Opened 3 hours ago

Last modified 109 minutes ago

#19270 new bug

spontaneous KDL with "PANIC: release_spinlock: lock 0xffffffff88f6de20 was already released"

Reported by: dovsienko Owned by: nobody
Priority: normal Milestone: Unscheduled
Component: System/Kernel Version: R1/Development
Keywords: Cc:
Blocked By: Blocking:
Platform: x86-64

Description

This problem reproduced as follows:

  1. Boot a Haiku VM (hrev58364) in VirtualBox 7.1.4.
  2. Open a terminal.
  3. Run pkgman update and see a checksum error.
  4. After a couple minutes run again and see the same error again.
  5. Leave the VM alone for about an hour, then come back and see KDL on the screen. 
    kdebug> bt
stack trace for thread 24 "scsi_bus_service"
    kernel stack: 0xffffffff81e57000 to 0xffffffff81e5c000
frame                       caller             <image>:function + offset
 0 ffffffff81e5ba50 (+  32) ffffffff800bb1a9   <kernel_x86_64> invoke_command_trampoline(void*) + 0x19
 1 ffffffff81e5ba70 (+  32) ffffffff80153080   <kernel_x86_64> arch_debug_call_with_fault_handler + 0x1a
 2 ffffffff81e5bac0 (+  80) ffffffff800b83f8   <kernel_x86_64> debug_call_with_fault_handler + 0x78
 3 ffffffff81e5bb20 (+  96) ffffffff800bb3ff   <kernel_x86_64> invoke_debugger_command + 0xef
 4 ffffffff81e5bb60 (+  64) ffffffff800bb596   <kernel_x86_64> invoke_pipe_segment(debugger_command_pipe*, int, char*) + 0x116
 5 ffffffff81e5bbb0 (+  80) ffffffff800bb6bc   <kernel_x86_64> invoke_debugger_command_pipe + 0x9c
 6 ffffffff81e5bbf0 (+  64) ffffffff800bd916   <kernel_x86_64> ExpressionParser::_ParseCommandPipe(int&) + 0x1e6
 7 ffffffff81e5bc30 (+  64) ffffffff800bee7d   <kernel_x86_64> ExpressionParser::EvaluateCommand(char const*, int&) + 0x43d
 8 ffffffff81e5bd20 (+ 240) ffffffff800bf4af   <kernel_x86_64> evaluate_debug_command + 0x12f
 9 ffffffff81e5bd80 (+  96) ffffffff800b9b88   <kernel_x86_64> kernel_debugger_loop(char const*, char const*, __va_list_tag*, int) + 0x198
10 ffffffff81e5bdd0 (+  80) ffffffff800b9e7e   <kernel_x86_64> kernel_debugger_internal(char const*, char const*, __va_list_tag*, int) + 0x6e
11 ffffffff81e5bec0 (+ 240) ffffffff800ba217   <kernel_x86_64> panic + 0xb7
12 ffffffff81e5bf10 (+  80) ffffffff8005cb52   <kernel_x86_64> ConditionVariable::_Notify(bool, int) + 0x52
13 ffffffff81e5bf40 (+  48) ffffffff815d377e   <ahci> sata_request::Finish(int, unsigned long) + 0x13e
14 ffffffff81e5bf80 (+  64) ffffffff819cad45   <scsi> scsi_check_exec_service + 0xb5
15 ffffffff81e5bfb0 (+  48) ffffffff819c6d9f   <scsi> scsi_service_threadproc(void*) + 0x3f
16 ffffffff81e5bfd0 (+  32) ffffffff800902c7   <kernel_x86_64> common_thread_entry(void*) + 0x37
17 0000000000000000 (+   0) ffffffff81e5bfe0   216:scsi_bus_service_24_kstack@0xffffffff81e57000 + 0x4fe0

Attachments (2)

Screenshot_2024-11-28_17-04-03.png (150.9 KB ) - added by dovsienko 3 hours ago.
KDL screenshot
syslog.txt (38.8 KB ) - added by dovsienko 3 hours ago.
syslog

Download all attachments as: .zip

Change History (4)

by dovsienko, 3 hours ago

Attachment: Screenshot_2024-11-28_17-04-03.png added

KDL screenshot

by dovsienko, 3 hours ago

Attachment: syslog.txt added

syslog

comment:1 by waddlesplash, 2 hours ago 

<dovsienko> kdebug> slab_object 0xffffffff88f6de20
<dovsienko> slab_object 0xffffffff88f6de20
<dovsienko> address 0xffffffff88f6de20
<dovsienko> 	slab_cache: 0xffffffff823dac00 (scsi ccb)
<dovsienko> 	object is in partial slab: 0xffffffff88f6eb40

comment:2 by waddlesplash, 109 minutes ago

Potentially a use-after-free, or maybe the structure got overwritten incorrectly somehow.

Note: See TracTickets for help on using tickets.