Date: Tue, 17 Feb 2009 20:49:50 -0500 From: Steve Wills <steve@mouf.net> To: stable@freebsd.org Cc: daichi@freebsd.org Subject: unionfs panic in 7.1 Message-ID: <95E82F15-2535-4C67-BDF0-44CFC7EB9FBB@mouf.net>
next in thread | raw e-mail | index | archive | help
Hi,
I've found an reproducable panic in unionfs on 7.1-R.
/usr/src/sys/fs/unionfs/union_subr.c is:
$FreeBSD: src/sys/fs/unionfs/union_subr.c,v 1.92.2.7.2.2 =20
2008/12/15 03:58:55 daichi Exp $
kgdb output is below.
kgdb /boot/kernel/kernel.symbols /var/crash/vmcore.0
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and =20
you are
welcome to change it and/or distribute copies of it under certain =20
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for =20
details.
This GDB was configured as "amd64-marcel-freebsd"...
Unread portion of the kernel message buffer:
stack pointer =3D 0x10:0xffffffffb0e1a8b0
frame pointer =3D 0x10:0xffffffffb0e1a8d0
code segment =3D base 0x0, limit 0xfffff, type 0x1b
=3D DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags =3D interrupt enabled, resume, IOPL =3D 0
current process =3D 72036 (make)
panic: from debugger
cpuid =3D 0
Uptime: 49m32s
Physical memory: 2034 MB
Dumping 441 MB: 426 410 394 378 362 346 330 314 298 282 266 250 234 =20
218 202 186 170 154 138 122 106 90 74 58 42 26 10
Reading symbols from /boot/kernel/if_tap.ko...Reading symbols from /=20
boot/kernel/if_tap.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/if_tap.ko
Reading symbols from /boot/kernel/snd_hda.ko...Reading symbols from /=20
boot/kernel/snd_hda.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/snd_hda.ko
Reading symbols from /boot/kernel/sound.ko...Reading symbols from /=20
boot/kernel/sound.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/sound.ko
Reading symbols from /boot/kernel/atapicam.ko...Reading symbols from /=20=
boot/kernel/atapicam.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/atapicam.ko
Reading symbols from /boot/kernel/smb.ko...Reading symbols from /boot/=20=
kernel/smb.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/smb.ko
Reading symbols from /boot/kernel/smbus.ko...Reading symbols from /=20
boot/kernel/smbus.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/smbus.ko
Reading symbols from /boot/kernel/linprocfs.ko...Reading symbols from /=20=
boot/kernel/linprocfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/linprocfs.ko
Reading symbols from /boot/kernel/linux.ko...Reading symbols from /=20
boot/kernel/linux.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/linux.ko
Reading symbols from /boot/kernel/zfs.ko...Reading symbols from /boot/=20=
kernel/zfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/zfs.ko
Reading symbols from /boot/kernel/opensolaris.ko...Reading symbols =20
from /boot/kernel/opensolaris.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/opensolaris.ko
Reading symbols from /boot/kernel/if_bridge.ko...Reading symbols from /=20=
boot/kernel/if_bridge.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/if_bridge.ko
Reading symbols from /boot/kernel/bridgestp.ko...Reading symbols from /=20=
boot/kernel/bridgestp.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/bridgestp.ko
Reading symbols from /usr/local/modules/fuse.ko...done.
Loaded symbols for /usr/local/modules/fuse.ko
Reading symbols from /boot/kernel/radeon.ko...Reading symbols from /=20
boot/kernel/radeon.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/radeon.ko
Reading symbols from /boot/kernel/drm.ko...Reading symbols from /boot/=20=
kernel/drm.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/drm.ko
Reading symbols from /boot/kernel/unionfs.ko...Reading symbols from /=20
boot/kernel/unionfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/unionfs.ko
Reading symbols from /boot/kernel/nullfs.ko...Reading symbols from /=20
boot/kernel/nullfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/nullfs.ko
#0 doadump () at pcpu.h:195
195 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) bt
#0 doadump () at pcpu.h:195
#1 0xffffffff804c70a8 in boot (howto=3D260) at /usr/src/sys/kern/=20
kern_shutdown.c:418
#2 0xffffffff804c750c in panic (fmt=3DVariable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:574
#3 0xffffffff801c1707 in db_panic (addr=3DVariable "addr" is not =20
available.
) at /usr/src/sys/ddb/db_command.c:446
#4 0xffffffff801c1d6f in db_command (last_cmdp=3D0xffffffff80aa6448, =20=
cmd_table=3D0x0, dopager=3D1) at /usr/src/sys/ddb/db_command.c:413
#5 0xffffffff801c1f80 in db_command_loop () at /usr/src/sys/ddb/=20
db_command.c:466
#6 0xffffffff801c3b69 in db_trap (type=3DVariable "type" is not =20
available.
) at /usr/src/sys/ddb/db_main.c:228
#7 0xffffffff804f3955 in kdb_trap (type=3D12, code=3D0, =20
tf=3D0xffffffffb0e1a800) at /usr/src/sys/kern/subr_kdb.c:524
#8 0xffffffff807a3180 in trap_fatal (frame=3D0xffffffffb0e1a800, =20
eva=3DVariable "eva" is not available.
) at /usr/src/sys/amd64/amd64/trap.c:759
#9 0xffffffff807a3554 in trap_pfault (frame=3D0xffffffffb0e1a800, =20
usermode=3D0) at /usr/src/sys/amd64/amd64/trap.c:680
#10 0xffffffff807a3eda in trap (frame=3D0xffffffffb0e1a800) at /usr/src/=20=
sys/amd64/amd64/trap.c:449
#11 0xffffffff80788dde in calltrap () at /usr/src/sys/amd64/amd64/=20
exception.S:209
#12 0xffffffff804b9f0e in _mtx_lock_sleep (m=3D0xffffff006c384638, =20
tid=3D18446742974280188784, opts=3DVariable "opts" is not available.
) at /usr/src/sys/kern/kern_mutex.c:339
#13 0xffffffff80555767 in vn_start_write (vp=3D0xffffff006c4983f0, =20
mpp=3DVariable "mpp" is not available.
) at /usr/src/sys/kern/vfs_vnops.c:902
#14 0xffffffff805574a1 in vn_close (vp=3D0xffffff006c4983f0, flags=3D1, =20=
file_cred=3D0xffffff0015947500, td=3D0xffffff0004e74370) at =
/usr/src/sys/=20
kern/vfs_vnops.c:287
#15 0xffffffff80557589 in vn_closefile (fp=3D0xffffff006c020e00, =20
td=3D0xffffff0004e74370) at /usr/src/sys/kern/vfs_vnops.c:867
#16 0xffffffff8049331f in fdrop (fp=3D0xffffff006c020e00, =20
td=3D0xffffff0004e74370) at file.h:299
#17 0xffffffff80494579 in closef (fp=3D0xffffff006c020e00, =20
td=3D0xffffff0004e74370) at /usr/src/sys/kern/kern_descrip.c:2033
#18 0xffffffff80494d5d in kern_close (td=3D0xffffff0004e74370, =20
fd=3DVariable "fd" is not available.
) at /usr/src/sys/kern/kern_descrip.c:1125
#19 0xffffffff807a37d6 in syscall (frame=3D0xffffffffb0e1ac80) at /usr/=20=
src/sys/amd64/amd64/trap.c:907
#20 0xffffffff80788feb in Xfast_syscall () at /usr/src/sys/amd64/amd64/=20=
exception.S:330
#21 0x000000000044030c in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) frame 12
#12 0xffffffff804b9f0e in _mtx_lock_sleep (m=3D0xffffff006c384638, =20
tid=3D18446742974280188784, opts=3DVariable "opts" is not available.
) at /usr/src/sys/kern/kern_mutex.c:339
339 owner =3D (struct thread *)(v & =
~MTX_FLAGMASK);
(kgdb) list
334 * If the owner is running on another CPU, spin =
until the
335 * owner stops running or the state of the lock =
changes.
336 */
337 v =3D m->mtx_lock;
338 if (v !=3D MTX_UNOWNED) {
339 owner =3D (struct thread *)(v & =
~MTX_FLAGMASK);
340 #ifdef ADAPTIVE_GIANT
341 if (TD_IS_RUNNING(owner)) {
342 #else
343 if (m !=3D &Giant && =
TD_IS_RUNNING(owner)) {
(kgdb) p v
$1 =3D 0
(kgdb) p m
$2 =3D (struct mtx *) 0xffffff006c384638
(kgdb) p *m
$3 =3D {lock_object =3D {lo_name =3D 0x0, lo_type =3D 0x0, lo_flags =3D =20=
1281410792, lo_witness_data =3D {lod_list =3D {stqe_next =3D =20
0xffffff004c60c708},
lod_witness =3D 0xffffff004c60c708}}, mtx_lock =3D 0, mtx_recurse =
=3D =20
0}
(kgdb) frame 13
#13 0xffffffff80555767 in vn_start_write (vp=3D0xffffff006c4983f0, =20
mpp=3DVariable "mpp" is not available.
) at /usr/src/sys/kern/vfs_vnops.c:902
902 MNT_ILOCK(mp);
(kgdb) list
897 return (0);
898 }
899 }
900 if ((mp =3D *mpp) =3D=3D NULL)
901 return (0);
902 MNT_ILOCK(mp);
903 if (vp =3D=3D NULL)
904 MNT_REF(mp);
905 /*
906 * Check on status of suspension.
(kgdb) p mp
$4 =3D (struct mount *) 0xffffff006c3845e8
(kgdb) p *mp
$5 =3D {mnt_lock =3D {lk_object =3D {lo_name =3D 0x1 <Address 0x1 out of =
=20
bounds>, lo_type =3D 0xffffffffb1029552 "unionfs", lo_flags =3D =20
2969738112, lo_witness_data =3D {
lod_list =3D {stqe_next =3D 0xffffff003c980000}, lod_witness =3D =
=20
0xffffff003c980000}}, lk_interlock =3D 0xffffff0015d46378, lk_flags =3D =
0, =20
lk_sharecount =3D 0,
lk_waitcount =3D 775638512, lk_exclusivecount =3D -256, lk_prio =3D =
-1, =20
lk_timo =3D 0, lk_lockholder =3D 0x0, lk_newlock =3D 0x0}, mnt_mtx =3D =20=
{lock_object =3D {
lo_name =3D 0x0, lo_type =3D 0x0, lo_flags =3D 1281410792, =20
lo_witness_data =3D {lod_list =3D {stqe_next =3D 0xffffff004c60c708}, =20=
lod_witness =3D 0xffffff004c60c708}},
mtx_lock =3D 0, mtx_recurse =3D 0}, mnt_gen =3D 0, mnt_list =3D =
{tqe_next =20
=3D 0x0, tqe_prev =3D 0x0}, mnt_op =3D 0xffffffffb1029552, mnt_vfc =3D =20=
0xffffffffb1029552,
mnt_vnodecovered =3D 0x4390000, mnt_syncer =3D 0x0, mnt_ref =3D =20
-2136101936, mnt_nvnodelist =3D {tqh_first =3D 0x80, tqh_last =3D =20
0x50000000000000},
mnt_nvnodelistsize =3D 51, mnt_writeopcount =3D 0, mnt_kern_flag =3D =
-1, =20
mnt_flag =3D 4294967295, mnt_noasync =3D 0, mnt_opt =3D =
0xffffffff8086e910,
mnt_optnew =3D 0xffffffff8086e910, mnt_maxsymlinklen =3D 16973824, =20=
mnt_stat =3D {f_version =3D 0, f_type =3D 0, f_flags =3D 4, f_bsize =3D =
0,
f_iosize =3D 18446742976017063016, f_blocks =3D 4294967297, f_bfree =
=3D =20
0, f_bavail =3D 0, f_files =3D 0, f_ffree =3D 0, f_syncwrites =3D 0,
f_asyncwrites =3D 18446742976013551312, f_syncreads =3D 0, =20
f_asyncreads =3D 18446742976013551424, f_spare =3D {0, 0, 0, =20
18446742976013551456, 0, 0, 0, 0,
18446744071572912256, 16384}, f_namemax =3D 784962992, f_owner =3D =
=20
4294967040, f_fsid =3D {val =3D {0, 0}},
f_charspare =3D =
"\000\000\000\000\000\000\000\000=C3=8BE8l\000=CB=87=CB=87=CB=87=C3=8BE8l=20=
\000=CB=87=CB=87=CB=87", '\0' <repeats 24 times>, =20
"\001\000\000\000\000\000\000\000\023\016\206\200=CB=87=CB=87=CB=87=CB=87\=
2001=C3=9F=20
\200=CB=87=CB=87=CB=87=CB=87Xy=E2=81=84l\000=CB=87=CB=87=CB=87", =
f_fstypename =3D "xsv\004\000=CB=87=CB=87=CB=87=E2=80=93K8l=20
\000=CB=87=CB=87=CB=87",
f_mntfromname =3D "\030D8l\000=CB=87=CB=87=CB=87", '\0' <repeats 16 =
times>, =20
"\200o\034\201=CB=87=CB=87=CB=87=CB=87=E2=88=82L\003\003", '\0' <repeats =
12 times>, "=E2=88=8F=20
\227\tJ\000=CB=87=CB=87=CB=87=E2=88=8F=C2=A8`L\000=CB=87=CB=87=CB=87\000\0=
00\000\000\000\000\000\000\b=20
\000\000\000\000\000\000\000 \031L0\000\000\000",
f_mntonname =3D "\a", '\0' <repeats 15 times>, =20
"\023\016\206\200=CB=87=CB=87=CB=87=CB=87\023\016\206\200=CB=87=CB=87=CB=87=
=CB=87\000\0009\004", '\0' =20
<repeats 12 times>, "=E2=80=A1\230=E2=89=A0\200=CB=87=CB=87=CB=87=CB=87@",=
'\0' <repeats 13 times>, =20
"P\0003\000\000\000\000\000\000\000=CB=87=CB=87=CB=87=CB=87=CB=87=CB=87=CB=
=87=CB=87"}, mnt_cred =3D 0x0, =20
mnt_data =3D 0xffffffff8086e910, mnt_time =3D -2138642160, =
mnt_iosize_max =20
=3D 16973824,
mnt_export =3D 0x0, mnt_label =3D 0x4, mnt_hashseed =3D 0, =
mnt_markercnt =20
=3D 0, mnt_holdcnt =3D 1815627896, mnt_holdcntwaiters =3D -256, =20
mnt_secondary_writes =3D 10,
mnt_secondary_accwrites =3D 0, mnt_gjprovider =3D 0x0, mnt_explock =3D =
=20
{lk_object =3D {lo_name =3D 0x0, lo_type =3D 0x0, lo_flags =3D 0, =20
lo_witness_data =3D {lod_list =3D {
stqe_next =3D 0x0}, lod_witness =3D 0x0}}, lk_interlock =3D =20=
0xffffff006c3848c8, lk_flags =3D 2589843616, lk_sharecount =3D -1, =20
lk_waitcount =3D -1707370640,
lk_exclusivecount =3D -1, lk_prio =3D -1, lk_timo =3D -1707370720, =20=
lk_lockholder =3D 0x9, lk_newlock =3D 0x0}}
(kgdb)
I reproduce this by unionfs mounting a ports dir used by the ports =20
tinderbox. If anyone would like more info, please let me know, I have =20=
the core around, and can reproduce, help debug, resend in case my =20
mailer has mangled this, etc.
Thanks,
Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?95E82F15-2535-4C67-BDF0-44CFC7EB9FBB>