Date: Tue, 11 Oct 2005 18:33:47 +0400 (MSD) From: Yar Tikhiy <yar@comp.chem.msu.su> To: FreeBSD-gnats-submit@FreeBSD.org Cc: phk@FreeBSD.org Subject: kern/87255: Large malloc-backed mfs crashes the system Message-ID: <200510111433.j9BEXlLJ083052@rt2.chem.msu.ru> Resent-Message-ID: <200510111440.j9BEeHca006059@freefall.freebsd.org>
index | next in thread | raw e-mail
>Number: 87255
>Category: kern
>Synopsis: Large malloc-backed mfs crashes the system
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Oct 11 14:40:16 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Yar Tikhiy
>Release: FreeBSD-CURRENT
>Organization:
MSU
>Environment:
FreeBSD-CURRENT as of October, 7.
>Description:
Filling up a too large malloc-backed mfs disk results
in a well-reproducible system panic. While it is bogus
to give nearly all RAM to a malloc-backed mfs disk, the
system ideally shouldn't panic either, but return a error
at some earlier point.
This issue was initially mentioned in PR bin/87218.
>How-To-Repeat:
On a machine with 256M of RAM:
# mdmfs -s 200M -S -M /dev/md0 /mnt
# cat /dev/urandom > /mnt/foo
[system croaks and panics in a few seconds]
Pre-panic and panic messages:
g_vfs_done():md0[WRITE(offset=124108800, length=131072)]error = 28
g_vfs_done():md0[WRITE(offset=52543488, length=6144)]error = 28
[quite a bunch of such g_vfs_done() error messages precedes panic]
panic: bundirty: buffer 0xc63c78b0 still on queue 1
Kernel backtrace:
#11 0xc04dae87 in panic (
fmt=0xc06578d1 "bundirty: buffer %p still on queue %d")
at /usr/src/sys/kern/kern_shutdown.c:539
#12 0xc051f52d in bundirty (bp=0xc63c78b0) at /usr/src/sys/kern/vfs_bio.c:1036
#13 0xc051fe60 in brelse (bp=0xc63c78b0) at /usr/src/sys/kern/vfs_bio.c:1346
#14 0xc0522ca6 in bufdone (bp=0xc63c78b0) at /usr/src/sys/kern/vfs_bio.c:3183
#15 0xc05d7346 in ffs_backgroundwritedone (bp=0xc63c78b0)
at /usr/src/sys/ufs/ffs/ffs_vfsops.c:1537
#16 0xc05229ba in bufdone (bp=0xc63c78b0) at /usr/src/sys/kern/vfs_bio.c:3051
#17 0xc04a9aa6 in g_vfs_done (bip=0x0) at /usr/src/sys/geom/geom_vfs.c:86
#18 0xc0522694 in biodone (bp=0xc1281294) at /usr/src/sys/kern/vfs_bio.c:2894
#19 0xc04a741f in g_io_schedule_up (tp=0xc1108300)
at /usr/src/sys/geom/geom_io.c:510
#20 0xc04a76f6 in g_up_procbody () at /usr/src/sys/geom/geom_kern.c:95
#21 0xc04c7d74 in fork_exit (callout=0xc04a769c <g_up_procbody>, arg=0x0,
frame=0xcbdcbd38) at /usr/src/sys/kern/kern_fork.c:789
#22 0xc061e8bc in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:208
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510111433.j9BEXlLJ083052>