From owner-freebsd-fs@FreeBSD.ORG Wed Nov 9 07:53:10 2005 Return-Path: X-Original-To: freebsd-fs@freebsd.org Delivered-To: freebsd-fs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C55AF16A41F for ; Wed, 9 Nov 2005 07:53:10 +0000 (GMT) (envelope-from ezk@fsl.cs.sunysb.edu) Received: from filer.fsl.cs.sunysb.edu (filer.fsl.cs.sunysb.edu [130.245.126.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 475A043D46 for ; Wed, 9 Nov 2005 07:53:10 +0000 (GMT) (envelope-from ezk@fsl.cs.sunysb.edu) Received: from agora.fsl.cs.sunysb.edu (agora.fsl.cs.sunysb.edu [130.245.126.12]) by filer.fsl.cs.sunysb.edu (8.12.8/8.12.8) with ESMTP id jA97r0u2028614; Wed, 9 Nov 2005 02:53:00 -0500 Received: from agora.fsl.cs.sunysb.edu (localhost.localdomain [127.0.0.1]) by agora.fsl.cs.sunysb.edu (8.13.1/8.13.1) with ESMTP id jA97qxP1032461; Wed, 9 Nov 2005 02:52:59 -0500 Received: (from ezk@localhost) by agora.fsl.cs.sunysb.edu (8.13.1/8.12.8/Submit) id jA97qw9C032458; Wed, 9 Nov 2005 02:52:58 -0500 Date: Wed, 9 Nov 2005 02:52:58 -0500 Message-Id: <200511090752.jA97qw9C032458@agora.fsl.cs.sunysb.edu> From: Erez Zadok To: freebsd-fs@freebsd.org X-MailKey: Erez_Zadok Cc: am-utils@fsl.cs.sunysb.edu Subject: kernel bug tickled by Amd X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Nov 2005 07:53:11 -0000 I've received this bug report on my am-utils Bugzilla. Being a freebsd kernel panic, I believe this is a kernel bug that should be fixed in the kernel. Of course, if anyone knows of a way I can workaround this in Amd, let me know. Thanks, Erez. ------- Forwarded Message Date: Tue, 08 Nov 2005 23:57:03 -0500 From: bugzilla@fsl.cs.sunysb.edu To: am-utils-developers@fsl.cs.sunysb.edu Cc: ezk@cs.sunysb.edu Subject: [Bug 450] New: [panic] "unmount: dangling vnode" on amd activity http://bugzilla.fsl.cs.sunysb.edu/show_bug.cgi?id=450 Summary: [panic] "unmount: dangling vnode" on amd activity Product: am-utils Version: 6.1 Platform: i386 URL: http://www.freebsd.org/cgi/query-pr.cgi?pr=79665 OS/Version: FreeBSD 5.x Status: NEW Severity: major Priority: P2 Component: Any AssignedTo: am-utils-developers@am-utils.org ReportedBy: nate@netapp.com Description A very reproduceable amd panic through non privileged user-level filesystem access. How-To-Repeat As a non-privileged user, rapidly unmount an amd managed mount with "amq -u" while rapidly remounting that same mount (a simple file access is sufficient. I've reproduced this numerous times by running these two bourne shell scripts simultaneously on the same machine: runrun: #!/bin/sh while echo hi do wc -l /usr/local/build/share/oomph2 done diedie: #!/bin/sh while amq -u /x/eng/btools do amq /x/eng/btools done The machine will crash within minutes, especially if the machine is under other stress. - --- backtrace begins here --- nate@pixie.lab.netapp.com:~ >sudo kgdb /usr/src/sys/i386/compile/SMP/kernel.debug /var/crash/vmcore.5 [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"] GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd". #0 doadump () at pcpu.h:159 159 pcpu.h: No such file or directory. in pcpu.h (kgdb) backtrace #0 doadump () at pcpu.h:159 #1 0xc0615167 in boot (howto=260) at ../../../kern/kern_shutdown.c:410 #2 0xc061548d in panic (fmt=0xc0830da5 "unmount: dangling vnode") at ../../../kern/kern_shutdown.c:566 #3 0xc0664535 in vfs_mount_destroy (mp=0xc2cf9000, td=0xc26a6780) at ../../../kern/vfs_mount.c:522 #4 0xc0665924 in dounmount (mp=0xc2cf9000, flags=0, td=0xc26a6780) at ../../../kern/vfs_mount.c:1111 #5 0xc0665560 in unmount (td=0xc26a6780, uap=0xe730cd14) at ../../../kern/vfs_mount.c:1019 #6 0xc07c842f in syscall (frame= {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = -1077941440, tf_esi = 136512416, tf_ebp = -1077941608, tf_isp = -416232076, tf_ebx = 136516288, tf_edx = 134637440, tf_ecx = 19, tf_eax = 22, tf_trapno = 12, tf_err = 2, tf_eip = 672003099, tf_cs = 31, tf_eflags = 662, tf_esp = -1077941636, tf_ss = 47}) at ../../../i386/i386/trap.c:1001 #7 0xc07b5a8f in Xint0x80_syscall () at ../../../i386/i386/exception.s:201 #8 0x0000002f in ?? () #9 0x0000002f in ?? () #10 0x0000002f in ?? () #11 0xbfbfeb40 in ?? () #12 0x082303a0 in ?? () #13 0xbfbfea98 in ?? () - ---Type to continue, or q to quit--- #14 0xe730cd74 in ?? () #15 0x082312c0 in ?? () #16 0x08066780 in ?? () #17 0x00000013 in ?? () #18 0x00000016 in ?? () #19 0x0000000c in ?? () #20 0x00000002 in ?? () #21 0x280df41b in ?? () #22 0x0000001f in ?? () #23 0x00000296 in ?? () #24 0xbfbfea7c in ?? () #25 0x0000002f in ?? () #26 0x00000000 in ?? () #27 0x00000000 in ?? () #28 0x00000000 in ?? () #29 0x00000000 in ?? () #30 0x30c18000 in ?? () #31 0xc29e2000 in ?? () #32 0xc26a6780 in ?? () #33 0xe730ca6c in ?? () #34 0xe730ca54 in ?? () #35 0xc22a9a80 in ?? () #36 0xc062573b in sched_switch (td=0x82303a0, newtd=0x82312c0, flags=Cannot access memory at address 0xbfbfeaa8 ) - ---Type to continue, or q to quit--- at ../../../kern/sched_4bsd.c:881 Previous frame inner to this frame (corrupt stack?) (kgdb) - --- backtrace ends here --- This is also reproduceable under FreeBSD 5.3-RELEASE-p23 with updated am-utils from the ports collection: # uname -a FreeBSD xxxxx.eng.netapp.com 5.3-RELEASE-p23 FreeBSD 5.3-RELEASE-p23 #7: Wed Nov 2 18:04:49 PST 2005 root@xxxxx.eng.netapp.com:/usr/obj/usr/src/sys/SMP i386 # more info.3 Good dump found on device /dev/da0s1b Architecture: i386 Architecture version: 1 Dump length: 1610350592B (1535 MB) Blocksize: 512 Dumptime: Tue Nov 8 19:37:29 2005 Hostname: xxxxx.eng.netapp.com Versionstring: FreeBSD 5.3-RELEASE-p23 #7: Wed Nov 2 18:04:49 PST 2005 root@xxxxx.eng.netapp.com:/usr/obj/usr/src/sys/SMP Panicstring: unmount: dangling vnode Bounds: 3 similar backtrace: #0 doadump () at pcpu.h:159 #1 0xc060d54f in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:397 #2 0xc060d875 in panic (fmt=0xc0821eb7 "unmount: dangling vnode") at /usr/src/sys/kern/kern_shutdown.c:553 #3 0xc065bd11 in vfs_mount_destroy (mp=0xc2f52c00, td=0xc3420c80) at /usr/src/sys/kern/vfs_mount.c:523 #4 0xc065d2d8 in dounmount (mp=0xc2f52c00, flags=0, td=0xc3420c80) at /usr/src/sys/kern/vfs_mount.c:1160 #5 0xc065cf14 in unmount (td=0xc3420c80, uap=0xe816ad14) at /usr/src/sys/kern/vfs_mount.c:1068 #6 0xc07bb33f in syscall (frame= {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 0, tf_esi = 136871872, tf_eb p = -1077941512, tf_isp = -401166988, tf_ebx = - -2012650824, tf_edx = 135024768, tf_ecx = 134711040, tf_eax = 22, tf_trapno = 22, tf_err = 2, tf_eip = -201226967 3, tf_cs = 31, tf_eflags = 662, tf_esp = -1077941556, tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1001 #7 0xc07a8acf in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:201 #8 0x0000002f in ?? () #9 0x0000002f in ?? () #10 0x0000002f in ?? () #11 0x00000000 in ?? () #12 0x08287fc0 in ?? () #13 0xbfbfeaf8 in ?? () - ---Type to continue, or q to quit--- #14 0xe816ad74 in ?? () #15 0x880962b8 in ?? () #16 0x080c5080 in ?? () #17 0x08078700 in ?? () #18 0x00000016 in ?? () #19 0x00000016 in ?? () #20 0x00000002 in ?? () #21 0x880f3397 in ?? () #22 0x0000001f in ?? () #23 0x00000296 in ?? () #24 0xbfbfeacc in ?? () #25 0x0000002f in ?? () #26 0x8806a3d8 in ?? () #27 0x00000000 in ?? () #28 0x88053868 in ?? () #29 0x8805169b in ?? () #30 0x307b6000 in ?? () #31 0xc35ab388 in ?? () #32 0xc3420c80 in ?? () #33 0xe816aa6c in ?? () #34 0xe816aa54 in ?? () #35 0xc2bc2190 in ?? () #36 0xc061db57 in sched_switch (td=0x8287fc0, newtd=0x880962b8, flags=Cannot access memory at address 0xbfbfeb08 ) - ---Type to continue, or q to quit--- at /usr/src/sys/kern/sched_4bsd.c:865 Previous frame inner to this frame (corrupt stack?) # /usr/sbin/amd -v Copyright (c) 1997-2005 Erez Zadok Copyright (c) 1990 Jan-Simon Pendry Copyright (c) 1990 Imperial College of Science, Technology & Medicine Copyright (c) 1990 The Regents of the University of California. am-utils version 6.1.2.1 (build 1). Report bugs to https://bugzilla.am-utils.org/ or am-utils@am-utils.org. Configured by root@xxxxx.eng.netapp.com on date Tue Nov 8 17:35:46 PST 2005. Built by root@xxxxx.eng.netapp.com on date Tue Nov 8 17:39:11 PST 2005. cpu=i386 (little-endian), arch=i386, karch=i386. full_os=freebsd5.3, os=freebsd5, osver=5.3, vendor=portbld, distro=none. domain=eng.netapp.com, host=xxxxx, hostd=xxxxx.eng.netapp.com. Map support for: root, passwd, hesiod, union, nis, file, exec, error. AMFS: nfs, link, nfsx, nfsl, host, linkx, program, union, ufs, cdfs, pcfs, auto, direct, toplvl, error, inherit. FS: cd9660, nfs, nfs3, msdosfs, ufs, unionfs. Network 1: wire="10.56.112.0" (netnumber=10.56.112). Network 2: wire="10.56.8.0" (netnumber=10.56.8). Hide ===== Cores [ top ] =================================== ------- End of Forwarded Message