfs_syscalls.c:589
#9 0xc01f1e19 in vfs_shutdown () at ../../../../kern/vfs_subr.c:2612
#10 0xc022c773 in cpu_reboot (howto=256, bootstr=0x0)
at ../../../../arch/i386/i386/machdep.c:863
#11 0xc01d0c0f in panic () at ../../../../kern/subr_prf.c:242
#12 0xc023474e in trap (frame={tf_gs = 16, tf_fs = 48, tf_es = -741736432,
tf_ds = -1071710192, tf_edi = -743694732, tf_esi = 0,
tf_ebp = -741704656, tf_ebx = -741426544, tf_edx = -559038737,
tf_ecx = 33, tf_eax = -741425784, tf_trapno = 6, tf_err = 2,
tf_eip = -1071724751, tf_cs = 8, tf_eflags = 66182, tf_esp = -741704084,
tf_ss = -741704104, tf_vm86_es = -747192320, tf_vm86_ds = 2,
tf_vm86_fs = -741704084, tf_vm86_gs = -1064150528})
at ../../../../arch/i386/i386/trap.c:295
#13 0xc0102cb0 in calltrap ()
#14 0xc01977e4 in ufs_lookup (v=0xd3ca7d64)
at ../../../../ufs/ufs/ufs_lookup.c:169
#15 0xc01eebcb in lookup (ndp=0xd3ca7e48) at ../../../../sys/vnode_if.h:83
#16 0xc01ee7c7 in namei (ndp=0xd3ca7e48) at ../../../../kern/vfs_lookup.c:164
#17 0xc01ea2f5 in unp_connect (so=0xc098a678, nam=0xc089e600, p=0xd3be79e8)
at ../../../../kern/uipc_usrreq.c:674
#18 0xc01e9a5d in uipc_usrreq (so=0xc098a678, req=4, m=0x0, nam=0xc089e600,
control=0x0, p=0xd3be79e8) at ../../../../kern/uipc_usrreq.c:246
#19 0xc01e4b85 in soconnect (so=0xc098a678, nam=0xc089e600)
at ../../../../kern/uipc_socket.c:570
#20 0xc01e849e in sys_connect (l=0xd3bb1d04, v=0xd3ca7f80, retval=0xd3ca7f78)
at ../../../../kern/uipc_syscalls.c:294
#21 0xc023408f in syscall_plain (frame={tf_gs = 31, tf_fs = 31, tf_es = 31,
tf_ds = 31, tf_edi = 18, tf_esi = -1078198272, tf_ebp = -1077954668,
tf_ebx = -1116084120, tf_edx = 0, tf_ecx = 18, tf_eax = 98,
tf_trapno = 3, tf_err = 2, tf_eip = -1116752065, tf_cs = 23,
tf_eflags = 659, tf_esp = -1077954728, tf_ss = 31, tf_vm86_es = 0,
tf_vm86_ds = 0, tf_vm86_fs = 0, tf_vm86_gs = 0})
at ../../../../arch/i386/i386/syscall.c:156
#22 0xc0100b17 in syscall1 ()
can not access 0xbfbfb794, invalid translation (invalid PDE)
can not access 0xbfbfb794, invalid translation (invalid PDE)
Cannot access memory at address 0xbfbfb794
#2 0xc01d0c0f in panic () at ../../../../kern/subr_prf.c:242
242 cpu_reboot(bootopt, NULL);
(gdb)
#3 0xc01b957d in lockmgr (lkp=0xd3ac1ee4, flags=65554, interlkp=0xd3ac1e74)
at ../../../../kern/kern_lock.c:679
679 panic("lockmgr: locking against myself");
(gdb)
#4 0xc01f9bd4 in genfs_lock (v=0xd3ca7a14)
at ../../../../miscfs/genfs/genfs_vnops.c:324
324 return (lockmgr(&vp->v_lock, ap->a_flags, &vp->v_interlock));
(gdb)
#5 0xc01f8d31 in vn_lock (vp=0xd3ac1e74, flags=65554)
at ../../../../sys/vnode_if.h:1031
1031 return (VCALL(vp, VOFFSET(vop_lock), &a));
(gdb)
#6 0xc01f06c9 in vget (vp=0xd3ac1e74, flags=65554)
