[Bug 276408] panic: Assertion error == EJUSTRETURN failed at msdosfs_vnops.c:1195

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 19 Jan 2024 16:04:21 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276408

--- Comment #5 from John F. Carr <jfc@mit.edu> ---
I applied the patches from main to my (now) 13.3-PRERELEASE system.  The
initial error handling worked, converting the filesystem to read-only and
failing the system call in progress.

When I unmounted the filesystem my system crashed because the mnt_lockref field
was negative.

I can report this crash as a separate bug if it is insufficiently related to
the original bug.

From the crash dump analysis:

Unread portion of the kernel message buffer:
MPASSERT mp 0xfffffe03ae86f5c0 failed: mp->mnt_ref > 0 && mp->mnt_lockref >= 0
&& mp->mnt_writeopcount >= 0 not true at
/usr/home/jfc/freebsd/src/sys/kern/vfs_mount.c:1718 (vfs_op_enter)
panic: invalid count(s): ref 2314 lockref -1 writeopcount 0
cpuid = 17
time = 1705678821
KDB: stack backtrace:
#0 0xffffffff80c1a7d5 at kdb_backtrace+0x65
#1 0xffffffff80bcfa12 at vpanic+0x152
#2 0xffffffff80bcf813 at panic+0x43
#3 0xffffffff80ca51e7 at vfs_op_enter+0x1a7
#4 0xffffffff80ca496f at dounmount+0xff
#5 0xffffffff80ca4812 at kern_unmount+0x312
#6 0xffffffff8108ded0 at amd64_syscall+0x140
#7 0xffffffff8106258b at fast_syscall_common+0xf8
Uptime: 4h1m2s
Dumping 6801 out of 163636 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

