From harry@schmalzbauer.de  Tue Sep  6 16:19:14 2005
Return-Path: <harry@schmalzbauer.de>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 948EB16A41F
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  6 Sep 2005 16:19:14 +0000 (GMT)
	(envelope-from harry@schmalzbauer.de)
Received: from flb.schmalzbauer.de (flb.schmalzbauer.de [62.245.232.135])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0D9BB43D45
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  6 Sep 2005 16:19:13 +0000 (GMT)
	(envelope-from harry@schmalzbauer.de)
Received: from korso.flintsbach.schmalzbauer.de (korso.flintsbach.schmalzbauer.de [172.21.2.3])
	by flb.schmalzbauer.de (8.13.1/8.13.1) with ESMTP id j86GJBmh062555
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 6 Sep 2005 18:19:11 +0200 (CEST)
	(envelope-from harry@cale.flintsbach.schmalzbauer.de)
Received: from cale.flintsbach.schmalzbauer.de (cale.flintsbach.schmalzbauer.de [172.21.1.252])
	by korso.flintsbach.schmalzbauer.de (Postfix) with ESMTP id 960816280
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  6 Sep 2005 18:19:11 +0200 (CEST)
Received: from cale.flintsbach.schmalzbauer.de (localhost [127.0.0.1])
	by cale.flintsbach.schmalzbauer.de (8.13.4/8.13.4) with ESMTP id j86GJBWQ011660
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 6 Sep 2005 18:19:11 +0200 (CEST)
	(envelope-from harry@cale.flintsbach.schmalzbauer.de)
Received: (from harry@localhost)
	by cale.flintsbach.schmalzbauer.de (8.13.4/8.13.4/Submit) id j86GJAwn011659;
	Tue, 6 Sep 2005 18:19:10 +0200 (CEST)
	(envelope-from harry)
Message-Id: <200509061619.j86GJAwn011659@cale.flintsbach.schmalzbauer.de>
Date: Tue, 6 Sep 2005 18:19:10 +0200 (CEST)
From: Harald Schmalzbauer <harry@schmalzbauer.de>
Reply-To: Harald Schmalzbauer <harry@schmalzbauer.de>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: panic after chown -R from chrooted shell
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         85804
>Category:       kern
>Synopsis:       [panic] after chown -R from chrooted shell
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 06 16:20:17 GMT 2005
>Closed-Date:    Tue Jun 12 05:11:47 GMT 2007
>Last-Modified:  Tue Jun 12 05:11:47 GMT 2007
>Originator:     Harald Schmalzbauer
>Release:        FreeBSD 6.0-BETA4 i386
>Organization:
>Environment:
System: FreeBSD cale.flintsbach.schmalzbauer.de 6.0-BETA4 FreeBSD 6.0-BETA4 #0: Mon Sep 5 19:47:14 UTC 2005 harry@cale.flintsbach.schmalzbauer.de:/usr/obj/usr/src/sys/CALE i386
Maybe uncommon mount points:
/dev/ad0s1a on / (ufs, local)
devfs on /dev (devfs, local)
/dev/ufs/usr on /usr (ufs, NFS exported, local, soft-updates)
/dev/ufs/compat on /compat (ufs, local, soft-updates)
/dev/ufs/var on /var (ufs, local, soft-updates)
/dev/ufs/tmp on /tmp (ufs, local, soft-updates)
gune:/home on /home (nfs)
/dev/ufs/builder on /builder (ufs, local, soft-updates)
/dev/ufs/src on /builder/usr/src (ufs, local, soft-updates)
/dev/ufs/obj on /builder/usr/obj (ufs, local, soft-updates)
devfs on /builder/dev (devfs, local)

Exemplary glabel list output:
Geom name: ad0s2p8
Providers:
1. Name: ufs/builder
   Mediasize: 786432000 (750M)
   Sectorsize: 512
   Mode: r1w1e1
   secoffset: 0
   offset: 0
   seclength: 1536000
   length: 786432000
   index: 0
Consumers:
1. Name: ad0s2p8
   Mediasize: 786432000 (750M)
   Sectorsize: 512
   Mode: r1w1e2

So as you can see I use GPT inside slices and UFS labels w/ glabel!


	
>Description:
	This is very hard to reproduce but I had a panic the second time after
I chown'd the user of files from a chrooted jail.
Directory of the chroot was /builder, command was 'chroot -R harry /usr/obj/stith6'
Like mentioned, I already saw this panic with 6.0-BETA
Here's all I got from a serial console:
panic: handle_workitem_remove: bad file delta
KDB: enter: panic
[thread pid 54 tid 100059 ]
Stopped at      kdb_enter+0x30: leave
db> where
Tracing pid 54 tid 100059 td 0xc1e75780
kdb_enter(c0791b35,c0801560,c07a421e,d58b2c3c,100) at kdb_enter+0x30
panic(c07a421e,11970,0,d58b2c50,3b7) at panic+0xd5
handle_workitem_remove(c2d81de0,0,2,32e,0) at handle_workitem_remove+0x107
process_worklist_item(0,0,c07a39e1,2de,431db271) at process_worklist_item+0x20b
softdep_process_worklist(0,0,c079a93a,678,0) at softdep_process_worklist+0x130
sched_sync(0,d58b2d38,c078ef39,30d,0) at sched_sync+0x2ee
fork_exit(c06078c0,0,d58b2d38) at fork_exit+0xc1
fork_trampoline() at fork_trampoline+0x8
--- trap 0x1, eip = 0, esp = 0xd58b2d6c, ebp = 0 ---
db>
>How-To-Repeat:
	Don't know, just redoing a chown from a chrooted shell after reboot
doesn't lead to the panic, seems the machine must be some days up....
>Fix:

	

>Release-Note:
>Audit-Trail:

From: Harald Schmalzbauer <harry@schmalzbauer.de>
To: bug-followup@freebsd.org, harry@schmalzbauer.de
Cc:  
Subject: Re: kern/85804: panic after chown -R from chrooted shell
Date: Thu, 8 Sep 2005 00:40:32 +0200

 Ok, obviously this panic has nothing todo with the chown or chroot, I got a 
 very similar one while the machine was doing pretty nothing (MUA, Browser 
 and a hand full xterms, all more or less idling).
 
 Here's the message and the trace:
 
 KDB: enter: panic
 [thread pid 48 tid 100040 ]
 Stopped at      kdb_enter+0x30: leave   
 db> trace
 Tracing pid 48 tid 100040 td 0xc1dfd780
 kdb_enter(c0791b35,c0801560,c07a683f,d5894bac,100) at kdb_enter+0x30
 panic(c07a683f,c07a48c0,7c,0,c408669c) at panic+0xd5
 mtrash_ctor(c4086680,80,0,0,d5894c14) at mtrash_ctor+0x65
 mtrash_fini(c4086680,80,2,2df,c085a640) at mtrash_fini+0x28
 zone_drain(c144d880,0,c07a620b,5d6,0) at zone_drain+0x1a6
 zone_foreach(c06e3850,d5894ce0,c06faed9,c1d97d0c,0) at zone_foreach+0x55
 uma_reclaim(c1d97d0c,0,c07a85e7,2d1,c08065a0) at uma_reclaim+0x17
 vm_pageout_scan(0,0,c07a85e7,604,1388) at vm_pageout_scan+0x159
 vm_pageout(0,d5894d38,c078ef39,30d,3aa1f429) at vm_pageout+0x31b
 fork_exit(c06fc050,0,d5894d38) at fork_exit+0xc1
 fork_trampoline() at fork_trampoline+0x8
 --- trap 0x1, eip = 0, esp = 0xd5894d6c, ebp = 0 ---
 
 System is like originally mentioned 6.0-beta4, seems to be a show stopper 
 for 6.0-release...
 
 Thanks,
 
 -Harry
State-Changed-From-To: open->feedback 
State-Changed-By: linimon 
State-Changed-When: Wed Nov 23 03:33:58 GMT 2005 
State-Changed-Why:  
Now that the release is out, is this still a problem? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=85804 
State-Changed-From-To: feedback->closed 
State-Changed-By: linimon 
State-Changed-When: Tue Jun 12 05:11:21 UTC 2007 
State-Changed-Why:  
Feedback timeout (> 1 year). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=85804 
>Unformatted:
