Discussion:
panic in daprobedone: Unholding 4 with cnt = 0
(too old to reply)
Hans Petter Selasky
2018-02-17 12:01:00 UTC
Permalink
I've started to hit this panic with USB mass storage, before even the
device has become in-use:

panic: Unholding 4 with cnt = 0

Backtrace:

vpanic()
panic()
daprobedone()
dadone()
xpt_done_process()
xpt_done_td()
fork_exit()
fork_trampoline()

db>
static inline void
da_periph_unhold(struct cam_periph *periph, da_ref_token token)
{
int cnt;
struct da_softc *softc = periph->softc;
token_sanity(token);
DA_PERIPH_PRINT(periph, "Unholding device %s (%d)\n",
da_ref_text[token], token);
cnt = atomic_fetchadd_int(&softc->ref_flags[token], -1);
if (cnt != 1)
panic("Unholding %d with cnt = %d", token, cnt);
cam_periph_unhold(periph);
}
Warner Losh
2018-02-17 14:47:14 UTC
Permalink
That's interesting. What did you do to get there? There's some code path
that's unholding the periph without first holding it. I've been trying to
find a scenario.

Warner
Post by Hans Petter Selasky
I've started to hit this panic with USB mass storage, before even the
panic: Unholding 4 with cnt = 0
vpanic()
panic()
daprobedone()
dadone()
xpt_done_process()
xpt_done_td()
fork_exit()
fork_trampoline()
db>
static inline void
da_periph_unhold(struct cam_periph *periph, da_ref_token token)
{
int cnt;
struct da_softc *softc = periph->softc;
token_sanity(token);
DA_PERIPH_PRINT(periph, "Unholding device %s (%d)\n",
da_ref_text[token], token);
cnt = atomic_fetchadd_int(&softc->ref_flags[token], -1);
if (cnt != 1)
panic("Unholding %d with cnt = %d", token, cnt);
cam_periph_unhold(periph);
}
Hans Petter Selasky
2018-02-17 15:04:56 UTC
Permalink
Post by Warner Losh
That's interesting. What did you do to get there? There's some code path
that's unholding the periph without first holding it. I've been trying to
find a scenario.
I just booted into single user mode with a multi-card USB reader
attached. Seems like some kind of race. Doesn't happen during normal boot.

--HPS
Warner Losh
2018-02-17 15:15:39 UTC
Permalink
Post by Warner Losh
That's interesting. What did you do to get there? There's some code path
that's unholding the periph without first holding it. I've been trying to
find a scenario.
I just booted into single user mode with a multi-card USB reader attached.
Seems like some kind of race. Doesn't happen during normal boot.
I've done that with my systems here...

If you can reliably reproduce it, booting a kernel with 'options
DA_TRACK_REFS=2' in the kernel config and send me the output?

Warner
Hans Petter Selasky
2018-02-17 16:20:34 UTC
Permalink
Post by Warner Losh
I've done that with my systems here...
If you can reliably reproduce it, booting a kernel with 'options
DA_TRACK_REFS=2' in the kernel config and send me the output?
Warner
I have a reproduction. I'll send you the photo off-list.

--HPS

Loading...