On Wed, Apr 06, 2022 at 03:23:55PM +0200, Sebastien Marie wrote:
could you try to reproduce with the following kernel diff ?
as first step, it adds some KERNEL_ASSERT_LOCKED() on v_usecount modification,
and some vprint() inside uvn_io().
the vprint() inside uvn_io() should trigger only before the panic to occurs.
I am expecting the KERNEL_ASSERT_LOCKED() to not trigger, and vprint() to popup
before the panic.
having one or two vprint() would be interesting to know.
please report the backtrace, the vprint() (if any), and ddb output for
"show vnode /f 0xXYZ"
Thanks.
--
Sebastien Marie
Successfully applied your patch to the last cvs tree snapshot at the
time. Successfully built the kernel and booted with it.
Panic also managed to reproduce, in the same way I described earlier.
Results (typos are possible):
uvn_io: start: 0xfffffd834f678210, type VREG, use 0, write 0, hold 0, flags
(VBIOONFREELIST)
tag: VT_UFS, ino 19627621, on dev 4, 30 flags 0x100, effnlink 1, nlink 1
mode 0100644, owner 858, group 1000, size 378860088
vn_lock: vnode on freelist: 0xfffffd834f678210, type VREG, use 0, write 0, hold
0, flags (VBIOONFREELIST)
tag: VT_UFS, ino 19627621, on dev 4, 30 flags 0x100, effnlink 1, nlink 1
mode 0100644, owner 858, group 1000, size 378860088
panic: vn_lock: vp on freelist
Stopped at db_enter+0x10: popq %rbp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
36118 17216 858 0 0x4000000 1 qbittorrent-nox
*368433 54201 0 0x14000 0x200 2K pagedaemon
db_enter() at db_enter+0x10
panic(ffffffff81f35ffe) at panic+0xbf
vn_lock(fffffd834f678210, 81) at vn_lock+0x174
uvn_io(fffffd834f677dc0,ffff8000255b0410,1,90,1) at uvn_io+0x212
uvm_pager_put(fffffd834f677dc0,fffffd810ec88d80,ffff8000255b0518,ffff8000255b0534,90,0,a21f536c19c1a214)
\
at uvm_pager_put+0xf7
uvmpd_scan_inactive(ffffffff823dc3b8) at uvmpd_scan_inactive_0x187
uvmpd_scan() at uvmpd_scan+0xdb
uvm_pageout(ffff8000ffff42b0) at uvm_pageout+0x365
end trace frame: 0x0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{2}> machine ddbcpu 0
Stopped at x86_ipi_db+0x12: leave
x86_ipi_db(ffffffff8227df0) at x86_ipi_db+0x12
x86_ipi_handler() at x86_ipi_handler+0x80
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff8238dff0) at mplock+0x72
intr_handler(ffff8000224fc020,ffff800000120380) at intr_handler+0x44
Xintr_ioapic_edge20_untramp() at Xintr_ioapic_edge20_untramp+0x18f
_kernel_lock() at _kernel_lock+0xb2
softintr_dispatch(0) at softintr_dispatch+0x49
Xsoftclock() at Xsoftclock+0x1f
acpicpu_idle() at acpicpu_idle+0x11f
sched_idle(ffffffff8227dff0) at sched_idle+0x280
end trace frame: 0x0, count: 1
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x12: leave
x86_ipi_db(ffff80002240aff0) at x86_ipi_db+0x12
x86_ipi_handler() at x86_ipi_handler+0x80
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
_kernel_lock() at _kernel_lock+0xb2
uvm_pseg_get(2) at uvm_pseg_get+0x24
uvm_pagermapin(ffff80002510e038,1,2) at uvm_pagermapin+0x45
uvn_io(fffffd8350568950,ffff80002510e038,1,202,0) at uvn_io+0xfa
uvn_get(fffffd8350568950,4b5000,ffff80002510e0d8,ffff80002510e0c8,0,1,510e475fe43dcfe8,fffffd8350568950)
at uvn_get+0x15d
uvm_fault_lower(ffff80002510e240,ffff80002510e278,ffff80002510e1c0,0) at
uvm_fault_lower+0x341
uvm_fault(fffffd835cea6ef0,8779152d000,0,1) at uvm_fault+0x1b3
upageflttrap(ffff80002510e3a0,8779152d000) at upageflttrap+0x62
usertrap((ffff80002510e3a0) at usertrap+0x129
recall_trap() at reacall_trap+0x129
end of kernel
end trace frame: 0x990fdb2a, count: 2
ddb{1}> machine ddbcpu 2
db_enter() at db_enter+0x10
panic(ffffffff81f35ffe) at panic+0xbf
vn_lock(fffffd834f678210, 81) at vn_lock+0x174
uvn_io(fffffd834f677dc0,ffff8000255b0410,1,90,1) at uvn_io+0x212
uvm_pager_put(fffffd834f677dc0,fffffd810ec88d80,ffff8000255b0518,ffff8000255b0534,90,0,a21f536c19c1a214)
\
at uvm_pager_put+0xf7
uvmpd_scan_inactive(ffffffff823dc3b8) at uvmpd_scan_inactive_0x187
uvmpd_scan() at uvmpd_scan+0xdb
uvm_pageout(ffff8000ffff42b0) at uvm_pageout+0x365
end trace frame: 0x0, count: 7
ddb{2}> machine ddbcpu 3
Stopped at x86_ipi_db+0x12: leave
x86_ipi_db(ffff80002241cff0) at x86_ipi_db+0x12
x86_ipi_handler() at x86_ipi_handler+0x80
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
acpicpu_idle() at acpicpu_idle+0x11f
sched_idle(ffff80002241cff0) at sched_idle+0x280
ddb{2}> show vnode /f 0xfffffd834f678210
0xfffffd834f678210 tag UFS(1) type VREG(1) mount 0xffff8000014ea400 typedata 0x0
data 0xfffffd834f67a0f8 usecount 0 writecount 0 holdcnt 0 numoutput 0
flag 0x0 lflag 0x0 bioflag 0x4
clean bufs:
dirty bufs:
--
Wbr, Andrew Krasavin
