FreeBSD Mail Archives

Date:      Sat, 28 Jan 2006 15:42:06 +0000 (UTC)
From:      "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
To:        FreeBSD current mailing list <current@freebsd.org>
Subject:   deadc0de panic in geom_io: mount -uw after double read-only mount
Message-ID:  <20060128143953.C24703@maildrop.int.zabbadoz.net>

next in thread | raw e-mail | index | archive | help

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--0-939258737-1138462926=:24703
Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE

Hi,

I had for some unknown reason a file system mounted twice
(readonly) to the same mount point. So I umounted one instance
and after that tried to mount instance left read-write with
mount -uw  *boom*

I guess that this was never supposed to work?

In case someone wants to lokk into this the bt full shows some
0xdeadc0dedeadc0de in geom_io.c.

db> where
Tracing pid 29052 tid 100116 td 0xffffff005e4e2000
g_io_request() at g_io_request+0x89
g_vfs_strategy() at g_vfs_strategy+0x58
ffs_geom_strategy() at ffs_geom_strategy+0xdb
bufwrite() at bufwrite+0x1af
ffs_bufwrite() at ffs_bufwrite+0x308
ffs_sbupdate() at ffs_sbupdate+0x1ac
ffs_mount() at ffs_mount+0xabb
vfs_domount() at vfs_domount+0x5c2
vfs_donmount() at vfs_donmount+0x471
nmount() at nmount+0xad
syscall() at syscall+0x31a
Xfast_syscall() at Xfast_syscall+0xa8
--- syscall (378, FreeBSD ELF64, nmount), rip =3D 0x8006847bc, rsp =3D 0x7f=
ffffffd278, rbp =3D 0x8020001b0 ---
db> show msgbuf
msgbufp =3D 0xffffffff80c20fe0
magic =3D 63062, size =3D 65504, r=3D 40099, w =3D 40509, ptr =3D 0xfffffff=
f80c11000, cksum=3D 3107452

Fatal trap 9: general protection fault while in kernel mode
cpuid =3D 0; apic id =3D 00
instruction pointer     =3D 0x8:0xffffffff803dbbf9
stack pointer           =3D 0x10:0xffffffffb4dfd560
frame pointer           =3D 0x10:0xffffffffb4dfd5a0
code segment            =3D base 0x0, limit 0xfffff, type 0x1b
                         =3D DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
current process         =3D 29052 (mount)

db> show alllocks
Process 29052 (mount) thread 0xffffff005e4e2000 (100116)
exclusive sleep mutex Giant r =3D 1 (0xffffffff808ef660) locked @ /local/bu=
ilding/freebsd/HEAD/sys/kern/vfs_mount.c:610

0xffffffff803dbbf9 is in g_io_request (/local/building/freebsd/HEAD/sys/geo=
m/geom_io.c:287).
282             KASSERT(bp->bio_data !=3D NULL, ("NULL bp->data in g_io_req=
uest"));
283             pp =3D cp->provider;
284             KASSERT(pp !=3D NULL, ("consumer not attached in g_io_reque=
st"));
285=20
286             if (bp->bio_cmd & (BIO_READ|BIO_WRITE|BIO_DELETE)) {
287                     KASSERT(bp->bio_offset % cp->provider->sectorsize =
=3D=3D 0,
288                         ("wrong offset %jd for sectorsize %u",
289                         bp->bio_offset, cp->provider->sectorsize));
290                     KASSERT(bp->bio_length % cp->provider->sectorsize =
=3D=3D 0,
291                         ("wrong length %jd for sectorsize %u",



(kgdb) bt full
#0  doadump () at pcpu.h:172
No locals.
#1  0xffffffff801dcd11 in db_fncall (dummy1=3D0, dummy2=3D0, dummy3=3D0, du=
mmy4=3D0x0)
     at /local/building/freebsd/HEAD/sys/ddb/db_command.c:489
 =09fn_addr =3D -2143170480
 =09args =3D {-2138227928, 120, -2138225600, 9, -1260400192, -2145523509,
   -2138947712, -2140041168, -2140041112, -2138227928}
 =09nargs =3D 0
 =09retval =3D -1260400240
 =09t =3D 0
#2  0xffffffff801dca60 in db_command (last_cmdp=3D0xffffffff808d3b28,
     cmd_table=3D0x0, aux_cmd_tablep=3D0xffffffff80719030,
     aux_cmd_tablep_end=3D0xffffffff80719068)
     at /local/building/freebsd/HEAD/sys/ddb/db_command.c:404
 =09cmd =3D (struct command *) 0xffffffff808242c0
 =09t =3D 0
 =09modif =3D " =D2=DF=B4=FF=FF=FF=FF#Ic\200=FF=FF=FF=FF=F8\003\000\000\000=
\000\000\000\r\000\000\000\000\000\000\000P=D2=DF=B4=FF=FF=FF=FFNKc\200=FF=
=FF=FF=FF\f\000\017\003\v\000\000\000\001\000\000\000\000\000\000\000=C0{\2=
27\200=FF=FF=FF=FF@D\215\200=FF=FF=FF=FFp=D2=DF=B4=FF=FF=FF=FF=AC\037F\200=
=FF=FF=FF=FFx\000\000\000\000\000\000\000x\000\000\000\000\000\000\000\200=
=D2=DF=B4=FF=FF=FF=FF"
 =09addr =3D -1260400160
 =09count =3D 1021
 =09have_addr =3D 0
 =09result =3D 0
#3  0xffffffff801dcb87 in db_command_loop ()
     at /local/building/freebsd/HEAD/sys/ddb/db_command.c:455
No locals.
#4  0xffffffff801ded9b in db_trap (type=3D-1260399904, code=3D0)
     at /local/building/freebsd/HEAD/sys/ddb/db_main.c:221
 =09jb =3D {{_jb =3D {-1260399904, -1260399928, -1260399792, 0, 9, 1, 0,
       -2145522386, 9, 1, -1260399792, -2142999036}}}
 =09prev_jb =3D (void *) 0x0
 =09bkpt =3D 0
#5  0xffffffff8043e11c in kdb_trap (type=3D9, code=3D0, tf=3D0xffffffffb4df=
d4b0)
     at /local/building/freebsd/HEAD/sys/kern/subr_kdb.c:485
 =09did_stop_cpus =3D 1
 =09handled =3D -1260399440
#6  0xffffffff80610a4b in trap_fatal (frame=3D0xffffffffb4dfd4b0, eva=3D0)
     at /local/building/freebsd/HEAD/sys/amd64/amd64/trap.c:679
 =09rflags =3D 514
 =09code =3D 514
 =09type =3D 9
 =09ss =3D 514
 =09esp =3D 0
 =09softseg =3D {ssd_base =3D 0, ssd_limit =3D 1048575, ssd_type =3D 27,
   ssd_dpl =3D 0, ssd_p =3D 1, ssd_long =3D 1, ssd_def32 =3D 0, ssd_gran =
=3D 1}
 =09msg =3D 0x0
#7  0xffffffff80610435 in trap (frame=3D
       {tf_rdi =3D -1097751339008, tf_rsi =3D -2401050962867404578, tf_rdx =
=3D -1097929449472, tf_rcx =3D 0, tf_r8 =3D -2140324608, tf_r9 =3D 582, tf_=
rax =3D 10240, tf_rbx =3D -1097751339008, tf_rbp =3D -1260399200, tf_r10 =
=3D 68719476735, tf_r11 =3D -1097465537792, tf_r12 =3D -1098180438016, tf_r=
13 =3D -2401050962867404578, tf_r14 =3D -1613071048, tf_r15 =3D 0, tf_trapn=
o =3D 9, tf_addr =3D 0, tf_flags =3D -1097365179744, tf_err =3D 0, tf_rip =
=3D -2143437831, tf_cs =3D 8, tf_rflags =3D 66050, tf_rsp =3D -1260399248, =
tf_ss =3D 16}) at /local/building/freebsd/HEAD/sys/amd64/amd64/trap.c:492
 =09td =3D (struct thread *) 0xffffff005e4e2000
 =09p =3D (struct proc *) 0xffffff0053194000
 =09sticks =3D 4294967295
 =09i =3D 0
 =09ucode =3D 0
 =09type =3D 9
 =09code =3D 0
 =09addr =3D -2138067680
 =09ksi =3D {ksi_link =3D {tqe_next =3D 0xffffffff806e0580,
     tqe_prev =3D 0xffffffff808fad20}, ksi_info =3D {si_signo =3D -12603995=
68,
     si_errno =3D -1, si_code =3D -2143207168, si_pid =3D -1, si_uid =3D 21=
54694016,
     si_status =3D -1, si_addr =3D 0xffffff005e7ad0d0, si_value =3D {
       sival_int =3D -1260399456, sival_ptr =3D 0xffffffffb4dfd4a0}, _reaso=
n =3D {
       _fault =3D {_trapno =3D -2142979170}, _timer =3D {_timerid =3D -2142=
979170,
         _overrun =3D -1}, _mesgq =3D {_mqd =3D -2142979170}, _poll =3D {
         _band =3D -2142979170}, __spare__ =3D {__spare1__ =3D -2142979170,
         __spare2__ =3D {-2140147168, -1, 1582178304, -256, -2138067680, -1=
,
           915}}}}, ksi_flags =3D 0, ksi_sigq =3D 0xffffffff808fad20}
#8  0xffffffff805fc0eb in calltrap ()
     at /local/building/freebsd/HEAD/sys/amd64/amd64/exception.S:168
No locals.
#9  0xffffffff803dbbf9 in g_io_request (bp=3D0xffffff0068ebe000,
     cp=3D0xffffff004f585800)
     at /local/building/freebsd/HEAD/sys/geom/geom_io.c:287
 =09pp =3D (struct g_provider *) 0xdeadc0dedeadc0de

                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

#10 0xffffffff803df8d8 in g_vfs_strategy (bo=3D0xffffff0068ebe000,
     bp=3D0xffffffff9fda7d38)
     at /local/building/freebsd/HEAD/sys/geom/geom_vfs.c:106
 =09cp =3D (struct g_consumer *) 0xffffff004f585800
 =09bip =3D (struct bio *) 0xffffff0068ebe000
#11 0xffffffff805ba4bb in ffs_geom_strategy (bo=3D0xffffff005e7ad138,
     bp=3D0xffffffff9fda7d38)
     at /local/building/freebsd/HEAD/sys/ufs/ffs/ffs_vfsops.c:1743
 =09vp =3D (struct vnode *) 0xffffff005e7ad000
 =09error =3D 10240
#12 0xffffffff80477a0f in bufwrite (bp=3D0xffffffff9fda7d38) at buf.h:419
 =09oldflags =3D 536870912
#13 0xffffffff805ba3d8 in ffs_bufwrite (bp=3D0xffffffff9fda7d38)
     at /local/building/freebsd/HEAD/sys/ufs/ffs/ffs_vfsops.c:1712
 =09newbp =3D (struct buf *) 0xffffff006140e800
#14 0xffffffff805b9cbc in ffs_sbupdate (mp=3D0xffffff0001186600, waitfor=3D=
1)
     at buf.h:405
 =09fs =3D (struct fs *) 0xffffff006140e800
 =09sbbp =3D (struct buf *) 0xffffffff9fea7570
 =09bp =3D (struct buf *) 0xffffffff9fda7d38
 =09blks =3D 5
 =09space =3D (void *) 0xffffffff86fa1800
 =09i =3D 0
 =09size =3D 10240
 =09error =3D 10240
 =09allerror =3D 0
#15 0xffffffff805b741b in ffs_mount (mp=3D0xffffff0000fb7c00,
     td=3D0xffffff005e4e2000)
     at /local/building/freebsd/HEAD/sys/ufs/ffs/ffs_vfsops.c:304
 =09devvp =3D (struct vnode *) 0xffffff005e7ad000
 =09ump =3D (struct ufsmount *) 0xffffff0001186600
 =09fs =3D (struct fs *) 0xffffff006140e800
 =09error =3D 0
 =09flags =3D -559038242
 =09accessmode =3D 8192
 =09ndp =3D {ni_dirp =3D 0xffffff007ff0ee00 "\035=B3m\200=FF=FF=FF=FF\020=
=D0=F0\177",
   ni_segflg =3D 2146488320, ni_startdir =3D 0xffffffffb4dfd820,
   ni_rootdir =3D 0xffffffff805cea98, ni_topdir =3D 0xffffff0007e7ee08,
   ni_vp =3D 0x40, ni_dvp =3D 0xffffffffb4dfd820,
   ni_pathlen =3D 18446744071566332830,
   ni_next =3D 0x40 <Address 0x40 out of bounds>,
   ni_loopcnt =3D 18446742974330563136, ni_cnd =3D {
     cn_nameiop =3D 18446744072449153104, cn_flags =3D 18446744071566333463=
,
     cn_thread =3D 0xffffffffb4dfd870, cn_cred =3D 0xffffff0007e7ea40,
     cn_lkflags =3D 2058786432, cn_pnbuf =3D 0xffffff006e675510 "@:=DAa",
     cn_nameptr =3D 0xffffffffb4dfd870 "=A0=D8=DF=B4=FF=FF=FF=FF", cn_namel=
en =3D -2142748113,
     cn_consume =3D -1099495146496}}
 =09export =3D {ex_flags =3D 128, ex_root =3D 4294967294, ex_anon =3D {
     cr_version =3D 2151988126, cr_uid =3D 4294967295, cr_ngroups =3D -1038=
4,
     cr_groups =3D {4294967295, 2151986960, 4294967295, 2156965056, 4294967=
295,
       1582178304, 4294967040, 3034568624, 4294967295, 582, 0, 2156962560,
       4294967295, 2146488336, 4294967040, 2273},
     _cr_unused1 =3D 0xffffffff806ff010}, ex_addr =3D 0x0, ex_addrlen =3D 6=
4 '@',
   ex_mask =3D 0xffffffffb4dfd7e0, ex_masklen =3D 244 '=F4',
   ex_indexfile =3D 0x40 <Address 0x40 out of bounds>}
 =09fspec =3D 0xffffff00673312e0 "/dev/ad8s4d"
#16 0xffffffff804858a2 in vfs_domount (td=3D0xffffff005e4e2000,
     fstype=3D0xffffff0000fb7c00 "", fspath=3D0xffffff00795ec300 "/shared",
     fsflags=3D65536, fsdata=3D0xffffff006e675510)
     at /local/building/freebsd/HEAD/sys/kern/vfs_mount.c:858
 =09vp =3D (struct vnode *) 0xffffff0061a581d8
 =09mp =3D (struct mount *) 0xffffff0000fb7c00
 =09vfsp =3D (struct vfsconf *) 0xffffff0000fb7c00
 =09error =3D 0
 =09flag =3D 4097
 =09kern_flag =3D 536870912
 =09va =3D {va_type =3D 3034569216, va_mode =3D 65535, va_nlink =3D -1,
   va_uid =3D 2153569984, va_gid =3D 4294967295, va_fsid =3D 3034569216,
   va_fileid =3D -2143218894, va_size =3D 18446744072449153536,
   va_blocksize =3D -2142980336, va_atime =3D {tv_sec =3D -1260398064,
     tv_nsec =3D -2138114464}, va_mtime =3D {tv_sec =3D -1260397968,
     tv_nsec =3D -2142979682}, va_ctime =3D {tv_sec =3D -1260398032,
     tv_nsec =3D -2142980336}, va_birthtime =3D {tv_sec =3D 0,
     tv_nsec =3D -2138114464}, va_gen =3D 18446744072449153648,
   va_flags =3D 18446744071566573616, va_rdev =3D 2156965056,
   va_bytes =3D 18446744071571437152, va_filerev =3D 610, va_vaflags =3D 0,
   va_spare =3D -2140275640}
 =09nd =3D {ni_dirp =3D 0xffffff00795ec300 "/shared",
   ni_segflg =3D UIO_SYSSPACE, ni_startdir =3D 0x0,
   ni_rootdir =3D 0xffffff00277bd3b0, ni_topdir =3D 0x0,
   ni_vp =3D 0xffffff0061a581d8, ni_dvp =3D 0xffffff00277bd3b0, ni_pathlen =
=3D 1,
   ni_next =3D 0xffffff002ec9a807 "", ni_loopcnt =3D 0, ni_cnd =3D {cn_name=
iop =3D 0,
     cn_flags =3D 49220, cn_thread =3D 0xffffff005e4e2000,
     cn_cred =3D 0xffffff0034726700, cn_lkflags =3D 2,
     cn_pnbuf =3D 0xffffff002ec9a800 "/shared",
     cn_nameptr =3D 0xffffff002ec9a801 "shared", cn_namelen =3D 6, cn_consu=
me =3D 0}}
 =09__func__ =3D "vfs_domount"
#17 0xffffffff80485071 in vfs_donmount (td=3D0xffffff005e4e2000, fsflags=3D=
65536,
     fsoptions=3D0xffffff0013df2300)
     at /local/building/freebsd/HEAD/sys/kern/vfs_mount.c:611
 =09optlist =3D (struct vfsoptlist *) 0xffffff006e675510
 =09fstype =3D 0xffffff0067331340 "ufs"
 =09fspath =3D 0xffffff00795ec300 "/shared"
 =09errmsg =3D 0xffffffffb4dfdb10 "P=DB=DF=B4=FF=FF=FF=FF\rHH\200=FF=FF=FF=
=FFP=DB=DF=B4=FF=FF=FF=FF"
 =09error =3D 0
 =09fstypelen =3D 4
 =09fspathlen =3D 8
 =09errmsg_len =3D 0
 =09errmsg_pos =3D -1
#18 0xffffffff8048480d in nmount (td=3D0xffffff005e4e2000,
     uap=3D0xffffffffb4dfdc00)
     at /local/building/freebsd/HEAD/sys/kern/vfs_mount.c:397
 =09auio =3D (struct uio *) 0xffffff0013df2300
 =09iov =3D (struct iovec *) 0x2800
 =09i =3D 1582178304
 =09error =3D 6
 =09iovcnt =3D 10
#19 0xffffffff80610e2a in syscall (frame=3D
       {tf_rdi =3D 34393294144, tf_rsi =3D 10, tf_rdx =3D 0, tf_rcx =3D 343=
93293232, tf_r8 =3D 34389085472, tf_r9 =3D -6510615555426900571, tf_rax =3D=
 378, tf_rbx =3D 140737488343728, tf_rbp =3D 34393293232, tf_r10 =3D 44, tf=
_r11 =3D 34393293392, tf_r12 =3D 140737488343696, tf_r13 =3D 34410068360, t=
f_r14 =3D 140737488345936, tf_r15 =3D 140737488344912, tf_trapno =3D 12, tf=
_addr =3D 34368322704, tf_flags =3D 0, tf_err =3D 2, tf_rip =3D 34366572476=
, tf_cs =3D 43, tf_rflags =3D 518, tf_rsp =3D 140737488343672, tf_ss =3D 35=
}) at /local/building/freebsd/HEAD/sys/amd64/amd64/trap.c:818
 =09params =3D 0x7fffffffd280 <Address 0x7fffffffd280 out of bounds>
 =09callp =3D (struct sysent *) 0xffffffff8088e3f0
 =09td =3D (struct thread *) 0xffffff005e4e2000
 =09p =3D (struct proc *) 0xffffff0053194000
 =09orig_tf_rflags =3D 518
 =09sticks =3D 0
 =09error =3D 0
 =09narg =3D 3
 =09args =3D {34393294144, 10, 0, 34393293232, 34389085472,
   -6510615555426900571, 0, -2137391616}
 =09argp =3D (register_t *) 0xffffffffb4dfdc00
 =09code =3D 378
 =09reg =3D -1260397568
 =09regcnt =3D 6
 =09ksi =3D {ksi_link =3D {tqe_next =3D 0x0, tqe_prev =3D 0x0}, ksi_info =
=3D {
     si_signo =3D -1260397456, si_errno =3D -1, si_code =3D -2141125424,
     si_pid =3D -1, si_uid =3D 3034569664, si_status =3D -1, si_addr =3D 0x=
80082fc90,
     si_value =3D {sival_int =3D -2138111104, sival_ptr =3D 0x808f0380}, _r=
eason =3D {
       _fault =3D {_trapno =3D 1394163712}, _timer =3D {_timerid =3D 139416=
3712,
         _overrun =3D -256}, _mesgq =3D {_mqd =3D 1394163712}, _poll =3D {
         _band =3D -1098117464064}, __spare__ =3D {__spare1__ =3D -10981174=
64064,
         __spare2__ =3D {2, 0, -2138111104, -1, -1260397568, -1, 70}}}},
   ksi_flags =3D 1, ksi_sigq =3D 0xffffffff808f0380}
#20 0xffffffff805fc288 in Xfast_syscall ()
     at /local/building/freebsd/HEAD/sys/amd64/amd64/exception.S:270
No locals.
#21 0x00000008006847bc in ?? ()
No symbol table info available.
(kgdb)

--=20
Bjoern A. Zeeb=09=09=09=09bzeeb at Zabbadoz dot NeT
--0-939258737-1138462926=:24703--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060128143953.C24703>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation