[Bug 273953] panic: vfs_remount_ro: mp is not busied

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 20 Sep 2023 01:22:28 UTC 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273953

            Bug ID: 273953
           Summary: panic: vfs_remount_ro: mp is not busied
           Product: Base System
           Version: 15.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: glebius@FreeBSD.org
                CC: kib@FreeBSD.org, mjg@FreeBSD.org

With msdosfs(4) on an SD card mounted with help of autofs(5) paniced when
running command 'rm *' in directory that had 3 files. Repeating same scenario
on the same file system after reboot did not reproduce the panic, so seems to
be a race.

I got core.

Unread portion of the kernel message buffer:
/stealth: Freeing unused sector 158705 17 0
/dev/msdosfs/STEALTHCAM: remounting read-only due to corruption
panic: vfs_remount_ro: mp 0xfffffe0235211000 is not busied
cpuid = 19
time = 1695171728
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2c/frame 0xfffffe015d040b30
kdb_backtrace() at kdb_backtrace+0x46/frame 0xfffffe015d040be0
vpanic() at vpanic+0x20f/frame 0xfffffe015d040d20
panic() at panic+0x4e/frame 0xfffffe015d040d80
vfs_remount_ro() at vfs_remount_ro+0x3f/frame 0xfffffe015d040e00
msdosfs_remount_ro() at msdosfs_remount_ro+0x170/frame 0xfffffe015d040e40
taskqueue_run_locked() at taskqueue_run_locked+0x2a2/frame 0xfffffe015d040eb0
taskqueue_thread_loop() at taskqueue_thread_loop+0xad/frame 0xfffffe015d040ee0
fork_exit() at fork_exit+0x10a/frame 0xfffffe015d040f30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe015d040f30
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
Uptime: 11d17h24m24s
Dumping 19323 out of 65306 MB: (CTRL-C to abort)  (CTRL-C to abort)  (CTRL-C to
abort)  (CTRL-C to abort) ..1% (CTRL-C to abort)  (CTRL-C to abort)  (CTRL-C to
abort)  (CTRL-C to abort) ..11%..21%..31%..41%..51%..61%..71%..81%..91%

0xffffffff80c4934b in doadump (textdump=1) at
/usr/src/FreeBSD/sys/kern/kern_shutdown.c:405
405             dump_savectx();
(kgdb) bt
#0  0xffffffff80c4934b in doadump (textdump=1) at
/usr/src/FreeBSD/sys/kern/kern_shutdown.c:405
#1  0xffffffff80c48f9b in kern_reboot (howto=260) at
/usr/src/FreeBSD/sys/kern/kern_shutdown.c:526
#2  0xffffffff80c49ab2 in vpanic (fmt=0xffffffff8119d417 "vfs_remount_ro: mp %p
is not busied", ap=0xfffffe015d040d60)
    at /usr/src/FreeBSD/sys/kern/kern_shutdown.c:970
#3  0xffffffff80c492ee in panic (fmt=0xffffffff8119d417 "vfs_remount_ro: mp %p
is not busied") at /usr/src/FreeBSD/sys/kern/kern_shutdown.c:894
#4  0xffffffff80d8df3f in vfs_remount_ro (mp=0xfffffe0235211000) at
/usr/src/FreeBSD/sys/kern/vfs_mount.c:3007
#5  0xffffffff80a87b80 in msdosfs_remount_ro (arg=0xfffff803c9e4c200,
pending=1) at /usr/src/FreeBSD/sys/fs/msdosfs/msdosfs_vfsops.c:996
#6  0xffffffff80cdc392 in taskqueue_run_locked (queue=0xfffff80001d46900) at
/usr/src/FreeBSD/sys/kern/subr_taskqueue.c:512
#7  0xffffffff80cdd74d in taskqueue_thread_loop (arg=0xffffffff817d8998
<taskqueue_thread>) at /usr/src/FreeBSD/sys/kern/subr_taskqueue.c:824
#8  0xffffffff80be4d4a in fork_exit (callout=0xffffffff80cdd6a0
<taskqueue_thread_loop>, arg=0xffffffff817d8998 <taskqueue_thread>, 
    frame=0xfffffe015d040f40) at /usr/src/FreeBSD/sys/kern/kern_fork.c:1160
#9  <signal handler called>
(kgdb) frame 4
#4  0xffffffff80d8df3f in vfs_remount_ro (mp=0xfffffe0235211000) at
/usr/src/FreeBSD/sys/kern/vfs_mount.c:3007
3007            KASSERT(mp->mnt_lockref > 0,
(kgdb) p *mp
$1 = {mnt_vfs_ops = 0, mnt_kern_flag = 16640, mnt_flag = 8589938688, mnt_pcpu =
0xfffffe02a939de50, mnt_rootvnode = 0x0, 
  mnt_vnodecovered = 0xfffff8048f8f3e00, mnt_op = 0xffffffff8147d938
<msdosfs_vfsops>, mnt_vfc = 0xffffffff8147d8e8 <msdosfs_vfsconf>, mnt_mtx = {
    lock_object = {lo_name = 0xffffffff8115e318 "struct mount mtx", lo_flags =
16973824, lo_data = 0, lo_witness = 0x0}, mtx_lock = 0}, 
  mnt_gen = 2, mnt_list = {tqe_next = 0x0, tqe_prev = 0xfffffe0235211b68},
mnt_syncer = 0xfffff80496430540, mnt_ref = 9, mnt_nvnodelist = {
    tqh_first = 0xfffff80496430540, tqh_last = 0xfffff8048ee0d568},
mnt_nvnodelistsize = 7, mnt_writeopcount = 1, mnt_opt = 0xfffff8070e1edc10, 
  mnt_optnew = 0x0, mnt_stat = {f_version = 538182936, f_type = 50, f_flags =
8589938688, f_bsize = 32768, f_iosize = 32768, f_blocks = 485944, 
    f_bfree = 308820, f_bavail = 308820, f_files = 0, f_ffree = 0, f_syncwrites
= 9, f_asyncwrites = 2, f_syncreads = 510, f_asyncreads = 313, 
    f_nvnodelistsize = 9, f_spare0 = 0, f_spare = {0, 0, 0, 0, 0, 0, 0, 0, 0},
f_namemax = 255, f_owner = 0, f_fsid = {val = {345, 50}}, 
    f_charspare = '\000' <repeats 79 times>, f_fstypename =
"msdosfs\000\000\000\000\000\000\000\000", 
    f_mntfromname = "/dev/msdosfs/STEALTHCAM", '\000' <repeats 1000 times>,
f_mntonname = "/stealth", '\000' <repeats 1015 times>}, 
  mnt_cred = 0xfffff80391380000, mnt_data = 0xfffff803c9e4c200, mnt_time = 0,
mnt_iosize_max = 1048576, mnt_export = 0x0, mnt_label = 0x0, 
  mnt_hashseed = 3245099513, mnt_lockref = 0, mnt_secondary_writes = 0,
mnt_secondary_accwrites = 0, mnt_susp_owner = 0x0, mnt_exjail = 0x0, 
  mnt_gjprovider = 0x0, mnt_listmtx = {lock_object = {lo_name =
0xffffffff811d2344 "struct mount vlist mtx", lo_flags = 16973824, lo_data = 0, 
      lo_witness = 0x0}, mtx_lock = 0}, mnt_lazyvnodelist = {tqh_first = 0x0,
tqh_last = 0xfffffe0235211a50}, mnt_lazyvnodelistsize = 0, 
  mnt_upper_pending = 0, mnt_explock = {lock_object = {lo_name =
0xffffffff8123df49 "explock", lo_flags = 108199936, lo_data = 0, 
      lo_witness = 0x0}, lk_lock = 1, lk_exslpfail = 0, lk_pri = 64, lk_timo =
0}, mnt_uppers = {tqh_first = 0x0, tqh_last = 0xfffffe0235211a90}, 
  mnt_notify = {tqh_first = 0x0, tqh_last = 0xfffffe0235211aa0},
mnt_taskqueue_link = {stqe_next = 0x0}, mnt_taskqueue_flags = 0, 
  mnt_unmount_retries = 0}

-- 
You are receiving this mail because:
You are the assignee for the bug.