at ../../../../kern/vfs_subr.c:1236
1236 if ((error = vn_lock(vp, flags | LK_INTERLOCK))) {
(gdb)
#7 0xc0193657 in ffs_sync (mp=0xc0870a00, waitfor=2, cred=0xc0925a00,
p=0xd3be79e8) at ../../../../ufs/ffs/ffs_vfsops.c:1259
1259 error = vget(vp, LK_EXCLUSIVE | LK_NOWAIT | LK_INTERLOCK);
(gdb)
#8 0xc01f32fe in sys_sync (l=0xd3bb1d04, v=0x0, retval=0x0)
at ../../../../kern/vfs_syscalls.c:589
589 VFS_SYNC(mp, MNT_NOWAIT, p->p_ucred, p);
(gdb)
#9 0xc01f1e19 in vfs_shutdown () at ../../../../kern/vfs_subr.c:2612
2612 sys_sync(l, NULL, NULL);
(gdb)
#10 0xc022c773 in cpu_reboot (howto=256, bootstr=0x0)
at ../../../../arch/i386/i386/machdep.c:863
863 vfs_shutdown();
(gdb)
#11 0xc01d0c0f in panic () at ../../../../kern/subr_prf.c:242
242 cpu_reboot(bootopt, NULL);
(gdb)
#12 0xc023474e in trap (frame={tf_gs = 16, tf_fs = 48, tf_es = -741736432,
tf_ds = -1071710192, tf_edi = -743694732, tf_esi = 0,
tf_ebp = -741704656, tf_ebx = -741426544, tf_edx = -559038737,
tf_ecx = 33, tf_eax = -741425784, tf_trapno = 6, tf_err = 2,
tf_eip = -1071724751, tf_cs = 8, tf_eflags = 66182, tf_esp = -741704084,
tf_ss = -741704104, tf_vm86_es = -747192320, tf_vm86_ds = 2,
tf_vm86_fs = -741704084, tf_vm86_gs = -1064150528})
at ../../../../arch/i386/i386/trap.c:295
295 panic("trap");
(gdb)
#13 0xc0102cb0 in calltrap ()
(gdb)
#14 0xc01977e4 in ufs_lookup (v=0xd3ca7d64)
at ../../../../ufs/ufs/ufs_lookup.c:169
169 if ((error = cache_lookup(vdp, vpp, cnp)) >= 0)
(gdb) up
#15 0xc01eebcb in lookup (ndp=0xd3ca7e48) at ../../../../sys/vnode_if.h:83
83 return (VCALL(dvp, VOFFSET(vop_lookup), &a));
(gdb)
#16 0xc01ee7c7 in namei (ndp=0xd3ca7e48) at ../../../../kern/vfs_lookup.c:164
164 if ((error = lookup(ndp)) != 0) {
(gdb)
#17 0xc01ea2f5 in unp_connect (so=0xc098a678, nam=0xc089e600, p=0xd3be79e8)
at ../../../../kern/uipc_usrreq.c:674
674 if ((error = namei(&nd)) != 0)
(gdb)
#18 0xc01e9a5d in uipc_usrreq (so=0xc098a678, req=4, m=0x0, nam=0xc089e600,
control=0x0, p=0xd3be79e8) at ../../../../kern/uipc_usrreq.c:246
246 error = unp_connect(so, nam, p);
(gdb)
#19 0xc01e4b85 in soconnect (so=0xc098a678, nam=0xc089e600)
at ../../../../kern/uipc_socket.c:570
570 error = (*so->so_proto->pr_usrreq)(so, PRU_CONNECT,
(gdb)
#20 0xc01e849e in sys_connect (l=0xd3bb1d04, v=0xd3ca7f80, retval=0xd3ca7f78)
at ../../../../kern/uipc_syscalls.c:294
294 error = soconnect(so, nam);
(gdb)
#21 0xc023408f in syscall_plain (frame={tf_gs = 31, tf_fs = 31, tf_es = 31,
tf_ds = 31, tf_edi = 18, tf_esi = -1078198272, tf_ebp = -1077954668,
tf_ebx = -1116084120, tf_edx = 0, tf_ecx = 18, tf_eax = 98,
tf_trapno = 3, tf_err = 2, tf_eip = -1116752065, tf_cs = 23,
