Bug 26896

Summary: Kernel panic during ktrace (vrele: negative ref cnt)
Product: Base System Reporter: jfh <jfh>
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.3-STABLE   
Hardware: Any   
OS: Any   

Description jfh 2001-04-27 15:20:01 UTC 
	
	Panic immediately after running "ktrace -C" to end a
	"ktrace -id -p <pid>" process. From the dump:

	   (kgdb) where
	   #0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:469
	   #1  0xc019d0d7 in boot (howto=256)
	       at /usr/src/sys/kern/kern_shutdown.c:309
	   #2  0xc019d46d in panic (fmt=0xc03448dc "vrele: negative ref cnt")
	       at /usr/src/sys/kern/kern_shutdown.c:556
	   #3  0xc01c9356 in vrele (vp=0xd2a37c80)
	       at /usr/src/sys/kern/vfs_subr.c:1452
	   #4  0xc01975dd in ktrops (curp=0xd1f1aa00, p=0xd29912a0, ops=1, facs=254,
	       vp=0x0) at /usr/src/sys/kern/kern_ktrace.c:411
	   #5  0xc019761a in ktrsetchildren (curp=0xd1f1aa00, top=0xd1f1de00, ops=1,
	       facs=254, vp=0x0) at /usr/src/sys/kern/kern_ktrace.c:431
	   #6  0xc019742e in ktrace (curp=0xd1f1aa00, uap=0xd2962f80)
	       at /usr/src/sys/kern/kern_ktrace.c:330
	   #7  0xc03042a9 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47,
	         tf_edi = -1077938544, tf_esi = 1, tf_ebp = -1077938636,
	         tf_isp = -761909292, tf_ebx = 1, tf_edx = -2012235704, tf_ecx = 11,
	         tf_eax = 45, tf_trapno = 12, tf_err = 2, tf_eip = -2012608448,
	         tf_cs = 31, tf_eflags = 582, tf_esp = -1077938808, tf_ss = 47})
	       at /usr/src/sys/i386/i386/trap.c:1150
	   #8  0xc02f5a45 in Xint0x80_syscall ()
	   #9  0x80487e5 in ?? ()

	This is the second panic in vrele due to negative ref cnts in as many days
	at my site.

	kernel and dump are available if anyone needs them.

Fix: 

Unknown
How-To-Repeat: 	Unknown
Comment 1 dd freebsd_committer freebsd_triage 2001-04-29 03:03:52 UTC 
State Changed
From-To: open->closed

Duplicate of 26878
Comment 2 dd freebsd_committer freebsd_triage 2001-04-29 04:13:18 UTC 
State Changed
From-To: closed->open

Last close was bogus; even though the error message is the same, it 
seems to be a different problem.
Comment 3 silby freebsd_committer freebsd_triage 2002-01-10 19:11:54 UTC 
State Changed
From-To: open->closed

kern_ktrace 1.57 sounds like it fixes this problem: 

Fix ktrace enablement/disablement races that can result in a vnode 
ref count panic. 

Bug noticed by: ps 
Reviewed by:    ps 
MFC after:      1 day 

If somehow this can still be reproduced, the PR can be reopened.