[Bug 201003] forcibly unmounting a filesystem with running binaries results in panic

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sun Jun 21 10:47:06 UTC 2015


https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201003

            Bug ID: 201003
           Summary: forcibly unmounting a filesystem with running binaries
                    results in panic
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: trasz at FreeBSD.org

Forcible unmount of a filesystem containing a binary that's executing at that
time results in a panic.  Note that the binary must have called mlockall(2),
otherwise it will simply segfault.  Backtrace looks like this:

panic: vm_page_unwire: page 0xfffff800b7b8b980's wire count is zero

#10 0xffffffff80976903 in panic (fmt=0xffffffff81675540 "\004") at
/usr/home/trasz/svn/head/sys/kern/kern_shutdown.c:868
#11 0xffffffff80c25838 in vm_page_unwire (m=<value optimized out>, queue=<value
optimized out>) at /usr/home/trasz/svn/head/sys/vm/vm_page.c:2516
#12 0xffffffff80c21079 in vm_object_unwire (object=0xfffff8012f13ea00,
offset=<value optimized out>, length=<value optimized out>, 
    queue=<value optimized out>) at
/usr/home/trasz/svn/head/sys/vm/vm_object.c:2273
#13 0xffffffff80c180f7 in vm_map_entry_unwire (map=0xfffff8012f0f5000,
entry=0xfffff8012f0cd400) at /usr/home/trasz/svn/head/sys/vm/vm_map.c:2842
#14 0xffffffff80c1628a in vm_map_delete (map=0xfffff8012f0f5000, start=<value
optimized out>, end=140737488355328)
    at /usr/home/trasz/svn/head/sys/vm/vm_map.c:3002
#15 0xffffffff80c18fa3 in vm_map_remove (map=0xfffff8012f0f5000,
start=140737488355328, end=18446744071579148419)
    at /usr/home/trasz/svn/head/sys/vm/vm_map.c:3032
#16 0xffffffff80c14349 in vmspace_exit (td=0xfffff80019edb000) at
/usr/home/trasz/svn/head/sys/vm/vm_map.c:335
#17 0xffffffff8093817e in exit1 (td=0xfffff80019edb000, rv=<value optimized
out>) at /usr/home/trasz/svn/head/sys/kern/kern_exit.c:391
#18 0xffffffff80979ee0 in sigexit (td=0xfffff80019edb000, sig=Unhandled dwarf
expression opcode 0x93
) at /usr/home/trasz/svn/head/sys/kern/kern_sig.c:2974
#19 0xffffffff8097a50c in postsig (sig=<value optimized out>) at
/usr/home/trasz/svn/head/sys/kern/kern_sig.c:2877
#20 0xffffffff809cb2f7 in ast (framep=<value optimized out>) at
/usr/home/trasz/svn/head/sys/kern/subr_trap.c:274
#21 0xffffffff80d728f9 in doreti_ast () at
/usr/home/trasz/svn/head/sys/amd64/amd64/exception.S:681
#22 0x00007fffffffea58 in ?? ()

Steps to reproduce:

# mdconfig -s1g
# newfs /dev/md0
# mount /dev/md0 /mnt
# cp loop /mnt
# /mnt/loop

In another terminal:

# umount -f /mnt

loop.c:

#include <sys/mman.h>
#include <err.h>
#include <stdio.h>
#include <unistd.h>

int
main(void)
{
        int error;

        error = mlockall(MCL_CURRENT | MCL_FUTURE);
        if (error != 0)
                err(1, "mlockall");

        for (;;) {
                fprintf(stderr, ".");
                sleep(1);
        }
}

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the freebsd-bugs mailing list