tf_eflags = 659, tf_esp = -1077954728, tf_ss = 31, tf_vm86_es = 0,
tf_vm86_ds = 0, tf_vm86_fs = 0, tf_vm86_gs = 0})
at ../../../../arch/i386/i386/syscall.c:156
156 error = (*callp->sy_call)(l, args, rval);
(gdb) print *l
$8 = {l_forw = 0xc0334b88, l_back = 0x0, l_list = {le_next = 0xd3bb1584,
le_prev = 0xd3bb1c8c}, l_zlist = {le_next = 0xdeadbeef,
le_prev = 0xdeadbeef}, l_proc = 0xd3be79e8, l_sibling = {le_next = 0x0,
le_prev = 0xd3bb15a0}, l_cpu = 0xc030d8e0, l_flag = 15728644, l_stat = 7,
l_lid = 2, l_swtime = 39, l_slptime = 0, l_wchan = 0x0, l_tsleep_ch = {
c_list = {cq_next = 0xc0319420, cq_prev = 0xd374e3c0},
c_func = 0xc01c46dc <endtsleep>, c_arg = 0xd3bb1d04, c_time = 684848,
c_flags = 0}, l_wmesg = 0xc02be348 "vnlock", l_holdcnt = 0,
l_ctxlink = 0x0, l_priority = 20 '\024', l_usrpri = 63 '?',
l_private = 0xdeadbeef, l_locks = -559038735, l_addr = 0xd3ca4000, l_md = {
md_regs = 0xd3ca7fa8, md_flags = 1, md_tss_sel = 624}}
(gdb) down
#19 0xc01e4b85 in soconnect (so=0xc098a678, nam=0xc089e600)
at ../../../../kern/uipc_socket.c:570
570 error = (*so->so_proto->pr_usrreq)(so, PRU_CONNECT,
(gdb) down
#18 0xc01e9a5d in uipc_usrreq (so=0xc098a678, req=4, m=0x0, nam=0xc089e600,
control=0x0, p=0xd3be79e8) at ../../../../kern/uipc_usrreq.c:246
246 error = unp_connect(so, nam, p);
(gdb) down
#17 0xc01ea2f5 in unp_connect (so=0xc098a678, nam=0xc089e600, p=0xd3be79e8)
at ../../../../kern/uipc_usrreq.c:674
674 if ((error = namei(&nd)) != 0)
(gdb) print nd
$25 = {ni_dirp = 0xc0817622 "/tmp/.esd/socket", ni_segflg = UIO_SYSSPACE,
ni_startdir = 0x0, ni_rootdir = 0xd376c000, ni_vp = 0x0,
ni_dvp = 0xd376c000, ni_pathlen = 12, ni_next = 0xd3b5b005 ".esd/socket",
ni_loopcnt = 0, ni_cnd = {cn_nameiop = 0, cn_flags = 1589316,
cn_proc = 0xd3be79e8, cn_cred = 0xc0925a00,
cn_pnbuf = 0xd3b5b000 "/tmp/.esd/socket",
cn_nameptr = 0xd3b5b001 "tmp/.esd/socket", cn_namelen = 3,
cn_hash = 199554124, cn_consume = 0}}
(gdb) down
#16 0xc01ee7c7 in namei (ndp=0xd3ca7e48) at ../../../../kern/vfs_lookup.c:164
164 if ((error = lookup(ndp)) != 0) {
(gdb) down
#15 0xc01eebcb in lookup (ndp=0xd3ca7e48) at ../../../../sys/vnode_if.h:83
83 return (VCALL(dvp, VOFFSET(vop_lookup), &a));
(gdb) down
#14 0xc01977e4 in ufs_lookup (v=0xd3ca7d64)
at ../../../../ufs/ufs/ufs_lookup.c:169
169 if ((error = cache_lookup(vdp, vpp, cnp)) >= 0)
(gdb) print *vpp
$30 = (struct vnode *) 0x0
(gdb) print *cnp
$32 = {cn_nameiop = 0, cn_flags = 1589316, cn_proc = 0xd3be79e8,
cn_cred = 0xc0925a00, cn_pnbuf = 0xd3b5b000 "/tmp/.esd/socket",
cn_nameptr = 0xd3b5b001 "tmp/.esd/socket", cn_namelen = 3,
cn_hash = 199554124, cn_consume = 0}
>How-To-Repeat:
unknown.
>Fix:
unknown.
>Release-Note:
>Audit-Trail:
>Unformatted: