kernel bug tickled by Amd
Erez Zadok
ezk at cs.sunysb.edu
Tue Nov 8 23:53:11 PST 2005
I've received this bug report on my am-utils Bugzilla. Being a freebsd
kernel panic, I believe this is a kernel bug that should be fixed in the
kernel. Of course, if anyone knows of a way I can workaround this in Amd,
let me know.
Thanks,
Erez.
------- Forwarded Message
Date: Tue, 08 Nov 2005 23:57:03 -0500
From: bugzilla at fsl.cs.sunysb.edu
To: am-utils-developers at fsl.cs.sunysb.edu
Cc: ezk at cs.sunysb.edu
Subject: [Bug 450] New: [panic] "unmount: dangling vnode" on amd activity
http://bugzilla.fsl.cs.sunysb.edu/show_bug.cgi?id=450
Summary: [panic] "unmount: dangling vnode" on amd activity
Product: am-utils
Version: 6.1
Platform: i386
URL: http://www.freebsd.org/cgi/query-pr.cgi?pr=79665
OS/Version: FreeBSD 5.x
Status: NEW
Severity: major
Priority: P2
Component: Any
AssignedTo: am-utils-developers at am-utils.org
ReportedBy: nate at netapp.com
Description
A very reproduceable amd panic through non privileged user-level filesystem
access.
How-To-Repeat
As a non-privileged user, rapidly unmount an amd managed mount with
"amq -u" while rapidly remounting that same mount (a simple file
access is sufficient.
I've reproduced this numerous times by running these two
bourne shell scripts simultaneously on the same machine:
runrun:
#!/bin/sh
while echo hi
do
wc -l /usr/local/build/share/oomph2
done
diedie:
#!/bin/sh
while amq -u /x/eng/btools
do
amq /x/eng/btools
done
The machine will crash within minutes, especially if the machine
is under other stress.
- --- backtrace begins here ---
nate at pixie.lab.netapp.com:~ >sudo kgdb
/usr/src/sys/i386/compile/SMP/kernel.debug /var/crash/vmcore.5
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so:
Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
#0 doadump () at pcpu.h:159
159 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) backtrace
#0 doadump () at pcpu.h:159
#1 0xc0615167 in boot (howto=260) at ../../../kern/kern_shutdown.c:410
#2 0xc061548d in panic (fmt=0xc0830da5 "unmount: dangling vnode")
at ../../../kern/kern_shutdown.c:566
#3 0xc0664535 in vfs_mount_destroy (mp=0xc2cf9000, td=0xc26a6780)
at ../../../kern/vfs_mount.c:522
#4 0xc0665924 in dounmount (mp=0xc2cf9000, flags=0, td=0xc26a6780)
at ../../../kern/vfs_mount.c:1111
#5 0xc0665560 in unmount (td=0xc26a6780, uap=0xe730cd14)
at ../../../kern/vfs_mount.c:1019
#6 0xc07c842f in syscall (frame=
{tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = -1077941440, tf_esi =
136512416, tf_ebp = -1077941608, tf_isp = -416232076, tf_ebx = 136516288, tf_edx
= 134637440, tf_ecx = 19, tf_eax = 22, tf_trapno = 12, tf_err = 2, tf_eip =
672003099, tf_cs = 31, tf_eflags = 662, tf_esp = -1077941636, tf_ss = 47})
at ../../../i386/i386/trap.c:1001
#7 0xc07b5a8f in Xint0x80_syscall () at ../../../i386/i386/exception.s:201
#8 0x0000002f in ?? ()
#9 0x0000002f in ?? ()
#10 0x0000002f in ?? ()
#11 0xbfbfeb40 in ?? ()
#12 0x082303a0 in ?? ()
#13 0xbfbfea98 in ?? ()
- ---Type <return> to continue, or q <return> to quit---
#14 0xe730cd74 in ?? ()
#15 0x082312c0 in ?? ()
#16 0x08066780 in ?? ()
#17 0x00000013 in ?? ()
#18 0x00000016 in ?? ()
#19 0x0000000c in ?? ()
#20 0x00000002 in ?? ()
#21 0x280df41b in ?? ()
#22 0x0000001f in ?? ()
#23 0x00000296 in ?? ()
#24 0xbfbfea7c in ?? ()
#25 0x0000002f in ?? ()
#26 0x00000000 in ?? ()
#27 0x00000000 in ?? ()
#28 0x00000000 in ?? ()
#29 0x00000000 in ?? ()
#30 0x30c18000 in ?? ()
#31 0xc29e2000 in ?? ()
#32 0xc26a6780 in ?? ()
#33 0xe730ca6c in ?? ()
#34 0xe730ca54 in ?? ()
#35 0xc22a9a80 in ?? ()
#36 0xc062573b in sched_switch (td=0x82303a0, newtd=0x82312c0, flags=Cannot
access memory at address 0xbfbfeaa8
)
- ---Type <return> to continue, or q <return> to quit---
at ../../../kern/sched_4bsd.c:881
Previous frame inner to this frame (corrupt stack?)
(kgdb)
- --- backtrace ends here ---
This is also reproduceable under FreeBSD 5.3-RELEASE-p23 with updated am-utils
from the ports collection:
# uname -a
FreeBSD xxxxx.eng.netapp.com 5.3-RELEASE-p23 FreeBSD 5.3-RELEASE-p23 #7: Wed Nov
2 18:04:49 PST 2005 root at xxxxx.eng.netapp.com:/usr/obj/usr/src/sys/SMP i386
# more info.3
Good dump found on device /dev/da0s1b
Architecture: i386
Architecture version: 1
Dump length: 1610350592B (1535 MB)
Blocksize: 512
Dumptime: Tue Nov 8 19:37:29 2005
Hostname: xxxxx.eng.netapp.com
Versionstring: FreeBSD 5.3-RELEASE-p23 #7: Wed Nov 2 18:04:49 PST 2005
root at xxxxx.eng.netapp.com:/usr/obj/usr/src/sys/SMP
Panicstring: unmount: dangling vnode
Bounds: 3
similar backtrace:
#0 doadump () at pcpu.h:159
#1 0xc060d54f in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:397
#2 0xc060d875 in panic (fmt=0xc0821eb7 "unmount: dangling vnode")
at /usr/src/sys/kern/kern_shutdown.c:553
#3 0xc065bd11 in vfs_mount_destroy (mp=0xc2f52c00, td=0xc3420c80)
at /usr/src/sys/kern/vfs_mount.c:523
#4 0xc065d2d8 in dounmount (mp=0xc2f52c00, flags=0, td=0xc3420c80)
at /usr/src/sys/kern/vfs_mount.c:1160
#5 0xc065cf14 in unmount (td=0xc3420c80, uap=0xe816ad14)
at /usr/src/sys/kern/vfs_mount.c:1068
#6 0xc07bb33f in syscall (frame=
{tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 0, tf_esi = 136871872,
tf_eb p = -1077941512, tf_isp = -401166988, tf_ebx =
- -2012650824, tf_edx = 135024768, tf_ecx = 134711040,
tf_eax = 22, tf_trapno = 22, tf_err = 2, tf_eip = -201226967
3, tf_cs = 31, tf_eflags = 662, tf_esp = -1077941556, tf_ss = 47})
at /usr/src/sys/i386/i386/trap.c:1001
#7 0xc07a8acf in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:201
#8 0x0000002f in ?? ()
#9 0x0000002f in ?? ()
#10 0x0000002f in ?? ()
#11 0x00000000 in ?? ()
#12 0x08287fc0 in ?? ()
#13 0xbfbfeaf8 in ?? ()
- ---Type <return> to continue, or q <return> to quit---
#14 0xe816ad74 in ?? ()
#15 0x880962b8 in ?? ()
#16 0x080c5080 in ?? ()
#17 0x08078700 in ?? ()
#18 0x00000016 in ?? ()
#19 0x00000016 in ?? ()
#20 0x00000002 in ?? ()
#21 0x880f3397 in ?? ()
#22 0x0000001f in ?? ()
#23 0x00000296 in ?? ()
#24 0xbfbfeacc in ?? ()
#25 0x0000002f in ?? ()
#26 0x8806a3d8 in ?? ()
#27 0x00000000 in ?? ()
#28 0x88053868 in ?? ()
#29 0x8805169b in ?? ()
#30 0x307b6000 in ?? ()
#31 0xc35ab388 in ?? ()
#32 0xc3420c80 in ?? ()
#33 0xe816aa6c in ?? ()
#34 0xe816aa54 in ?? ()
#35 0xc2bc2190 in ?? ()
#36 0xc061db57 in sched_switch (td=0x8287fc0, newtd=0x880962b8, flags=Cannot
access memory at address 0xbfbfeb08
)
- ---Type <return> to continue, or q <return> to quit---
at /usr/src/sys/kern/sched_4bsd.c:865
Previous frame inner to this frame (corrupt stack?)
# /usr/sbin/amd -v
Copyright (c) 1997-2005 Erez Zadok
Copyright (c) 1990 Jan-Simon Pendry
Copyright (c) 1990 Imperial College of Science, Technology & Medicine
Copyright (c) 1990 The Regents of the University of California.
am-utils version 6.1.2.1 (build 1).
Report bugs to https://bugzilla.am-utils.org/ or am-utils at am-utils.org.
Configured by root at xxxxx.eng.netapp.com on date Tue Nov 8 17:35:46 PST 2005.
Built by root at xxxxx.eng.netapp.com on date Tue Nov 8 17:39:11 PST 2005.
cpu=i386 (little-endian), arch=i386, karch=i386.
full_os=freebsd5.3, os=freebsd5, osver=5.3, vendor=portbld, distro=none.
domain=eng.netapp.com, host=xxxxx, hostd=xxxxx.eng.netapp.com.
Map support for: root, passwd, hesiod, union, nis, file, exec, error.
AMFS: nfs, link, nfsx, nfsl, host, linkx, program, union, ufs, cdfs,
pcfs, auto, direct, toplvl, error, inherit.
FS: cd9660, nfs, nfs3, msdosfs, ufs, unionfs.
Network 1: wire="10.56.112.0" (netnumber=10.56.112).
Network 2: wire="10.56.8.0" (netnumber=10.56.8).
Hide ===== Cores [ top ] ===================================
------- End of Forwarded Message
More information about the freebsd-fs
mailing list