From jaakko@saunalahti.fi  Tue Sep  2 08:35:04 2008
Return-Path: <jaakko@saunalahti.fi>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C2CB0106568D;
	Tue,  2 Sep 2008 08:35:04 +0000 (UTC)
	(envelope-from jaakko@saunalahti.fi)
Received: from gw01.mail.saunalahti.fi (gw01.mail.saunalahti.fi [195.197.172.115])
	by mx1.freebsd.org (Postfix) with ESMTP id 51C098FC19;
	Tue,  2 Sep 2008 08:35:04 +0000 (UTC)
	(envelope-from jaakko@saunalahti.fi)
Received: from ws64.jh.dy.fi (a91-153-122-179.elisa-laajakaista.fi [91.153.122.179])
	by gw01.mail.saunalahti.fi (Postfix) with ESMTP id C33EA151C75;
	Tue,  2 Sep 2008 11:15:59 +0300 (EEST)
Received: from ws64.jh.dy.fi (localhost [127.0.0.1])
	by ws64.jh.dy.fi (8.14.2/8.14.2) with ESMTP id m828Fw4T002524;
	Tue, 2 Sep 2008 11:15:58 +0300 (EEST)
	(envelope-from jaakko@ws64.jh.dy.fi)
Received: (from jaakko@localhost)
	by ws64.jh.dy.fi (8.14.2/8.14.2/Submit) id m828FwIR002523;
	Tue, 2 Sep 2008 11:15:58 +0300 (EEST)
	(envelope-from jaakko)
Message-Id: <200809020815.m828FwIR002523@ws64.jh.dy.fi>
Date: Tue, 2 Sep 2008 11:15:58 +0300 (EEST)
From: Jaakko Heinonen <jh@saunalahti.fi>
To: FreeBSD-gnats-submit@freebsd.org
Cc: davidxu@freebsd.org
Subject: [patch] mqueuefs witness panic
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         127040
>Category:       kern
>Synopsis:       [patch] mqueuefs(5) witness panic
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    davidxu
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 02 08:40:00 UTC 2008
>Closed-Date:    Tue Mar 11 02:01:23 UTC 2014
>Last-Modified:  Tue Mar 11 02:01:23 UTC 2014
>Originator:     Jaakko Heinonen
>Release:        FreeBSD 8.0-CURRENT
>Organization:
>Environment:
	
>Description:
mqueuefs panics with witness enabled kernel. The panic happens because
getnewvnode() initializes a lockmgr lock as "mqueue" and later in
mqueue_alloc() a mutex is initialized as "mqueue" too.

Unread portion of the kernel message buffer:
panic: lock (mqueue) sleep mutex does not match earlier (lockmgr) lock
cpuid = 0
KDB: enter: panic
Uptime: 35m34s
Physical memory: 499 MB
Dumping 94 MB: 79 63 47 31 15