__curthread () at /usr/home/jfc/freebsd/src/sys/amd64/include/pcpu_aux.h:53
53              __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct
pcpu,
(kgdb) #0  __curthread ()
    at /usr/home/jfc/freebsd/src/sys/amd64/include/pcpu_aux.h:53
        td = <optimized out>
#1  doadump (textdump=<optimized out>)
    at /usr/home/jfc/freebsd/src/sys/kern/kern_shutdown.c:394
        error = 0
        coredump = <optimized out>
#2  0xffffffff80bcf622 in kern_reboot (howto=260)
    at /usr/home/jfc/freebsd/src/sys/kern/kern_shutdown.c:482
        once = 0
#3  0xffffffff80bcfa7f in vpanic (
    fmt=0xffffffff8126ea0e "invalid count(s): ref %d lockref %d writeopcount
%d", ap=ap@entry=0xfffffe03b0c70c10)
    at /usr/home/jfc/freebsd/src/sys/kern/kern_shutdown.c:921
        buf = "invalid count(s): ref 2314 lockref -1 writeopcount 0", '\000'
<repeats 203 times>
        other_cpus = {__bits = {281474976579583, 0, 0, 0}}
        td = 0xfffff801cda27740
        bootopt = <unavailable>
        newpanic = <optimized out>
#4  0xffffffff80bcf813 in panic (fmt=<unavailable>)
    at /usr/home/jfc/freebsd/src/sys/kern/kern_shutdown.c:845
        ap = {{gp_offset = 32, fp_offset = 48, 
            overflow_arg_area = 0xfffffe03b0c70c40, 
            reg_save_area = 0xfffffe03b0c70be0}}
#5  0xffffffff80ca51e7 in vfs_op_enter (mp=0xfffffe03ae86f5c0)
    at /usr/home/jfc/freebsd/src/sys/kern/vfs_mount.c:1715
        cpu = <optimized out>
        mpcpu = <optimized out>
#6  0xffffffff80ca496f in dounmount (mp=0xfffffe03ae86f5c0, 
    flags=flags@entry=134217728, td=td@entry=0xfffff801cda27740)
    at /usr/home/jfc/freebsd/src/sys/kern/vfs_mount.c:1934
        coveredvp = 0xfffff801cdf8bb70
        mnt_gen_r = <optimized out>
        error = <unavailable>
        rootvp = <optimized out>
        async_flag = <optimized out>
#7  0xffffffff80ca4812 in kern_unmount (td=0xfffff801cda27740, 
    path=<optimized out>, flags=134217728)
    at /usr/home/jfc/freebsd/src/sys/kern/vfs_mount.c:1635
        nd = {ni_dirp = 0xe7 <error: Cannot access memory at address 0xe7>, 
          ni_segflg = UIO_USERSPACE, ni_rightsneeded = 0xfffff802b5b61528, 
          ni_startdir = 0x3, ni_rootdir = 0x0, 
          ni_topdir = 0xfffffe03af3ea3f0, ni_dirfd = 58975744, 
          ni_lcf = -2047, ni_filecaps = {fc_rights = {cr_rights = {52, 0}}, 
            fc_ioctls = 0xcda2774211000000, fc_nioctls = 1, fc_fcntls = 0}, 
          ni_vp = 0xfffffe03af3ea3f0, ni_dvp = 0x1ab485eaa000, 
          ni_resflags = 2965835520, ni_debugflags = 65027, 
          ni_loopcnt = 65535, ni_pathlen = 0, 
          ni_next = 0xfffffe03b0c70db0
"\020\016ǰ\003\376\377\377w\327\b\201\377\377\377\377", ni_cnd = {cn_origflags
= 18446744071577972639, 
            cn_flags = 18446741890537033476, cn_thread = 0xfffffe03b0c70f40, 
            cn_cred = 0x1, cn_nameiop = LOOKUP, cn_lkflags = 0, 
            cn_pnbuf = 0xfffff801cda27740
"\300\200\370\n\001\376\377\377\020p\357\260\003\376\377\377", 
            cn_nameptr = 0x1ab485eaa558 <error: Cannot access memory at address
0x1ab485eaa558>, cn_namelen = -2183172518384}, ni_cap_tracker = {
            tqh_first = 0xffffffff8108d777 <trap_pfault+519>, 
            tqh_last = 0x0}, ni_dvp_seqc = 4, ni_vp_seqc = 0}
        id0 = 231
        id1 = 50
        error = <optimized out>
        pathbuf = 0xfffff80105479400
"\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255",
<incomplete sequence \336>...
        mp = 0xfffffe03ae86f5c0
#8  0xffffffff8108ded0 in syscallenter (td=<optimized out>)
    at /usr/home/jfc/freebsd/src/sys/amd64/amd64/../../kern/subr_syscall.c:188
        se = 0xffffffff81abd8a0 <sysent+704>
        p = 0xfffffe03b0ef7010
        sa = 0xfffff801cda27b18
        error = <optimized out>
        sy_thr_static = true
        traced = <optimized out>
        _audit_entered = <optimized out>
#9  amd64_syscall (td=0xfffff801cda27740, traced=0)
    at /usr/home/jfc/freebsd/src/sys/amd64/amd64/trap.c:1181
        ksi = {ksi_link = {tqe_next = 0xfffffe03b0c70f30, 
            tqe_prev = 0xffffffff8108d043 <trap+1971>}, ksi_info = {
            si_signo = -844990656, si_errno = -2047, si_code = -1329131712, 
            si_pid = -509, si_uid = 2965835376, si_status = -509, 
            si_addr = 0x46, si_value = {sival_int = -1329131920, 
              sival_ptr = 0xfffffe03b0c70e70, sigval_int = -1329131920, 
              sigval_ptr = 0xfffffe03b0c70e70}, _reason = {_fault = {
                _trapno = -2135246730}, _timer = {_timerid = -2135246730, 
                _overrun = -1}, _mesgq = {_mqd = -2135246730}, _poll = {
                _band = -2135246730}, __spare__ = {__spare1__ = -2135246730, 
                __spare2__ = {-2114969952, -1, 70, 0, 0, 0, 725966195}}}}, 
          ksi_flags = -1329131856, 
          ksi_sigq = 0xffffffff80b5f242 <handleevents+578>}

Here are selected fields from the struct mount object:

  mnt_vfs_ops = 1
  mnt_kern_flag = 0x4100
  mnt_flag = 0x1001
  mnt_rootvnode = 0
  mnt_gen = 1

-- 
You are receiving this mail because:
You are the assignee for the bug.