From scrappy@pluto.hub.org  Wed Sep  3 14:55:52 2003
Return-Path: <scrappy@pluto.hub.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0B47516A4BF
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  3 Sep 2003 14:55:52 -0700 (PDT)
Received: from pluto.hub.org (corporatepa.com [64.117.225.150])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E48BC43FBD
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  3 Sep 2003 14:55:50 -0700 (PDT)
	(envelope-from scrappy@pluto.hub.org)
Received: from pluto.hub.org (localhost [127.0.0.1])
	by pluto.hub.org (8.12.9/8.12.9) with ESMTP id h83LtiSe023427
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 3 Sep 2003 18:55:44 -0300 (ADT)
	(envelope-from scrappy@pluto.hub.org)
Received: (from scrappy@localhost)
	by pluto.hub.org (8.12.9/8.12.9/Submit) id h83LtiPi023426;
	Wed, 3 Sep 2003 18:55:44 -0300 (ADT)
Message-Id: <200309032155.h83LtiPi023426@pluto.hub.org>
Date: Wed, 3 Sep 2003 18:55:44 -0300 (ADT)
From: Marc <scrappy@pluto.hub.org>
Reply-To: Marc <scrappy@pluto.hub.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: panic: page fault in fifo_close() ...
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         56381
>Category:       kern
>Synopsis:       [unionfs] panic: page fault in fifo_close() ...
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    daichi
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 03 15:00:31 PDT 2003
>Closed-Date:    Tue Feb 13 06:14:31 GMT 2007
>Last-Modified:  Tue Feb 13 06:14:31 GMT 2007
>Originator:     Marc G. Fournier
>Release:        FreeBSD 4.8-STABLE i386
>Organization:
>Environment:
System: FreeBSD pluto.hub.org 4.8-STABLE FreeBSD 4.8-STABLE #4: Sun Aug 10 14:50:14 ADT 2003 root@pluto.hub.org:/usr/obj/usr/src/sys/kernel i386


	
>Description:

ssh'd into a running jail, and type'd 'kill -TERM -1' to kill it, and the server 
panic(s) with the following trace ... happened twice, producing two core files:

(kgdb) where
#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
#1  0x80151667 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:316
#2  0x80151ad9 in panic (fmt=0x80273579 "%s") at /usr/src/sys/kern/kern_shutdown.c:595
#3  0x8023e2e9 in trap_fatal (frame=0xbe277cf8, eva=12) at /usr/src/sys/i386/i386/trap.c:974
#4  0x8023df55 in trap_pfault (frame=0xbe277cf8, usermode=0, eva=12) at /usr/src/sys/i386/i386/trap.c:867
#5  0x8023dab3 in trap (frame={tf_fs = -1221132264, tf_es = -1221132272, tf_ds = -2146172912, tf_edi = -1986268672, tf_esi = -1104708212, 
      tf_ebp = -1104708280, tf_isp = -1104708316, tf_ebx = 0, tf_edx = 5, tf_ecx = 16777217, tf_eax = -1152951680, tf_trapno = 12, tf_err = 2, 
      tf_eip = -2145875619, tf_cs = 8, tf_eflags = 66050, tf_esp = -1152951680, tf_ss = -1104708212}) at /usr/src/sys/i386/i386/trap.c:466
#6  0x8018895d in fifo_close (ap=0xbe277d8c) at /usr/src/sys/miscfs/fifofs/fifo_vnops.c:543
#7  0x801fadb2 in ufsfifo_close (ap=0xbe277d8c) at /usr/src/sys/ufs/ufs/ufs_vnops.c:1928
#8  0x801fb2d1 in ufs_vnoperatefifo (ap=0xbe277d8c) at /usr/src/sys/ufs/ufs/ufs_vnops.c:2385
#9  0x8018fea4 in union_close (ap=0xbe277d8c) at /usr/src/sys/miscfs/union/union_vnops.c:830
#10 0x80187498 in vn_close (vp=0xbb4759c0, flags=6, cred=0x86334a00, p=0xbe0a4780) at vnode_if.h:218
#11 0x80187de3 in vn_closefile (fp=0x899bf200, p=0xbe0a4780) at /usr/src/sys/kern/vfs_vnops.c:693
#12 0x80146fdb in fdrop (fp=0x899bf200, p=0xbe0a4780) at /usr/src/sys/sys/file.h:218
#13 0x80146f24 in closef (fp=0x899bf200, p=0xbe0a4780) at /usr/src/sys/kern/kern_descrip.c:1441
#14 0x80146a6c in fdfree (p=0xbe0a4780) at /usr/src/sys/kern/kern_descrip.c:1189
#15 0x801498ad in exit1 (p=0xbe0a4780, rv=15) at /usr/src/sys/kern/kern_exit.c:188
#16 0x801535fa in sigexit (p=0xbe0a4780, sig=15) at /usr/src/sys/kern/kern_sig.c:1504
#17 0x80153374 in postsig (sig=15) at /usr/src/sys/kern/kern_sig.c:1407
#18 0x8023e795 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 2143288416, tf_esi = 2, tf_ebp = 2143288336, tf_isp = -1104707628, 
      tf_ebx = 2143288320, tf_edx = 1000020, tf_ecx = 3600, tf_eax = 4, tf_trapno = 22, tf_err = 2, tf_eip = 671740884, tf_cs = 31, tf_eflags = 535, 
      tf_esp = 2143288260, tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:174
#19 0x8022bb3b in Xint0x80_syscall ()
#20 0x8048ceb in ?? ()
#21 0x8049264 in ?? ()
#22 0x804892e in ?? ()

>How-To-Repeat:

run a jail over a unionfs mounted directory, install/run daemontools' svscan processes
and then kill the VM ... seems to do it every time ...
	
>Fix:

	


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->analyzed 
State-Changed-By: das 
State-Changed-When: Wed Sep 22 04:48:50 GMT 2004 
State-Changed-Why:  
This is low-hanging fruit, but also low priority.  I hope to get to it 
in the not-too-distant future. 


Responsible-Changed-From-To: freebsd-bugs->das 
Responsible-Changed-By: das 
Responsible-Changed-When: Wed Sep 22 04:48:50 GMT 2004 
Responsible-Changed-Why:  
This is low-hanging fruit, but also low priority.  I hope to get to it 
in the not-too-distant future. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=56381 
Responsible-Changed-From-To: das->daichi 
Responsible-Changed-By: rodrigc 
Responsible-Changed-When: Sun May 28 20:20:54 UTC 2006 
Responsible-Changed-Why:  
daichi is showing interest in unionfs 

http://www.freebsd.org/cgi/query-pr.cgi?pr=56381 
State-Changed-From-To: analyzed->closed 
State-Changed-By: rodrigc 
State-Changed-When: Tue Feb 13 06:14:12 UTC 2007 
State-Changed-Why:  
New unionfs implementation has been committed to RELENG_6 and CURRENT. 
This bug report is only relevant to the previous version of unionfs. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=56381 
>Unformatted:
