NetBSD Problem Report #32908

From veenhuizen@users.sourceforge.net  Wed Feb 22 23:52:56 2006
Return-Path: <veenhuizen@users.sourceforge.net>
Received: from mail.lsn.se (mail.lsn.se [193.235.206.226])
	by narn.netbsd.org (Postfix) with ESMTP id 3EDEC63B871
	for <gnats-bugs@gnats.NetBSD.org>; Wed, 22 Feb 2006 23:52:56 +0000 (UTC)
Message-Id: <200602221730.k1MHUI25000294@carola.zapto.org>
Date: Wed, 22 Feb 2006 18:30:18 +0100 (CET)
From: Johan Veenhuizen <veenhuizen@users.sourceforge.net>
Reply-To: veenhuizen@users.sourceforge.net
To: gnats-bugs@netbsd.org
Subject: fdesc + procfs = kernel panic
X-Send-Pr-Version: 3.95

>Number:         32908
>Category:       kern
>Synopsis:       fdesc + procfs = kernel panic
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Feb 22 23:55:00 +0000 2006
>Originator:     Johan Veenhuizen
>Release:        NetBSD 3.0
>Organization:

>Environment:


System: NetBSD carola.zapto.org 3.0 NetBSD 3.0 (CAROLA) #0: Tue Feb 21 15:27:43 CET 2006 jpv@carola.zapto.org:/usr/src/sys/arch/i386/compile/CAROLA i386
Architecture: i386
Machine: i386
>Description:
	The file systems fdesc and procfs do not work well together.
	The kernel panics under some circumstances if the "fd/"
	directories are used simultaneously in both file systems.
	The problem occurs both when union-mounting fdesc and when
	mounting it on e.g. /mnt, so the problem is not related
	to the union.
>How-To-Repeat:
	The following procedure will trigger the panic. Also note
	the mysterious value of "total" in the ls(1) listing. It
	is a very even number if you print it in hex. This large
	value could have something to do with the page fault.
	Finally, the kernel panics a second time when sync is called
	for in ddb, this time complaining about a deadlock.

	Btw, the panic is also triggered if I predict the pid
	of ls(1) and list /proc/<pid of ls>/fd instead of using
	the curproc symlink.

	The kernel does not panic unless the -l option is given
	to ls(1). The working directory must be /mnt/fd.

	# mount -t fdesc fdesc /mnt
	# cd /mnt/fd
	# ls -l /proc/curproc/fd
	total 36028797018963967		<--- WOW!!!
	crw-------  1 root  wheel  0,1 Feb 22 17:30 0
	crw-------  1 root  wheel  0,1 Feb 22 17:30 1
	crw-------  1 root  wheel  0,1 Feb 22 17:30 2
	uvm_fault(0xca6a82a0, 0, 0, 1)->0xe
	kernel: page fault trap, code=0
	Stopped in pid 624.1 (ls) at netbsd:fdesc_readdir+0x63:	movl 0xc(%eax), %eax
	db> bt
	fdesc_readdir ...
	VOP_READDIR ...
	getcwd_scandir ...
	getcwd_common ...
	procfs_readlink ...
	VOP_READLINK ...
	sys_readlink ...
	syscall_plain ...
	--- syscall (number 58) ---
	0xbdbc89c3
	db> sync
	syncing disks... done
	unmounting file systems...unmount of /mnt failed with error 10
	panic: lockmgr: draining against myself
	Stopped in pid 624.1 (ls) at netbsd:cpu_Debugger + 0x4	leave
	db>
>Fix:
	Not known.

>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.