[Bug 280554] unmounting tmpfs when swap is 100% full causes kernel panic

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 280554] unmounting tmpfs when swap is 100% full causes kernel panic"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 01 Aug 2024 13:11:37 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280554

            Bug ID: 280554
           Summary: unmounting tmpfs when swap is 100% full causes kernel
                    panic
           Product: Base System
           Version: Unspecified
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: admin@support.od.ua

FreeBSD 12.3-STABLE #0 r372170M: Mon Jun 27 19:29:31 EEST 2022

I only have textdump.tar.1 file, but there is kernel.debug in the system.

How to repeat:
Have a ZFS system and a 2-3 GB disk partition for swap.
Have synth with the following settings:
cat << EOF >> synth.ini
[Global Configuration]
profile_selected= LiveSystem

[LiveSystem]
Operating_system= FreeBSD
Directory_packages= /var/synth/live_packages
Directory_repository= /var/synth/live_packages/All
Directory_portsdir= /usr/ports
Directory_options= /var/db/ports
Directory_distfiles= /usr/ports/distfiles
Directory_buildbase= /usr/obj/synth-live
Directory_logs= /var/log/synth
Directory_ccache= /ccache
Directory_system= /
Number_of_builders= 2
Max_jobs_per_builder= 1
Tmpfs_workdir= true
Tmpfs_localbase= true
leverage_prebuilt= false

EOF

Have a large list of packages to build, including lang/rust
For example:
cat << EOF >> synth-update.txt
lang/rust
mail/spamassassin
security/py-openssl@py39
security/p5-Net-SSLeay
www/lynx
ftp/curl
net-mgmt/flowd
net/libpcap
sysutils/py-ansible-core@py39
sysutils/ansible@py39
sysutils/py-ansible-compat@py39
sysutils/ansible-sysrc
sysutils/py-ansible-lint@py39
misc/mc
net/samba413
sysutils/nut
security/gnutls
sysutils/tracker
sysutils/monit
ports-mgmt/synth
ports-mgmt/pkg_tree
ports-mgmt/pkg
dns/unbound
sysutils/py-ansible-core@py39
sysutils/ansible@py39
sysutils/py-ansible-compat@py39
sysutils/ansible-sysrc
sysutils/py-ansible-lint@py39
dns/nsd
devel/cmake
devel/cmake-core
benchmarks/siege
archivers/unrar
sysutils/sanoid

EOF

Run synth with these parameters:
synth build /full/path/synth-update.txt

When the swap is 100% full, type the Control-Q combination.
The second build queue will finish building the current package and unmount the
readninly tmps partitions.

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x20000
fault code              = supervisor write data, page not present
instruction pointer     = 0x20:0xffffffff810c5d54
stack pointer           = 0x28:0xfffffe00468187d0
frame pointer           = 0x28:0xfffffe00468187d0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 3286 (umount)
trap number             = 12
panic: page fault
cpuid = 0
time = 1722461598
KDB: stack backtrace:
db_trace_self_wrapper() at 0xffffffff80497d0b =
db_trace_self_wrapper+0x2b/frame 0xfffffe0046818590
vpanic() at 0xffffffff80c92688 = vpanic+0x178/frame 0xfffffe00468185e0
panic() at 0xffffffff80c92503 = panic+0x43/frame 0xfffffe0046818640
trap_fatal() at 0xffffffff812d0e9f = trap_fatal+0x38f/frame 0xfffffe00468186a0
trap_pfault() at 0xffffffff812d0eef = trap_pfault+0x4f/frame 0xfffffe0046818700
calltrap() at 0xffffffff812a9438 = calltrap+0x8/frame 0xfffffe0046818700
--- trap 0xc, rip = 0xffffffff810c5d54, rsp = 0xfffffe00468187d0, rbp =
0xfffffe00468187d0 ---
mac_labelzone_dtor() at 0xffffffff810c5d54 = mac_labelzone_dtor+0x4/frame
0xfffffe00468187d0
uma_zfree_arg() at 0xffffffff8112acc6 = uma_zfree_arg+0x56/frame
0xfffffe0046818830
mac_vnode_destroy() at 0xffffffff810d1451 = mac_vnode_destroy+0xa1/frame
0xfffffe0046818890
_vdrop() at 0xffffffff80d622b6 = _vdrop+0x266/frame 0xfffffe00468188c0
vflush() at 0xffffffff80d6385b = vflush+0x38b/frame 0xfffffe0046818a10
tmpfs_unmount() at 0xffffffff82d2af26 = tmpfs_unmount+0x76/frame
0xfffffe0046818a60
dounmount() at 0xffffffff80d59ff8 = dounmount+0x588/frame 0xfffffe0046818ad0
sys_unmount() at 0xffffffff80d59903 = sys_unmount+0x383/frame
0xfffffe0046818c00
amd64_syscall() at 0xffffffff812d1a57 = amd64_syscall+0x387/frame
0xfffffe0046818d30
fast_syscall_common() at 0xffffffff812a9d5e = fast_syscall_common+0xf8/frame
0xfffffe0046818d30
--- syscall (22, FreeBSD ELF64, sys_unmount), rip = 0x8002deaaa, rsp =
0x7fffffffd258, rbp = 0x7fffffffd780 ---
KDB: enter: panic


db:1:lockinfo>  show lockedvnods
Locked vnodes
db:0:kdb.enter.panic>  show pcpu
cpuid        = 0
dynamic pcpu = 0xdddcc0
curthread    = 0xfffff801dc549740: pid 3286 tid 102095 "umount"
curpcb       = 0xfffff801dc549ce0
fpcurthread  = 0xfffff801dc549740: pid 3286 "umount"
idlethread   = 0xfffff8000318c000: tid 100003 "idle: cpu0"
curpmap      = 0xfffff801de4a2138
tssp         = 0xffffffff821e60a0
commontssp   = 0xffffffff821e60a0
rsp0         = 0xfffffe0046818e00
kcr3         = 0xffffffffffffffff
ucr3         = 0xffffffffffffffff
scr3         = 0x0
gs32p        = 0xffffffff821ec8b8
ldt          = 0xffffffff821ec8f8
tss          = 0xffffffff821ec8e8
tlb gen      = 2425508
curvnet      = 0
db:0:kdb.enter.panic>  bt
Tracing pid 3286 tid 102095 td 0xfffff801dc549740
kdb_enter() at 0xffffffff80cdb937 = kdb_enter+0x37/frame 0xfffffe0046818590
vpanic() at 0xffffffff80c926a4 = vpanic+0x194/frame 0xfffffe00468185e0
panic() at 0xffffffff80c92503 = panic+0x43/frame 0xfffffe0046818640
trap_fatal() at 0xffffffff812d0e9f = trap_fatal+0x38f/frame 0xfffffe00468186a0
trap_pfault() at 0xffffffff812d0eef = trap_pfault+0x4f/frame 0xfffffe0046818700
calltrap() at 0xffffffff812a9438 = calltrap+0x8/frame 0xfffffe0046818700
--- trap 0xc, rip = 0xffffffff810c5d54, rsp = 0xfffffe00468187d0, rbp =
0xfffffe00468187d0 ---
mac_labelzone_dtor() at 0xffffffff810c5d54 = mac_labelzone_dtor+0x4/frame
0xfffffe00468187d0
uma_zfree_arg() at 0xffffffff8112acc6 = uma_zfree_arg+0x56/frame
0xfffffe0046818830
mac_vnode_destroy() at 0xffffffff810d1451 = mac_vnode_destroy+0xa1/frame
0xfffffe0046818890
_vdrop() at 0xffffffff80d622b6 = _vdrop+0x266/frame 0xfffffe00468188c0
vflush() at 0xffffffff80d6385b = vflush+0x38b/frame 0xfffffe0046818a10
tmpfs_unmount() at 0xffffffff82d2af26 = tmpfs_unmount+0x76/frame
0xfffffe0046818a60
dounmount() at 0xffffffff80d59ff8 = dounmount+0x588/frame 0xfffffe0046818ad0
sys_unmount() at 0xffffffff80d59903 = sys_unmount+0x383/frame
0xfffffe0046818c00
amd64_syscall() at 0xffffffff812d1a57 = amd64_syscall+0x387/frame
0xfffffe0046818d30
fast_syscall_common() at 0xffffffff812a9d5e = fast_syscall_common+0xf8/frame
0xfffffe0046818d30
--- syscall (22, FreeBSD ELF64, sys_unmount), rip = 0x8002deaaa, rsp =
0x7fffffffd258, rbp = 0x7fffffffd780 ---

-- 
You are receiving this mail because:
You are the assignee for the bug.