Bug 17819

Summary: [unionfs] Build ports on nfs & union mount panics kernel
Product: Base System Reporter: freebsd <freebsd>
Component: kernAssignee: Remko Lodder <remko>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 5.0-CURRENT   
Hardware: Any   
OS: Any   

Description freebsd 2000-04-06 07:10:01 UTC 
Build xemacs 21.1 on this setup via /usr/ports/editors/xemacs21 works. When
the syncer daemon wakes up after the build finished, the machine panics.

GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd".
(kgdb) symbol-file kernel.debug 
Reading symbols from kernel.debug...done.
(kgdb) exec-file /var/crash/kernel.0 
(kgdb) core-file /var/crash/vmcore.0 
IdlePTD 3309568
initial pcb at 2adbe0
panicstr: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x0
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc022c2fa
stack pointer           = 0x10:0xc7e17bf0
frame pointer           = 0x10:0xc7e17c1c
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 5 (syncer)
interrupt mask          = none
trap number             = 12
panic: page fault

syncing disks... 38 34 25 14 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 
done
Uptime: 7m14s

dumping to dev #da/0x30001, offset 262272
dump 127 126 125 124 123 122 121 120 119 118 117 116 115 114 113 112 111 110 109 108 107 106 105 104 103 102 101 100 99 98 97 96 95 94 93 92 91 90 89 88 87 86 85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68 67 66 65 64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 
---
#0  boot (howto=256) at ../../kern/kern_shutdown.c:302
302                     dumppcb.pcb_cr3 = rcr3();
(kgdb) bt
#0  boot (howto=256) at ../../kern/kern_shutdown.c:302
#1  0xc015c88c in poweroff_wait (junk=0xc0268d2f, howto=-941582464)
    at ../../kern/kern_shutdown.c:552
#2  0xc022da62 in trap_fatal (frame=0xc7e17bb0, eva=0)
    at ../../i386/i386/trap.c:927
#3  0xc022d721 in trap_pfault (frame=0xc7e17bb0, usermode=0, eva=0)
    at ../../i386/i386/trap.c:820
#4  0xc022d2df in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16, 
      tf_edi = -1004167168, tf_esi = 0, tf_ebp = -941523940, 
      tf_isp = -941524004, tf_ebx = 8192, tf_edx = -1004167168, tf_ecx = 2048, 
      tf_eax = -1004167168, tf_trapno = 12, tf_err = 0, tf_eip = -1071463686, 
      tf_cs = 8, tf_eflags = 66070, tf_esp = -941523700, tf_ss = -941523728})
    at ../../i386/i386/trap.c:426
#5  0xc022c2fa in generic_bcopy ()
#6  0xc01f979f in ffs_write (ap=0xc7e17cb4)
    at ../../ufs/ufs/ufs_readwrite.c:486
#7  0xc019abee in union_write (ap=0xc7e17cf8) at vnode_if.h:363
#8  0xc020f54b in vnode_pager_generic_putpages (vp=0xc8918fc0, m=0xc7e17e08, 
    bytecount=65536, flags=0, rtvals=0xc7e17d9c) at vnode_if.h:363
#9  0xc019a9ff in union_putpages (ap=0xc7e17d60)
    at ../../miscfs/union/union_vnops.c:1041
#10 0xc020f399 in vnode_pager_putpages (object=0xc88a5d20, m=0xc7e17e08, 
    count=16, sync=0, rtvals=0xc7e17d9c) at vnode_if.h:1126
#11 0xc020bd55 in vm_pageout_flush (mc=0xc7e17e08, count=16, flags=0)
    at ../../vm/vm_pager.h:145
#12 0xc020929a in vm_object_page_clean (object=0xc88a5d20, start=0, end=0, 
    flags=4) at ../../vm/vm_object.c:655
#13 0xc018c41e in vfs_msync (mp=0xc0ab2a00, flags=2)
    at ../../kern/vfs_subr.c:2513
#14 0xc018c8af in sync_fsync (ap=0xc7e17f7c) at ../../kern/vfs_subr.c:2821
#15 0xc018adef in sched_sync () at vnode_if.h:537
#16 0xc0221f50 in fork_trampoline ()
Cannot access memory at address 0x8000.

Fix: 

Don't use union fs.
How-To-Repeat: 
1. NFS-mount /usr/ports read-only
2. Mount empty local partition above /usr/ports using union fs
3. cd /usr/ports/editors/xemacs21; make
4. Wait until the build finishes
5. Wait approx. 30 seconds until the syncer daemon wakes up and tries to sync
6. Watch system panic.

Tried 4 times so far with 100% sucess rate.
Comment 1 Adrian Chadd freebsd_committer freebsd_triage 2000-04-06 07:56:55 UTC 
Responsible Changed
From-To: freebsd-bugs->adrian

I said that I'd take this one
Comment 2 Mark Linimon freebsd_committer freebsd_triage 2004-09-13 06:43:05 UTC 
Responsible Changed
From-To: adrian->freebsd-bugs

With bugmeister hat on, reassign from apparently inactive committer.
Comment 3 Craig Rodrigues freebsd_committer freebsd_triage 2006-05-28 21:16:40 UTC 
Responsible Changed
From-To: freebsd-bugs->daichi

daichi is showing interest in unionfs
Comment 4 Remko Lodder freebsd_committer freebsd_triage 2006-12-30 16:31:36 UTC 
State Changed
From-To: open->feedback

Hello, is this problem still relevant on recent freebsd 
versions like 6.x?
Comment 5 Remko Lodder freebsd_committer freebsd_triage 2006-12-30 16:31:36 UTC 
Responsible Changed
From-To: daichi->remko

grab the pr
Comment 6 Craig Rodrigues freebsd_committer freebsd_triage 2007-02-13 06:16:27 UTC 
State Changed
From-To: feedback->closed

New unionfs implementation has been committed to RELENG_6 and CURRENT. 
This bug report is only relevant to the previous version of unionfs.