netbsd-bugs: Re: kern/35279: -current can panic with "panic: vput: ref cnt"_

Subject: Re: kern/35279: -current can panic with "panic: vput: ref cnt"__
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Juergen Hannken-Illjes <hannken@eis.cs.tu-bs.de>
List: netbsd-bugs
Date: 12/19/2006 15:40:02

The following reply was made to PR kern/35279; it has been noted by GNATS.

From: Juergen Hannken-Illjes <hannken@eis.cs.tu-bs.de>
To: gnats-bugs@netbsd.org
Cc: kern-bug-people@netbsd.org, gnats-admin@netbsd.org,
	netbsd-bugs@netbsd.org
Subject: Re: kern/35279: -current can panic with "panic: vput: ref cnt"__
Date: Tue, 19 Dec 2006 16:36:57 +0100

 On Tue, Dec 19, 2006 at 09:50:00AM +0000, nick.hudson@dsl.pipex.com wrote:
 [snip]
 > >Description:
 >         Random panics of "panic: vput: ref cnt" with the latest vfs_lookup
 > 
 >         nick@topcat$ ident /netbsd | grep vfs_lookup
 >              $NetBSD: vfs_lookup.c,v 1.75 2006/12/13 13:36:19 yamt Exp $
 > 
 >         I have a couple of crash dumps, but can't get gdb to give a backtrace atm.
 
 I have one crash dump that seems to work:
 
 #11 0xc0465655 in panic (fmt=0xc08cf4b2 "vput: ref cnt") at /build/dist/src/sys/kern/subr_prf.c:243
 #12 0xc0491bd4 in vput (vp=0xccbc3e80) at /build/dist/src/sys/kern/vfs_subr.c:1248
 #13 0xc048fa16 in namei (ndp=0xccbe2b88) at /build/dist/src/sys/kern/vfs_lookup.c:298
 #14 0xc0436a4b in check_exec (l=0xccbc9f0c, epp=0xccbe2b20, flag=1) at /build/dist/src/sys/kern/kern_exec.c:259
 #15 0xc0436e5a in execve1 (l=0xccbc9f0c, path=0x806fc00 <Address 0x806fc00 out of bounds>, args=0x806c4e0, 
     envs=0x806d080, fetch_element=0xc04369f0 <execve_fetch_element>) at /build/dist/src/sys/kern/kern_exec.c:498
 #16 0xc0437df1 in sys_execve (l=0xccbc9f0c, v=0xccbe2c48, retval=0xccbe2c68)
     at /build/dist/src/sys/kern/kern_exec.c:405
 #17 0xc04fb5c3 in syscall_plain (frame=0xccbe2c88) at /build/dist/src/sys/arch/i386/i386/syscall.c:144
 #18 0xc010069d in syscall1 ()
 (gdb) fr 13
 #13 0xc048fa16 in namei (ndp=0xccbe2b88) at /build/dist/src/sys/kern/vfs_lookup.c:298
 298                                     vput(ndp->ni_dvp);
 (gdb) list
 293                     cnp->cn_nameptr = cnp->cn_pnbuf;
 294                     ndp->ni_startdir = dp;
 295                     error = lookup(ndp);
 296                     if (error != 0) {
 297                             if (ndp->ni_dvp) {
 298                                     vput(ndp->ni_dvp);
 299                             }
 300                             PNBUF_PUT(cnp->cn_pnbuf);
 301                             return (error);
 302                     }
 (gdb) print error
 $1 = 63 // ENAMETOOLONG
 
 -- 
 Juergen Hannken-Illjes - hannken@eis.cs.tu-bs.de - TU Braunschweig (Germany)