#0  doadump () at pcpu.h:196
#1  0xc07a575e in boot (howto=260)
    at /home/jaakko/src/head/sys/kern/kern_shutdown.c:418
#2  0xc07a5a23 in panic (fmt=Variable "fmt" is not available.
)
    at /home/jaakko/src/head/sys/kern/kern_shutdown.c:572
#3  0xc07e2aa1 in enroll (description=0xc367634c "mqueue", 
    lock_class=0xc0c2bc84)
    at /home/jaakko/src/head/sys/kern/subr_witness.c:1516
#4  0xc07e2da8 in witness_init (lock=0xc3682000, type=0xc367634c "mqueue")
    at /home/jaakko/src/head/sys/kern/subr_witness.c:695
#5  0xc07d37bc in lock_init (lock=0xc3682000, class=0xc0c2bc84, 
    name=0xc367634c "mqueue", type=0xc367634c "mqueue", flags=131072)
    at /home/jaakko/src/head/sys/kern/subr_lock.c:94
#6  0xc07981d4 in mtx_init (m=0xc3682000, name=0xc367634c "mqueue", type=0x0, 
    opts=0) at /home/jaakko/src/head/sys/kern/kern_mutex.c:744
#7  0xc3673a22 in mqueue_alloc (attr=0x0)
    at /home/jaakko/src/head/sys/modules/mqueue/../../kern/uipc_mqueue.c:1501
#8  0xc3673aef in mqfs_create (ap=0xd61bfacc)
    at /home/jaakko/src/head/sys/modules/mqueue/../../kern/uipc_mqueue.c:914
#9  0xc0ac79c5 in VOP_CREATE_APV (vop=0xc3677700, a=0xd61bfacc)
    at vnode_if.c:206
#10 0xc08379c0 in vn_open_cred (ndp=0xd61bfba8, flagp=0xd61bfc5c, cmode=Variable "cmode" is not available.
)
    at vnode_if.h:109
#11 0xc0837d23 in vn_open (ndp=0xd61bfba8, flagp=0xd61bfc5c, cmode=420, 
    fp=0xc333d8c0) at /home/jaakko/src/head/sys/kern/vfs_vnops.c:96
#12 0xc0836a06 in kern_openat (td=0xc33018c0, fd=-100, 
    path=0xbfbfee82 <Address 0xbfbfee82 out of bounds>, pathseg=UIO_USERSPACE, 
    flags=514, mode=438) at /home/jaakko/src/head/sys/kern/vfs_syscalls.c:1069
#13 0xc0836f35 in kern_open (td=0xc33018c0, 
    path=0xbfbfee82 <Address 0xbfbfee82 out of bounds>, pathseg=UIO_USERSPACE, 
    flags=513, mode=438) at /home/jaakko/src/head/sys/kern/vfs_syscalls.c:1023
#14 0xc0836f70 in open (td=0xc33018c0, uap=0xd61bfcf8)
    at /home/jaakko/src/head/sys/kern/vfs_syscalls.c:999
#15 0xc0aba743 in syscall (frame=0xd61bfd38)
    at /home/jaakko/src/head/sys/i386/i386/trap.c:1081
#16 0xc0a9ee70 in Xint0x80_syscall ()
    at /home/jaakko/src/head/sys/i386/i386/exception.s:261
#17 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)

>How-To-Repeat:
# mount -t mqueuefs null /mnt
# touch /mnt/1
>Fix:
Change mqueue mutex name to other than "mqueue".

--- mqueuefs-witness-panic.diff begins here ---
Index: sys/kern/uipc_mqueue.c
===================================================================
--- sys/kern/uipc_mqueue.c	(revision 182605)
+++ sys/kern/uipc_mqueue.c	(working copy)
@@ -1499,7 +1499,7 @@ mqueue_alloc(const struct mq_attr *attr)
 		mq->mq_maxmsg = default_maxmsg;
 		mq->mq_msgsize = default_msgsize;
 	}
-	mtx_init(&mq->mq_mutex, "mqueue", NULL, MTX_DEF);
+	mtx_init(&mq->mq_mutex, "mqueue mutex", NULL, MTX_DEF);
 	knlist_init(&mq->mq_rsel.si_note, &mq->mq_mutex, NULL, NULL, NULL);
 	knlist_init(&mq->mq_wsel.si_note, &mq->mq_mutex, NULL, NULL, NULL);
 	atomic_add_int(&curmq, 1);
--- mqueuefs-witness-panic.diff ends here ---

>Release-Note:
>Audit-Trail:

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/127040: commit references a PR
Date: Fri,  5 Sep 2008 02:07:39 +0000 (UTC)

 davidxu     2008-09-05 02:07:25 UTC
 
   FreeBSD src repository
 
   Modified files:
     sys/kern             uipc_mqueue.c 
   Log:
   SVN rev 182776 on 2008-09-05 02:07:25Z by davidxu
   
   Fix lock name conflict.
   
   PR:     kern/127040
   
   Revision  Changes    Path
   1.32      +1 -1      src/sys/kern/uipc_mqueue.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->patched 
State-Changed-By: gavin 
State-Changed-When: Thu Nov 6 12:04:11 UTC 2008 
State-Changed-Why:  
Fixed in HEAD (SVN r182776) 


Responsible-Changed-From-To: freebsd-bugs->davidxu 
Responsible-Changed-By: gavin 
Responsible-Changed-When: Thu Nov 6 12:04:11 UTC 2008 
Responsible-Changed-Why:  
Over do davidxu@ who committed the fix to HEAD. 
David, could you please have a look at this and consider 
merging it to RELENG_7? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=127040 
State-Changed-From-To: patched->closed 
State-Changed-By: davidxu 
State-Changed-When: Tue Mar 11 02:00:51 UTC 2014 
State-Changed-Why:  
Fixed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=127040 
>Unformatted:
