kern/104395: [panic][ufs] read directory content after umont

Andrey V. Elsukov bu7cher at yandex.ru
Fri Oct 13 15:30:21 PDT 2006 

>Number:         104395
>Category:       kern
>Synopsis:       [panic][ufs] read directory content after umont
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Oct 13 22:30:19 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Andrey V. Elsukov
>Release:        FreeBSD 7.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD btr-nb.properlan.net 7.0-CURRENT FreeBSD 7.0-CURRENT #7: Fri Oct 13 23:20:33 MSD 2006 butcher at btr-nb.properlan.net:/usr/obj/usr/src/sys/BTR i386


>Description:

I've tried mount ufs to the same mountpoint. Successfull.
System panic after first unmounting when i try read directory listing.

>How-To-Repeat:

# mount -o ro /dev/ad4s3d /media/disk3
# mount -o ro /dev/ad4s3d /media/disk3
# umount /media/disk3
# ls /media/disk3

>Fix:

	

--- geom_bt.txt begins here ---
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
fault virtual address	= 0x0
fault code		= supervisor read, page not present
instruction pointer	= 0x20:0xc04fa5aa
stack pointer	        = 0x28:0xd3aec9f8
frame pointer	        = 0x28:0xd3aeca0c
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 1431 (ls)
Physical memory: 434 MB
Dumping 91 MB: 76 60 44 28 12

#0  doadump () at pcpu.h:166
166		__asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt full
#0  doadump () at pcpu.h:166
No locals.
#1  0xc044bbb7 in db_fncall (dummy1=-743520264, dummy2=0, dummy3=-1065712192, dummy4=0xd3aec7d4 "\200ËzÀ") at /usr/src/sys/ddb/db_command.c:481
	fn_addr = -1068320280
	args = {-1065790016, -1066440736, -743520348, -1066181280, -743520332, -1069238617, -1066181280, -1066440736, -743520304, -743520348}
	nargs = 0
	retval = 543513285
	t = 0
#2  0xc044b9c3 in db_command (last_cmdp=0xc07354e4, cmd_table=0x0) at /usr/src/sys/ddb/db_command.c:396
	cmd = (struct command *) 0xc06f67e0
	t = 0
	modif = "\200ËzÀ\000\000\000\000g\212nÀøÇ®Ó2ÔHÀàTyÀ\000\000\000\000\000(]Â\r\000\000\000À\205zÀ\r\000\000\000\001\000\000\000$Ȯӧ¸fÀ$È®ÓÀ¸fÀ\000Åf [xÀx\000\000\000à]sÀ\f\000\000\000DÈ®Ó\200ÙDÀ\004\035mÀÄÖDÀ\f\000\000\000à]sÀvÎDÀà]sÀ\230UsÀ"
	addr = -743520264
	count = -1065712192
	have_addr = 0
	result = 0
#3  0xc044ba7e in db_command_loop () at /usr/src/sys/ddb/db_command.c:448
No locals.
#4  0xc044d631 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:221
	jb = {{_jb = {-743520124, -743520144, -743520072, -743519816, 12, -1069230646, 12, -743520048, -1068199741, -1066479913, -1068199608, -743520068}}}
	prev_jb = (void *) 0x0
	bkpt = 0
#5  0xc054779d in kdb_trap (type=12, code=0, tf=0x0) at /usr/src/sys/kern/subr_kdb.c:502
	handled = 0
#6  0xc0687895 in trap_fatal (frame=0xd3aec9b8, eva=0) at /usr/src/sys/i386/i386/trap.c:858
	code = 0
	type = 12
	ss = 40
	esp = 0
	softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl = 0, ssd_p = 1, ssd_xx = 0, ssd_xx1 = 3, ssd_def32 = 1, ssd_gran = 1}
	msg = 0x0
#7  0xc06875f7 in trap_pfault (frame=0xd3aec9b8, usermode=0, eva=0) at /usr/src/sys/i386/i386/trap.c:776
	va = 0
	vm = (struct vmspace *) 0x0
	map = 0xc34f5410
	rv = 1
	ftype = 1 '\001'
	td = (struct thread *) 0xc2b88bd0
	p = (struct proc *) 0xc3117000
#8  0xc068724d in trap (frame=
      {tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -1030685440, tf_esi = 0, tf_ebp = -743519732, tf_isp = -743519772, tf_ebx = -1027846012, tf_edx = 2048, tf_ecx = 0, tf_eax = 1, tf_trapno = 12, tf_err = 0, tf_eip = -1068522070, tf_cs = 32, tf_eflags = 66198, tf_esp = 1, tf_ss = -1030833364}) at /usr/src/sys/i386/i386/trap.c:461
	td = (struct thread *) 0xc2b88bd0
	p = (struct proc *) 0xc3117000
	i = 0
	ucode = 0
	type = 12
	code = 0
	addr = -1028092976
	eva = 0
	ksi = {ksi_link = {tqe_next = 0x0, tqe_prev = 0xc06d8ff7}, ksi_info = {si_signo = -1031375360, si_errno = 0, si_code = 0, si_pid = -743519864, si_uid = 3226800985, 
    si_status = 582, si_addr = 0x246, si_value = {sival_int = -883925032, sival_ptr = 0xcb505fd8}, _reason = {_fault = {_trapno = -743519780}, _timer = {
        _timerid = -743519780, _overrun = -883925032}, _mesgq = {_mqd = -743519780}, _poll = {_band = -743519780}, __spare__ = {__spare1__ = -743519780, __spare2__ = {
          -883925032, -743519700, -1067392085, -1030812884, 0, 0, -743519776}}}}, ksi_flags = -743519780, ksi_sigq = 0xd3aec9ac}
#9  0xc0678d9a in calltrap () at /usr/src/sys/i386/i386/exception.s:138
No locals.
#10 0xc04fa5aa in g_io_request (bp=0xc2bc5084, cp=0xc290fd00) at /usr/src/sys/geom/geom_io.c:335
	pp = (struct g_provider *) 0x0
#11 0xc04fca51 in g_vfs_strategy (bo=0x1, bp=0xcb505fd8) at /usr/src/sys/geom/geom_vfs.c:106
	cp = (struct g_consumer *) 0xc290fd00
	bip = (struct bio *) 0x1
#12 0xc060bc41 in ffs_geom_strategy (bo=0xc28ebbe0, bp=0xcb505fd8) at /usr/src/sys/ufs/ffs/ffs_vfsops.c:1810
	vp = (struct vnode *) 0xc28ebb2c
	error = 1
	tbp = (struct buf *) 0xcb505fd8
#13 0xc0616b05 in ufs_strategy (ap=0x1) at /usr/src/sys/ufs/ufs/ufs_vnops.c:1956
	bp = (struct buf *) 0xcb505fd8
	vp = (struct vnode *) 0x0
	bo = (struct bufobj *) 0x1
	ip = (struct inode *) 0xc28ec630
	blkno = 12032
	error = 0
#14 0xc0690a49 in VOP_STRATEGY_APV (vop=0xc071f5e0, a=0xd3aeca88) at vnode_if.c:1771
	rc = 1
#15 0xc057687c in bufstrategy (bo=0xc28f0be0, bp=0x1) at vnode_if.h:928
	vp = (struct vnode *) 0x800
#16 0xc05721d5 in breadn (vp=0xc28f0b2c, blkno=0, size=2048, rablkno=0x0, rabsize=0x0, cnt=0, cred=0x0, bpp=0x1) at buf.h:419
	bp = (struct buf *) 0xcb505fd8
	rv = 0
	readwait = 0
#17 0xc0571fe8 in bread (vp=0xc28f0b2c, blkno=0, size=2048, cred=0x0, bpp=0xd3aecb40) at /usr/src/sys/kern/vfs_bio.c:726
No locals.
#18 0xc060c293 in ffs_read (ap=0x1) at /usr/src/sys/ufs/ffs/ffs_vnops.c:494
	vp = (struct vnode *) 0xc28f0b2c
	ip = (struct inode *) 0xc28ec630
	uio = (struct uio *) 0xd3aecc58
	fs = (struct fs *) 0xc2897800
	bp = (struct buf *) 0xcb505fd8
	lbn = 0
	nextlbn = 1
	bytesinfile = (kgdb) 
--- geom_bt.txt ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list